Three-family post-quantum signatures — Dilithium + FALCON + SPHINCS+ — anchored permanently to Arweave with a 32-byte commitment on Bitcoin itself. When quantum computing breaks classical ECDSA, your UTXOs will still be provably yours.
A quantum adversary has to break all three — module-lattice, NTRU-lattice, and hash-based — independently. No single algorithmic breakthrough compromises the attestation.
74 bytes fits inside Bitcoin's existing 80-byte OP_RETURN with 6 bytes to spare. No consensus changes. No hard fork. No soft fork. Deployable on Bitcoin today.
The full signature bundle lives on Arweave. H33 does not need to exist for the attestation to remain valid. Three independent systems, none of which can be unilaterally taken down.
Bitcoin holders don't want recurring charges on something that needs to be permanent. Pay once, verifiable forever. Arweave's permanence is already paid up-front.
| Tier | Price | Capacity | What you get |
|---|---|---|---|
| Free beta | $0 | 1 UTXO | First 50 holders before May 15, 2026 |
| Single | $49 | 1 UTXO | Arweave permanent · downloadable bundle · verification for life |
| Wallet | $249 | 50 UTXOs | Bulk attestation from one wallet · dashboard access · batch operations |
| Custody | $2,499 | Unlimited / address | Custody providers · API access · white-label verification pages · SLA on verification uptime |
| Enterprise | Custom | Institutional | Exchanges · sovereign funds · custom Arweave permanence guarantees |
Not yet. But "yet" is the whole issue. Cryptographically relevant quantum computers are estimated 5–15 years away. When they arrive, every UTXO whose public key has been exposed becomes spendable by the quantum attacker. The window to post-quantum-protect your holdings closes gradually — the earlier you attest, the longer your provable chain of custody before Q-day. Attestation is a hedge, not a cure.
Not attested: If your address has ever signed a transaction (revealing your public key), a quantum attacker who solves the discrete log problem can derive your private key and spend your UTXO.
Attested: You have a cryptographic proof from before Q-day showing that you controlled this specific UTXO at a specific time using post-quantum-secure signatures. In any post-Q-day migration window, this attestation is the evidence that the UTXO belongs to you, not the attacker.
Yes. The attestation is a point-in-time proof of control, not a lock. You can spend, consolidate, or transfer the UTXO normally. The attestation remains valid as historical evidence of your control at the time of attestation. For the new UTXO resulting from the spend, you can attest again.
No. That's the whole point of the Arweave + Bitcoin architecture. H33 issues the attestation, Arweave stores the full signature bundle permanently, Bitcoin anchors the 32-byte commitment in its own ledger. Three independent systems, none of which can be unilaterally taken down. If H33 goes dark tomorrow, you can still retrieve your attestation from Arweave and verify it against your address's post-quantum public keys.
Taproot's Schnorr signatures are still classical — they rely on the elliptic curve discrete log problem, which is breakable by Shor's algorithm on a sufficiently large quantum computer. Taproot helps with privacy and script efficiency but does nothing to protect against quantum attacks on the signature scheme itself. H33's triple-key approach adds post-quantum signatures alongside your existing classical signature, so both systems must break for your UTXO to be compromised.
Cryptographic diversity. Each of the three NIST-standardized post-quantum families (ML-DSA, FALCON, SLH-DSA) rests on a different mathematical hardness assumption. If a future cryptanalytic breakthrough breaks one family, the other two still hold. This is the same defense-in-depth principle as wearing a seatbelt and having an airbag — redundancy is the point.
32 bytes for the SHA3-256 commitment to the concatenated three-family signatures, plus 42 bytes for the Arweave retrieval pointer (10-byte node identifier + 32-byte receipt key). 32 + 42 = 74 bytes, fitting inside Bitcoin's 80-byte OP_RETURN with 6 bytes of margin. See Claim 32 of our patent filing.
Arweave is designed as a 200-year storage commitment with a per-file endowment model — the storage is pre-paid from the file's original upload fee and self-funds through its protocol economics. In the extremely unlikely event Arweave fails, H33 maintains a mirrored copy in our high-speed verification cache and offers mirrored storage via IPFS + Filecoin for Custody-tier customers. The attestation architecture supports multi-storage redundancy by design.