StarkWare product chief Avihu Levy publicly released the quantum-resistant Bitcoin trading solution “Quantum Safe Bitcoin (QSB)” on April 9, implementing transaction protection against quantum-resistant computing without changing the protocol. This is currently the first known viable approach that relies solely on Bitcoin’s existing Legacy Script rules to withstand Shor algorithm attacks.
Quantum threats are imminent, and Bitcoin community consensus remains unclear
The threat that quantum computing poses to Bitcoin has again drawn attention in a paper published last week by Google Quantum AI. The research indicates that the cost to break the Bitcoin elliptic-curve cryptography (ECDSA) is 90% lower than expected, and the private key can be recovered from already exposed public keys in as little as 9 minutes. Google itself has also set a goal to complete its quantum migration after finishing its own services by 2029.
(Google quantum research warns: the bar to break Bitcoin encryption drops sharply—Taproot and address reuse expose quantum risk for 6.9 million BTC)
Bitcoin’s current main signature mechanism is ECDSA, whose security is based on hard mathematical problems of elliptic curves. Once quantum computers have sufficient computing power, attackers can use the Shor algorithm to work backward to the private key, forge signatures, and then steal assets. From P2PK outputs, to Taproot, to traditional addresses, as long as the public key is exposed, there is a risk that the private key can be cracked.
However, since mainstream countermeasures all require modifying Bitcoin’s underlying protocol, whether it is the BIP-360 quantum-resistant address proposal requiring a soft fork, or hash-based signature schemes such as SPHINCS+, they must go through Bitcoin community governance processes—famously long and highly divisive.
Now, with the emergence of QSB, that hurdle has been successfully bypassed.
What is QSB? How can it achieve quantum resistance without changing the protocol?
As a co-author of BIP-360, Avihu Levy’s recently released QSB argues that a solution can be implemented on Bitcoin to withstand quantum attacks without changing consensus.
QSB is built on the Binohash transaction technology developed by BitVM founder Robin Linus, and it addresses two quantum-security vulnerabilities within it: first, the elliptic-curve small-r value signature problem that could be broken by the Shor algorithm; second, the sighash flag vulnerability that attackers could exploit.
In its security model, QSB abandons the traditional assumption that relies on the hardness of elliptic-curve mathematics. Instead, it is built on the RIPEMD-160 hash function. Attacks on a hash function by a quantum computer can only achieve a quadratic speedup through the Grover algorithm, rather than being able to fully break ECDSA with Shor as in the elliptic-curve case. Therefore, QSB does not currently face a threat from quantum computers.
In practical operation, the transaction initiator must solve a computationally expensive hash riddle and bind the transaction to a set of specific parameters. If anyone attempts to tamper with the transaction contents, the answer will immediately become invalid, requiring a complete recomputation from scratch.
The entire scheme runs entirely within Bitcoin’s existing Legacy Script limitations, including an upper limit of 201 opcodes and a script size limit of 10,000 bytes, without any protocol changes. The scheme can achieve approximately 118-bit quantum-resistant security (at 0).
Practical usage cost and operational limits: operation fees as low as $75
QSB is not a zero-cost scheme. Each transaction requires paying about $75 to $150 in cloud GPU computation fees. Based on current cloud computing market rates, the entire computation process can be completed within a few hours and can be executed in parallel across multiple GPUs.
However, QSB still has real-world constraints. Since the transactions exceed Bitcoin’s default relay policy limits, they must be submitted directly to mining pools that accept non-standard transactions, such as via the Slipstream service provided by Marathon. Also, the scheme currently does not support the Lightning Network.
Levy himself also positions QSB as a “last resort,” not a replacement for ordinary Bitcoin transactions.
Looking back at existing quantum-resistant solutions, they all require modifying Bitcoin’s original protocol
Almost all existing quantum-resistant Bitcoin schemes require changes at the protocol layer. BIP-360 proposes introducing a new quantum-resistant address format, but it requires a soft fork and must obtain broad consensus from the Bitcoin community. Hash-based signature schemes such as SPHINCS+ also require protocol upgrades and face even bigger challenges in efficiency and script size.
As the first scheme at present that runs entirely within the existing Bitcoin rule framework and provides quantum-resistant protection without any change to consensus, any user willing to bear the associated GPU computation costs can use it today, without waiting for the community to reach consensus.
Quantum-resistant solutions emerge, and Bitcoin holders wait for good news
As of now, no quantum computer has any real capability to break Bitcoin encryption. The outside world expects that the truly serious threat will still be 3 to 10 years away. However, for Bitcoin addresses that are actively used and whose public keys are exposed, once quantum computers reach the attack threshold, they will become among the first targets, initially estimated at around 6.9 million coins.
QSB has not yet been integrated into any consumer-grade wallet. Therefore, general users cannot directly enable quantum-safe settings through existing software. But Levy’s move shows that this scheme does indeed exist and is feasible on today’s Bitcoin; what remains afterward is engineering implementation, wallet integration, and time.
For users holding Bitcoin, the most practical advice at present is: avoid reusing addresses, closely monitor wallet developers’ progress on quantum-resistant support, and when mainstream software provides a quantum-safe migration option, transfer your assets to protected addresses as early as possible.
This article Bitcoin community gospel! The first quantum-resistant Bitcoin transaction solution that does not require a soft fork—QSB is released, first appearing in Chain News ABMedia.
