Bitcoin Quantum Upgrade Opens Path for Satoshi Nakamoto to Prove Wallet Control
Crypto venture firm Paradigm has put forward a bold new technical proposal that could change how Bitcoin responds to the growing quantum computing threat, and it comes with a striking twist: it might just offer Satoshi Nakamoto a way to protect billions of dollars worth of dormant bitcoin without ever revealing who they are.
The proposal, called Provable Address-Control Timestamps, or PACTs, was introduced by Paradigm general partner Dan Robinson. It allows wallet owners to prove control of their addresses before quantum technology advances to the point of being able to break private keys. The mechanism uses Bitcoin’s existing timestamping infrastructure, enabling holders to privately record cryptographic proof of ownership directly on the blockchain, no coins moved, no identity exposed.
The Bitcoin quantum threat has been building in urgency. Millions of bitcoin sitting in old wallets with exposed public keys could be vulnerable to theft if powerful enough quantum computers arrive. That includes the roughly 1.1 million bitcoin attributed to pseudonymous creator Satoshi Nakamoto, currently worth around $84 billion.
Google Quantum AI published research showing that fewer than 500,000 physical qubits could suffice to break Bitcoin’s secp256k1 curve, significantly reducing previous estimates. While that capability doesn’t exist today, the window is narrowing faster than many anticipated.
The existing response to the Bitcoin quantum threat has been BIP-361. Prominent developer Jameson Lopp and five other developers proposed exactly that in mid-April through BIP-361, which would phase out quantum-vulnerable addresses on a five-year timeline and freeze any coins that fail to migrate. But that solution carries its own cost, anyone with dormant holdings, including Satoshi, would have to make a very public move or lose access to their funds permanently.
PACTs is designed to sidestep that dilemma. The key is that holders can use Bitcoin itself to secretly timestamp their knowledge of their private keys, establishing proof of ownership before quantum computers could have derived them. If Bitcoin ever sunsets legacy address types, holders who created a PACT in time could present that timestamped proof and retain the ability to spend their coins, even decades later.
Dan Robinson said PACTs offer a balanced option between defending against quantum threats and protecting ownership of dormant assets. The proposal is particularly relevant to early wallets like those in the Satoshi Nakamoto cluster, which predate the BIP-32 key derivation standard and cannot be rescued through other proposed migration paths.
There are real limitations. Robinson stated that PACTs require Bitcoin to eventually adopt a STARK verification protocol, which would itself need a separate soft fork with broad community consensus. The verification infrastructure does not exist in Bitcoin currently and would need what Robinson calls “substantial new plumbing.”
And there is one constraint that no code can solve. The protocol only protects Satoshi if Satoshi himself, or whoever currently controls those keys, makes the commitment. If Satoshi is genuinely gone, no PACT can be retroactively created.
Still, the proposal reframes a debate that has largely felt binary. Rather than forcing a choice between freezing coins and leaving them open to quantum theft, PACTs introduces a third path, one that respects the privacy of dormant holders while still providing a credible defense. Whether Satoshi is alive, gone, or watching closely, the Bitcoin quantum threat is no longer waiting for a convenient answer.
