Table of Contents
ToggleWith the rapid development of quantum computers, the Bitcoin community is facing an ultimate challenge worth hundreds of billions of dollars: how to protect those ancient wallets whose public keys have been exposed and have not been moved for years? The biggest unexploded bomb is the approximately 1.1 million Bitcoins held by Satoshi Nakamoto (currently worth about $84 billion).
BIP-361's dilemma: forced to reveal himself, or his assets will be frozen?
In response to the threat of quantum hackers, Bitcoin Core developer Jameson Lopp and five others proposed BIP-361 in mid-April. This proposal suggests phasing out quantum-vulnerable addresses over five years via a soft fork; if holders fail to transfer their funds to quantum-resistant addresses within the deadline, their Bitcoin will be permanently frozen.
However, this proposal sparked enormous controversy. It meant that Satoshi Nakamoto and all the long-dormant early holders would be forced to "publicly awaken" their wallets and transfer their assets, or risk losing everything. This created an extreme stalemate between protecting cybersecurity and respecting dormant property rights.
Paradigm's contribution: Zero-knowledge proofs and the "PACTs" mechanism
To address this dilemma, Dan Robinson, general partner at venture capital firm Paradigm, released a new design on Friday called "Provable Address-Control Timestamps (PACTs)" .
The core concept of PACTs is very elegant: no need to move tokens, just leave a timestamp of ownership before a specific date, and keep it completely confidential from the public until it is actually spent.
The specific operational process is as follows:
- Proof of ownership generated privately: The holder generates a set of random salts (used to ensure the uniqueness and unpredictability of cryptographic commitments) and uses the BIP-322 standard (signing messages from Bitcoin addresses without spending money) to generate proof of ownership.
- On-chain timestamps: Salt and proof are packaged into an on-chain commitment and anchored to the Bitcoin blockchain through the free service OpenTimestamps. During this stage, all files and timestamps remain absolutely private.
- Quantum-resistant unlocking: If Bitcoin does implement a soft fork that freezes older coins in the future, the PACTs protocol will provide a "rescue channel." Coin holders, when they need to spend their coins, simply submit a STARK proof (a quantum-resistant zero-knowledge proof) to demonstrate that they fulfilled their commitment before the advent of quantum hardware.
The strength of this mechanism lies in the fact that the redemption process "does not reveal the original address, amount, or even the specific time when the timestamp was created."
A harsh premise: Satoshi Nakamoto must still be alive.
While PACTs provide a perfect buffer solution to the forced freeze of BIP-361, Robinson also admitted that this mechanism is still a long way from practical application. First, the Bitcoin network currently lacks the infrastructure for STARK verification, which requires a separate soft fork to achieve broad community consensus and extensive modifications to the underlying pipeline (including multi-signature, complex scripts, and hardware wallet support).
More importantly, PACTs fail to address a fundamental philosophical and practical problem: the protocol can only provide protection if "Satoshi Nakamoto himself" or the person currently holding the private keys makes a personal commitment.
If Satoshi Nakamoto has passed away or has permanently lost his private key, then no PACTs can be traced back to their creation. This means that these 1.1 million Bitcoins will ultimately face two fates: either they will be stolen through brute force by a quantum computer, or they will be permanently locked by a soft fork by the Bitcoin community.
Related reports
