A new research proposal claims it could make Bitcoin transactions resistant to quantum attacks without changing the network’s core rules, a goal that has attracted attention as concerns grow over future cryptographic risks.
In a paper published on April 9, Avihu Levy of StarkWare outlined “Quantum-Safe Bitcoin Transactions Without Softforks,” introducing a scheme called Quantum Safe Bitcoin, or QSB. The design aims to protect transactions from threats from quantum computers while remaining compatible with the existing Bitcoin protocol.
The proposal targets a known vulnerability in Bitcoin’s current design. Standard transactions rely on ECDSA signatures over the secp256k1 curve. In theory, a sufficiently powerful quantum computer running Shor’s algorithm could potentially break this system by solving discrete logarithms, which would allow attackers to forge signatures and spend money.
QSB replaces reliance on elliptic curve security with hash-based assumptions. Instead of relying on ECDSA, the scheme uses it as a verification mechanism while switching security to hash-pre-image resistance. This approach draws from previous work known as Binohash, which embeds one-time signature schemes in Bitcoin Script.
At the core of QSB is a “hash-to-signature” puzzle. The system hashes a transaction-derived public key using RIPEMD-160 and treats the output as a candidate ECDSA signature. Only a small fraction of random hashes meet the strict formatting rules required for valid signatures, creating a proof-of-work state. The paper estimates the probability of success at about one in ~70.4 trillion trials.
Bitcoin resistant to quantum attacks
Because the puzzle depends on hash properties rather than elliptic curve hardness, it remains resistant to Shor’s algorithm. A quantum attacker would only get a quadratic speedup from Grover’s algorithm, leaving meaningful margins of safety. The paper estimates about 118-bit seconds before-image resistance under a Shor threat model.
The construct works within Bitcoin’s existing scripting limits, including a cap of 201 opcodes and a maximum script size of 10,000 bytes. It uses legacy script structures and avoids any need for consensus changes or soft forks, a feature that may appeal to developers wary of protocol fragmentation.
The transaction process unfolds in three phases, the proposal claims. First, a “pinning” phase searches for transaction parameters that produce a valid hash-to-signature output that binds the transaction to a fixed structure. Next, two digest rounds select subsets of embedded signatures to generate additional proofs associated with the transaction hash. Finally, the transaction is assembled with all necessary preimages and verification data.
The design introduces trade-offs. QSB transactions exceed default relay policy limits, meaning they are not propagated across the network under default settings. Instead, they would require direct submission to miners through services like Slipstream. Scripts also use significant space and computational resources.
Despite these limitations, the cost of generating a valid transaction appears within reach. The paper estimates the total computational cost between $75 and $150 using cloud GPUs, with the workload scaling across parallel hardware. Early testing reports successful puzzle solutions after several hours using multiple GPUs.
The project remains incomplete. While the paper and script generation tools are complete, parts of the pipeline, including full transaction collection and broadcast, have not been demonstrated on-chain.
Still, the proposal adds to a growing body of research exploring how Bitcoin could adapt to a future of quantum computing. By avoiding protocol changes, QSB presents one path that relies on existing rules rather than consensus upgrades, a direction that may shape further debate about long-term network security.
Editorial disclaimer: We utilize AI as part of our editorial workflow, including to support research, image generation and quality assurance processes. All content is directed, reviewed and approved by our editorial team, who are responsible for accuracy and integrity. AI-generated images only use tools trained on properly licensed material. In Bitcoin, as in media: Do not trust. Verify.