A new design proposed by venture fund Paradigm aims to solve one of Bitcoin's most pressing long-term vulnerabilities while giving dormant holders like Satoshi Nakamoto a path to protect their holdings without ever revealing themselves.

The proposal, called Provable Address-Control Timestamps (PACTs), would allow anyone holding quantum-vulnerable coins to cryptographically timestamp proof of ownership today, creating a rescue mechanism for when—if—Bitcoin activates network upgrades to defend against future quantum computing threats. The roughly 1.1 million bitcoin attributed to the pseudonymous creator is currently worth around $84 billion.

Market Context

The quantum computing threat to Bitcoin has escalated from theoretical concern to genuine technical debate within developer circles. Existing proposals like BIP-361, put forward by prominent developer Jameson Lopp and five co-authors in mid-April, would phase out legacy addresses with exposed public keys on a five-year timeline and freeze any coins that fail to migrate.

That approach creates an unenviable tradeoff: protecting the network from quantum theft forces dormant holders—including Satoshi—to either publicly wake up or lose their assets permanently. The dilemma has left the Bitcoin community searching for middle-ground solutions that preserve both security and property rights.

Analysis

PACTs attempts to thread this needle by separating proof of ownership from actual coin movement. Under the system, a holder generates a random salt—secret data used to create unique cryptographic commitments—and uses BIP-322, an existing standard for signing messages from Bitcoin addresses without spending, to produce an ownership proof.

The salt and proof get bundled into an onchain commitment timestamped through OpenTimestamps, a free service that anchors data onto the Bitcoin blockchain via batched transactions. Critically, these commitments remain completely private until the owner actually needs to spend their coins.

If Bitcoin later activates a soft fork freezing quantum-vulnerable addresses, PACTs could include a rescue path accepting STARK proofs—zero-knowledge cryptographic proofs that remain secure against quantum computers—that demonstrate the holder created their commitment before quantum hardware capable of breaking Bitcoin's encryption existed. The redemption process reveals nothing about which address was used, how much bitcoin was involved, or when the original timestamp occurred.

Dan Robinson, a general partner at Paradigm and author of the proposal, noted that PACTs address a specific gap in BIP-361 by including a rescue path for wallets derived through BIP-32, the deterministic key generation standard introduced in 2012. Pre-2012 wallets—including most addresses believed to belong to Satoshi—do not use BIP-32 and cannot be rescued through the earlier proposal's mechanisms.

The technical requirements are substantial. PACTs would require Bitcoin to eventually adopt a STARK verification protocol through a separate soft fork with broad community consensus. Verification infrastructure does not exist on the network currently and would need what Robinson describes as "substantial new plumbing," including multisig wallets, complex scripts, and hardware wallet support—all requiring careful standardization.

Key Numbers

- ~1.1 million bitcoin attributed to Satoshi Nakamoto, worth approximately $84 billion at current prices

- BIP-361 proposes a five-year timeline for phasing out quantum-vulnerable address types

- PACTs relies on STARK (Succinct Transparent Arguments of Knowledge) zero-knowledge proofs for quantum resistance

- OpenTimestamps used for commitment anchoring through single batched transactions

What to Watch

The proposal's success hinges entirely on whether whoever controls Satoshi's keys—or any other dormant wallets containing exposed public keys—actually creates the timestamp commitments. If the pseudonymous creator is genuinely gone, no cryptographic scheme can retroactively protect those coins.

Market participants should monitor for broader developer consensus around quantum-resistant upgrades and track adoption rates of BIP-322 message signing standards, which form PACTs' foundational layer. Any movement from Paradigm or other major institutional players to engage with the proposal could signal serious intent. The upcoming soft fork debate timeline, likely to surface at future Bitcoin development conferences, will determine whether solutions like PACTs move from theoretical proposals to genuine network infrastructure.