Quantumroot vaults are now live on Bitcoin Cash’s 6-months-ahead preview network. Contracts, testing suite, and transaction generation code now available.
Nov 20, 2025 • 3 min read
Today I’m publishing an end-to-end implementation of Quantumroot, a post-quantum vault for CashVM – Bitcoin Cash’s restored Bitcoin Script language.
CashVM makes quantum readiness ultra-efficient: sweeps from quantum-ready addresses cut transaction sizes vs. P2PKH/P2WPKH by up to 10.9%, despite the increase from 20-byte hashes to 32-byte hashes (for highest-level, NIST Category 5 quantum security strength).
Users who regularly buy or earn Bitcoin Cash to a Quantumroot vault will save on fees af…
Quantumroot vaults are now live on Bitcoin Cash’s 6-months-ahead preview network. Contracts, testing suite, and transaction generation code now available.
Nov 20, 2025 • 3 min read
Today I’m publishing an end-to-end implementation of Quantumroot, a post-quantum vault for CashVM – Bitcoin Cash’s restored Bitcoin Script language.
CashVM makes quantum readiness ultra-efficient: sweeps from quantum-ready addresses cut transaction sizes vs. P2PKH/P2WPKH by up to 10.9%, despite the increase from 20-byte hashes to 32-byte hashes (for highest-level, NIST Category 5 quantum security strength).
Users who regularly buy or earn Bitcoin Cash to a Quantumroot vault will save on fees after just 6 payments.
Left: a legacy P2PKH transaction, requiring several duplicated signatures. Right: a Quantumroot sweep transaction in which a single signature covers all matching inputs. (A future upgrade like TXv5 would enable deduplication of the preimages, too.)
Maximum Quantum Security
With NIST Post-Quantum Cryptography Category 5 security, Quantumroot is expected to remain secure for decades into the post-quantum era.
Quantumroot implements the standard LM-OTS signature scheme (RFC 8554), which itself relies only on SHA256 for security – no lattice-based or other relatively-experimental cryptography. From a cryptographic-security perspective, Quantumroot is maximally conservative.
Low Transaction Fees
Bitcoin Cash’s highly parallel architecture – the “UTXO model” – offers better performance and lower-level control than account-based systems, enabling Quantumroot to offer 100-1000× lower fees than equivalent vaults on Ethereum.
Privacy Nonces
Pre-quantum transactions do not expose associations between vault addresses: a 32-byte privacy nonce included in the hidden token-based spending path prevents even quantum attackers from connecting the address with authorized token(s) and/or recovery rules unless revealed by a post-quantum recovery.
Sweep-Free Upgrades
The hidden recovery path can be upgraded without sweeping the vault or revealing any association between vault addresses: only unassociated token UTXOs are moved on-chain. This simplifies user experiences and makes it easier for vaults to upgrade recovery, inheritance, or business continuity policies.
Deep Dive and Contract Walkthrough
For a deep dive and walkthrough of the CashVM contracts, see the August 20 tech talk:
Details & Example Transactions
Example transactions are now on-chain. Some extracted numbers:
-
Pay to Public Key Hash (P2PKH):
-
34-byte UTXO, 141-byte inputs. Lifecycle total: 175 bytes.
-
6 inputs, 1 output (P2PKH): 890 bytes.
-
Quantumroot, Pay to Script Hash, 32 Bytes (P2SH32):
-
Schnorr spend (one per TX): 44-byte UTXO, 248-byte input. Total: 282 bytes.
-
Introspection spend (all other inputs): 44-byte UTXOs, 112-byte inputs. Total: 156 bytes.
-
6 inputs, 1 output (P2SH32): 862 bytes.
-
Note that a future upgrade like TXv5 would cut another 74 bytes per input. Introspection spend total: 82 bytes. Savings vs. P2PKH up to ~53.1%.
Post-Quantum Stats
-
1-input, 1-output post-quantum transaction: 2,613 bytes.
-
For today’s most common transactions:
-
2-input, 2-output post-quantum transaction (including quantum-ready outputs): 2,923 bytes.
-
2-input (unique addresses), 2-output post-quantum: 3,169 bytes.
Given these stats, we can estimate that category 5 post-quantum activity on Bitcoin Cash will average ~1.5KB per payment. (With sufficient aggregation, ZK-STARK covenants/apps could improve this further.)
Comparing Large Sweeps
Note that post-quantum contract code adds zero bytes to pre-quantum spends.
-
Pre-Quantum Sweeps (Schnorr signatures):
-
P2PKH addresses can support 708 input sweeps per 100KB transaction; Quantumroot increases that to 891 inputs.
-
**Post-quantum Sweeps **(LM-OTS, RFC 8554):
-
868 inputs per 100KB transaction (one NFT input)
-
448 unique addresses per 100KB transaction (one NFT input)
You can learn more about Quantumroot in the initial announcement: