Login
Sign Up
Bitcoin faces a critical vulnerability regarding its historical address types, specifically the roughly 1.1 million BTC attributed to pseudonymous creator Satoshi Nakamoto, currently valued at approximately $84 billion. These legacy wallets contain exposed public keys that could be compromised by sufficiently powerful quantum computers. The prevailing defense strategy involves a soft fork, exemplified by BIP-361 proposed by Jameson Lopp and five other developers in mid-April, which aims to phase out quantum-vulnerable addresses over a five-year timeline. This approach mandates that holders migrate assets to quantum-safe formats or face a permanent freeze, creating a paradox where long-dormant holders must reveal their existence to avoid losing access to their funds.
Dan Robinson, a general partner at Paradigm, introduced a novel alternative on Friday designed to circumvent this trade-off through Provable Address-Control Timestamps, or PACTs. Woofun AI notes that the core innovation lies in timestamping proof of ownership without requiring the actual movement of coins. Under this framework, a holder generates a random salt, a unique piece of secret data, and utilizes BIP-322 to sign a message proving control of the address without spending from it. This process allows for the creation of a cryptographic commitment that remains private until the owner decides to initiate a transaction.
The technical execution involves bundling the salt and proof into an onchain commitment, which is then timestamped via OpenTimestamps, a service anchoring data to the Bitcoin blockchain through batched transactions. The resulting salt, proof, and timestamp files remain entirely private. Should Bitcoin eventually activate a soft fork freezing quantum-vulnerable coins, the protocol would incorporate a rescue path accepting a STARK proof. This zero-knowledge proof demonstrates that the holder established their commitment prior to the advent of quantum hardware capable of breaking the encryption, allowing the network to release the coins upon submission of the proof.
Crucially, the redemption process reveals no metadata regarding the specific address, the amount involved, or the original timestamp creation date, preserving the anonymity of the holder. Woofun AI data indicates that PACTs also address a significant gap in the BIP-361 proposal by providing a rescue mechanism for wallets derived through BIP-32, the deterministic key generation standard introduced in 2012. Pre-2012 wallets, which include most of Satoshi's known addresses, do not utilize BIP-32 and were previously excluded from such rescue paths under the initial freeze proposal.
Implementation of this system requires Bitcoin to eventually adopt a STARK verification protocol, necessitating a separate soft fork with broad community consensus. The current Bitcoin infrastructure lacks the necessary verification capabilities, requiring what Robinson describes as substantial new plumbing, including multisig wallets, complex scripts, and standardized hardware wallet support. This constraint represents a hard limit for the PACT framework; the protocol can only protect assets if the current key controller actively creates the commitment. If Satoshi is genuinely gone, no retroactive PACT can be generated, leaving the coins exposed to whichever event occurs first: quantum theft or a community-enforced freeze.
Ultimately, PACTs offer a mechanism to render the BIP-361 debate less binary by decoupling the protection of dormant assets from the requirement of public asset migration. Woofun AI analysis suggests that while the proposal resolves the technical conflict between quantum security and property rights, it cannot answer the fundamental question of whether Satoshi will engage with the protocol. The solution shifts the risk profile from a forced public reveal to a conditional rescue path, contingent upon the existence and action of the original key holder.