A new research proposal says it can make Bitcoin transactions resistant to quantum attacks without changing the network’s core rules, a goal that has drawn attention as concerns grow over future cryptographic risks.
In a paper published on April 9, Avihu Levy of StarkWare described “Quantum-Safe Bitcoin Transactions Without Softforks,” introducing a system called Quantum Safe Bitcoin, or QSB. The design aims to protect transactions from threats posed by quantum computers while remaining compatible with the existing Bitcoin protocol.
The proposal addresses known vulnerabilities in Bitcoin’s current architecture. Normalization depends on ECDSA signatures over the secp256k1 curve. In theory, a powerful enough quantum computer using Shor’s algorithm could break this system by solving different logarithms, which would allow attackers to create signatures and use funds.
QSB replaces reliance on elliptic curve security with hash-based guesswork. Instead of trusting ECDSA, the system uses it as an authentication mechanism while changing the security to a pre-hash image refutation. This approach is based on previous work known as Binohash, which embeds one-time signature schemes in Bitcoin Script.
At the core of QSB is the “hash-to-signature” puzzle. The system instantiates the transaction-based public key using RIPEMD-160 and treats the output as a candidate ECDSA signature. Only a small fraction of random hashes meet the strict formatting rules required for valid signatures, creating a proof-of-work scenario. The paper estimates the odds of success at about one in 70.4 billion attempts.
Bitcoin is resistant to quantum attacks
Because the puzzle depends on the properties of the hash rather than the fitness of the elliptic curve, it remains resistant to Shor’s algorithm. A quantum attacker would only get a quadratic speedup from Grover’s algorithm, leaving reasonable security margins. The paper estimates the pre-image resistance of the second 118-bit image under Shor’s threat model.
The architecture works within Bitcoin’s existing writing limits, including a cap of 201 opcodes and a maximum text size of 10,000 bytes. It uses legacy script structures and avoids any need for compatibility changes or soft forks, a feature that may appeal to developers who are aware of protocol fragmentation.
The transaction process occurs in three stages, the claims of the proposal. First, the “pinning” phase searches for function parameters that produce a valid hash-to-signature output, binding the transaction to a static structure. Next, two rounds of hashing select subsets of the embedded signatures to generate additional evidence tied to the hash of the function. Finally, the transaction is compiled with all necessary images and verification data.
Design introduces trade-offs. QSB transactions exceed normal forwarding policy limits, meaning they will not propagate across the network under the default settings. Instead, they will need to be shipped directly to miners through services like Slipstream. Documents also use significant space and computing resources.
Despite these constraints, the cost of producing valid work appears to be relatively affordable. The paper estimates total computing costs between $75 and $150 using cloud GPUs, with workloads reaching the same hardware. Early tests report successful solutions to the puzzle after a few hours using multiple GPUs.
The project remains incomplete. While the documentation and script generation tools are complete, parts of the pipeline, including full transaction integration and streaming, have yet to be shown on-chain.
Still, the proposal adds to a growing body of research exploring how Bitcoin could adapt to a future with quantum computing. By avoiding protocol changes, the QSB presents a single approach that relies on existing rules instead of consensus development, a direction that may shape further debate over long-term network security.
Editorial disclaimer: We use AI as part of our editorial workflow, including supporting research, image production, and quality assurance processes. All content is moderated, reviewed, and approved by our editorial team, which is responsible for accuracy and integrity. AI generated images only use tools that are properly licensed equipment. In Bitcoin, as in the media: Don’t trust. Confirm.
