BCH Quantum Defense: A Practical Plan
There's been a lot of fear about quantum computers threatening Bitcoin Cash. Let's cut through the noise and look at what we can actually do.
The Good News First
Quantum computers aren't magic. According to Google's own research paper:
- Cracking one key would take ~9 minutes (30 min for 100% success)
- Cracking enough keys to access 1 million BCH would take ~125 days minimum
- Cost: hundreds of millions to billions of dollars
- That's slower than those coins were originally mined
This isn't a switch that gets flipped and suddenly someone owns all the old coins. It would be an expensive, slow process where attackers compete with each other and have to sell at prices that recoup their costs.
The Plan: Commit-Delay-Reveal
Here's a scheme that would protect real owners without freezing or stealing anyone's coins.
How it would work:
Commit: Publish a hash of your intended transaction. This reveals nothing about your keys. It just says "I plan to move these coins."
Delay: Wait for the commitment to age (say, a few months to a year).
Reveal: Broadcast your actual transaction. The network checks that it matches your earlier commitment.
Why this protects real owners:
- Oldest commitment wins. If you committed before an attacker cracked your key, you win automatically.
- Attackers face uncertainty. Even if they crack a key, they don't know if the real owner already has an older commitment waiting. They could spend billions cracking keys only to get front-run.
- No coins get frozen or burned. The rule just requires a commitment before spending. Everyone plays by the same rules.
This would work for ALL coin types: P2PK (like Satoshi's coins) and P2PKH alike. The only requirement is that real owners commit before attackers do.
How We Get There
The technical path is straightforward:
- Spec out the OP_CHECKSIG overload to require a pre-commitment as part of signature validation
- Implement and test the upgrade
- Activate via network upgrade when ready, or keep it dormant until QCs actually arrive
Once the spec is finalized, users would be able to start publishing commitments immediately. The "delay" period starts counting from when you commit, so early adopters get maximum protection.
If quantum computers never materialize, no harm done. The commitments just sit there unused. If they do arrive, everyone who committed early is protected.
This is a solvable problem on a relatively quick timeframe. We don't need to panic, and we definitely don't need to freeze anyone's coins.
The Three Types of Coins
P2PK (Pay to Public Key): ~1.7 million BCH including Satoshi's coins. The public key is directly visible on-chain, so attackers could start working on these before any spend attempt. But with commit-delay-reveal, real owners would protect themselves by committing early. Oldest commitment wins.
P2PKH (Pay to Public Key Hash): The public key is only revealed when you spend. If you've never spent from an address, attackers don't even know which key to crack. Commit-delay-reveal would add another layer: even if your key gets exposed and cracked later, your earlier commitment wins.
New coins going forward: Quantumroot vaults become available after May 15, 2026. Full quantum resistance using only SHA256. Problem solved for anyone who uses them.
What About Satoshi's Coins?
Once the commit-delay-reveal spec is live, Satoshi (or any P2PK holder) could publish a commitment. If he does before QCs arrive, he's protected. His aged commitment would beat any attacker who cracks the key later.
If he doesn't, well, he's had 15+ years to move those coins and hasn't. At some point we have to accept that either:
- He lost his keys
- He's deliberately leaving them as a QC bounty
- He won't bother to publish a simple commitment
- He's no longer alive
Whatever the reason, it's not our place to interpret his intentions or "protect" coins he chose not to protect himself. The locking script is a contract. With commit-delay-reveal, the rule becomes: whoever has the oldest valid commitment gets the coins. Fair and simple.
Burning or freezing coins would be theft dressed up as protection. We'd be stealing from Satoshi (or his heirs, or his intended beneficiaries) to protect our bags from a hypothetical liquidity event.
BCH doesn't do that.
What You Can Do Today
Stop reusing addresses. Every time you spend, your public key is revealed. Fresh addresses give you better privacy anyway.
Move to Quantumroot when wallet support arrives (late 2026 - 2027). This gives you full quantum resistance going forward.
Watch for the commit-delay-reveal spec. When it's finalized, commit your old coins early. Oldest commitment wins.
Don't panic. The timeline for cryptographically relevant quantum computers is likely 2030s at earliest. We have time to prepare.
Why Not Just Freeze the Old Coins?
Some people are pushing for blanket freezing or burning of "vulnerable" coins. This is wrong for several reasons:
It's theft. You're taking someone's coins without their consent. Doesn't matter if you call it "protection."
It sets a deadly precedent. Once developers can freeze coins "for the greater good," where does it stop? Dormant coins today, "criminal" coins tomorrow, sanctioned addresses next week.
It's unnecessary. Commit-delay-reveal would protect everyone who bothers to use it. If you don't protect your own coins when given an easy way to do so, that's on you.
BCH survived worse. The chain absorbed millions of coins being dumped by BTC maxis after the fork. Someone bought them. Life went on.
The Bottom Line
BCH has a clear path forward:
- Quantumroot for new coins (available May 2026)
- Commit-delay-reveal to protect existing coins (spec it out, flip the switch when needed)
- No freezing, no burning, no theft
This is a solvable problem. The technical work is straightforward. Real owners who publish commitments early would be protected. Those who don't, after years of warning, have made their choice.
Anyone pushing for blanket freezing while ignoring these solutions is either uninformed or has an agenda. Now you know the difference.
[link] [comments]