Nigerian developer Olaoluwa Osuntokun is building Bitcoin’s first quantum-defence prototype

A Nigerian immigrant, Olaoluwa Osuntokun, has built Bitcoin’s first quantum-defence prototype.

Olaoluwa, who goes by the username “Roasbeef” on X, took to the microblogging site and Bitcoin developers’ mailing list on Wednesday, April 8, 2026, to make a breakthrough announcement that he has developed a fully working prototype for post-quantum wallet recovery using zk-STARK proofs.

Built in his spare time, the tool, titled “Post-Quantum BIP-86 Recovery via zk-STARK Proof of BIP-32 Seed Knowledge”, addresses one of the thorniest long-term threats to Bitcoin: quantum computers that could one day crack the network’s elliptic-curve cryptography and lock millions of users out of their own funds during an emergency upgrade.

Olaoluwa’s prototype runs on consumer hardware, an Apple Silicon M4 Max MacBook, and generates a verifiable proof of wallet ownership in roughly 55 seconds, later optimised to under three seconds in lighter variants.

This process produces a compact 1.7 MB file that can be further refined to just 223 KB using recursive composition. Verification takes under 2 seconds. It’s the first concrete implementation of a recovery mechanism that Bitcoiners have theorised about for years.

Olaoluwa: From Nigeria to the heart of Bitcoin development

Olaoluwa Osuntokun is a Nigerian immigrant in the United States and a long-time core contributor who rose through the ranks of applied cryptography and open-source protocol engineering.

He earned both his B.S. and M.S. in computer science from the University of California, Santa Barbara (UCSB), where he focused on applied cryptography and even taught courses in algorithms, operating systems, and security.

Applying that same rigorous dedication to the broader ecosystem, he co-founded Lightning Labs in 2016 alongside CEO Elizabeth Stark. As CTO and lead developer of LND (Lightning Network Daemon), one of the most widely used Lightning implementations, he has been instrumental in scaling Bitcoin for everyday payments.

Olaoluwa is also a prolific Bitcoin Improvement Proposal (BIP) author, notably co-authoring BIPs 157 and 158, which power efficient light client protocols like Neutrino.

His contributions span the Bitcoin protocol itself (including work on btcd, the Go implementation of Bitcoin), Sphinx onion routing, signature cache optimisations, and non-custodial tools like Lightning Loop.

By his mid-20s, Osuntokun had already been named to Forbes’ 30 Under 30 in Finance (2019). Today, with over a decade of production-grade Bitcoin and Lightning infrastructure under his belt, he remains deeply embedded in the open-source ecosystem, maintaining repositories, reviewing proposals, and quietly advancing the protocol’s long-term resilience.

The quantum threat Bitcoin developers have been preparing for

Bitcoin’s current cryptography (ECDSA and Schnorr signatures) relies on the hardness of the elliptic-curve discrete logarithm problem.

Powerful quantum computers running Shor’s algorithm could, in theory, derive private keys from public keys, especially for exposed UTXOs (unspent transaction outputs), which are common in legacy or Taproot wallets where the public key has been revealed on-chain.

Developers have long discussed an emergency brake soft fork: disabling vulnerable key-spend paths, for example, forcing Taproot spends through the script path only, to buy time while post-quantum signature schemes are deployed.

The catch?

Standard BIP-86 Taproot wallets, the default for many modern single-key setups, don’t commit to a script path in a way that survives such a change. Without a recovery mechanism, those funds could be permanently frozen.

Also read: 95% of digital breaches are caused by human error- NITDA DG, Kashifu Inuwa

Olaoluwa’s prototype provides the escape hatch. It lets users prove, via a zero-knowledge proof, that their Taproot output key was derived from their original BIP-32 seed phrase along the standard BIP-86 path, without ever revealing the seed or private keys.

The proof can then be embedded in a recovery transaction that spends via the now-mandatory script path. Because zk-STARKs rely only on hash functions and Merkle trees (no elliptic curves or discrete logs), they are themselves quantum-resistant. In the mailing list post, he explained the core relation would require the adversary to find a colliding BIP-32 seed, a task that remains astronomically hard even for quantum computers.

Olaoluwa forked and extended several projects: a TinyGo-to-RISC-V zkVM, risc0, custom Go tooling, and a dedicated “bip32-pq-zkp” guest programme that runs the derivation logic inside the prover. He later added optimised variants (derived from hardened xpub or xpriv) that slash proving time and memory usage dramatically while keeping the succinct proof size fixed.

This prototype doesn’t replace the need for native post-quantum signatures (proposals like BIP-360 are already in discussion). Instead, it complements them by ensuring that, during any transitional quantum defence soft fork, ordinary users aren’t collateral damage.

It’s a powerful reminder that Bitcoin’s security isn’t just about the code that exists today; it’s about the proactive, decentralised ingenuity that keeps the network antifragile for decades to come.

Olaoluwa Osuntokun’s work exemplifies why Bitcoin remains the most robust monetary protocol ever built: brilliant minds from around the world are quietly solving tomorrow’s problems today. As quantum computing advances, the Bitcoin community can rest a little easier knowing that one of its sharpest engineers has already sketched the off-ramp.