Quantumroot: Quantum-Secure Vaults for Bitcoin Cash

#1

Announcing a developer preview of Quantumroot: a new kind of vault offering full 256-bit classical, 128-bit quantum security strength, without relying on new cryptography – it uses only the mining-proven SHA256 algorithm.

Quantumroot is an ultra-efficient, post-quantum vault for Bitcoin Cash. It’s optimized for business and savings use cases:

  • With cross-input aggregation via introspection, sweep transactions are 15% smaller per additional input than today’s single-signature, “Pay-to-Public-Key Hash” (P2PKH) wallets, with fixed overhead “paid off” after 8 UTXOs.

  • Post-quantum spends cost ~1.3KB per UTXO for typical two-input, single-signature transactions.

  • With both CashToken-based cross-address aggregation and introspection-based cross-input aggregation, post-quantum sweeps of 400+ unique addresses or 800+ inputs fit in a single transaction (100KB).

  • While SLH‑DSA‑SHA2‑128s (SPHINCS+) signatures weigh in at 7,856 bytes, CashToken-based delegation and Bitcoin Cash’s UTXO model allow Quantumroot to use LM-OTS signatures (RFC 8554) – improving quantum security, while also reducing signature sizes (2,180 bytes) and preventing on-chain privacy leaks.

  • Quantumroot can support quantum multi-signature (30+ signers), cross-vault signature aggregation (each signature used by multiple, multi-signature vaults), sweep-free vault upgrades and key rotations, threshold and fallback conditions, time-delayed withdrawals, percentage or amount-based pre-authorizations, inheritance and business-continuity configurations, destination-based withdrawal rules, and more.

Most importantly, Quantumroot is quantum safe “at rest” from day 1, even if quantum attackers suddenly steal all Taproot-held BTC.

On “Q-Day”, Quantumroot wallets can smoothly continue operation – or even reduce their post-quantum transaction sizes by retiring pre-quantum signing.

Following Bitcoin Cash’s 2025 upgrade, all Quantumroot components are possible on BCH mainnet – today.

This developer preview combines these components with 10-100× transaction size reductions and code simplifications made possible by several 2026 Cash Improvement Proposals (CHIPs): Loops, Functions, P2S, and Bitwise.

I plan to continue verification, complete security audits of specific Quantumroot CashAssembly templates, and provide an open source implementation for wallets to integrate via Libauth, targeting Bitcoin Cash’s May 2026 Upgrade.

The full explanation, code, and demo can be found on my blog:

10 Likes
#2

Hi all, I’m going to host a BCH Tech Talk in ~14 hours: “Intro to Quantum-Ready Vaults using Quantumroot”. 8/20 at 15 UTC. I’ll post the link here:

https://x.com/bitjson/status/1957971235993747537

9 Likes
#3

Livestream recording:

3 Likes
#4

Is it possible to begin accumulating assets in a mainnet quantum root vault today, accepting that those funds will not be spendable until May 2026?

Can the pre-Q spending path be safely reused with the privacy nonce?

Can a post-Q spend from the same receiving address be done multiple times, or is every vault a one and done?

Since this all becomes somewhat trivial for wallets based on libauth templates, but someone difficult for non-typescript languages, it seems like it might be really handy to have a rust implementation of libauth you mentioned on the podcast once.

Have you ever tried “one shotting” an implementation of libauth-rs, with the same unit tests as the typescript library?

3 Likes
#5

Yes, but probably unwise without an audited wallet implementation to use.

Yes, pre-quantum spending is very P2PKH-like, though for better privacy and quantum-safety, wallets should sweep all UTXOs for each address they spend + still avoid reuse. (But yes, if funds later arrive at that address again, another pre-quantum spend is still classically safe.)

Yes, the post-quantum path can be safely reused an unlimited number of times for any single address.

Caveat: correct wallet implementation is critical (I’m working deep support into Libauth’s new wallet engine): each post-quantum spend is actually a token spend, so the wallet simply moves the token to a new one-time-use quantum lock within the same vault configuration. All other addresses locked to that token category remain spendable (revealing the privacy nonce and their association), even as the post-quantum lock migrates to a new key for each spend. (Beyond this level of detail, we need to talk about specific wallet and hardware configurations, but note that correctly-implemented Quantumroot vaults should not be vulnerable to signing interruption attacks and such.)

So yes, post-quantum spends use one-time addresses (which aren’t visible to the payers + only revealed at spend time), but the system is carefully designed to ensure that each external-facing vault address can be safely reused an unlimited number of times. (Of course, if you reveal the pre-quantum path for a vault address, it’s no longer quantum-safe to continue reuse.)

I expect this to be realistic in the next 1-2 years, and I do want to make Libauth’s wallet engine as universal as possible. I’m continuing work on Libauth, and I’ll share more leading up to the May upgrade.

1 Like