The Quantum Clock Is Ticking
Bitcoin's security model rests on one assumption: that the math protecting private keys is too hard to break. Quantum computing threatens to change that. And when it does, over 1.1 million BTC sitting in legacy wallets — including most of Satoshi Nakamoto's estimated stash — become vulnerable to theft.
On May 1, Paradigm general partner Dan Robinson published a proposal that doesn't try to solve the quantum problem outright. Instead, it gives every Bitcoin holder a way to prove they controlled their coins before quantum computers existed — a cryptographic receipt that could one day save their funds.
He calls them Provable Address-Control Timestamps, or PACTs.
What PACTs Actually Do
The concept is elegant in its simplicity. A Bitcoin holder generates a secret salt, signs a message proving they control a specific address using BIP-322 full message signing, hashes everything together, and timestamps the result on Bitcoin's blockchain via OpenTimestamps.
No on-chain transaction is required. No public signal is broadcast. The holder stores the salt, the signature, and the timestamp file offline — a recovery artifact that sits dormant until it's needed.
The key insight: if a future quantum attacker steals someone's private key and tries to claim their coins, the original owner can present their PACT as proof that they controlled the address at a specific point in time — before quantum computers were capable of breaking the cryptography. The network could then distinguish legitimate owners from quantum thieves.
Why This Matters Now
This proposal exists because of a harder conversation happening in Bitcoin development. In mid-April, developer Jameson Lopp and five co-authors published draft BIP-361, which takes a more aggressive approach: phase out quantum-vulnerable address types on a five-year timeline and freeze any coins that fail to migrate.
BIP-361 is necessary but brutal. It means every holder of legacy Bitcoin must move their coins to new quantum-resistant addresses within the deadline — or risk losing access permanently. For active holders, that's manageable. For lost wallets, dormant funds, inheritance situations, or anyone who stored Bitcoin and walked away, it's a death sentence.
PACTs offer a middle path. They don't replace BIP-361; they complement it. Robinson's proposal gives holders who can't or won't move coins right now a way to preserve their claim. Think of it as buying insurance before the storm, not during it.
The Satoshi Question
The most dramatic implication is for Satoshi's wallets. Roughly $84 billion in Bitcoin sits in addresses widely attributed to Bitcoin's creator. These pre-2012 wallets don't use BIP-32 hierarchical deterministic key generation, which means BIP-361's rescue paths don't apply to them.
If Satoshi — or whoever controls those keys — creates PACTs now, those coins could be protected. If not, a future quantum attacker could potentially claim them. The protocol can't help someone who doesn't act.
The Catch
PACTs aren't a complete solution on their own. For the network to actually verify these timestamped proofs and use them to resolve disputes between a legitimate owner and a quantum attacker, Bitcoin would need to adopt STARK verification — a type of zero-knowledge proof system that would require its own soft fork.
That's a significant technical and political hurdle. Soft forks require broad community consensus, and adding new cryptographic primitives to Bitcoin's consensus layer is never a quick process. Robinson acknowledges this openly in the proposal.
There's also a trust-the-holder problem. PACTs are only useful if people actually create them. The system is opt-in, private, and requires no on-chain footprint — which is great for privacy but means adoption is invisible and unenforceable.
What Holders Should Watch
The quantum threat to Bitcoin isn't theoretical anymore — it's a matter of timeline. Google, IBM, and Microsoft are all racing toward cryptographically relevant quantum computers. Most estimates place that milestone somewhere between 2030 and 2040, but the range is wide and narrowing.
The Bitcoin development community is now actively working on defenses. BIP-361 sets the migration deadline. PACTs offer a safety net for those who can't meet it. Together, they represent the most serious quantum preparation Bitcoin has undertaken.
For long-term holders, the practical takeaway is straightforward: pay attention to these proposals as they develop. If PACTs gain traction, creating one will be free, private, and take minutes. The cost of not doing it, if quantum computing arrives on schedule, could be total loss.
Bitcoin Gate Take
This is the kind of boring, unglamorous infrastructure work that actually matters. Robinson isn't selling a token or launching a protocol — he's trying to solve a real problem before it becomes an emergency. The fact that Paradigm, one of the largest crypto venture firms, is putting serious research into Bitcoin base-layer security is a good sign. Watch BIP-361's progress through the developer mailing list — that's the proposal with teeth. PACTs are the backup plan, and backup plans only work if you make them before you need them.