StarkWare researcher Avihu Levy this week printed a technical schematic known as QSB (Quantum Protected Bitcoin) that permits Bitcoin transactions proof against quantum computer systems with out modifying the protocol, with out ready for a community replace and with out the necessity for consensus between community members.
The scheme was offered on April 9, 2026 together with a public repository that features the code and the paper educational. It’s aimed toward customers and builders in search of defend your transactions towards an eventual related advance in quantum computingand operates completely inside Bitcoin’s current consensus guidelines for scripts legacy.
The issue QSB seeks to unravel goes past the standard dialogue about wallets and personal keys. When somebody transmits a Bitcoin transaction, a quantum pc outfitted with Shor’s algorithm might forge the authorizing signature, redirect the funds to a different tackle, and transmit that altered model earlier than the unique is confirmed.
This is applicable even when the unique spending situation was sure by itself. With Taproot, the scenario is much more delicate: any output may be spent simply by realizing the non-public key, which a quantum pc might derive from the general public key.
An answer that operates with present guidelines
QSB is constructed on prime of Binohash, a earlier scheme by Robin Linus, however fixes its primary quantum vulnerability. Binohash used a puzzle (puzzle) based mostly on the dimensions of the ECDSA signature as proof of labor. That puzzle may be damaged by a quantum pc as a result of it relies on properties of elliptic curves, which Shor’s algorithm utterly compromises.
QSB replaces that puzzle for one based mostly on hash capabilities. The core concept is {that a} 20-byte random string has roughly a 1 in 70 billion probability of assembly the precise construction of a legitimate ECDSA signature. Discovering a transaction that satisfies that situation requires computational workhowever confirm it inside the script of Bitcoin is instant. And since hash capabilities are usually not susceptible to Shor’s algorithm, safety is maintained even towards a quantum adversary.
The method to spend a QSB-protected UTXO (unspent transaction) has three phases. First, the person varies free parameters of the transaction till discovering a mixture the place the puzzle of hash, which fixes the transaction and prevents modifying it with out repeating the whole course of. Then, in two unbiased rounds, a selected subset of signatures embedded within the script whose hash additionally meets the situation. That subset is the digest of the transaction, and is protected with a hash-based Lamport signature scheme, which is quantum resistant by design.
The computationally intensive a part of this course of operates solely on public information and may be delegated to untrusted {hardware}, corresponding to GPUs rented from cloud providers. Consumer secrets and techniques by no means go away your gadget. The estimated price is between $75 and $150 for cloud GPUs, with parallelization capabilities. In assessments reported within the repository, a legitimate resolution was discovered after roughly six hours utilizing eight GPUs.
He paper acknowledges a number of limitations. Transactions generated with QSB are non-standard below the insurance policies of relay (streaming) of Bitcoin Core, so that they should be despatched on to a mining pool that accepts them, corresponding to Marathon’s Slipstream service. The price per transaction doesn’t scale for mass use, and the scheme doesn’t help circumstances corresponding to Lightning Community channels. The writer himself describes it as a measure of final resort, helpful so long as the protocol doesn’t incorporate a local resolution by a consensus replace.
The implementation continues to be in improvement: the pinning on GPU was examined efficiently, however the whole search course of digest and transmission on-chain They haven’t been executed from finish to finish.
