Bitcoin developers are debating a radical change in how the network would respond to a future threat from quantum computing: not freezing vulnerable coins unless someone proves the threat is real. But there is a catch: the proposal assumes that the attacker will reveal his ability to obtain a reward rather than maximizing profits through theft.
A proposal published this week by BitMEX Research describes a “canary” system that would trigger a network-wide restriction on older bitcoin wallets only if a quantum-enabled attacker demonstrates it on-chain, replacing earlier plans to impose a pre-scheduled freeze years in advance. In essence, the proposal is a “wait and react” strategy.
It works by placing a small amount of bitcoins at a special address that only a quantum-enabled attacker could unlock, and any spending from that address serves as public proof that the threat has arrived and automatically triggers a freeze of older wallets across the network.
Bitcoin wallets rely on digital signature schemes that are secure against classical computers but could break with advances in quantum computing, and a recent Google research paper lowered estimates of the resources required, with some observers now pointing to the end of the decade as a window of potential risk.
The approach is designed as an alternative to BIP-361, a controversial proposal that would impose the same restrictions on a fixed five-year deadline, regardless of whether quantum computers are actually capable of attacking the Bitcoin blockchain. BIP-361 would phase out vulnerable addresses over several years before completely invalidating old signing schemes, leaving unmigrated coins permanently frozen.
Critics have called that result “authoritarian and confiscatory,” arguing that it undermines Bitcoin’s founding principle that control rests solely with private key holders.
In addition to BitMEX’s detection mechanism there is a financial incentive. Users could contribute bitcoins to the address, creating a bounty that rewards the first entity to publicly demonstrate a quantum attack rather than silently emptying vulnerable wallets. Contributors would not need to give up their funds permanently, as the structure allows for withdrawals at any time.
The proposal also introduces a “security window” designed to make stealth attacks more difficult. The vulnerable coins could still be moved, but the recipient would not be able to spend them for an extended period, potentially around a year. If the canary is activated during that window, those coins would be retroactively frozen, increasing the risk for any attackers trying to silently extract funds.
there is a trap
The canary reduces the risk of disrupting users prematurely, but is based on an uncomfortable bet that the first entity capable of breaking Bitcoin would claim a reward rather than execute what could be the largest theft in the network’s history and keep millions of bitcoins.
That bet flies in the face of the worst-case scenario that Bitcoin’s design has always tried to prevent, and the network has historically shown little interest in undoing such events after the fact. Ethereum’s response to the 2016 DAO hack, a hard fork that reversed the theft and split the network into Ethereum and Ethereum Classic, is the kind of protocol-level intervention that Bitcoin culture has long resisted.
If the bet fails, Bitcoin risks suffering the worst of both worlds: the catastrophe it was trying to avoid and the realization that a defense with a fixed schedule would have stopped it.
