“We present QSB, a Quantum Safe Bitcoin transaction scheme that requires no changes to the Bitcoin protocol and remains secure even in the presence of Shor's algorithm,” Levy wrote.
The proposal replaces elliptic-curve signatures with hash-based cryptography and Lamport signatures, an early signature scheme considered resistant to quantum attacks.
At the center of the design is a cryptographic puzzle that must be solved before a transaction is broadcast. The paper estimates that finding a valid solution would require about 70 trillion attempts.
Unlike Bitcoin mining, the computation happens before the transaction reaches the network. Users perform the work off-chain and submit a transaction that already includes proof that the puzzle was solved.
Levy estimates the puzzle could be solved using commodity hardware such as GPUs at a cost of a few hundred dollars per transaction.
The scheme is designed to operate within Bitcoin’s scripting limits of 201 opcodes and 10,000 bytes. The paper notes these limits are extremely restrictive because every opcode counts toward the total, even if it appears in an unused script branch.
To fit within those limits, the system combines Lamport signatures with hash-based puzzles in a layered transaction structure. It also introduces “transaction pinning,” which requires anyone attempting to modify the transaction to solve the puzzle again.
Levy describes the system as a “last-resort” measure rather than a scalable fix. The paper says both the off-chain computational cost and the on-chain transaction size would not scale to Bitcoin’s target throughput or the needs of most users.
Transaction creation is also more complex than standard Bitcoin usage, and may be considered non-standard under current relay policies, meaning they could face propagation issues and may need to be submitted directly to mining pools rather than broadcast through the public mempool.
“To the extent that the quantum threat is believed to be real, it remains necessary to continue the ongoing effort to research and implement the best possible solution for Bitcoin–one that is maximally efficient, user-friendly, and answers Bitcoin's needs, through protocol-level changes,” Levy wrote.
