StarkWare Proposal: Bitcoin Can Achieve Quantum Security Without Upgrading the Protocol

StarkWare Chief Product Officer Avihu Levy released a research proposal on Thursday, outlining a “quantum-secure Bitcoin” trading scheme that claims it can bring Bitcoin transactions up to quantum-secure standards without making any modifications to the Bitcoin protocol itself—strong enough to withstand attacks from large-scale quantum computers running Shor’s algorithm. Its main drawback is equally clear: for each transaction, the sender must cover a GPU compute cost of $75 to $150.

The technical core of QSB: replacing elliptic-curve digital signatures with a hash challenge

(Source: Github)

Existing Bitcoin transactions rely on the elliptic-curve digital signature algorithm (ECDSA) for authorization, and the mathematical foundation of ECDSA can be effectively破解 by quantum computers running Shor’s algorithm. The design logic of QSB is to fundamentally avoid this weakness: rather than relying on elliptic-curve mathematics, it requires the payer to find a specific input such that the hash output, at a random level, is similar to a valid ECDSA signature. This process requires a large amount of brute-force cracking computation, and even quantum computers cannot effectively accelerate work of this kind, thereby preserving transaction security without changing the protocol.

StarkWare CEO Eli Ben-Sasson said the scheme is “significant,” and that in practice it enables Bitcoin to have quantum security today.

Cost bottlenecks and scope of application: why it’s not suitable for everyday transactions

However, QSB faces obvious scalability barriers in real deployment. Because brute-force hash computation requires substantial GPU compute power, the cost per transaction is estimated to be between $75 and $150, making it economically unfeasible for everyday Bitcoin transfers. The researchers explicitly noted that QSB is a “last resort” rather than a mainstream solution, because the transaction format is non-standardized, costs cannot be scaled horizontally, and second-layer applications such as the Lightning Network are not included in scope. Changes at the protocol level remain the researchers’ preferred long-term approach.

Community divide: a major breakthrough or “overstated claims”?

The QSB proposal has sparked a clear divide within the Bitcoin community. Daniel Batten, a Bitcoin ESG expert, challenged the optimistic view, arguing that the scheme is “overstated,” because the exposure of public keys and dormant wallets were not considered. Batten was referring to an estimated 1.7 million bitcoins locked in early P2PK addresses, which could potentially be directly cracked by quantum computers. Around these dormant coins, the community currently has three main positions:

Maintain the status quo: keep Bitcoin’s original design to preserve its core philosophy

Freeze or destroy: proactively remove tokens from old addresses that are vulnerable to attack

Protocol upgrade: support quantum-secure signature standards via a fork to fully resolve the problem

In addition, Google published a paper in March saying that the resources required for quantum computers to break Bitcoin’s encryption could be far less than previously estimated, further heightening the community’s sense of urgency. Lightning Labs’ CTO Olaoluwa Osuntokun also released a quantum “escape pod” prototype on Wednesday, allowing users to prove wallet ownership without disclosing a seed phrase—offering another fallback authorization route.

Frequently Asked Questions

How does quantum-secure Bitcoin (QSB) achieve quantum protection without changing the protocol?

QSB replaces the existing ECDSA signatures that rely on elliptic-curve mathematics with a challenge that requires extensive brute-force hash computation. Because quantum computers cannot effectively accelerate brute-force hash work, transaction security is preserved. The entire scheme operates within the existing constraints of Bitcoin scripting, requiring no protocol-layer changes, but each transaction must bear a $75 to $150 GPU computation cost.

Why is the Bitcoin community’s handling of the quantum threat so divisive?

The core contradiction lies in the fundamental tension between protecting Bitcoin’s security and maintaining its design philosophy (including account inintervenability). In particular, for the 1.7 million bitcoins locked in old P2PK addresses—whose original holders may already have lost access—how to deal with these coins has sparked broad ethical and technical disputes, and the community has yet to reach a consensus.

Why can’t the Lightning Network benefit from QSB’s quantum protection?

The Lightning Network’s design depends on standard Bitcoin transaction formats and low-cost off-chain settlement mechanisms. QSB transactions use a non-standard format, and the $75 to $150 GPU computation cost per transaction is fundamentally incompatible with the Lightning Network’s positioning for low-cost, high-frequency micro-payments—so Lightning Network users cannot obtain quantum-secure protection from the QSB scheme.