Paradigm Researcher Proposes PACTs to Shield Dormant Bitcoin From Quantum Computing Risk
Key Takeaways: For wallets believed to belong to Satoshi Nakamoto, that migration would reveal whether the pseudonymous creator is alive, active, and still holding keys. Researchers estimate those wallets hold approximately 1.1 million BTC, worth more than $75 billion at current prices. PACTs offer a third path. A holder generates a 256-bit secret salt and uses BIP-322 full message signing to prove control of a vulnerable scriptPubKey. The resulting commitment hash is then timestamped via OpenTimestamps, which batches hashes into a Merkle tree and embeds the root in a Bitcoin OP_RETURN output. The process costs nothing and reveals nothing publicly. Robinson described OpenTimestamps as a free, trustless Bitcoin-based timestamping service. The system was possible, he noted, because Satoshi himself designed Bitcoin as a distributed timestamp server in the 2008 white paper. If Bitcoin later implements a sunset soft fork, a PACT holder could submit a STARK zero-knowledge proof showing they knew the salt and control proof before a cutoff date established prior to CRQC capability. The rescue transaction would be bound to prevent replay. The underlying keys and salt would stay hidden. The proposal builds on draft BIP-361, which addresses quantum-vulnerable legacy addresses, and references Jeremy Rubin‘s earlier forum discussions on similar concepts. Robinson acknowledged the design is illustrative and needs review from cryptographers, Bitcoin developers, and the broader community. Risks are real. Bitcoin may never implement a quantum sunset. Even if it does, this specific rescue path may not be included. Robinson said holders should not rely solely on PACTs until a rescue protocol clears consensus. Still, he argued the cost of creating one is low enough to justify acting once a standard format is agreed upon. The proposal does not extend cleanly to multisig wallets, complex scripts, or custodial accounts. Those cases require additional standardization work. Bitcoin developers and quantum researchers on X responded quickly after publication. Discussion focused on STARK integration timelines, the feasibility of a soft fork adding zero-knowledge proof verification, and whether the privacy protections would hold in practice. Robinson stated that adopting a PACT standard now would give long-term holders maximum time to secure their coins before any emergency fork. The harder decisions, including whether a quantum sunset is warranted at all, can wait. Robinson credited Eli Ben-Sasson, Jameson Lopp, Neha Narula, Nic Carter, and others in the acknowledgments.About Author
