Quantum-safe bitcoin now possible without a soft fork, but costs $200 a pop

A StarkWare researcher has published what he says is the first method for making bitcoin transactions quantum-safe on the live network today, without any changes to the Bitcoin protocol. The scheme, however, costs up to $200 per transaction and is designed as an emergency measure rather than a permanent fix.

In a paper published this week, StarkWare researcher Avihu Levy introduced Quantum Safe Bitcoin, or QSB, a scheme that aims to enable quantum-resistant transactions without requiring changes to the Bitcoin protocol, by replacing signature-based security assumptions with hash-based proofs within its design.

The hash-based design survives the kind of quantum attack that would break today’s cryptography, but shifts the burden from consensus to computation, requiring heavy off-chain GPU work for every transaction.

Think of traditional digital signatures as a handwritten signature on a cheque, which proves you authorized a transaction using a secret key that others can cross check with a public key.

In Bitcoin, these digital signatures are called ECDSA signatures. They are secure against today’s computers, but a sufficiently powerful future quantum computer could, in theory, derive the secret key from a public key and potentially compromise funds.

QSB addresses that flaw by redesigning the system around a different kind of cryptography, involving hash-based proofs, which are more like a tamper-proof fingerprint, where instead of relying on signature alone, a unique mathematical digest of data is created. This is said to be extremely difficult to forge or reverse, even for powerful computers.

QSB works entirely within Bitcoin’s existing consensus rules for legacy transactions. It requires no soft fork (software upgrade), no miner signaling, and no activation timeline. This is a sharp contrast to BIP-360, the quantum-resistance proposal that was merged into Bitcoin’s official improvement proposal repository in February but has no Bitcoin Core implementation and faces years of governance delay.

The proposal builds on an earlier idea known as Binohash, which added an extra layer of computational work to secure bitcoin transactions. The problem is that it depends on a type of cryptography that quantum computers are expected to break. In practice, that means the protection disappears in a quantum scenario. An attacker could bypass the system’s core security check entirely, making it ineffective.

Extra cost

The hash-based solution, however, means extremely expensive transactions.

Generating a valid transaction requires searching through billions of possible candidates, a process Levy estimates would cost between $75 and $200 using commodity cloud GPUs. Currently, the cost to send a bitcoin transaction through the blockchain is around 33 cents.

The system also comes with practical hurdles. QSB transactions wouldn’t move through Bitcoin’s normal blockchain like typical payments. Instead, users would likely need to send them directly to miners willing to process them.

They also don’t work with faster, cheaper layers like the Lightning Network, and are far more complicated to create. Generating a transaction would require outsourcing heavy computation to external hardware, rather than simply signing and sending from a wallet.

Levy describes the scheme as a “last resort measure,” not a replacement for protocol-level upgrades. Proposals such as BIP-360, which aim to introduce quantum-resistant signature schemes through a soft fork, remain the more scalable long-term solution but could take years to activate.

BIP-360’s activation timeline is uncertain. Polymarket bettors are pricing in low odds of it happening this year, and Bitcoin’s governance history offers little reason for urgency — Taproot took roughly seven and a half years from concept to deployment. Then again, mature quantum computers capable of breaking the encryption that secures the network are not arriving tomorrow either.

QSB instead offers something different: a way to survive a quantum break using today’s rules, if users are willing to pay for it.