Upgrade or Lose Your BTC: Aggressive Soft Fork Against Quantum Computing Proposed

Upgrade or Lose Your BTC: Aggressive Soft Fork Against Quantum Computing Proposed


Jameson Lopp, Christian Papathanasiou, and other developers have proposed a soft fork for Bitcoin with the BIP titled “Post Quantum Migration and Legacy Signature Sunset.”

This protocol proposes the introduction of quantum-resistant addresses to protect funds against potential attacks by quantum computers capable of breaking ECDSA signatures. The proposal, published on GitHub, also aims to require users to manually and compulsorily migrate their bitcoins to a new address format, rendering the old ones obsolete.

    Technical data of the improvement proposal. This is a Bitcoin Improvement Proposal (BIP), and there's no guarantee that it will be approved by the community, especially given that it's a soft fork. Source: https://github.com/jlopp/bips/blob/quantum_migration/bip-post-quantum-migration.mediawiki

The BIP addresses the vulnerability of elliptic curve signatures (ECDSA) to quantum algorithms like Shor's, which could derive private keys from public keys exposed on the network.

To counter this, the authors propose mandatory migration to addresses based on post-quantum algorithms, along with a grace period for doing so. The proposal "turns quantum security into a private incentive: if you don't upgrade, you will almost certainly lose access to your funds, creating certainty where none existed before," the authors write in the repository.

The soft fork would introduce a new opcode into the Bitcoin script to support these post-quantum signatures, aiming for users to transfer their bitcoins from legacy addresses (P2PKH or P2SH) to the new ones, a manual process that requires updates to wallets and services.

The proposal includes a sunset and recovery mechanism (using zero-knowledge proofs, although this is optional) for non-migrated funds, which would become unusable in the previous accounts after a period of time, which would not fail to generate controversy in the community. By "killing" old P2PKH or P2SH-based addresses, the Bitcoin protocol would have a more limited attack surface for quantum computing, the authors note.

Phases of the Bitcoin soft fork

According to the proposal, this soft fork would occur in three phases:

Phase A: "Prohibits sending funds to quantum-vulnerable addresses, accelerating the adoption of P2QRH address types."

Phase B: “Invalidates ECDSA/ Schnorr spending, preventing the use of funds in quantum-vulnerable UTXOs. This is triggered by a highly publicized alert day, approximately five years after activation.”

Phase C (optional): “Pending further research and demand, an independent BIP proposes a method to enable quantum-secure recovery of legacy UTXOs, possibly via ZK proof-of-possession of a corresponding BIP-39 seed phrase.”

The motivation behind the proposal is justified by the following fact: approximately 25% of all bitcoins have revealed a public key on the chain. While they don't reveal where they got this data, the authors also comment that vulnerable UTXOs could be stolen with sufficient quantum power.

 

What would motivate a quantum attacker against Bitcoin?

Jameson Lopp and company also delved into the possible motivations of an attacker with access to enough logical qubits to break Bitcoin's elliptic curve algorithm.

Even if Bitcoin is not the primary initial target of a cryptographically relevant quantum computer, widespread knowledge that such a computer exists and is capable of breaking Bitcoin's cryptography will damage trust in the network. An attack on Bitcoin may not be economically motivated; an attacker may have political or malicious motivations and seek to destroy the value and trust in Bitcoin rather than extract value. There is no way to know in advance how, when, or why an attack might occur. A defensive posture must be adopted well in advance of any attack.

Proponents of Post Quantum Migration and Legacy Signature Sunset.

Quantum computing is not a "biomarker" that reliably indicates the death of the Bitcoin network. Contrary to popular belief, this technology may come to its aid.

For Jameson Lopp and the other authors, this soft fork would entail a significant technical effort, as it includes protocol modifications to generate and verify post-quantum signatures, as well as extensive testing to ensure network stability. They also highlight the need for community coordination to achieve consensus, a historically complex process in Bitcoin.

Although the quantum threat remains theoretical, advances in quantum processors justify preparation. The proposal doesn't set a timeline, but it emphasizes the importance of acting early.

The Bitcoin community will need to debate the BIP, assessing its feasibility and the balance between security and complexity. Lopp, Papathanasiou, Smith, Ross, Vaile, and Dallaire-Demers thus open an interesting technical debate on the future of Bitcoin security.

How do you rate this article?

25



Blockchain Development
Blockchain Development

A blog that covers everything that's happening in crypto world.

Publish0x

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.