Paradigm Researcher Proposes PACTs to Protect Bitcoin From Future Quantum Risk

Highlights:

• Paradigm introduced PACTs to help Bitcoin holders prepare for future quantum-computing risks privately.
• PACTs let holders timestamp proof of coin control without moving Bitcoin onchain today.
• The idea still needs wider Bitcoin community review before becoming any real protocol upgrade.

Paradigm, a leading crypto research and investment firm, has suggested a new way for Bitcoin holders to protect their old coins from a potential future quantum-computing risk. The idea would not require users to move their coins onchain today.

Advertisement

In a research post published on Friday, Paradigm researcher Dan Robinson introduced “Provable Address-Control Timestamps,” or PACTs. He described it as a privacy-focused backup plan for Bitcoin holders whose old addresses may become risky if powerful quantum computers are built in the future.

The proposal looks at one of Bitcoin’s biggest long-term security concerns. Some older Bitcoin addresses have already exposed their public keys. If a strong enough quantum computer appears one day, it could possibly use those public keys to work out the private keys and steal the coins. Robinson warned that this risk could affect hundreds of billions of dollars in Bitcoin if the network does not prepare early.

Robinson said Bitcoin may one day need a protocol upgrade that blocks spending from addresses with exposed public keys. This kind of upgrade is called a “sunset.” It could help protect funds from future quantum attackers, but it may also create a serious problem for long-term holders.

Many early Bitcoin holders may not want to move their coins publicly. A public move can show that the owner is still active. It can also reveal timing patterns, wallet links, and other private details. This issue becomes even more sensitive for wallets believed to belong to Satoshi Nakamoto. Robinson said those wallets hold around 1.1 million Bitcoin, worth more than $75 billion today.

🚨 SATOSHI MAY NOT NEED TO MOVE HIS BITCOIN TO PROTECT IT FROM QUANTUM ATTACKS

A new proposal called PACTs could let old Bitcoin wallets prove ownership without waking up publicly.

Instead of moving coins, PACTs would let holders privately timestamp proof that they control the… pic.twitter.com/rw5hwenUne

— Coin Bureau (@coinbureau) May 2, 2026

How PACTs Work

Robinson’s proposal offers a possible way out of this problem. Instead of moving coins today, a holder could create a cryptographic proof of ownership and quietly timestamp it using Bitcoin’s existing infrastructure.

The process has two main steps. First, the holder would create a random secret value called a salt. Then, they would combine it with a wallet signature using BIP-322, a standard that lets users prove they control a Bitcoin address without spending from it.

This proof and salt would then be turned into a private record and timestamped through OpenTimestamps. OpenTimestamps is a free service that anchors data to the Bitcoin blockchain through a batched transaction. The salt, proof, and timestamp files would stay private. Nothing sensitive would be shown publicly.

Second, if Bitcoin ever adopts a quantum sunset and freezes old vulnerable addresses, the holder could use those private files to make a claim. They could submit a quantum-resistant STARK proof, which is a type of zero-knowledge proof, to show they controlled the private key before quantum computers became a real threat.

If the network accepts that proof, the holder could get a path to spend from the frozen address. The important point is that the holder would not need to reveal private wallet details, such as the original proof, salt, public key, address, or balance.

Paradigm Says PACTs Still Need More Review

Robinson stressed that PACTs are still an early idea, not an official Bitcoin upgrade proposal. He presented the design as a starting point for discussion, not as something ready for adoption. Any such system would need serious review from Bitcoin experts, developers, and the wider community. He also noted that Bitcoin may never choose to use this kind of rescue path.

The idea also comes with limits. It may not fit every type of wallet in its current form. Multisig wallets, complex scripts, custodial wallets, and hardware wallets would all need clear standards before PACTs could work smoothly. Holders would also have to keep their PACT files safe, because those files could become important recovery records later.

Even so, Paradigm argues that setting a PACT standard early could give Bitcoin holders more time to prepare. It would not force the network to decide now whether a quantum sunset is needed. Instead, it would give long-term holders a quiet and low-cost way to keep proof of ownership ready, just in case it becomes useful in the future.

How PACTs Compare to Other Proposals

Robinson also connected PACTs to BIP-361, a draft Bitcoin proposal focused on the same quantum risk. BIP-361 looks at a possible “quantum sunset” for addresses with exposed public keys. In simple terms, Bitcoin could one day limit or block spending from older address types if quantum computers become powerful enough to threaten them.

BIP-361 Proposes Freezing Quantum-Vulnerable Bitcoin Addresses

Bitcoin developers and researchers have proposed BIP-361, which suggests freezing early Bitcoin addresses considered to have quantum vulnerabilities—primarily P2PK addresses with publicly exposed public keys—to… pic.twitter.com/C5zksSnW7l

— Wu Blockchain (@WuBlockchain) April 15, 2026

BIP-361 also looks at ways to help holders recover funds if they can prove they controlled their coins before quantum attackers could break exposed public keys. Robinson’s PACT idea adds another possible rescue path. It would let holders privately timestamp proof that they controlled an address before any future cutoff date. Most importantly, they could do this without moving their Bitcoin today.

Advertisement