Paradigm's Quantum Proof Proposal Could Save Early Bitcoin Addresses from Future Attacks

Somewhere around 1.7 million Bitcoin sit in addresses that could become vulnerable to quantum computers. That includes an estimated 1.1 million BTC potentially belonging to Satoshi Nakamoto, worth roughly $75 billion at current prices. On May 1, 2026, Paradigm general partner Dan Robinson published a proposal that could give those dormant holders a way out.

The proposal, called Provable Address-Control Timestamps (PACTs), offers a surprisingly elegant solution to what has become known as the "Satoshi Problem." Here's the core tension: early Bitcoin addresses exposed their public keys directly on the blockchain, making them theoretically vulnerable to future quantum attacks. But any forced migration to quantum-safe addresses would require those holders to publicly reveal themselves, something Satoshi and other early adopters might never do.

PACTs threads this needle by letting holders privately prove they controlled their keys before quantum computers became a threat.

How PACTs Works

The mechanism is straightforward. A holder creates a BIP-322 signature proving ownership of their address, combines it with a secret salt value, and timestamps the whole package using OpenTimestamps. This creates cryptographic proof that existed at a specific moment in time, all without broadcasting anything to the Bitcoin network.

No on-chain transaction required. No public revelation of identity. Just a private timestamp that sits quietly until needed.

The clever part comes later. If Bitcoin eventually implements a "quantum sunset" soft fork (where exposed addresses become frozen), PACT holders could submit STARK zero-knowledge proofs to reclaim their funds. These proofs would demonstrate they possessed the keys before the quantum era without revealing the actual signatures or salt values. The proposal builds on draft BIP-361, published by Jameson Lopp in 2026, which lays groundwork for quantum-resistant address transitions.

Why This Matters Now

The Bitcoin community spent much of early 2026 debating quantum preparedness. At Paris Blockchain Week, Adam Back argued for opt-in upgrades rather than freezing vulnerable addresses, warning that aggressive measures could undermine trust in Bitcoin's property guarantees.

PACTs offers a middle path. It doesn't require any immediate changes to Bitcoin's consensus rules. Holders can create timestamps today using existing infrastructure, essentially buying themselves an insurance policy against future quantum developments.

"It's a clever use of Bitcoin's existing infrastructure," MIT cryptography researcher Dr. Emily Carter noted in May 2026. Developer reception on X has been cautiously optimistic, though consensus on STARK verification rules remains distant.

The Limitations

PACTs isn't a complete solution. The proposal doesn't fully address multisig wallets or complex scripts, meaning some holders would need alternative approaches. More critically, it requires proactive action. Anyone who doesn't create a timestamp before cryptographically relevant quantum computers (CRQCs) emerge, with estimates clustering around 2030, could face permanent loss.

There's also the question of whether the Bitcoin community will actually reach consensus on the STARK verification rules needed to make these proofs usable. Technical agreement on zero-knowledge implementations has historically moved slowly.

Looking Forward

What makes PACTs interesting isn't just the technical mechanism. It's that Robinson explicitly framed it as extending Satoshi's original vision of Bitcoin as a "timestamp server," using the network's core function to solve a problem Satoshi almost certainly never anticipated.

For holders of early Bitcoin addresses, the practical takeaway is simple: this proposal creates an option that didn't exist before. Whether Satoshi's coins ever move remains one of Bitcoin's great mysteries. But if they don't, it might no longer mean quantum computers got there first.