Olaoluwa Osuntokun's prototype lets users prove wallet ownership without a digital signature, solving the collateral damage problem in Bitcoin's most likely response to quantum computing threats.
Olaoluwa Osuntokun, chief technology officer at Lightning Labs, has built the first working prototype of a tool designed to rescue bitcoin wallets from a security upgrade that hasn't happened yet — and may never need to.
The prototype, disclosed in an April 8 post to the Bitcoin developer mailing list, addresses a specific and uncomfortable flaw in Bitcoin's contingency planning for quantum computing. The widely discussed "emergency brake" proposal — a soft fork that would disable vulnerable signature schemes if quantum computers ever threaten the network's cryptography — would protect Bitcoin's security at a steep cost: millions of wallets using Taproot and other modern address formats could be permanently frozen, their owners unable to prove they hold the keys.
Osuntokun's system offers a way out. Instead of verifying ownership through a traditional digital signature — exactly the mechanism that a quantum attacker could forge — it lets users prove they generated the wallet in the first place, using the secret seed phrase that every Bitcoin wallet derives from. The proof is mathematical and zero-knowledge: it demonstrates the relationship between the seed and the wallet's public key without exposing either. Using the tool to rescue one wallet doesn't compromise any others derived from the same seed.
The technical performance is rough but functional. Running on a high-end consumer MacBook, generating the proof took approximately 55 seconds; verification completed in under two seconds. The resulting proof file weighed about 1.7 megabytes. Those numbers would need to improve dramatically for a network-wide deployment — millions of wallets generating proofs simultaneously would strain any infrastructure — but as a proof of concept, the system demonstrates that the underlying cryptography works.
The quantum threat to Bitcoin has oscillated between theoretical concern and active research topic for years. Nobel physicist John Martinis argued last week that quantum hardware could crack Bitcoin's cryptography in minutes once machines reach sufficient scale. Circle, the USDC issuer, announced plans to launch a blockchain with quantum-resistant cryptography built in. And Postquant Labs went live with its own quantum-classical blockchain testnet earlier this month, enrolling 13,000 researchers.
Against that backdrop, Osuntokun's contribution isn't about solving the quantum problem itself — it's about solving the collateral damage of Bitcoin's most likely response to it. The emergency brake proposal, sometimes called a "quantum freeze," has been discussed in developer circles for several years. Its logic is straightforward: if quantum computers can break elliptic curve cryptography, disable the signature schemes that rely on it and require users to migrate their funds to post-quantum addresses. The problem is that any user who hasn't migrated before the freeze loses access to their coins.
Estimates vary on how many wallets would be affected, but the numbers are large. Every Pay-to-Taproot address, every Pay-to-Witness-Public-Key-Hash address, and every address whose public key has been exposed through a prior transaction would be at risk. That category encompasses a substantial portion of Bitcoin's active supply.
Osuntokun acknowledged the prototype is a side project, unoptimised and without a formal Bitcoin Improvement Proposal attached. There is no deployment timeline, no consensus among developers about whether the tool should be integrated into Bitcoin Core, and no agreement on how urgent the quantum threat actually is. Some developers have argued the risk is decades away; others point to Anthropic's recent Project Glasswing disclosure — in which an AI model autonomously found critical vulnerabilities in widely used cryptography libraries — as evidence that the timeline could compress in ways nobody predicted.
What Osuntokun has done is demonstrate that the trade-off embedded in Bitcoin's quantum defence plans isn't inevitable. The emergency brake doesn't have to mean permanent loss for users who fail to act in time. Whether the Bitcoin development community adopts this approach, modifies it, or builds something else entirely is a question for future soft fork debates.
The Lightning Network, where Osuntokun has spent the bulk of his career, faces its own quantum exposure — payment channel keys are equally vulnerable to signature forgery. But the wallet rescue tool targets the base layer, where the stakes are highest and the user base is largest.
The proof file's 1.7-megabyte size, roughly equivalent to a high-resolution photograph, would need to fit within Bitcoin's block space constraints for on-chain verification — a design challenge that remains unsolved.
