PACTs let dormant Bitcoin timestamp control before quantum risk

On May 1, 2026, Dan Robinson of crypto fund Paradigm published a proposal for Provable Address‑Control Timestamps, or PACTs. The proposal outlines a way for dormant Bitcoin holders to create a dated, verifiable proof that they controlled an address at a particular time without broadcasting a transaction or exposing private keys.

Robinson describes a three-step process that uses existing Bitcoin tools and the OpenTimestamps service. A holder generates a 256‑bit secret salt, signs a full message with BIP‑322 to prove control of a vulnerable scriptPubKey, hashes the signed message and submits the hash to OpenTimestamps. OpenTimestamps batches hashes into a Merkle tree and embeds the root in a Bitcoin OP_RETURN output. The resulting timestamp is publicly verifiable while the underlying keys, the signature and the salt remain private.

The initial timestamping step requires no onchain transaction and incurs no onchain fees. Robinson wrote that a rescue path would depend on future protocol support: if the Bitcoin network later adopts a sunset soft fork that permits verification of STARK zero‑knowledge proofs, a holder could present a STARK proving they knew the salt and control proof before an agreed cutoff date. That proof could be used to authorize a rescue transaction that moves coins without revealing private keys and that is bound to prevent replay.

Robinson framed PACTs as a hedge against the risk of cryptographically relevant quantum computers (CRQCs) arriving before a coordinated migration protocol. He contrasted a forced public migration of dormant coins and acceptance of quantum risk, and proposed that PACTs let holders establish a private, verifiable timestamp now while leaving any onchain rescue mechanism for later consensus.

Researchers estimate addresses linked to Satoshi Nakamoto may contain about 1.1 million BTC, roughly $75 billion at current prices. Robinson acknowledged Bitcoin might never implement a quantum sunset and that the specific rescue path he described might not be adopted. He recommended holders not rely solely on PACTs until a standardized rescue protocol reaches consensus and noted the low cost of creating timestamps once a standard format exists.

The proposal references draft BIP‑361 and prior forum discussions and credits contributors including Eli Ben‑Sasson, Jameson Lopp, Neha Narula and Nic Carter. Robinson described OpenTimestamps as a free, trustless Bitcoin‑based timestamping service.

Technical limitations remain: PACTs do not extend cleanly to multisig wallets, complex scripts or custodial accounts and would require additional standardization. Developers and quantum researchers responded with questions about timelines for integrating STARK verification into Bitcoin, the feasibility of a soft fork to accept zero‑knowledge proofs, and whether the privacy protections would hold when timestamps and later proofs are produced.

Background context for the proposal notes that Bitcoin’s ledger functions as a distributed timestamp server and that quantum computing could, in theory, threaten signature schemes used in Bitcoin if sufficiently powerful CRQCs are built. The proposal adds a privacy‑focused option to the set of responses under discussion while relying on future community consensus to enable any onchain rescue.