A StarkWare researcher has published what he says is the first method today to make Bitcoin transactions quantum-secure on the live network, without any changes to the Bitcoin protocol. The system, however, costs up to $200 per transaction and is designed as an emergency measure rather than a permanent solution.
In a paper published this week, StarkWare researcher Avihu Levy introduced Quantum Safe Bitcoin, or QSB, a system that aims to enable quantum-resistant transactions without requiring changes to the Bitcoin protocol, by replacing signature-based security assumptions with hash-based proofs within its design.
The hash-based design survives the type of quantum attack that would break current cryptography, but shifts the burden of consensus to computation, requiring heavy off-chain GPU work for each transaction.
Think of traditional digital signatures like a handwritten signature on a check, which proves you authorized a transaction using a secret key that others can verify with a public key.
In Bitcoin, these digital signatures are called ECDSA signatures. They are protected against today’s computers, but a sufficiently powerful future quantum computer could, in theory, derive the secret key from a public key and potentially compromise the funds.
QSB addresses this flaw by redesigning the system around a different type of cryptography, involving hash-based proofs, which is more like an unforgeable fingerprint, where instead of relying solely on the signature, a unique mathematical summary of the data is created. This is said to be extremely difficult to fake or reverse, even for powerful computers.
QSB operates entirely within Bitcoin’s existing consensus rules for existing transactions. It requires no soft fork (software upgrade), no miner signaling, and no activation schedule. This stands in stark contrast to BIP-360, the quantum resistance proposal that was merged into the official Bitcoin Improvement Proposal repository in February, but which lacks a Bitcoin Core implementation and faces years of governance delay.
The proposal builds on an earlier idea known as Binohash, which added an extra layer of computational work to secure Bitcoin transactions. The problem is that it depends on a type of cryptography that quantum computers are supposed to break. In practice, this means that protection disappears in a quantum scenario. An attacker could bypass the system’s primary security control entirely, rendering it ineffective.
Additional cost
The hash-based solution, however, involves extremely expensive transactions.
Generating a valid transaction requires searching through billions of possible candidates, a process that Levy estimates would cost between $75 and $200 using commodity cloud GPUs. Currently, the cost of sending a Bitcoin transaction through the blockchain is around 33 cents.
The system also has practical obstacles. QSB transactions would not pass through the normal Bitcoin blockchain like traditional payments. Instead, users will likely have to send them directly to miners willing to process them.
They also don’t work with faster, cheaper layers like the Lightning Network, and are much more complicated to create. Generating a transaction would require handing heavy calculations to external hardware, rather than simply signing and sending from a wallet.
Levy describes the system as a “measure of last resort,” not a replacement for protocol-level upgrades. Proposals such as BIP-360, which aim to introduce quantum-resistant signature schemes via a soft fork, remain the most scalable long-term solution, but could take years to enable.
The timeline for BIP-360 activation is uncertain. Polymarket bettors say the chances of that happening this year are low, and Bitcoin’s governance history offers little reason for urgency: Taproot took about seven and a half years from concept to deployment. Then again, mature quantum computers, capable of breaking the encryption that secures the network, will not arrive tomorrow either.
Instead, QSB offers something different: a way to survive a quantum break using current rules, if users are willing to pay for it.
