A new Bitcoin design proposed by venture fund Paradigm offers a way for holders of vulnerable addresses to prove control of their funds without publicly moving their coins.
The proposal, known as Provable Address-Control Timestamps (PACTs), aims to protect old Bitcoin wallets from future quantum-computing attacks. According to coindesk.com, the system allows holders to privately timestamp cryptographic proofs of ownership today to create a rescue path if the network eventually freezes legacy addresses.
Bitcoin faces a significant security risk from the potential arrival of powerful quantum computers. Millions of BTC sitting in old wallets with exposed public keys could be stolen if an attacker can derive private keys. This includes approximately 1.1 million BTC attributed to Bitcoin's creator, Satoshi Nakamoto, currently valued at roughly $84 billion.
Existing solutions, such as the BIP-361 proposal by developer Jameson Lopp and others, suggest a soft fork to phase out quantum-vulnerable addresses over five years. However, that plan would force dormant holders to move their coins publicly or risk losing them.
Dan Robinson, a general partner at Paradigm, published a proposal Friday to bypass this trade-off. The PACTs system does not require moving coins but instead involves timestamping proof of ownership at a specific date.
A quantum-resistant rescue path
Under the PACTs framework, a holder generates a random salt and uses BIP-322 to produce a proof of ownership. This data is bundled into an onchain commitment and timestamped through OpenTimestamps, a service that anchors data onto the blockchain. The salt, proof, and timestamp files remain private.
If Bitcoin later adopts a soft fork that freezes quantum-vulnerable coins, the protocol could include a rescue path using STARK proofs. These zero-knowledge proofs remain secure against quantum computers and can prove the holder created their commitment before quantum hardware became a threat.
When a holder eventually spends their coins, the network releases them upon verification of the STARK proof. This redemption process reveals nothing about the specific address, the amount, or the original timestamp.
Robinson noted that the system would require Bitcoin to adopt new STARK verification infrastructure via a soft fork. This would necessitate "substantial new plumbing," including new multisig wallets, complex scripts, and standardized hardware wallet support.
However, the protocol cannot protect Satoshi Nakamoto if the keys are no longer controlled by the original owner. The system only works if the person controlling the keys makes the commitment before a quantum theft or a community-imposed freeze occurs. The PACTs proposal provides a way to make the current debate over freezing addresses less binary, though its effectiveness depends entirely on whether the holders act in time.
