Bitcoin developers are discussing radical changes to how the network will respond to future quantum computing threats: Don’t freeze vulnerable coins unless someone proves the threat is real. But there’s a catch: The proposal assumes that attackers will reveal the ability to earn bounties, rather than maximize profits through theft.
A proposal released this week by BitMEX Research outlines a “canary” system that would trigger network-wide restrictions on older Bitcoin wallets only if a quantum-capable attacker demonstrated it on-chain, replacing previous plans to impose pre-arranged freezes years in advance. At the heart of the proposal is a “wait and react” strategy.
It works by placing a small amount of Bitcoin into a special address that only a quantum-capable attacker can unlock. Any spending from that address can serve as public evidence that the threat has arrived and automatically trigger a network-wide freeze of old wallets.
Bitcoin wallets rely on a digital signature scheme that is secure for classical computers but could be disrupted by advances in quantum computing, with a recent Google research paper lowering estimates of the resources required and some observers now pointing to the end of the decade as a potential window of risk.
The approach was designed as an alternative to BIP-361, a controversial proposal that would impose the same restrictions on a fixed five-year timeline regardless of whether quantum computers would actually be able to attack Bitcoin’s blockchain. BIP-361 will phase out vulnerable addresses over a few years and then render the old signing scheme completely ineffective, leaving any unmigrated tokens permanently frozen.
Critics called the result “authoritarian and confiscatory,” arguing that it undermined Bitcoin’s core principle that control rests solely with the holder of the private keys.
On top of BitMEX’s detection mechanism are economic incentives. Users can contribute Bitcoin to this address, thus rewarding the first entity to publicly demonstrate a quantum attack, rather than quietly draining vulnerable wallets. Contributors do not need to give up their funds permanently as the structure allows withdrawals at any time.
The proposal also introduces a “security window” designed to make stealth attacks more difficult. Fragile tokens can still be moved, but the recipient will not be able to use them for an extended period of time, probably a year or so. If the canary is triggered during this window, the tokens will be retroactively frozen, increasing the risk for any attacker trying to quietly withdraw funds.
there is a question
Canary reduces the risk of disrupting users prematurely, but it builds on the unsettling bet that the first entity able to crack Bitcoin will claim the bounty rather than perform what may be the largest theft in the history of the network and walk away with millions of Bitcoins.
Such bets reduce the worst-case scenarios that Bitcoin was designed to prevent, and the network has historically shown no interest in eliminating such events after the fact. Ethereum’s response to the 2016 DAO hack was a hard fork that reversed the theft and split the network into Ethereum and Ethereum Classic, the kind of protocol-level intervention that Bitcoin culture has long resisted.
If the bet fails, Bitcoin risks the worst of both worlds—the catastrophe it was trying to prevent, and the realization that fixed-time defenses would have prevented the catastrophe.