StarkWare researcher Avihu Levy this week published a technical schematic called QSB (Quantum Safe Bitcoin) that allows Bitcoin transactions resistant to quantum computers without modifying the protocol, without waiting for a network update and without the need for consensus between network participants.
The scheme was presented on April 9, 2026 along with a repository public that includes code and the paper academic. It is aimed at users and developers looking for protect your transactions against an eventual relevant advance in quantum computingand operates entirely within Bitcoin’s existing consensus rules for legacy scripts.
The problem QSB seeks to solve goes beyond the usual discussion about wallets and private keys. When someone transmits a Bitcoin transaction, a quantum computer equipped with the Shor’s algorithm could forge the authorizing signature, redirect the funds to another address, and transmit that altered version before the original is confirmed.
This applies even if the original spending condition was certain on its own. With Taproot, the situation is even more delicate: any output can be spent just by knowing the private key, which a quantum computer could derive from the public key.
A solution that operates with current rules
QSB is built on Binohasha previous scheme by Robin Linus, but fixes its main quantum vulnerability. Binohash used a puzzle (puzzle) based on the size of the ECDSA signature as proof of work. That puzzle can be broken by a quantum computer because it depends on properties of elliptic curves, which Shor’s algorithm completely compromises.
QSB replaces that puzzle for one based on hash functions. The core idea is that a 20-byte random string has approximately a 1 in 70 billion chance of meeting the exact structure of a valid ECDSA signature. Finding a transaction that satisfies that condition requires computational workbut verify it within the script of Bitcoin is immediate. And since hash functions are not vulnerable to Shor’s algorithm, protection is maintained even against a quantum adversary.
The process to spend a QSB-protected UTXO (unspent transaction) has three phases. First, the user varies free parameters of the transaction until finding a combination where the puzzle of hash, which fixes the transaction and prevents modifying it without repeating the entire process. Then, in two independent rounds, a specific subset of signatures embedded in the script whose hash also meets the condition. That subset is the digest of the transaction, and is protected with a security scheme Lamport signature based on hashes, which is quantum resistant by design.
The computationally intensive part of this process operates only on public data and can be delegated to untrusted hardware, such as GPUs rented from cloud services. User secrets never leave your device. The estimated cost is between $75 and $150 for cloud GPUs, with parallelization capabilities. In tests reported in the repository, a valid solution was found after approximately six hours using eight GPUs.
He paper recognizes several limitations. Transactions generated with QSB are non-standard under the policies of relay (relay) of Bitcoin Core, so they must be sent directly to a mining pool that accepts them, such as the service Marathon Slipstream. The cost per transaction does not scale for mass use, and the scheme does not support cases such as Lightning Network channels. The author himself describes it as a measure of last resort, useful as long as the protocol does not incorporate a native solution through a consensus update.
The implementation is still in development: the pinning on GPU was tested successfully, but the entire search process digest and transmission on-chain They have not been executed from end to end.