A recent proposal by venture fund Paradigm seeks to address potential vulnerabilities in Bitcoin associated with quantum computing. The initiative introduces a method for holders of old Bitcoin addresses to privately timestamp proof of ownership, potentially safeguarding their assets against future quantum threats.
Bitcoin’s inherent design includes millions of coins stored in legacy wallets with exposed public keys, which could be susceptible to theft if sufficiently advanced quantum computers emerge. Among these are approximately 1.1 million bitcoins attributed to the pseudonymous creator Satoshi Nakamoto, valued at around $84 billion.
A common defense strategy involves implementing a soft fork to the Bitcoin network, which would phase out transactions from these vulnerable addresses. This would compel holders to transition to quantum-safe formats before any malicious actors could exploit their private keys. In mid-April, developer Jameson Lopp and five others proposed BIP-361, a plan to phase out these addresses over five years, effectively freezing any coins that do not migrate.
However, this approach presents a significant challenge: dormant holders, including Satoshi, would need to publicly reactivate their wallets or risk losing access to their funds. Dan Robinson, a general partner at Paradigm, recently published a proposal outlining a solution that centers on the concept of Provable Address-Control Timestamps (PACTs).
The PACT framework does not require the movement of coins but rather focuses on timestamping proof of ownership at a specific date. Holders would generate a random salt, a unique piece of secret data, and utilize BIP-322, a standard for signing messages from a Bitcoin address without making transactions, to create proof of ownership. This salt and proof would then be combined into an on-chain commitment and timestamped using OpenTimestamps, a service that anchors data onto the Bitcoin blockchain.
Importantly, the salt, proof, and timestamp files would remain private. Should Bitcoin implement a soft fork that freezes quantum-vulnerable coins, the protocol could incorporate a rescue path that accepts a STARK proof—an advanced zero-knowledge proof secure against quantum attacks—demonstrating that the holder created their commitment prior to the advent of quantum computing. Upon submission of this proof, the network would release the coins without disclosing any details about the address, amount, or original timestamp.
Additionally, PACTs address a limitation in BIP-361 by providing a rescue option for wallets generated through BIP-32, the deterministic key generation standard established in 2012. Many of Satoshi’s known addresses predate this standard and cannot be safeguarded through the current proposal.
Robinson emphasized that for PACTs to function, Bitcoin would need to adopt a STARK verification protocol, which would necessitate a separate soft fork supported by a broad consensus within the community. Currently, the infrastructure for such verification is lacking, requiring significant new developments, including multisig wallets and complex scripts, all of which would need careful standardization.
It is crucial to note that PACTs can only protect Satoshi if he or the current key holder makes the commitment. If Satoshi is indeed absent, no PACT can be established retroactively, leaving the coins vulnerable to quantum theft or a community freeze.
Ultimately, PACTs provide a nuanced alternative to the BIP-361 debate, allowing for a balance between safeguarding against quantum threats and honoring dormant property rights. The question remains whether Satoshi will take advantage of this new framework.
Paradigm's new proposal introduces Provable Address-Control Timestamps (PACTs) to help Bitcoin holders protect their assets from quantum computing threats. This method allows for private proof of ownership without requiring immediate action from dormant wallet holders, potentially preserving their access to funds.