- Paradigm researcher Dan Robinson proposed PACTs, letting Bitcoin holders timestamp key possession silently with no on-chain value.
- Satoshi Nakamoto’s 1.1 million BTC, price over $75 billion, sits in wallets that current quantum rescue plans can’t cowl.
- A STARK proof tied to a pre-cutoff timestamp would let holders reclaim sunsetted funds with out revealing non-public key particulars.
A Paradigm researcher has proposed a quantum-resistant backup plan for Bitcoin that lets holders defend their funds silently and with none on-chain motion.
Dan Robinson printed the idea on Could 1, 2026, introducing Provable Tackle-Management Timestamps, or PACTs.
The protocol targets addresses with uncovered public keys, which stay susceptible to theft by cryptographically related quantum computer systems. Robinson argues that holders can act right this moment, earlier than any protocol improve is required.
Robinson’s Case for a Silent Self-Protecting Measure
Robinson constructed his proposal round an easy concern: Bitcoin holders with uncovered public keys haven’t any quiet strategy to defend themselves right this moment.
A quantum laptop highly effective sufficient to derive non-public keys might steal lots of of billions of {dollars} price of Bitcoin.
Addresses tied to Satoshi Nakamoto alone maintain roughly 1.1 million BTC, price over $75 billion at present costs. These wallets predate BIP-32, leaving them exterior the scope of current rescue proposals.
The PACT protocol addresses this by letting holders timestamp a cryptographic proof of key possession utilizing OpenTimestamps.
The service is free, open-source, and batches many commitments right into a single Bitcoin transaction.
No transaction is required from the holder, and nothing about their handle or identification is revealed. The dedication exposes solely an opaque hash, making the method fully silent.
To create a PACT, a holder generates a 256-bit secret salt and produces a BIP-322 full message proof of management over their susceptible handle.
That proof and salt are then hashed right into a dedication, which will get timestamped on the Bitcoin blockchain by way of OpenTimestamps.
The holder shops the salt, proof, and timestamp file securely as a restoration artifact. At no level is any of this data shared publicly or broadcast to the community.
Robinson additionally famous that agreeing on a standardized format for PACTs is probably the most pressing step. As soon as a typical exists, holders can start timestamping instantly with out ready for any Bitcoin fork.
This provides the neighborhood extra time earlier than a quantum emergency forces rushed selections. The proposal doesn’t require Bitcoin to commit right this moment to any particular plan of action.
How the Rescue Path Would Work Beneath a Future Fork
If Bitcoin ever adopts a sundown on quantum-vulnerable addresses, Robinson’s proposal outlines a corresponding rescue mechanism.
A holder would submit a post-quantum STARK proof displaying they knew their non-public key earlier than cryptographically related quantum computer systems might have derived it.
The proof can be certain to a selected rescue transaction, stopping copying or redirection. The salt and BIP-322 proof would stay hidden all through your complete course of.
The rescue path requires the PACT dedication to predate an outlined cutoff date. That cutoff can be set earlier than CRQCs are believed able to breaking current key cryptography.
An attacker who later obtains a personal key via quantum means couldn’t fabricate a timestamp that predates that cutoff. This construction separates legit possession from quantum-derived entry in a verifiable manner.
Robinson acknowledged that no assure exists that Bitcoin will ever undertake this rescue protocol.
Multisig wallets, complicated scripts, and {hardware} pockets help would every require additional standardization earlier than PACTs apply universally. Holders ought to subsequently deal with PACTs as a precautionary step moderately than a assured safety.
The low value of committing, nonetheless, makes early motion an affordable alternative for long-term holders.
The broader debate about quantum preparedness in Bitcoin stays unsettled. Robinson’s proposal doesn’t resolve whether or not a sundown is critical or fascinating.
As a substitute, it offers the neighborhood an extra software to work with if that call ultimately arrives. For dormant holders dealing with privateness dangers both manner, that further choice might matter significantly.