Post-quantum vaults are live on Bitcoin Cash's Chipnet
Quantumroot vaults are now live on Bitcoin Cash's 6-months-ahead preview network. Contracts, testing suite, and transaction generation code now available.
Today I'm publishing an end-to-end implementation of Quantumroot, a post-quantum vault for CashVM – Bitcoin Cash's restored Bitcoin Script language.
CashVM makes quantum readiness ultra-efficient: sweeps from quantum-ready addresses cut transaction sizes vs. P2PKH/P2WPKH by up to 10.9%, despite the increase from 20-byte hashes to 32-byte hashes (for highest-level, NIST Category 5 quantum security strength).
Users who regularly buy or earn Bitcoin Cash to a Quantumroot vault will save on fees after just 6 payments.
Maximum Quantum Security
With NIST Post-Quantum Cryptography Category 5 security, Quantumroot is expected to remain secure for decades into the post-quantum era.
Quantumroot implements the standard LM-OTS signature scheme (RFC 8554), which itself relies only on SHA256 for security – no lattice-based or other relatively-experimental cryptography. From a cryptographic-security perspective, Quantumroot is maximally conservative.
Low Transaction Fees
Bitcoin Cash's highly parallel architecture – the "UTXO model" – offers better performance and lower-level control than account-based systems, enabling Quantumroot to offer 100-1000× lower fees than equivalent vaults on Ethereum.
Privacy Nonces
Pre-quantum transactions do not expose associations between vault addresses: a 32-byte privacy nonce included in the hidden token-based spending path prevents even quantum attackers from connecting the address with authorized token(s) and/or recovery rules unless revealed by a post-quantum recovery.
Sweep-Free Upgrades
The hidden recovery path can be upgraded without sweeping the vault or revealing any association between vault addresses: only unassociated token UTXOs are moved on-chain. This simplifies user experiences and makes it easier for vaults to upgrade recovery, inheritance, or business continuity policies.
Deep Dive and Contract Walkthrough
For a deep dive and walkthrough of the CashVM contracts, see the August 20 tech talk:
Details & Example Transactions
Example transactions are now on-chain. Some extracted numbers:
- Pay to Public Key Hash (P2PKH):
- 34-byte UTXO, 141-byte inputs. Lifecycle total: 175 bytes.
- 6 inputs, 1 output (P2PKH): 890 bytes.
- Quantumroot, Pay to Script Hash, 32 Bytes (P2SH32):
- Schnorr spend (one per TX): 44-byte UTXO, 248-byte input. Total: 282 bytes.
- Introspection spend (all other inputs): 44-byte UTXOs, 112-byte inputs. Total: 156 bytes.
- 6 inputs, 1 output (P2SH32): 862 bytes.
- Note that a future upgrade like TXv5 would cut another 74 bytes per input. Introspection spend total: 82 bytes. Savings vs. P2PKH up to ~53.1%.
Post-Quantum Stats
- 1-input, 1-output post-quantum transaction: 2,613 bytes.
- For today's most common transactions:
- 2-input, 2-output post-quantum transaction (including quantum-ready outputs): 2,923 bytes.
- 2-input (unique addresses), 2-output post-quantum: 3,169 bytes.
Given these stats, we can estimate that category 5 post-quantum activity on Bitcoin Cash will average ~1.5KB per payment. (With sufficient aggregation, ZK-STARK covenants/apps could improve this further.)
Comparing Large Sweeps
Note that post-quantum contract code adds zero bytes to pre-quantum spends.
- Pre-Quantum Sweeps (Schnorr signatures):
- P2PKH addresses can support 708 input sweeps per 100KB transaction; Quantumroot increases that to 891 inputs.
- P2PKH sweep (708 inputs)
- Quantumroot pre-quantum sweep (891 inputs)
- Post-quantum Sweeps (LM-OTS, RFC 8554):
- 868 inputs per 100KB transaction (one NFT input)
- 448 unique addresses per 100KB transaction (one NFT input)
You can learn more about Quantumroot in the initial announcement:
Jason Dreyzehner