Imperial College London


Faculty of EngineeringDepartment of Computing

Professor of Applied Quantitative Analysis



+44 (0)20 7594 8331w.knottenbelt Website




E363ACE ExtensionSouth Kensington Campus






BibTex format

author = {Stewart, I and Illie, D and Zamyatin, A and Werner, S and Torshizi, M and Knottenbelt, W},
doi = {10.1098/rsos.180410},
journal = {Royal Society Open Science},
title = {Committing to Quantum Resistance: A Slow Defence for Bitcoin against a Fast Quantum Computing Attack},
url = {},

RIS format (EndNote, RefMan)

AB - Quantum computers are expected to have a dramatic impact on numerous fields, due to their anticipated ability to solve classes of mathematical problems much more efficiently than their classical counterparts. This particularly applies to domains involving integer factorisation and discrete logarithms, such as public key cryptography. In this paper we consider the threats a quantum-capable adversary could impose on Bitcoin, which currently uses the Elliptic Curve Digital Signature Algorithm (ECDSA) to sign transactions. We then propose a simple but slow commit-delay-reveal protocol, which allows users to securely move their funds from old (non-quantum-resistant) outputs to those adhering to a quantum-resistant digital signature scheme. The transition protocol functions even if ECDSA has already been compromised. While our scheme requires modifications to the Bitcoin protocol, these can be implemented as a soft fork.
AU - Stewart,I
AU - Illie,D
AU - Zamyatin,A
AU - Werner,S
AU - Torshizi,M
AU - Knottenbelt,W
DO - 10.1098/rsos.180410
SN - 2054-5703
TI - Committing to Quantum Resistance: A Slow Defence for Bitcoin against a Fast Quantum Computing Attack
T2 - Royal Society Open Science
UR -
ER -