Future-Proofing Stacks: Toward Post-Quantum Cryptography Readiness

I’ve been following the development of BIP-0360 by Hunter Beast on his work on BIP-360: QuBit - Pay to Quantum Resistant Hash.

And today I saw the news from Jameson Lopp regarding Apple adding cryptography to prep their web servers for quantum secureness.

Screenshot 2025-07-02 at 12.44.21

So I decided to investigate further see how Stacks can prep ourselves, asked ChatGPT to make recommendations based on what it knows about Stacks and Bitcoin.

Below are the summary of the proposal. Might be completely off, I don’t know, but I hope it serves as a beginning of a discussion in Stacks how to prep ourselves.


:pushpin: Summary

This post (via ChatGPT) proposes a strategic, phased roadmap to begin preparing the Stacks ecosystem for post-quantum cryptography (PQC) threats.

While this is not an urgent risk today, the long-term security and credibility of any blockchain—especially one so closely aligned with Bitcoin—depends on forward-looking resilience against evolving cryptographic threats.

  • By starting the conversation early and exploring low-lift design decisions now, we can protect the long-term value of sBTC, Stacks addresses, and on-chain assets, while positioning Stacks as a security-first ecosystem.

:white_check_mark: Rationale: Why This Matters

1. Quantum Threats to Bitcoin = Quantum Threats to Stacks

Stacks uses ECDSA (secp256k1) for most signatures, just like Bitcoin. If Shor’s algorithm or other quantum techniques become practical, attackers could potentially forge signatures and steal funds from public-key-exposed addresses like those used in:

  • Taproot & P2PK Bitcoin addresses
  • sBTC vault implementations
  • On-chain smart contract logic relying on verify_secp256k1

Stacks must begin preparing to ensure its assets remain secure even as cryptographic assumptions shift.

2. No Hard Fork Needed – If We Plan Ahead

Post-quantum readiness doesn’t require a hard fork today. Many changes can be opt-in, experimental, and built modularly. For example:

*Adding PQC signature verification primitives to Clarity
*Creating a new SegWit-style address format for PQ-safe keys
*Leaving upgrade flexibility in new sBTC or consensus-layer design paths

The sooner we plan, the smoother future migrations or upgrades can be—with far less disruption.

3. Ecosystem Confidence and Credibility

Developers and users increasingly care about long-term safety of their BTC-backed assets and smart contract logic. Signals that Stacks is preparing for emerging cryptographic threats can:

*Build trust with security-conscious users
*Make Stacks wallets and infra more competitive
*Align with emerging best practices from Ethereum, ZCash, Bitcoin R&D, and NIST


:compass: Proposed Actions (Initial Roadmap)

Phase Idea Scope
:feather: Short-Term Publish educational brief & dev R&D post Community & comms
:hammer_and_wrench: Mid-Term Add PQ-safe signature verification to Clarity (e.g., verify_dilithium, verify_falcon) Core development
:test_tube: Mid-Term Experiment with PQ-compatible address or BNS descriptors Dev tooling & infra
:brick: Long-Term SIP for opt-in transaction/output type with quantum-safe commitments (e.g., modeled after BIP-360) SIP + consensus
:closed_lock_with_key: Ongoing PQ-readiness planning for wallets, vaults, and BTC bridges Wallets & sBTC teams

:link: Related Work

:link: Related article & Podcast


:raising_hand_woman: Call for Feedback, I’d love feedback on:

  • Should this be added to the Stacks Roadmap?
  • What level of priority should this topic have on the Roadmap?

:exclamation:Please mind that currently @larry is proposing Bitcoin address Proposing Bitcoin Addresses for Stacks - I don’t know how it affects one or another, and how they both are affected by BIP-0360

2 Likes

Also just to clarify and caveat. I am not saying this should be urgent. In fact opposite!

Just wanted to put it on the radar, as it is currently not visible on Stacks roadmap, whilst Bitcoin’s side is being steadily discussed and promoted.

Quantum attacks are a “low-probability but high-impact threat”. If ECDSA is ever broken by quantum computers, both Bitcoin and Stacks could become vulnerable, especially long-term BTC-backed assets like sBTC.

GPT estimated 3 scenarios (could be off):

1.Slow Burn (2035+) - Most likely. Gives us time, but only if we start early.
2.10-Year Surprise (late 2020s–early 2030s) - Rapid R&D progress could shorten the timeline.
3.Black Swan (next 5 years) - Low chance, but a sudden leap would leave no time to prepare.

Plenty of other dev work on the Stacks roadmap need much more attention! But it is like fire drills or seat belts, post-quantum readiness is about preparing before it’s needed, so we’re not caught off guard.
Start small, build optionality, and stay ahead. : )

1 Like

This is a real and near danger, as is AI resistance.

Thanks for sharing.

I am keen to explore further.

2 Likes

Hey Hero — really appreciate you putting this out there.

Your post genuinely pushed me to dig deeper and really understand the quantum threat, especially how it impacts the actual cryptography that secures Bitcoin and Stacks. I’ve been working through this with ChatGPT to break it down — and the more I learn, the clearer it is that this is something we can’t afford to ignore.

Here’s what really clicked for me:
:point_right: ECDSA, the Elliptic Curve Digital Signature Algorithm, is the core cryptographic system that secures our wallets and transactions today. It works brilliantly against classical computers because it relies on a math problem (the elliptic curve discrete logarithm) that’s practically impossible to solve with normal computing power.
:point_right: But quantum computers can run Shor’s Algorithm, which can break that math problem — meaning they could derive private keys from exposed public keys.
:point_right: This is the big catch: once you spend from an address, your public key is permanently on the blockchain. So even if we upgrade to quantum-safe signatures in the future, any old signature using ECDSA that exposed a key stays vulnerable forever.

So what I’ve learned is this: no protocol upgrade alone fixes that. The only real defense is migration — giving users a clear path to move their funds into new wallets that use quantum-resistant signature schemes before quantum computers reach the scale needed to break ECDSA.

That’s why I completely agree with your roadmap: awareness and education come first. We have to help people understand why this matters, and then plan for testnet phases, SIPs, and alignment with Bitcoin’s direction (like BIP-0360). The sooner we start, the better chance we have to make that migration smooth when it matters most.

Thanks again for starting this — this kind of foresight is exactly what keeps the Stacks ecosystem strong and credible long-term. I’m here to help however I can!

1 Like

I heard on Bitcoin space yesterday that there will be the first Quantum Bitcoin technical summit - Presidio, San Francisco July 17-18, 2025, https://pbquantum.com
If anyone is around in that area. :wink:
image

Very good speakers list. Including BIP-0360 author Hunter Beast
image
Might be a great opportunity to dig deeper and networking, and understand the timeline & how it impacts L2s.
I also heard a reputable Bitcoin dev yesterday that we might be 30 years out realistically. Really hard to gauge the timeline. However most people might agree that it is good to start thinking about it now.

:newspaper: In other news:
Other L2s already thinking about & researching about Q.
*Some commentary from Head of Research at @ChaincodeLabs, who is focused on the LN and bitcoin post-quantum computing.
Link: https://x.com/PresidioBitcoin/status/1940538390862307774
*Blockstream Research seeks an Applied Cryptographer focused on Post-Quantum Crypto. Contribute to long-term security and impactful research.
Link: Job Application for Applied Cryptographer (Bitcoin, Post-Quantum Focus) at Blockstream
*Someone forked Bluewallet and added Post-Quantum cryptography there, a proof-of concept. A demo it seems. Apparently it costs higher to transact, might need quantum witness data space to reduce cost.
Link: https://x.com/bensig/status/1938372759329116262

1 Like