The Quantum Threat and the Satoshi Dilemma
Bitcoin’s long-standing vulnerability to future quantum computing attacks centers on a specific challenge: securing millions of coins held in legacy wallets with exposed public keys. Among these dormant holdings are approximately 1.1 million bitcoin, valued at roughly $84 billion, linked to the network’s pseudonymous creator, Satoshi Nakamoto. The standard mitigation strategy involves a network upgrade that restricts spending from these outdated address formats, compelling owners to migrate their assets to quantum-resistant formats before malicious actors can extract private keys.
BIP-361 and the Privacy Trade-off
In mid-April, lead developer Jameson Lopp alongside five peers introduced BIP-361, a framework designed to eliminate quantum-vulnerable addresses over a five-year timeline. The plan would ultimately freeze any remaining funds in legacy wallets that do not transition. However, this approach presents a significant hurdle for inactive wallet owners, including the presumed holder of Satoshi’s coins, as it effectively forces a public revelation of identity or results in permanent asset loss.
Introducing Provable Address-Control Timestamps
Addressing this dilemma, Dan Robinson, a general partner at the venture fund Paradigm, recently unveiled an alternative mechanism known as Provable Address-Control Timestamps, or PACTs. Rather than demanding immediate fund migration, PACTs enable wallet owners to cryptographically prove current control of an address at a specific point in time while keeping the data entirely confidential. The process begins with the generation of a random cryptographic salt, followed by the use of BIP-322—a protocol for signing messages from a Bitcoin address without executing a transaction—to create a verifiable ownership signature. This signature and salt are combined into an on-chain commitment and anchored to the Bitcoin blockchain via OpenTimestamps, a free service that batches and records the data. Throughout this process, the salt, proof, and timestamp remain strictly private.
Quantum-Resistant Redemption and Network Upgrades
If the Bitcoin network eventually implements a soft fork that locks legacy coins, the PACTs framework provides a built-in recovery mechanism. Wallet owners can later submit a STARK proof, a quantum-resistant zero-knowledge cryptographic method, to demonstrate that their ownership commitment was established prior to the advent of viable quantum hardware. Upon successful verification, the network releases the frozen funds. Notably, this redemption process maintains complete anonymity, disclosing neither the original address, the transaction amount, nor the initial timestamp date.
Infrastructure Requirements and Practical Limitations
While PACTs resolve a critical gap left by BIP-361—specifically regarding wallets generated before the 2012 BIP-32 standard, which encompasses most of Satoshi’s known addresses—the proposal demands significant network development. Implementing the necessary STARK verification infrastructure would require a separate soft fork and extensive community agreement. Robinson emphasizes that Bitcoin currently lacks the foundational architecture for this, necessitating the development of standardized multisignature wallets, advanced scripting capabilities, and compatible hardware wallet support. Furthermore, the system operates on a strict prerequisite: the current key holder must establish the cryptographic commitment before either a quantum breach or a community-enforced freeze occurs. The protocol cannot be applied retroactively, meaning coins remain vulnerable if their owners fail to act in time. Ultimately, while PACTs introduce a more nuanced approach to the debate between quantum security and dormant asset rights, the framework leaves one critical question unanswered: whether the controller of Satoshi’s private keys will ever choose to utilize it.
