Persistent security concerns about Bitcoin‘s resilience to quantum computers are especially pronounced for millions of dormant coins stored in old wallets. The greatest vulnerability centers on the 1.1 million BTC, now worth around $84 billion, believed to be under Satoshi Nakamoto’s control. Experts warn that, should sufficiently powerful quantum computers emerge, it could become feasible to access the private keys of these historic addresses and move their balances.
Proposed software updates and BIP-361 debate
To counter this threat, the most discussed approach involves a soft fork preventing any further transactions from risky old address types on the network. This would potentially require all legacy balances to be transferred into new, quantum-resistant wallets. Back in April, renowned Bitcoin developer Jameson Lopp and his team of five proposed BIP-361, a solution aimed at enforcing such migration within five years and freezing any untransferred coins.
Yet, this idea presents a unique dilemma because it also includes untouched addresses with unknown owners, which could force individuals like Satoshi Nakamoto or other historical holders to publicly clarify their identities and intentions.
Dan Robinson of Paradigm investment firm observed that current proposals either undermine security against quantum attacks or risk violating the property rights of dormant address owners.
PACTs: Proving ownership without spending
To address these issues, Dan Robinson from Paradigm introduced the concept of Provable Address-Control Timestamps (PACTs). PACTs allow an address owner to cryptographically prove they control a wallet at a specific date, using a timestamp—without actually spending any coins or revealing sensitive information to the public.
The process involves creating a secret salt (random data) and generating a proof of ownership using the BIP-322 standard, which enables address signing without moving coins. This proof and the salt are jointly timestamped as a single, batch transaction recorded on the blockchain, utilizing the free OpenTimestamps service on Bitcoin. The salt and proof files remain strictly private.
If the Bitcoin network ever freezes legacy addresses reminiscent of the BIP-361 proposal, holders could activate a STARK-based zero-knowledge proof as a recovery method. The STARK protocol is viewed as quantum-resistant, making it a potentially robust safeguard for the future.
BIP-32 compatibility and technical limitations
This solution can help owners of deterministic wallets created under the BIP-32 standard, which has been in place since 2012. However, most of Satoshi Nakamoto’s addresses predate this standard, meaning the new mechanism may not cover all legacy accounts. Robinson cautioned that enabling STARK verification in Bitcoin would require a fresh soft fork as well as broad community approval. The existing infrastructure would also need significant upgrades, especially concerning multi-signature transactions, complex smart contracts, and hardware wallet integration.
A further challenge is that this protocol would only work if Satoshi—or whoever holds the corresponding keys—actively participates. If Satoshi has truly disappeared and the keys are lost forever, the only remaining options are to freeze those coins or risk them falling victim to a quantum attack in the future.
In conclusion, while PACTs present a novel alternative to the ongoing debate over frozen addresses, it remains uncertain whether Satoshi or other notable early holders will ever utilize this method.
