Paradigm Proposes PACTs — A Silent Timestamp That Would Let Satoshi Prove His Keys Without Moving a Coin

Dan Robinson, general partner at crypto investment firm Paradigm, published a technical proposal on May 1 outlining a mechanism called PACTs (Provable Address-Control Timestamps) that would allow Bitcoin holders — including Satoshi Nakamoto — to cryptographically prove they possessed their private keys before quantum computers could derive them, without ever moving a single satoshi. The proposal targets one of Bitcoin's most discussed long-term vulnerabilities: approximately 1.1 million BTC in addresses predating the BIP-32 derivation standard, where the full public key is exposed on-chain, making the coins theoretically vulnerable to Shor's algorithm on a sufficiently powerful quantum computer. At current prices, those addresses hold roughly $75 billion in Bitcoin.

How a PACT Works: Commit, Timestamp, Prove

A PACT is executed in two phases, and crucially, the first phase can happen right now using existing Bitcoin infrastructure at zero cost.

Phase 1 — Commit: The holder generates a random 256-bit secret salt. Using BIP-322 message signing — Bitcoin's standard for proving control of an address — the holder signs a standardized message that proves they control the scriptPubKey of the vulnerable UTXO. The resulting proof and salt are combined into a hash commitment. Nothing about this commitment reveals the underlying private key; an observer seeing the commitment hash learns nothing. The holder then submits this hash to OpenTimestamps, a free, open protocol that batches commitment hashes into a Merkle tree and embeds the Merkle root in a Bitcoin OP_RETURN transaction. This creates an immutable, on-chain record: the commitment existed before this specific Bitcoin block.

Phase 2 — Prove (if and when needed): If Bitcoin's community ever decides to "sunset" — freeze or destroy — quantum-vulnerable UTXOs, a PACT holder submits a STARK proof to the Bitcoin protocol. STARKs are post-quantum-secure zero-knowledge proofs: they allow the holder to demonstrate, without revealing the proof or the private key, that they produced a valid BIP-322 control proof before the timestamp cutoff. The Bitcoin protocol — with an eventual soft fork to support STARK verification — would accept this as evidence of legitimate ownership and exempt the UTXO from any sunset mechanism.

Robinson's co-contributor Jeremy Rubin had presented related designs on the Delving Bitcoin forum; Robinson's PACT proposal adds the STARK proof layer and formalizes the OpenTimestamps integration into a deployable specification. The commit phase is fully usable today; the prove phase requires a future protocol upgrade.

Why This Matters for Bitcoin's Quantum Debate

The quantum threat to Bitcoin has two distinct dimensions. The engineering dimension — whether a "cryptographically relevant quantum computer" (CRQC) capable of breaking 256-bit elliptic curve cryptography will exist in 5, 15, or 50 years — remains genuinely uncertain. The recent acceleration of quantum computing milestones has shortened the most optimistic estimates, but there is no scientific consensus on a timeline.

The political dimension is more immediate: if Bitcoin's community were to propose freezing or destroying the 1.1 million quantum-vulnerable BTC after a deadline, the debate would be among the most contentious in Bitcoin's history. The coins include Satoshi's holdings, early-miner wallets, and lost coins; many are genuinely inaccessible. Proponents of a sunset argue an attacker seizing $75 billion in dormant BTC via quantum attack would be catastrophic. Critics argue that freezing dormant coins violates Bitcoin's property guarantees — a precedent that undermines the entire system's credibility.

PACTs thread the needle: they create an opt-in mechanism that lets legitimate holders of vulnerable addresses prove ownership silently and costlessly today, banking a rescue path for a sunset scenario that may never materialize. The mechanism requires no protocol change today and adds no cost to Bitcoin's base layer in the absence of a quantum threat.

Our Take

PACTs are elegant precisely because they decouple the political problem from the engineering timeline. Any holder with a vulnerable UTXO can timestamp a commitment using OpenTimestamps right now, at no cost, with existing tools. The commitment is harmless if quantum computers never arrive and is potentially valuable if they do. The asymmetry of cost vs. benefit is extreme: committing costs five minutes and zero dollars; not committing could mean the difference between provable ownership and an expired claim if Bitcoin ever implements a sunset.

The proposal's limitation is equally clear: it provides insurance for holders who act voluntarily. The 1.1 million BTC problem includes genuinely lost keys, deceased holders, and Satoshi (who may or may not have access to private keys or awareness of new proposals). No timestamping mechanism helps those cases. A PACTs-enabled sunset would simply shift the confiscation debate from "all vulnerable UTXOs" to "vulnerable UTXOs whose holders failed to timestamp" — a smaller number, but still billions of dollars. The political fight doesn't disappear; it becomes more precise.

Watch bitcoin-dev mailing list and Delving Bitcoin for technical review responses in the next 30 days. Three serious technical reviews would typically precede a formal BIP proposal. Also watch OpenTimestamps adoption metrics — if PACT tooling ships as an easy-to-use application, on-chain commitment volume will visibly increase.

Daily Web3 × AI intel, straight to your inbox. Subscribe to BlockAI News.