thedefiant.io
A researcher at StarkWare has published an open-source scheme for making Bitcoin transactions resistant to quantum computing attacks using only the network's existing consensus rules — requiring no softfork, no protocol upgrade, and no community-wide coordination.
The project, called Quantum Safe Bitcoin (QSB), was released on GitHub by Avihu Levy, StarkWare's chief product officer and a leading Bitcoin researcher at the firm who previously co-authored ColliderScript, a protocol for enabling stateful computation on Bitcoin without consensus changes. Levy also co-authored BIP-360, the quantum-resistant address proposal that was merged into Bitcoin's official BIP repository in February — a proposal that, unlike QSB, would require a softfork.
"StarkWare has some of the best hackers on the planet," Eric Wall, co-founder of Taproot Wizards and board member of the Starknet Foundation, wrote on X. "It is beautiful to see when hackers use their powers for good."
QSB builds on Binohash, a transaction introspection technique developed by BitVM creator Robin Linus of ZeroSync and Stanford University that was demonstrated on Bitcoin mainnet in February.
No Softfork Required
The no-softfork distinction is what sets QSB apart. Most paths to hardening Bitcoin against quantum attacks, including BIP-360 and hash-based signature schemes like SPHINCS+, require protocol-level changes that must navigate Bitcoin's notoriously slow and contentious governance process.
That governance bottleneck is increasingly seen as the real vulnerability. A Google Quantum AI paper published March 30 concluded that breaking Bitcoin's elliptic-curve cryptography could require fewer than 500,000 physical qubits — a roughly 20-fold reduction from prior estimates. The paper warned that a sufficiently advanced machine could derive a private key from an exposed public key in about nine minutes, narrowly inside Bitcoin's 10-minute block window. Google itself has set a 2029 deadline to migrate its own authentication services to post-quantum cryptography.
QSB sidesteps the governance question entirely. The scheme operates within Bitcoin's tightest legacy script constraints — 201 opcodes and a 10,000-byte script limit — and can be used by anyone willing to pay roughly $75 to $150 in cloud GPU compute and submit their transaction directly to a miner via a service like MARA's Slipstream.
StarkWare has been at the center of Bitcoin's quantum-defense efforts. Co-founder Eli Ben-Sasson has argued that Bitcoin must begin responding to the quantum threat now.
How It Works
Standard Bitcoin transactions use a digital signature scheme called ECDSA to prove ownership of funds. A quantum computer running Shor's algorithm could reverse-engineer that signature process, deriving private keys from public keys and stealing coins.
QSB swaps out the security model. Instead of relying on the mathematical hardness of elliptic curves — which quantum computers can break — it relies on the hardness of reversing hash functions, which they cannot. The scheme forces a would-be spender to solve a computationally expensive hash puzzle that binds the transaction to a specific set of parameters. Any attempt to alter the transaction invalidates the puzzle solution, requiring the attacker to redo the work from scratch.
The result is roughly 118 bits of security against Shor's algorithm, compared to effectively zero for standard Bitcoin transactions in a post-quantum world.
Early Stage
The project remains a work in progress. The GPU pinning search — the first of three phases required to construct a quantum-safe transaction — has been successfully tested, finding a valid result after roughly six hours across eight Nvidia RTX PRO 6000 GPUs. But the digest search and on-chain broadcast have not yet been completed end-to-end.
There are practical constraints as well. The transactions exceed default relay policy limits and must be submitted directly to miners. The locking script must be placed as a bare output because it exceeds P2SH's 520-byte redeem script limit.
Still, the release demonstrates that a degree of quantum resistance is achievable on Bitcoin today — for anyone willing to bear the cost — without waiting for the community to agree on a softfork.
This article was written with the assistance of AI workflows. All our stories are curated, edited and fact-checked by a human.