{"id":70911,"date":"2026-04-10T02:17:51","date_gmt":"2026-04-10T02:17:51","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/starkware-cpo-builds-quantum-safe-bitcoin-transactions-from-existing-rules-featured-bitcoin-news\/"},"modified":"2026-04-10T02:17:51","modified_gmt":"2026-04-10T02:17:51","slug":"starkware-cpo-builds-quantum-safe-bitcoin-transactions-from-existing-rules-featured-bitcoin-news","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/starkware-cpo-builds-quantum-safe-bitcoin-transactions-from-existing-rules-featured-bitcoin-news\/","title":{"rendered":"Starkware CPO Builds Quantum-Safe Bitcoin Transactions From Existing Rules \u2013 Featured Bitcoin News"},"content":{"rendered":"<p><b>(Originally posted on : Bitcoin News )<\/b><br \/>\n<\/p>\n<div>\n<p><strong>Key Takeaways:<\/strong><\/p>\n<ul>\n<li>Starkware CPO Avihu Levy published QSB on April 9, 2026, enabling quantum-safe <span>bitcoin<\/span> transactions with zero protocol changes.<\/li>\n<li>Levy\u2019s scheme costs $75 to $150 in GPU compute per transaction and achieves roughly 118-bit pre-image resistance against quantum attack.<\/li>\n<li>QSB is the first known scheme to secure live <span>bitcoin<\/span> transactions against Shor\u2019s algorithm using only <span>Bitcoin<\/span>\u2019s existing legacy Script rules.<\/li>\n<\/ul>\n<h2>How a Starkware Executive Built Quantum Resistance Into <span>Bitcoin<\/span> Without Touching the Protocol<\/h2>\n<p>Avihu Levy, chief product officer at <a href=\"https:\/\/news.bitcoin.com\/starkware-aims-to-scale-bitcoin-using-zero-knowledge-technology\/\">Starkware<\/a> and co-author of BIP-360, released a full <a href=\"https:\/\/github.com\/avihu28\/Quantum-Safe-Bitcoin-Transactions\/blob\/main\/paper\/QSB.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">research paper<\/a> and open-source implementation on April 9, 2026. The scheme is called Quantum Safe <span>Bitcoin<\/span>, or QSB. It requires no softfork, no community coordination, and no new opcodes. It runs entirely within <span>Bitcoin<\/span>\u2019s existing legacy Script constraints of 201 opcodes and 10,000 bytes.<\/p>\n<p>The threat QSB addresses is specific. <span>Bitcoin<\/span>\u2019s primary signature scheme, ECDSA over the secp256k1 elliptic curve, is fully breakable by Shor\u2019s algorithm on a sufficiently powerful quantum computer. An attacker with that capability could recover <span>private keys<\/span> from any exposed public key, forge signatures, and redirect funds. P2PK outputs, legacy addresses, and <span>Taproot<\/span> keyspend paths are all at risk the moment a public key appears onchain.<\/p>\n<figure id=\"attachment_804910\" aria-describedby=\"caption-attachment-804910\" style=\"width:1326px\" class=\"wp-caption aligncenter\"><figcaption id=\"caption-attachment-804910\" class=\"wp-caption-text\"><a href=\"https:\/\/x.com\/avihu28\/status\/2042287457530478720?s=20\" target=\"_blank\" rel=\"noopener noreferrer\">Image source: X. <\/a><\/figcaption><\/figure>\n<p>Levy\u2019s scheme severs that dependency at the transaction level. Instead of relying on elliptic curve hardness, QSB builds security on the pre-image resistance of RIPEMD-160, a hash function that <a href=\"https:\/\/news.bitcoin.com\/bitcoin-developer-unveils-quantum-resistant-wallet-rescue-prototype\/\">quantum<\/a> computers can only attack with Grover\u2019s algorithm, which provides a quadratic speedup rather than a total break. A 160-bit hash retains roughly 80 bits of pre-image resistance against a quantum adversary, leaving a comfortable margin.<\/p>\n<p>The construction modifies an earlier scheme called Binohash, developed by Robin Linus, and fixes two problems that made Binohash unsafe against quantum attack. The first was a signature-size <a href=\"https:\/\/news.bitcoin.com\/deciphering-the-differences-between-proof-of-stake-and-proof-of-work\/\">proof-of-work (PoW)<\/a> puzzle that depended on finding small elliptic curve r-values, something Shor\u2019s algorithm trivially breaks. The second was an unresolved sighash flag vulnerability that could allow an attacker to reuse a valid puzzle signature across different transactions.<\/p>\n<h2>Replacing the Signature-Size Puzzle<\/h2>\n<p>QSB replaces the signature-size puzzle with what Levy calls a hash-to-sig puzzle. The spender iterates over transaction parameters until the RIPEMD-160 hash of a transaction-derived public key produces a valid DER-encoded ECDSA signature. That event occurs with probability roughly 1 in 70 trillion. Because the puzzle uses a hardcoded SIGHASH_ALL flag, the sighash vulnerability is eliminated as a side effect.<\/p>\n<p>The spender then runs two digest rounds using a HORS-style Lamport signature structure, selecting subsets of dummy signatures that alter the transaction\u2019s sighash via a legacy Script mechanism called FindAndDelete. Each subset produces a different hash output. The subset that yields a valid DER-encoded signature becomes the digest for that round. Revealing the corresponding pre-images in the witness completes the quantum-safe spend.<\/p>\n<p>The recommended configuration, which Levy calls Config A, fits within the 201-opcode limit and achieves approximately 118-bit pre-image resistance and 78-bit collision resistance. A quantum attacker running Grover\u2019s algorithm against this configuration faces roughly 2 to the 69th power work for a second pre-image attack. Shor\u2019s algorithm provides no advantage at all, since there are no elliptic curve assumptions left to break.<\/p>\n<p>Off-chain computation costs between $75 and $150 in cloud GPU time per transaction at current spot pricing. The work is embarrassingly parallel and completed in hours across multiple GPUs in early tests. The GPU farm only handles public computations, including key recovery and hashing. Private HORS pre-images never leave the spender\u2019s secure device.<\/p>\n<p>There are real limitations. QSB transactions are consensus-valid but non-standard, exceeding default relay policies. They require direct submission to a mining pool that accepts non-standard transactions, such as through Marathon\u2019s Slipstream service. The scheme does not yet cover <span>Lightning Network<\/span> channels. Full on-chain assembly and broadcast are still pending in the open-source implementation. Levy describes the scheme as a last-resort measure, not a general replacement for standard <span>Bitcoin<\/span> usage.<\/p>\n<p>Starkware co-founder Eli Ben-Sasson <a href=\"https:\/\/x.com\/EliBenSasson\/status\/2042304531132715035?s=20\" target=\"_blank\" rel=\"noopener noreferrer\">publicly endorsed<\/a> the work, stating <span>Bitcoin<\/span> can be quantum-safe immediately. He said:<\/p>\n<blockquote>\n<p>\u201cTHIS IS HUGE. <span>Bitcoin<\/span> is Quantum-Safe TODAY. Even if a quantum computer appeared, one that breaks the conventional Bitcion signatures, it shows a practical way to create safe <span>Bitcoin<\/span> transactions. WITH NO CHANGE TO <span>BITCOIN<\/span> PROTOCOL!\u201d<\/p>\n<\/blockquote>\n<p>Levy shared the paper and repository on X and credited Robin Linus for foundational work on Binohash and for a key correction that shaped the final cost-security tradeoff. The community was quite pleased with the white paper as it was shared widely on social media. <a href=\"https:\/\/news.bitcoin.com\/bitcoin-on-the-brink-taproot-wizard-calls-for-action-taaki-demands-core-disbandment\/\">Taproot Wizard<\/a> Eric Wall <a href=\"https:\/\/x.com\/ercwl\/status\/2042307794582262033?s=20\" target=\"_blank\" rel=\"noopener noreferrer\">wrote<\/a> on X:<\/p>\n<blockquote>\n<p>\u201cStarkware has some of the best hackers on the planet. It is beautiful to see when hackers use their powers for good.\u201d<\/p>\n<\/blockquote>\n<p>The full paper, GPU-accelerated CUDA code, Python pipeline, and complete <span>Bitcoin<\/span> Scripts are available at Levy\u2019s GitHub repository. The news follows the recent prototype meant to secure <span>bitcoin<\/span> wallets from quantum risk. That <a href=\"https:\/\/news.bitcoin.com\/bitcoin-developer-unveils-quantum-resistant-wallet-rescue-prototype\/\">specific prototype<\/a> was created by Lightning Labs CTO Olaoluwa Osuntokun.<\/p>\n<h2>What This Means for Everyday <span>Bitcoin<\/span> Holders<\/h2>\n<p>For everyday <a href=\"https:\/\/markets.bitcoin.com\/crypto\/bitcoin\" target=\"_blank\" rel=\"noopener noreferrer\">bitcoin (BTC)<\/a> holders, the practical takeaway is straightforward. No <a href=\"https:\/\/news.bitcoin.com\/googles-quantum-advances-bring-bitcoin-security-debate-into-focus\/\">quantum computer<\/a> capable of breaking <span>Bitcoin<\/span>\u2019s cryptography exists today, and most researchers place that threat at least three years to a decade out. But the clock starts the moment a public key appears onchain, which happens every time a user spends from an <a href=\"https:\/\/news.bitcoin.com\/a-beginners-guide-to-bitcoin-address-evolution\/\">address<\/a>.<\/p>\n<p> <a href=\"https:\/\/www.binance.com\/en\/price\/bitcoin\" class=\"lar_link lar_link_outgoing\" target=\"_blank\" rel=\"noopener noreferrer\">Bitcoin<\/a> sitting in a wallet that has never made an outgoing transaction carries less exposure. <a href=\"https:\/\/www.binance.com\/en\/price\/bitcoin\" class=\"lar_link lar_link_outgoing\" target=\"_blank\" rel=\"noopener noreferrer\">Bitcoin<\/a> parked at a reused or already-spent address is a different story. When quantum computing reaches the threshold, those exposed public keys become targets. Moving funds before that window closes matters more than moving them after.<\/p>\n<p>QSB does not yet ship inside any consumer wallet. Users cannot open a standard wallet today and toggle a quantum-safe setting. What Levy has delivered is the cryptographic proof that the path exists, built from rules already inside <a href=\"https:\/\/www.binance.com\/en\/price\/bitcoin\" class=\"lar_link lar_link_outgoing\" target=\"_blank\" rel=\"noopener noreferrer\">Bitcoin<\/a>, costing roughly the price of a plane ticket in GPU compute.<\/p>\n<p>The remaining work is engineering, adoption, and time. For a person holding <a href=\"https:\/\/www.binance.com\/en\/price\/bitcoin\/\" class=\"lar_link lar_link_outgoing\" target=\"_blank\" rel=\"noopener noreferrer\">BTC<\/a>, the action item is simple: watch for post-quantum support from your wallet provider, avoid reusing addresses, and move funds to a quantum-safe address when that option becomes available in mainstream software. The tools to protect that <a href=\"https:\/\/markets.bitcoin.com\/crypto\/bitcoin\" target=\"_blank\" rel=\"noopener noreferrer\">bitcoin<\/a> are being built right now.<\/p>\n<\/div>\n<p><a href=\"https:\/\/news.bitcoin.com\/no-consensus-changes-needed-starkware-cpo-builds-quantum-safe-bitcoin-transactions-from-existing-rules\/\">Source link <\/a><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Originally posted on : Bitcoin News ) Key Takeaways: Starkware CPO Avihu Levy published QSB on April 9, 2026, enabling quantum-safe bitcoin transactions with zero protocol changes. Levy\u2019s scheme costs $75 to $150 in GPU compute per transaction and achieves roughly 118-bit pre-image resistance against quantum attack. QSB is the first known scheme to secure [&hellip;]<\/p>\n","protected":false},"author":19,"featured_media":70912,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[32],"tags":[],"_links":{"self":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/70911"}],"collection":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/comments?post=70911"}],"version-history":[{"count":0,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/70911\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media\/70912"}],"wp:attachment":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media?parent=70911"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/categories?post=70911"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/tags?post=70911"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}