There’s a Way to Make Bitcoin Quantum Secure Without a Fork, Researchers Say

Bitcoin transactions may be inconsistent with future volumes attack without changing protocols at the core of the network, according to the opinion from StarkWare researcher Avihu Mordechai Levy.

In a in the near future In the paper, Levy describes a “Quantum-Safe Bitcoin” protocol designed to be secure even if quantum computers can break the elliptic-curve cryptography used today. This method works internally Bitcoin is existing rules and will not require a soft fork or other network upgrades.

“We present QSB, a Quantum Safe Bitcoin transaction scheme that requires a change in the Bitcoin protocol and is secure even in the presence of the Shor algorithm,” Levy wrote.

The proposal replaces elliptic-curve signatures with hash-based cryptography and Lamport signatures, an original signature scheme that is considered incompatible with quantitative threats.

“From the beginning Lamport signatures are secure after the quantum, and they sign a strong identifier of the transaction, it is impossible to change the transaction without creating a new signature of Lamport – which the attacker cannot create, even with the ability of quantum computing, “Levy wrote.

At the heart of the design is a secret puzzle that must be solved before the ad can be aired. The paper estimates that finding the correct answer would require about 70 trillion experiments.

Unlike Bitcoin mining, calculations are done before the transaction reaches the internet. Users work off-chain and send content that already includes proof that the image has been removed.

Levy estimates that the image could be solved using hardware such as GPUs at a cost of several hundred dollars per transaction.

This scheme is designed to work within the Bitcoin scripting limit of 201 opcodes and 10,000 bytes. The paper says that this limit is very restrictive because each opcode counts the maximum, even if it appears in an unused branch.

To meet that limit, the system combines Lamport signatures and hash-based puzzles in an interactive way. It also creates “stickiness” that requires anyone who is trying to change their behavior to re-solve the problem.

Levy describes the plan as a “last resort” measure rather than a catastrophic fix. The paper argues that the slow price and growth of the network may not match Bitcoin’s ambitions or the needs of many users.

The creation of a transaction is also more complicated than the use of Bitcoin, and it may be considered inappropriate under the current transmission systems, meaning that it may be subject to media issues and may need to be submitted directly to mining pools instead of being broadcast through the public mempool.

This request also has security exchange. Although it avoids attacks based on Shor’s algorithm that threaten the elliptic-curve signature, Grover’s algorithm can still provide quadratic speedup to quantum attackers.

“To the extent that quantum risk is believed to be real, it is necessary to continue the continuous effort to find and implement a better solution for Bitcoin—one that is more efficient, practical, and responds to Bitcoin’s needs, through protocol changes,” Levy wrote.

Levy’s paper joins a number of ideas that have emerged showing how Bitcoin could transition to a decentralized cryptography, including BIP-360which introduces the Pay-to-Merkle-Root address format designed to support secure quantum signatures.

Although the threat of Bitcoin’s proliferation remains speculative, companies including Google and Cloudflare they are already planning, setting a deadline of 2029 to transition their systems to post-quantum.