Dan Robinson, General Partner and head of research at Paradigm, published a paper on May 1, 2026 outlining a mechanism called PACTs (likely expanding to Pre-Authorized Conditional Transactions) that would allow long-term Bitcoin holders to pre-register protection against a worst-case quantum computing scenario. The proposal targets owners of Satoshi-era addresses, whose public cryptographic keys are already permanently visible on the blockchain and cannot be hidden retroactively.

---

The Problem with Old Addresses

Bitcoin's earliest transactions, predominantly from 2009 to 2012, used a format called Pay-to-Public-Key (P2PK). Unlike modern address formats, P2PK embeds the full cryptographic public key directly on the chain rather than concealing it until the moment of spending. That means any sufficiently powerful quantum computer could use Shor's algorithm to derive the private key from the public key and drain the wallet without any prior warning.

The scale of the exposure is significant. Roughly 1.7 million BTC sit in legacy P2PK addresses, the highest-risk category. Taproot addresses, active since 2021, also expose public keys on-chain and add to the total quantum-vulnerable pool. When all vulnerable address types are included, the total reaches an estimated 6.7 to 6.9 million BTC, or about one-third of all mined bitcoin. Satoshi Nakamoto's own holdings, estimated at approximately 1 million BTC and valued at roughly $67.6 billion as of February 2026, remain untouched since the network's earliest days and fall squarely in this category.

New research published in March and April 2026 sharpened the urgency. Google Quantum AI researchers estimated that Bitcoin's elliptic curve cryptography could be broken in under nine minutes by a capable quantum computer, which is faster than Bitcoin's average 10-minute block time. Separate research from Caltech, Oratomic, and UC Berkeley estimated that the attack could be mounted with as few as 10,000 to 26,000 specialized qubits, a lower bound on the hardware threshold rather than a fixed range.

Google's revised ceiling of under 500,000 physical qubits represents a twenty-fold reduction from earlier estimates of around 10 million, though Google's current Willow chip operates at just 105 qubits.

---

What PACTs Do Differently

Robinson's paper describes a timestamp-based conditional pathway, essentially a pre-registered authorization that would only activate in a declared quantum emergency. Legitimate holders could prove ownership and access funds through an alternative cryptographic route without having to move coins ahead of time or signal any on-chain activity.

"We present a possible way for Bitcoin holders to protect themselves from having their funds frozen in an emergency post-quantum hard fork," Robinson wrote in the paper published on Paradigm's research portal, "without having to publicly move their coins."

This capability sets PACTs apart from the other major proposals currently in circulation.

BIP-360, a draft authored by Hunter Beast, Ethan Heilman, and Isabel Foxen Duke, introduced quantum-resistant address types. It was merged as a draft in February 2026 and launched a testnet in March 2026. It requires holders to actively migrate coins.

BIP-361, championed by Bitcoin developer Jameson Lopp, proposes a three-phase, five-year forced migration timeline. Under its structure, coins not migrated would be frozen after Phase B, which may arrive before the full five-year period concludes.

StarkWare's Quantum Safe Bitcoin scheme requires no protocol changes but costs between $75 and $200 per transaction in GPU computation. A Layer 2 solution called Quip Network, announced April 28 by Postquant Labs and built on Arch Network, narrows the quantum attack window to roughly 20 minutes but remains in early development. Hunter Beast has also proposed Hourglass V2, a mechanism that would limit spending of exposed bitcoin to one coin per block, specifically to prevent catastrophic market dumps in a quantum emergency.

Lopp has argued that inaction carries its own risks. "Allowing quantum attackers to sweep coins would constitute a massive redistribution of wealth to whoever first gains access to advanced quantum hardware," he told CoinDesk in February 2026.

Blockstream CEO Adam Back has called for a measured approach: "Preparation is key. Making changes in a controlled way is far safer than reacting in a crisis."

---

A Governance Problem as Much as a Technical One

Bitcoin lacks a central authority to mandate protocol upgrades. Any change requires rough consensus across independent developers, miners, and node operators. Guillaume Girard of UTXO Management has described Bitcoin's quantum debate as "a governance crisis in disguise," and that framing applies directly here: BIP-360 has generated more developer discussion than any protocol proposal in Bitcoin's history, engaged over 100 cryptographer contributors, and seen its testnet attract 50 or more miners while surpassing 100,000 blocks. Yet it still has no agreed activation path.

Prediction market Polymarket currently assigns approximately 28% odds to BIP-360 being implemented by 2027. Girard described the underlying dynamic plainly: "Protocol changes move slowly, like a state legislature."

---

Why This Hits Hardest Outside the West

For users in South Asia and Sub-Saharan Africa, the stakes are disproportionately high. India ranks first globally in the 2026 Crypto Adoption Index, Nigeria ranks second, and Pakistan ranks eighth. Across Africa, four countries appear in the global top 20: Nigeria at second, Ethiopia at tenth, Kenya at thirteenth, and Ghana at twentieth.

An estimated 150 million crypto owners live in India alone, with 22 million in Nigeria. In high-inflation economies where Bitcoin functions primarily as a savings instrument rather than a trading vehicle, dormancy periods tend to be longer. For wallets held in older address formats, that longer dormancy means an exposed public key remains available to any future quantum-capable adversary for an extended period.

BIP-361's freeze mechanism poses a specific risk for holders who bought early-era Bitcoin through local peer-to-peer platforms, such as Paxful or Remitano, using address formats that predate modern key management practices. P2P trading volumes across Africa grew 40% year-over-year through 2024 and 2025. Many of those users may not routinely monitor the Bitcoin developer mailing list for news of a pending migration deadline. Users in Nigeria, India, and Pakistan face a further compounding concern: initiating visible on-chain activity can attract regulatory or tax scrutiny under each country's evolving crypto frameworks.

PACTs' defining characteristic, enabling protection without triggering on-chain movement, speaks to several of those compounding constraints at once: surveillance risk, regulatory exposure, wallet capability gaps, and informal custody arrangements that make active migration difficult in practice.

---

What Comes Next

Robinson's paper enters a field with no shortage of competing ideas and no clear consensus mechanism for choosing between them. Some estimates place the earliest plausible quantum threat window at 2029. The US federal government has set a post-quantum migration deadline of 2035 under Executive Order 14144. The two dates represent materially different urgency levels: a 2029 threat would arrive well before any consensus upgrade could realistically be completed, while the 2035 federal deadline offers a longer runway that may itself prove insufficient given Bitcoin's documented governance pace.

Colton Dillion, CEO of Postquant Labs, whose company offers the rival Quip Network solution, put it directly: "The Bitcoin community has delayed a fix for years, despite Satoshi himself discussing the quantum problem. Developers say any protocol upgrade could take 5 to 10 years."

PACTs represent a novel architectural approach, one designed to offer a contingency for holders who cannot or will not migrate, regardless of which broader proposal eventually wins community support. Whether Robinson's proposal gains traction will depend on how Bitcoin developers receive it in the weeks ahead, a question that BIP-360's trajectory puts in sobering context: that proposal drew unprecedented engagement from over 100 cryptographers and still carries only 28% odds of activation by 2027.