u/bitcoincashautist

There's been a lot of fear about quantum computers threatening Bitcoin Cash. Let's cut through the noise and look at what we can actually do.

The Good News First

Quantum computers aren't magic. According to Google's own research paper:

• Cracking one key would take ~9 minutes (30 min for 100% success)
• Cracking enough keys to access 1 million BCH would take ~125 days minimum
• Cost: hundreds of millions to billions of dollars
• That's almost as slow as it took to originally mine them (~194 days)

This isn't a switch that gets flipped and suddenly someone owns all the old coins. It would be an expensive, slow process where attackers compete with each other and have to sell at prices that recoup their costs.

The Plan: Commit-Delay-Reveal

Here's a scheme that would protect real owners without freezing or stealing anyone's coins.

How it would work:

1. Commit: Publish a hash of your intended transaction. This reveals nothing about your keys. It just says "I plan to move these coins."

2. Delay: Wait for the commitment to age (say, a few months to a year).

3. Reveal: Broadcast your actual transaction. The network checks that it matches your earlier commitment.

Why this protects real owners:

• Oldest commitment wins. If you committed before an attacker cracked your key, you win automatically.
• Attackers face uncertainty. Even if they crack a key, they don't know if the real owner already has an older commitment waiting. They could spend billions cracking keys only to get front-run.
• No coins get frozen or burned. The rule just requires a commitment before spending. Everyone plays by the same rules.

This would work for ALL coin types: P2PK (like Satoshi's coins) and P2PKH alike. The only requirement is that real owners commit before attackers do.

How We Get There

The technical path is straightforward:

1. Spec out the OP_CHECKSIG overload to require a pre-commitment as part of signature validation
2. Implement and test the upgrade
3. Activate via network upgrade when ready, or keep it dormant until QCs actually arrive

Once the spec is finalized, users would be able to start publishing commitments immediately. The "delay" period starts counting from when you commit, so early adopters get maximum protection.

If quantum computers never materialize, no harm done. The commitments just sit there unused. If they do arrive, everyone who committed early is protected.

This is a solvable problem on a relatively quick timeframe. We don't need to panic, and we definitely don't need to freeze anyone's coins.

The Three Types of Coins

P2PK (Pay to Public Key): ~1.7 million BCH including Satoshi's coins. The public key is directly visible on-chain, so attackers could start working on these before any spend attempt. But with commit-delay-reveal, real owners would protect themselves by committing early. Oldest commitment wins.

P2PKH (Pay to Public Key Hash): The public key is only revealed when you spend. If you've never spent from an address, attackers don't even know which key to crack. Commit-delay-reveal would add another layer: even if your key gets exposed and cracked later, your earlier commitment wins.

New coins going forward: Quantumroot vaults become available after May 15, 2026. Full quantum resistance using only SHA256. Problem solved for anyone who uses them.

What About Satoshi's Coins?

Once the commit-delay-reveal spec is live, Satoshi (or any P2PK holder) could publish a commitment. If he does before QCs arrive, he's protected. His aged commitment would beat any attacker who cracks the key later.

If he doesn't, well, he's had 15+ years to move those coins and hasn't. At some point we have to accept that either:

• He lost his keys
• He's deliberately leaving them as a QC bounty
• He won't bother to publish a simple commitment
• He's no longer alive

Whatever the reason, it's not our place to interpret his intentions or "protect" coins he chose not to protect himself. The locking script is a contract. With commit-delay-reveal, the rule becomes: whoever has the oldest valid commitment gets the coins. Fair and simple.

Burning or freezing coins would be theft dressed up as protection. We'd be stealing from Satoshi (or his heirs, or his intended beneficiaries) to protect our bags from a hypothetical liquidity event.

BCH doesn't do that.

What You Can Do Today

1. Stop reusing addresses. Every time you spend, your public key is revealed. Fresh addresses give you better privacy anyway.

2. Move to Quantumroot when wallet support arrives (late 2026 - 2027). This gives you full quantum resistance going forward.

3. Watch for the commit-delay-reveal spec. When it's finalized, commit your old coins early. Oldest commitment wins.

4. Don't panic. The timeline for cryptographically relevant quantum computers is likely 2030s at earliest. We have time to prepare.

Why Not Just Freeze the Old Coins?

Some people are pushing for blanket freezing or burning of "vulnerable" coins. This is wrong for several reasons:

It's theft. You're taking someone's coins without their consent. Doesn't matter if you call it "protection."

It sets a deadly precedent. Once developers can freeze coins "for the greater good," where does it stop? Dormant coins today, "criminal" coins tomorrow, sanctioned addresses next week.

It's unnecessary. Commit-delay-reveal would protect everyone who bothers to use it. If you don't protect your own coins when given an easy way to do so, that's on you.

BCH survived worse. The chain absorbed millions of coins being dumped by BTC maxis after the fork. Someone bought them. Life went on.

The Bottom Line

BCH has a clear path forward:

• Quantumroot for new coins (available May 2026)
• Commit-delay-reveal to protect existing coins (spec it out, flip the switch when needed)
• No freezing, no burning, no theft

This is a solvable problem. The technical work is straightforward. Real owners who publish commitments early would be protected. Those who don't, after years of warning, have made their choice.

Anyone pushing for blanket freezing while ignoring these solutions is either uninformed or has an agenda. Now you know the difference.

The paper "Securing Elliptic Curve Cryptocurrencies against Quantum Vulnerabilities: Resource Estimates and Mitigations" groups BTC and BCH together, correctly recognizing their shared history and some divergences, but fails to account for recent BCH upgrades that enable quantum-resistant wallet implementations today.

Since the 2017 fork, BCH has continued evolving its consensus system and extended the UTXO model with native token primitives ("CashTokens", activated May 2023) along with significant Script VM upgrades including native transaction introspection opcodes and big-integer arithmetic. A summary of differences: https://bitcoin.stackexchange.com/a/115856/137501

The upcoming upgrade (scheduled May 15, 2026; v29 node software already released) adds native functions and loops to the Script VM.

These capabilities enable efficient quantum-resistant vault implementations. Specifically, the "Quantumroot" design leverages CashTokens for account abstraction, allowing users to maintain a constant receiving address while using UTXO-bound tokens secured by LM-OTS signatures (RFC 8554) to authorize spends. Post-quantum transactions require only ~1.5KB per UTXO, and aggregated sweeps of 400+ addresses fit within a single 100KB transaction.

Notably, Quantumroot vaults are quantum-safe "at rest" from deployment, unlike BTC's Taproot, which exposes public keys on-chain. All required components are functional on BCH mainnet today.

Details: https://blog.bitjson.com/quantumroot/

There's been a recent uptick in coordinated concern trolling about quantum computing threats to BCH, pushing for blanket freezing or burning of "vulnerable" coins. Be alert to the pattern.

The Psyop Pattern

Watch for accounts that:

• Have lurked for years but suddenly surface with urgent demands
• Push blanket solutions (freeze all vulnerable coins!) without technical nuance
• Refuse to engage with existing solutions like Quantumroot
• Rapidly escalate to painting opposition as crazy, fanatical, or "in denial"
• Frame theft as the "only survivable solution"

The goal appears to be creating division and establishing precedent that developers can redistribute coins "for the greater good." Once that precedent exists, the criteria can expand indefinitely: dormant coins, "criminal" coins, sanctioned addresses, coins that "probably" belong to lost wallets...

Why "Protecting" P2PK Coins Is Theft

Satoshi's coins and other early P2PK outputs have the public key directly exposed on-chain. Here's the thing: there is no way to distinguish between Satoshi waking up and moving his coins versus a QC attacker cracking them.

Maybe Satoshi lost his keys. Maybe he's waiting for cover of quantum computers to move them privately. Maybe he deliberately left them as a bounty for cryptographic researchers: 50 BCH per key, canaries in the coal mine announcing when the threat arrives. We don't know, and crucially, we don't need to know. It's not our decision to make.

The locking script is a contract encoding the funder's will. When someone funded a P2PK output, they encoded exact conditions for spending: produce a valid signature from this public key. That's it. No asterisks, no "unless developers decide otherwise later."

"Not your keys, not your coins" cuts both ways. If a quantum computer derives the key, those coins become theirs: still not ours to burn or redistribute.

BCH survived a bigger dump than 1.7M coins during the post-fork period when BTC maxis sold. Someone bought those coins. Someone will buy these too.

The Nuanced Technical Picture

What the panic merchants won't tell you is that different coin types have completely different risk profiles and solutions:

P2PK (public key exposed): ~1.7M coins including Satoshi's. No ethical intervention possible: you cannot distinguish owner from attacker. Treat as QC bounty or at most consider rate-limiting spends (e.g., 50/block matching original emission) to slow market impact.

P2PKH with revealed pubkey: Public key was exposed in a previous spend. Owners are either active (can migrate now) or abandoned their coins.

P2PKH with unrevealed pubkey: Only the hash is on-chain. Already significantly safer. Stop reusing addresses. A commit-delay-reveal soft fork could protect real owners without theft: commit to your transaction hash, wait N blocks, then reveal and execute. QC attackers can't front-run because they'd need to crack the key AND beat your commitment.

New coins going forward: Quantumroot vaults will become available on mainnet after May 15, 2026. 256-bit classical, 128-bit quantum security using only SHA256. Problem solved for anyone who cares to use it.

The Bottom Line

BCH already has the technical solutions. Quantumroot is here. The May 2026 upgrade enables efficient quantum-resistant wallets. Wallet developers will be integrating support.

What BCH doesn't need is panicked governance changes that establish precedent for coin confiscation. The "cure" of developer-controlled redistribution may be far worse than the "disease" of some old coins eventually being swept by whoever cracks them first.

If someone pushes hard for freezing or burning coins while ignoring these distinctions, ask yourself why.

And remember the CHIP process: default answer is NO.

Status quo is: QC-vulnerable coins are fair game for QC-attackers. If someone wants to change that: burden of proof is on them.

Watch out for another suspicious tell: presenting any solution as if it were a done deal.