Bitcoin Q-Day Recovery Proposal Aims to Let Users Prove Ownership After Quantum Attack

Project Eleven says a new post-quantum cryptographic proof could help Bitcoin users recover wallets after Q-Day by verifying ownership.

By Jason Nelson

3 min read

As concerns over Bitcoin's quantum security continue to grow, security firm Project Eleven on Thursday unveiled a cryptographic technique designed to address a major concern by allowing users to prove ownership of a wallet after quantum computers become capable of deriving private keys and generating valid digital signatures.

In a thread on X on Wednesday, Project Eleven CEO Alex Pruden said the central challenge isn't protecting wallets from quantum attacks—it's proving who owns them once those attacks become possible.

“How do you prove you still own a wallet after a quantum computer can forge its signatures?” Pruden wrote. “After Q-Day, once a quantum computer can derive an ECC private key from its public key, a valid signature no longer proves ownership. Both the quantum adversary and the legitimate owner are able to produce identical signatures.”

"Q-Day" refers to the moment when a quantum computer can break the elliptic curve cryptography that secures Bitcoin transactions. The concern in the industry is that an attacker could use a quantum computer to derive a private key from a public key, making digital signatures unreliable as proof of wallet ownership.

What that means in practice is that an attacker could target vulnerable wallets, forge their digital signature and move Bitcoin without the owner’s permission.

Project Eleven's technique uses a wallet's key derivation path, allowing users to prove they control the parent key used to generate a wallet's private key without revealing it.

Because a quantum computer cannot reconstruct that parent key, the company says it can distinguish a legitimate owner from an attacker even after a wallet's private key has been compromised.

“So even after Q-Day, an attacker who's broken your address's private key does not hold, and can't compute, the seed phrase it was derived from. Proving you know that parent key, without revealing it, is something only the real owner can do,” Pruden wrote.

According to Pruden, the work was developed in collaboration with Jim Posen, lead maintainer of the open-source Binius zero-knowledge proof system, and builds on a technique known as "signature lifting," first proposed by researchers Alon Sattath and Robert Wyborski. Project Eleven funded Posen to implement the approach using Binius, an open-source proof system designed to accelerate hash-heavy cryptographic operations.

The proposed recovery mechanism is intended for users who miss a future migration to quantum-safe addresses and comes as efforts to prepare Bitcoin for a post-quantum future accelerate.

In February, Bitcoin developers advanced BIP-360, a Bitcoin improvement proposal, into the formal review process, laying the groundwork for future quantum-resistant upgrades. In March, BTQ Technologies released the first working implementation on its Bitcoin Quantum testnet, allowing developers to test the proposal while highlighting the challenge of building consensus for a network-wide upgrade.

In June, Coinbase's quantum advisory council urged blockchain developers to begin planning post-quantum migrations, warning that roughly 7 million Bitcoin could eventually be vulnerable to quantum attacks if owners fail to move funds to quantum-safe addresses. Later that month, President Donald Trump signed executive orders speeding the federal government's transition to post-quantum cryptography, adding momentum to broader efforts to prepare for Q-Day.

“As much as I'd love for the entire world to take a quantum migration plan seriously, the reality is that some digital asset wallets will miss the window,” Pruden wrote. “This gives them a fallback: prove ownership through derivation, not signature, even after that window closes.”

Get crypto news straight to your inbox--

sign up for the Decrypt Daily below. (It’s free).

Recommended News