Bitcoin PACTs Could Let Satoshi Prove He’s Alive Before Quantum Threats Hit

Paradigm Bitcoin launches PACTs, a quantum proposal that could let Satoshi prove he is still alive

• PACTs: Provable Address-Control Timestamps
• Goal: Privately timestamp proof of Bitcoin key ownership
• Why it matters: Quantum computers could eventually break legacy Bitcoin signatures
• Big names in the mix: Dan Robinson, Jameson Lopp, Adam Back, Satoshi Nakamoto

Robinson published PACTs — short for Provable Address-Control Timestamps — on May 1 as a way for long-dormant Bitcoin holders to quietly establish that they controlled their keys before quantum threats become real. The idea is aimed at protecting old BTC addresses, including the famously dormant wallets linked to Satoshi Nakamoto, from a future where quantum computers may be able to crack today’s signature schemes.

That’s the ugly little problem Bitcoin has to solve eventually: how do you protect old coins without forcing every forgotten wallet, lost seed phrase, and dead person’s stash into a public ownership circus? PACTs are designed as a private, off-chain proof system that could later be used in a quantum sunset soft fork — basically a Bitcoin upgrade that would phase out vulnerable signatures while giving holders a way to reclaim coins without exposing their keys to the entire network.

For anyone not deep in the weeds: a soft fork is a backward-compatible protocol upgrade, and “quantum sunset” is the proposed cutover point where older signature types stop being safe enough to trust. In plain English, it’s Bitcoin trying to retire the old locks before someone shows up with a futuristic skeleton key.

The timing matters because Bitcoin’s oldest address types, especially those with public keys exposed, are the ones most at risk if quantum computers eventually mature enough to break current cryptography. A private key is the secret that controls your coins. A public key is the data used to verify signatures. In some older formats, once the public key is exposed, it could become a target if quantum attacks become practical.

That’s the nightmare scenario: old coins don’t just sit there quietly forever; they become sitting ducks. Robinson warned that dormant wallets would be “ripe for the picking” if quantum attackers ever get the computing power to make legacy signatures look like wet tissue paper.

The scale is not trivial. Estimates cited in the debate suggest around 1.7 million BTC could be quantum-exposed, including roughly 1.1 million BTC tied to Satoshi-linked wallets. At current prices, that’s roughly $75 billion sitting in the blast radius. Not exactly pocket change. More like a flaming stack of property rights.

The Satoshi angle is what makes the whole discussion feel part security policy, part cryptographic soap opera. Robinson pointed out that if a forced migration required those coins to be moved or proven in public, Satoshi would effectively have to tell the world that they are “alive and still in possession of their keys”. That’s a huge assumption, of course. Nobody knows whether those coins are deliberately untouched, permanently lost, or controlled by someone who simply vanished from public view years ago. But the point stands: a mandatory reveal would drag dormant holders into the spotlight whether they wanted it or not.

Robinson also said a quantum hack on Bitcoin “would lead to a real loss of trust” in the asset. That’s not overcooked fearmongering. If old coins can be stolen because the signature scheme is obsolete, then Bitcoin’s hardest promise — that property rules are enforced by math instead of middlemen — takes a reputational body blow.

PACTs try to offer a middle path between two bad options. On one side is doing nothing, which leaves exposed wallets vulnerable if quantum computing ever crosses the line from academic scare to practical threat. On the other is a forced migration or freeze, where holders would have to publicly prove ownership or risk losing access. That second path may sound neat on a whiteboard, but in practice it would be a bureaucratic meat grinder for lost keys, abandoned wallets, deceased holders, and anyone who values privacy over performative compliance.

So how do PACTs actually work?

The proposal combines three pieces: a secret salt, a BIP-322 ownership proof, and an OpenTimestamps commitment anchored on-chain. A secret salt is just extra private randomness that makes the proof harder to guess, reuse, or fake. BIP-322 is a standard for proving you control a Bitcoin address without moving funds. OpenTimestamps lets someone anchor a proof to Bitcoin without publishing the underlying secret data.

The crucial feature is that no public transaction is required when the proof is made. That means a holder can establish a time-stamped claim of control without broadcasting a move that could later be traced, analyzed, or used as a target. In a space obsessed with “don’t trust, verify,” this is a properly Bitcoin-shaped idea: prove ownership, but don’t hand over your privacy as a sacrificial offering.

If Bitcoin later adopts a quantum-resistant recovery path, holders who made a PACT could potentially submit a STARK zero-knowledge proof to reclaim coins without revealing private keys. A zero-knowledge proof is a cryptographic method of proving something is true without exposing the underlying secret. STARKs are one of the better-known zero-knowledge systems, and they’re being explored across blockchain and security work because they offer a way to verify claims while keeping sensitive data hidden. In this case, the promise is simple: prove you owned the coins, but don’t dump your keys on-chain like a rookie flashing cash in a bad neighborhood.

That said, PACTs are not magic. Robinson acknowledged that multisig, complex scripts, and hardware wallet support would still need standardisation. That’s an important reality check. Bitcoin’s base layer can be elegant, but wallet support, upgrade coordination, and compatibility across hardware and software are where elegant ideas go to get mugged by implementation details.

PACTs also land in the middle of a larger debate already taking shape around Bitcoin quantum security. Jameson Lopp, Casa’s chief security officer, has put forward BIP-361, a proposal that sketches a phased migration away from legacy signatures. That work is complementary but not identical: BIP-361 is about the migration path, while PACTs are about preserving a private proof of control before that migration ever becomes necessary.

Then there’s the philosophical split. Some argue for opt-in quantum-resistant upgrades so users can move voluntarily. That approach fits Bitcoin’s ethos much better than the usual “we’re helping you” paternalism that often masks a property grab. Others want a harder line — a coin freeze proposal or forced migration — because once quantum attacks become real, leaving exposed coins alone could be a disaster.

Adam Back of Blockstream has reportedly argued for optional quantum-resistant upgrades, which is unsurprising given the culture of Bitcoin: users generally don’t enjoy being told their money will be “protected” by rewriting the rules under their feet. But the counterargument is equally blunt. If Bitcoin waits too long and quantum attackers get there first, then optional upgrades may be too little, too late.

That tension is the real story here. This is not just a technical debate about signatures and proofs. It’s a property-rights problem, a governance problem, and a trust problem. If Bitcoin ever needs a quantum sunset soft fork, the network will have to choose between protecting old coins and preserving the principle that no one should be forced to move their money just because the protocol got nervous.

There’s also a very practical question: what happens to the huge pile of dormant BTC that nobody can or will touch? Some of it belongs to forgotten wallets. Some of it may belong to dead owners. Some of it is likely lost forever. And yes, some of it may be Satoshi’s. A blanket freeze could be neat from a security standpoint, but Bitcoin has never really been designed for neatness when neatness means trampling dormant property rights. This is where the network’s conservatism is a feature — and also a pain in the ass.

Another point worth keeping in mind: the quantum threat is real enough to plan for, but not something to panic-buy a bunker over tomorrow morning. Modern wallets using safer practices are not all standing on the same level of exposure as old address formats with publicly revealed keys. That nuance matters. Bitcoin holders don’t need a melodramatic meltdown; they need a migration path, decent wallet support, and a protocol strategy that doesn’t treat privacy like a disposable napkin.

Robinson himself noted that Bitcoin may never even adopt a quantum sunset. That’s a fair warning. Bitcoin upgrades are messy, slow, and politically loaded. The network does not move because a researcher posts a clever idea on a Thursday. It moves when enough users, developers, wallet makers, and economic nodes decide the change is worth the risk. And that is exactly why a pre-commitment system like PACTs is interesting: it gives holders a way to prepare now for a future that may arrive much later — or maybe not at all.

Key questions and takeaways

What are PACTs?

PACTs, or Provable Address-Control Timestamps, are a proposed way for Bitcoin holders to privately prove they controlled an address at a certain time without making a public transaction.

Why does Bitcoin need a quantum plan?

Future quantum computers could potentially break legacy Bitcoin signature schemes, putting old and dormant wallets at risk of theft.

Why are dormant Bitcoin wallets a big deal?

Old wallets are more likely to contain exposed public keys and may not have been touched for years, making them attractive targets if quantum attacks ever become practical.

How do PACTs work?

They use a secret salt, a BIP-322 ownership proof, and an OpenTimestamps commitment anchored on-chain to create a private timestamp of control.

Can PACTs help protect Satoshi-linked coins?

They could help preserve a claim of ownership without forcing a public reveal, but only if the holder uses the system before any future migration or freeze.

What is a quantum sunset soft fork?

It’s a proposed Bitcoin upgrade that would phase out vulnerable signature types and let users move to quantum-resistant recovery methods.

How does BIP-361 fit in?

BIP-361, proposed by Jameson Lopp, outlines a phased migration away from legacy signatures, while PACTs focus on private proof of control before migration is needed.

Will Bitcoin definitely adopt this?

No. Robinson said Bitcoin may never adopt a quantum sunset at all, and standardisation for wallets, multisig, and hardware support would still be needed.

What’s the real debate here?

The fight is between voluntary, opt-in quantum-resistant upgrades and forced migration or freezes that may be more secure but are far more intrusive.

PACTs won’t solve Bitcoin’s quantum problem by themselves, and nobody serious should pretend otherwise. But they do offer something useful: a cleaner, more privacy-preserving way to prepare for a future that could otherwise force Bitcoin into an ugly corner. That’s a better starting point than waiting until the first serious quantum scare and discovering that ancient addresses were sitting there like an unlocked vault with a welcome mat out front.