Bitcoin Quantum Proposal PACTs Offer Silent Ownership Path for Satoshi-Era Coins

New Bitcoin Quantum Proposal Gives Satoshi a Silent Ownership Path

A new Bitcoin quantum proposal is trying to solve a nasty future problem before it becomes a full-blown disaster: how do dormant holders prove ownership of old coins without exposing themselves onchain to tomorrow’s quantum attackers? Paradigm researcher Dan Robinson has floated Provable Address-Control Timestamps (PACTs), a private way to timestamp proof of control over a Bitcoin address without moving a single sat today.

• PACTs = private proof that you once controlled an address
• Targets = exposed public keys, including Satoshi-era coins
• Risk = quantum computers cracking old Bitcoin signatures
• Tradeoff = freeze vulnerable coins or risk theft
• Status = clever concept, not official Bitcoin policy

The reason this matters is simple: Bitcoin addresses themselves are not the secret. The real secret is the private key behind them. If a wallet has revealed its public key onchain, and a future quantum computer becomes powerful enough, that public key could potentially be used to work backward and steal the funds. That is the nightmare scenario people mean when they talk about a Bitcoin quantum risk.

Robinson did not mince words:

“An attacker with a powerful enough quantum computer could steal hundreds of billions of dollars of Bitcoin.”

That is not marketing fluff or panic porn. It is the core security question hanging over Bitcoin’s oldest funds: what happens if the math that protects them stops being enough?

What PACTs are actually trying to do

Provable Address-Control Timestamps are meant to let a holder quietly prove, in advance, that they controlled a vulnerable address at a certain time. Not by broadcasting a transaction. Not by moving coins and leaving a breadcrumb trail for the whole internet to inspect. Just by creating a private record that could be used later if Bitcoin ever adopts a quantum defense policy.

Robinson’s pitch is elegant because it avoids the ugly part of the problem. If a future Bitcoin upgrade decides that addresses with exposed public keys must be frozen or “sunset,” then dormant holders could be forced into a brutal choice: move coins publicly and expose themselves, or do nothing and potentially lose everything. Robinson spelled out the dilemma plainly:

“If an upgrade sunsets support for those addresses, these dormant holders will be forced to publicly move their coins or let them be frozen.”

And if Bitcoin never sunsets those addresses?

“But if quantum computers are coming and we don’t sunset those addresses, those holders will be forced to move those coins or let them be stolen.”

That is the ugly sandwich here: either reveal yourself early, or gamble that nobody shows up with a quantum wrecking ball before you do.

Why Satoshi-era coins are the real pressure point

The discussion gets especially spicy when Satoshi Nakamoto’s early coins enter the picture. The proposal references wallets believed to belong to Bitcoin’s pseudonymous creator holding around 1.1 million BTC, worth more than $75 billion at the quoted price. That is not just a pile of coins. It is a political, symbolic, and technical landmine.

Early Bitcoin wallets are also awkward for another reason: some of them predate modern standards like BIP-32, which introduced hierarchical deterministic wallets. In plain English, BIP-32 made it easier to manage lots of addresses safely from one seed. Older wallets did not always benefit from that kind of structure, which makes them harder to fit into recovery ideas built for newer setups.

Robinson’s proposal is aimed at those long-dormant holders, including the legendary Satoshi stash, because those coins are exactly the kind of thing Bitcoin would hate to lose in a future cryptographic failure. At the same time, they are also the kind of coins that nobody wants to see moved publicly if the owner is trying to stay anonymous. Hence the need for a silent ownership path.

How the mechanism works, in plain English

The PACTs flow is built from a few cryptographic building blocks, but the idea is straightforward once stripped of jargon:

• The holder creates a secret salt, which is just random private data.
• They make a BIP-322 full message signing proof, which is a standardized Bitcoin message signature proving control of an address.
• That proof gets hashed into a commitment, meaning it is turned into a unique fingerprint.
• The commitment is timestamped with OpenTimestamps, a tool that can anchor data in a publicly verifiable time record.

The important part: no Bitcoin transaction is broadcast. The address is not revealed. The salt is not revealed. The key is not revealed. The coins are not touched.

For readers new to this stuff, UTXO means “unspent transaction output,” which is basically the specific coin chunk Bitcoin tracks onchain. A PACT would be about proving control over that coin chunk without spending it. That is a big deal because spending it now could create the very exposure holders are trying to avoid.

If a future Bitcoin upgrade ever froze or sunset quantum-vulnerable keys, the holder could later present a post-quantum-secure proof such as a STARK. STARKs are a class of cryptographic proof designed to remain secure even in a post-quantum world. In simpler terms, they are one of the more credible bets for proving something without relying on the old signature scheme that a quantum attacker might break.

Why this is a Bitcoin problem, not just a science-fiction headache

Bitcoin currently relies on ECDSA, the signature scheme that proves ownership of coins. That system works very well today, which is why Bitcoin has been able to secure trillions in value without collapsing into digital confetti. But if a sufficiently powerful quantum computer becomes practical, ECDSA could become vulnerable in ways that are not theoretical enough to ignore forever.

The critical nuance is that not all Bitcoin is equally exposed. The main risk sits with coins whose public keys have already been revealed onchain. Newer address types can keep the public key hidden until spending, which helps. But once an address has spent from a public-key-revealing script, the cat is out of the bag. If future quantum hardware becomes real, that cat may have a very expensive laser pointer aimed at it.

That is why the proposal talks about quantum-vulnerable addresses rather than all Bitcoin. It is a focused problem, but still a serious one.

Can Bitcoin freeze vulnerable coins?

Maybe. That is the part guaranteed to start a fight.

A draft soft fork concept called BIP-361 has been mentioned in this context as a possible “sunset” mechanism for addresses with exposed public keys. A soft fork is a network upgrade that tightens rules without breaking older nodes in the same dramatic way a hard fork would. The idea would be to eventually stop allowing spending from addresses considered unsafe in a quantum future.

That sounds neat until you remember what it actually means in practice: old holders may have to move coins publicly, or accept that those coins are effectively frozen. Some Bitcoiners will see that as necessary defense. Others will call it a violation of property rights and one more slippery excuse for protocol meddling.

Both sides have a point, which is annoying but true.

If Bitcoin protects the network by freezing unsafe keys, it may preserve value overall, but it also changes the rules for dormant holders. If Bitcoin leaves everything untouched, it preserves the “don’t touch my coins” ethos, but it may leave a sitting duck for whoever shows up with a sufficiently nasty quantum machine. There is no clean answer here, only choices with different flavors of pain.

Why PACTs are interesting even if Bitcoin never uses them

Robinson is careful not to oversell the idea. He explicitly says this is illustrative, not an official Bitcoin proposal. The rescue phase would require “substantial new protocol plumbing,” which is a polite way of saying: don’t expect a neat checkbox fix from a future wallet update.

Still, the proposal fits Bitcoin’s long-term mindset better than most of the hand-wavy “we’ll figure it out later” takes floating around crypto Twitter. Bitcoin is built around hedging tail risks, preserving sovereignty, and planning for the kind of slow-burning threat that normal finance tends to ignore until it is too late.

Robinson put that philosophy well:

“Bitcoin is about preparing for the long term, hedging for tail risks, and self-reliance.”

“If there is a way to plant a seed now that will give us an advantage over cryptographic attackers in a possible future, then long-term holders should take it.”

That is the best case for PACTs. Not that they solve quantum risk today. They do not. Not that they guarantee Bitcoin will adopt a sunset policy. They won’t. Not that they magically protect old coins from every future attack. They don’t.

What they do offer is something Bitcoiners actually understand: a way to prepare without asking the network to hand out a giant “please steal me later” sign.

Why this debate is far from settled

The real tension is philosophical as much as technical. Bitcoin is supposed to be hard money with strong finality, not a system that retroactively reclassifies dormant coins because the cryptography aged badly. But Bitcoin is also supposed to survive. If the network waits too long to address quantum risk, it may discover that “immutability” is a lovely principle right up until somebody drains billions from old addresses.

That is why the quantum sunset debate matters now, even if quantum computers powerful enough to threaten Bitcoin are still hypothetical. Security planning is easier before the fire starts. It is also easier before everyone discovers they stored their keys in a digital shoebox and called it self-custody.

PACTs sit in the middle of that tension. They do not demand that Bitcoin settle the sunset question today. They simply give holders a way to preserve evidence that may become useful if the network ever does.

Bitcoin quantum proposal or not, that is a sane instinct. Quiet preparation beats loud regret.

Key questions and takeaways

What is PACTs?
A proposed way to privately timestamp proof that you controlled a Bitcoin address, without moving the coins onchain.

Why is quantum computing a problem for Bitcoin?
Because a powerful quantum computer could potentially derive private keys from exposed public keys and steal funds from vulnerable addresses.

Why are Satoshi-era coins important here?
They are among the oldest and largest dormant holdings, and some may have exposed public keys that could become targets in a future quantum attack on Bitcoin.

Does PACTs move coins?
No. It is designed to be private and off-chain, so the holder does not have to reveal their address or spend funds just to prepare.

Would PACTs solve the quantum problem?
No. It would only preserve evidence of prior control if Bitcoin later adopts a quantum sunset or freeze policy.

Could Bitcoin really freeze vulnerable addresses?
Possibly, but it would be controversial. Some see that as necessary protection; others see it as a dangerous shift in Bitcoin’s property model.

Why does this matter now?
Because holders who want to think ahead can prepare before quantum attacks become practical, rather than scrambling after the fact.

Is PACTs an official Bitcoin upgrade?
No. Robinson presents it as a conceptual design, not a formal Bitcoin protocol change.

At press time, BTC traded at $79,690. A good reminder that Bitcoin already has enough drama without waiting for quantum computers to join the party.