A new research proposal outlines a method to make Bitcoin transactions resistant to quantum computer attacks without altering the network’s core protocol. Designed by StarkWare researcher Avihu Mordechai Levy, the “Quantum-Safe Bitcoin” scheme replaces vulnerable elliptic-curve cryptography with hash-based puzzles and Lamport signatures. While the approach shifts significant computational work to users and is considered a temporary workaround, it functions within Bitcoin’s existing scripting rules.
A novel proposal aims to protect Bitcoin from future quantum attacks without requiring any protocol changes. The research, detailed in a recent paper by StarkWare researcher Avihu Mordechai Levy, introduces a transaction scheme designed to remain secure even if quantum computers break today’s cryptographic standards.
The method replaces current elliptic-curve assumptions with hash-based cryptography and post-quantum secure Lamport signatures. “Since Lamport signatures are post-quantum secure, and they sign a cryptographically strong identifier of the transaction, it is not possible to modify the transaction without producing a new Lamport signature—which the attacker cannot forge, even with quantum computing capabilities,” Levy wrote. At its core is a cryptographic puzzle requiring roughly 70 trillion attempts to solve before a transaction is broadcast.
This computational work is performed off-chain by the user, estimated to cost a few hundred dollars per transaction using commodity hardware like GPUs. The entire system is engineered to fit within Bitcoin’s restrictive scripting limits of 201 opcodes and 10,000 bytes by using a layered transaction structure and “transaction pinning.”
Levy describes the system as a “last-resort” measure rather than a scalable, permanent fix due to its high computational cost and large on-chain transaction size. The paper notes transaction creation is more complex and such transactions may face propagation issues under current network relay policies.
While it defends against attacks leveraging Shor’s algorithm, the scheme is still vulnerable to quadratic speedups from Grover’s algorithm. “To the extent that the quantum threat is believed to be real, it remains necessary to continue the ongoing effort to research and implement the best possible solution for Bitcoin–one that is maximally efficient, user-friendly, and answers Bitcoin’s needs, through protocol-level changes,” Levy concluded. This proposal joins others like BIP-360 in exploring quantum resistance, as entities like Google and Cloudflare prepare their own post-quantum transitions with a 2029 target.
