Starkware Executive Unveils Quantum-Safe Bitcoin Transactions Without a Protocol Upgrade

Starkware Executive Unveils Quantum-Safe Bitcoin Transactions Without a Protocol Upgrade

N
News Editor 01
2026-07-08 14:34:15
Starkware CPO Avihu Levy has introduced QSB, a scheme designed to make Bitcoin transactions quantum-safe using existing script rules, without soft forks or new opcodes, though deployment hurdles remain significant.
BitcoinQuantum ComputingStarkwareBlockchain SecurityCryptography

Avihu Levy, chief product officer at Starkware, has released a research paper and open-source implementation for QSB, short for Quantum Safe Bitcoin, proposing a way to create quantum-resistant Bitcoin transactions using rules already embedded in the network. The key claim behind the work is striking: no soft fork, no new opcodes, and no consensus changes are required. Instead, the design operates entirely within Bitcoin’s long-standing legacy Script constraints.

Addressing Bitcoin’s Long-Term Quantum Vulnerability

The scheme is aimed at a specific concern in Bitcoin’s cryptographic design. Today, Bitcoin heavily relies on ECDSA over the secp256k1 elliptic curve. In a future where sufficiently capable quantum computers exist, Shor’s algorithm could theoretically break that assumption, allowing attackers to derive private keys from exposed public keys, forge signatures, and redirect funds. Outputs and spending paths that reveal public keys onchain, including older formats and Taproot keyspend paths, are viewed as part of that potential attack surface.

QSB attempts to avoid that dependency at the transaction level. Rather than anchoring security in elliptic-curve hardness, Levy’s construction shifts the burden to the pre-image resistance of RIPEMD-160. Quantum computers are not believed to fully break such hash-based assumptions in the same way; instead, they would rely on Grover’s algorithm, which offers a quadratic speedup rather than a complete collapse of the security model. According to the report, the recommended QSB setup reaches roughly 118-bit pre-image resistance and 78-bit collision resistance.

Built From Existing Rules, But Not Without Trade-Offs

The proposal builds on earlier work known as Binohash by Robin Linus, while addressing two issues highlighted in the original design. One involved a signature-size proof-of-work puzzle tied to elliptic-curve behavior, which would not survive a Shor-capable adversary. The other involved a sighash-related weakness that could potentially allow puzzle signatures to be reused across transactions. QSB replaces that machinery with a “hash-to-sig puzzle” and uses a HORS-style Lamport signature structure to complete the spend in a quantum-safer way.

That said, the design is far from free in practical terms. The article states that each transaction requires an estimated $75 to $150 in cloud GPU compute at current spot prices. The workload can be parallelized and completed within hours across multiple GPUs, which makes the approach operationally plausible, but still expensive and specialized compared with ordinary Bitcoin transactions. Importantly, the GPU farm handles public computations, while private pre-images remain on the spender’s secure device.

Consensus-Valid, Yet Still Difficult to Use in Practice

One of the most important caveats is that QSB transactions are described as consensus-valid but non-standard. In practice, that means they exceed default relay policy and may not propagate through the network in the same way as conventional transactions. Users would likely need to submit them directly to mining pools willing to accept non-standard transactions, such as via Marathon’s Slipstream service cited in the source material.

The scheme also does not yet cover Lightning Network channels, and a full end-to-end onchain assembly and broadcast flow is still pending in the open-source implementation. Levy reportedly characterizes QSB as a last-resort measure rather than a general-purpose replacement for standard Bitcoin usage. In other words, this is not a plug-and-play wallet feature for everyday users today.

What It Means for Bitcoin Holders

For ordinary BTC holders, the immediate takeaway is not that a quantum emergency has arrived, but that a credible fallback path may exist even before consensus changes are made. The article notes that no quantum computer currently exists that can break Bitcoin’s cryptography at the required scale, and many researchers still place that threat years away. Still, the exposure begins once a public key appears onchain, which typically happens when coins are spent from an address.

That distinction matters. Bitcoin that has never been spent from an address is generally less exposed than coins tied to reused or previously spent addresses whose public keys are already visible. If quantum capability eventually reaches the relevant threshold, those exposed keys could become attractive targets. In that context, the most practical guidance remains straightforward: avoid address reuse, monitor wallet support for post-quantum features, and be prepared to move funds when mainstream tools become available.

Overall, QSB does not solve Bitcoin’s quantum challenge in a consumer-ready form, but it does push the conversation forward in an important way. By demonstrating that a quantum-safe spending path may be constructed from rules Bitcoin already has, the work strengthens the argument that the network may have more defensive flexibility than previously assumed. The remaining hurdles are engineering, standardization, wallet integration, and adoption—not proof that such a path is impossible.

This article was originally published by Bit.Fan. For more cryptocurrency news and market insights, visit www.bit.fan.
100

Disclaimer:

The market information, project data, and third-party content displayed on this platform are for industry information sharing only and do not constitute any form of investment advice or return commitment.

Cryptocurrency trading carries high risks. Users should fully assess their risk tolerance and make independent decisions. All profits, losses, and legal responsibilities are borne by the users themselves.