Bitcoin transactions could be made resistant to future quantum attacks without changing the network’s core protocol, according to a proposal from StarkWare researcher Avihu Mordechai Levy.

In a recent paper, Levy describes a “Quantum-Safe Bitcoin” transaction scheme designed to remain secure even if quantum computers break the elliptic-curve cryptography used today. The method works within Bitcoin’s existing scripting rules and would not require a soft fork or other network upgrade.

“We present QSB, a Quantum Safe Bitcoin transaction scheme that requires no changes to the Bitcoin protocol and remains secure even in the presence of Shor's algorithm,” Levy wrote.

The proposal replaces elliptic-curve signatures with hash-based cryptography and Lamport signatures, an early signature scheme considered resistant to quantum attacks.

“Since Lamport signatures are post-quantum secure, and they sign a cryptographically strong identifier of the transaction, it is not possible to modify the transaction without producing a new Lamport signature—which the attacker cannot forge, even with quantum computing capabilities,” Levy wrote.



At the center of the design is a cryptographic puzzle that must be solved before a transaction is broadcast. The paper estimates that finding a valid solution would require about 70 trillion attempts.

Unlike Bitcoin mining, the computation happens before the transaction reaches the network. Users perform the work off-chain and submit a transaction that already includes proof that the puzzle was solved.

Levy estimates the puzzle could be solved using commodity hardware such as GPUs at a cost of a few hundred dollars per transaction.

The scheme is designed to operate within Bitcoin’s scripting limits of 201 opcodes and 10,000 bytes. The paper notes these limits are extremely restrictive because every opcode counts toward the total, even if it appears in an unused script branch.

To fit within those limits, the system combines Lamport signatures with hash-based puzzles in a layered transaction structure. It also introduces “transaction pinning,” which requires anyone attempting to modify the transaction to solve the puzzle again.

Levy describes the system as a “last-resort” measure rather than a scalable fix. The paper says both the off-chain computational cost and the on-chain transaction size would not scale to Bitcoin’s target throughput or the needs of most users.

Transaction creation is also more complex than standard Bitcoin usage, and may be considered non-standard under current relay policies, meaning they could face propagation issues and may need to be submitted directly to mining pools rather than broadcast through the public mempool.

The proposal also carries security trade-offs. While it avoids attacks based on Shor’s algorithm that threaten elliptic-curve signatures, Grover’s algorithm could still provide a quadratic speedup for quantum attackers.

“To the extent that the quantum threat is believed to be real, it remains necessary to continue the ongoing effort to research and implement the best possible solution for Bitcoin–one that is maximally efficient, user-friendly, and answers Bitcoin's needs, through protocol-level changes,” Levy wrote.

Levy’s paper joins several proposals that have emerged outlining how Bitcoin could transition to quantum-resistant cryptography, including BIP-360, which introduces a Pay-to-Merkle-Root address format designed to support quantum-safe signatures.

While the quantum threat to Bitcoin remains theoretical, companies including Google and Cloudflare are already preparing for it, setting a 2029 deadline to transition their systems to post-quantum.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。