TFTC logo/Bitcoin Products
Blog
Back to Blog
Paradigm's New Proposal Could Let Satoshi Prove Bitcoin Ownership Without Moving a Single Coin
·4 min read

Paradigm's New Proposal Could Let Satoshi Prove Bitcoin Ownership Without Moving a Single Coin

Paradigm's PACTs proposal offers dormant Bitcoin holders a private way to prove key ownership against quantum threats without on-chain transactions.

Somewhere around 1.1 million Bitcoin sit untouched in wallets linked to Satoshi Nakamoto. Worth roughly $80 billion at current prices, these coins present a peculiar problem as quantum computing advances: their early address formats expose public keys, making them theoretically vulnerable to future quantum attacks. But any migration to safer addresses would require Satoshi, or whoever controls those keys, to move funds publicly.

Paradigm researcher Dan Robinson thinks there might be a third option.

What PACTs Actually Do

Published on May 1, 2026, Robinson's PACTs (Provable Address-Control Timestamps) proposal offers dormant Bitcoin holders a way to privately timestamp proof of key ownership without broadcasting anything to the network. The process costs nothing and reveals no information publicly.

Here's how it works in three steps:

  1. Generate a secret 256-bit salt (essentially a random number)
  2. Create a BIP-322 ownership proof using your private keys
  3. Timestamp that proof via OpenTimestamps, which anchors to Bitcoin's blockchain

The clever part: you're not publishing anything that identifies you or your holdings. You're simply creating a cryptographic receipt, dated and provably created before any quantum "sunset" deadline, that you can store offline.

If Bitcoin ever implements a quantum sunset soft fork that freezes unmigrated coins, PACT holders could submit a STARK zero-knowledge proof to reclaim their frozen Bitcoin. The zero-knowledge aspect means you prove you had control at the timestamp without revealing your actual keys to anyone.

The Satoshi Problem

This proposal directly addresses what the Bitcoin community has awkwardly termed "the Satoshi Problem." Approximately 1.7 million BTC remain in quantum-exposed address types as of 2026, with Satoshi's stash representing the largest single concentration.

Earlier proposals, like Jameson Lopp's BIP-361 from mid-April 2026, suggested phasing out legacy signatures over five years and freezing unmigrated coins. The problem with forced migrations is that they require action, which means either moving coins publicly or losing them.

PACTs offer a middle path. Holders can prove they controlled keys at a specific point in time without ever touching their coins. For someone who values privacy, whether that's Satoshi, early miners, or anyone who simply doesn't want to trigger a taxable event, this distinction matters enormously.

Real Limitations Worth Understanding

Robinson's proposal isn't a complete solution, and he's been upfront about the gaps.

The current design doesn't support multisig setups, complex scripts, or hardware wallets. For individuals using tools like Liana Wallet, which offers sophisticated timelock and multisig configurations for inheritance planning, the technical path to PACT compatibility remains unclear.

More fundamentally, PACTs require future Bitcoin consensus changes that may never happen. The proposal assumes the network will eventually agree on both STARK verification and some form of quantum sunset fork. Neither is guaranteed.

Blockstream CEO Adam Back, speaking at Paris Blockchain Week earlier this year, has advocated for opt-in upgrades rather than forced freezes. The philosophical debate between protecting users from themselves and respecting property rights runs deep in Bitcoin's culture.

The Quantum Timeline

A Google report from April 2026 warned that quantum computers could theoretically crack Satoshi's wallets in nine minutes by 2029. Whether that timeline proves accurate is anyone's guess, but it has intensified calls to address quantum vulnerabilities before they become exploitable.

The 2029 estimate should be taken with appropriate skepticism. Quantum computing timelines have historically been optimistic. But the asymmetry of risk, where preparing costs nothing and not preparing could mean losing everything, makes early action rational even if the threat remains speculative.

What This Means for Average Holders

If you're holding Bitcoin in modern address formats (those starting with bc1), you're already using quantum-resistant constructions for your public keys. The vulnerability primarily affects older Pay-to-Public-Key (P2PK) addresses where the public key is directly exposed.

For those with coins in exposed formats, the PACT approach offers a low-risk hedge. Creating the timestamp costs nothing, reveals nothing, and preserves optionality. The worst case is that Bitcoin never implements the verification upgrades and your timestamp proves useless. The best case is that you've preserved your ability to claim coins that might otherwise be frozen or stolen.

The broader lesson here extends beyond quantum computing. Bitcoin's security model will face ongoing challenges, and solutions that minimize trust while preserving privacy will likely prove most compatible with the network's values. Robinson's proposal, whatever its ultimate fate, demonstrates that creative cryptographic approaches can sometimes offer alternatives to blunt policy choices.

Whether the community ultimately adopts PACTs, some variation, or nothing at all remains an open question. But for dormant holders worried about quantum threats, the option to prepare quietly, without revealing yourself, is now on the table.