Insider Brief
- A new proposal suggests Bitcoin could defend against future quantum attacks using a hash-based transaction method that works within the network’s existing rules and requires no protocol changes.
- The approach replaces vulnerable cryptographic assumptions with quantum-resistant techniques, including hash puzzles and Lamport signatures, while shifting computational work to users generating transactions.
- The method introduces tradeoffs such as higher costs, increased complexity and limited compatibility, and is positioned as a transitional solution rather than a permanent fix.
- Image: Photo by Michael Förtsch on Unsplash
Actually, don’t stick a fork in Bitcoin.
While quantum computing poses a known threat to Bitcoin, a new proposal suggests the network could defend itself without changing its core protocol.
In a recent paper, StarkWare researcher Avihu Mordechai Levy introduces a method for “quantum-safe” Bitcoin transactions that can be deployed today, without requiring a soft fork or modification to the underlying system. The approach, referred to as QSB, is designed to remain secure even in a world where large-scale quantum computers can break elliptic curve cryptography, the foundation of Bitcoin’s current security model.
Levy reported that the scheme replaces vulnerable cryptographic assumptions with a construction that relies primarily on hash functions, which are considered more resilient to quantum attacks. According to the paper, the method achieves roughly 118-bit second pre-image resistance under a quantum threat model, while remaining compatible with Bitcoin’s existing script limitations. In plain terms, this means is that the method would make Bitcoin transactions highly secure even against future quantum computers — roughly equivalent to a very strong modern security level — while still working within Bitcoin’s current technical rules.
The advance addresses a widely acknowledged risk that Bitcoin transactions today rely on ECDSA or Schnorr signatures, both of which can be broken by Shor’s algorithm running on a sufficiently powerful quantum computer. Levy writes that such a capability would allow an attacker to forge signatures, redirect funds, and effectively compromise the integrity of transactions.
A Workaround Without Protocol Changes
Rather than proposing a network-wide upgrade, the study outlines a workaround that operates entirely within Bitcoin’s existing scripting system. The researcher reported that the scheme fits within legacy constraints, including strict limits on script size and the number of executable operations.
This constraint drives much of the design. According to the paper, Bitcoin scripts are limited to 201 non-push opcodes and 10,000 bytes, forcing any quantum-safe construction to be both compact and computationally efficient. The QSB scheme works within those limits by combining multiple cryptographic techniques into a layered transaction structure.
At the core is a shift away from elliptic curve assumptions. The study indicates that the scheme replaces a previously used “signature size” proof-of-work mechanism—which becomes insecure under quantum attacks—with a hash-based puzzle. In this construction, the system requires that a hashed value coincidentally forms a valid digital signature, an event that occurs with very low probability.
According to the paper, this “hash-to-signature” puzzle has a fixed difficulty of roughly one successful outcome in 2^46 attempts, creating a computational barrier that does not rely on the hardness of elliptic curve problems.
A New Role for Proof-of-Work
The design effectively introduces a new kind of proof-of-work at the transaction level. Levy reported that users must perform computational work off-chain to generate valid transactions, iterating through candidate values until they satisfy the hash-based condition.
This work is not performed by the Bitcoin network itself, but by the transaction creator. According to the study, the process can be carried out using commodity hardware, such as GPUs, at an estimated cost of a few hundred dollars per transaction.
The scheme also includes a mechanism known as “transaction pinning,” which ensures that any modification to a transaction requires solving the computational puzzle again. The researcher suggests that this prevents attackers from reusing components of a valid transaction to construct a fraudulent one.
The system also uses Lamport signatures — an early form of hash-based cryptography that is resistant to quantum attacks — to authenticate transaction data. These signatures are embedded directly into the script and verified on-chain.
Complexity Shifts Off-Chain
The operational model of the system is interesting with Levy reporting that the most computationally intensive tasks can be separated from sensitive operations, allowing them to be outsourced to untrusted hardware.
As the researcher describes in the paper, a user can generate the necessary cryptographic secrets on a secure device, while delegating the computational search process to external GPU clusters. Theeventual solution is then verified locally before being broadcast to the network.
This architecture reflects a broader trend in both quantum computing and cryptography, where complexity is increasingly distributed across hybrid systems rather than concentrated in a single component.
Limits and Tradeoffs
The scheme is not intended as a long-term solution and, according to the paper, the approach introduces significant tradeoffs, including higher transaction costs, increased complexity for users and limited compatibility with existing Bitcoin features such as the Lightning Network.
The transactions themselves are also non-standard, which could affect how they are relayed and processed across the network. Further work would be needed to improve efficiency and usability.
More fundamentally, the approach does not eliminate the need for protocol-level upgrades. While it provides a way to construct quantum-resistant transactions today, it does so by shifting computational burden onto users rather than redesigning the underlying system.
Still, the proposal highlights a potential path forward as concerns about quantum threats continue to grow. The hash-based constructions offer a more durable foundation in a post-quantum environment, even if they come with practical limitations. In that sense, the work might be considered more of a transitional strategy, one that bridges the gap between current cryptographic systems and a future in which quantum-safe standards are fully integrated into blockchain protocols.
For a deeper, more technical dive, please review the paper on Github. It’s important to note that pre-print servers allow researchers to receive quick feedback on their work, but it is not — nor is this article, itself — official peer-review publications. Peer-review is an important step in the scientific process to verify results.