QSB Could Save Legacy Bitcoin From Quantum Theft

A new paper by Avihu Mordechai Levy (StarkWare) describes Quantum-Safe Bitcoin (QSB), a way to spend legacy Bitcoin outputs that would stay secure even if an attacker had a cryptographically relevant quantum computer. It works inside today’s Bitcoin Script with no soft fork. Under the paper’s Shor-only threat model, its recommended configuration (Config A) achieves roughly 2^118 second-preimage resistance while fitting inside Bitcoin’s existing legacy script limits of 201 opcodes and under 10,000 bytes (§4.5, §2.2). The spender pays roughly $75 to $150 in off-chain GPU compute per spend (§4.6), which is not the Bitcoin transaction fee. The construction itself only works in legacy pre-SegWit script execution; SegWit and Taproot cannot host it, and moving funds into a QSB bare-script output still requires a normal quantum-unsafe spend first. It does not relay as a standard transaction. Its own author describes it as a “last-resort measure” (§1.3).