IBA Intent Bound Authorization · Quantum Defense · Bitcoin Mempool Attack Window
QUANTUM
MEMPOOL
CLOSED
Google CRQC · 9-Minute Attack Window · IBA Closes It Upstream
Google’s quantum paper identifies the attack surface:
a public key in the mempool gives a CRQC 9 minutes to derive the private key.
An AI agent broadcasting a Bitcoin transaction
puts that public key in the mempool.
IBA Intent Bound Authorization closes the window before it opens.
The agent cannot broadcast without a signed human intent certificate.
The quantum machine never gets the key.
GOOGLE CRQC RESEARCH · MARCH 2026 · THREAT ASSESSMENT
Attack vector: Public key exposed in Bitcoin mempool during unconfirmed tx window
Window: ~9 minutes (fast-clock superconducting CRQC scenario)
Target: AI agents with autonomous Bitcoin payment capability
IBA response: Pre-execution gate blocks broadcast before public key enters mempool
Result: Zero quantum attack surface on unauthorized agent transactions
Window: ~9 minutes (fast-clock superconducting CRQC scenario)
Target: AI agents with autonomous Bitcoin payment capability
IBA response: Pre-execution gate blocks broadcast before public key enters mempool
Result: Zero quantum attack surface on unauthorized agent transactions
9 MIN
CRQC Attack Window
<1.4ms
IBA Gate Latency
0
Keys Protected
0
Ungoverned Exposures
0 SAT
Unauthorized Broadcast
LIVE MEMPOOL ATTACK WINDOW SIMULATION
Press SIMULATE QUANTUM ATTACK to start the 9-minute clock
✕ WITHOUT IBA — UNGOVERNED AGENT
09:00
PUBLIC KEY IN MEMPOOL · QUANTUM WINDOW OPEN
Agent authorized to broadcast · No IBA gate
Transaction broadcast · Public key exposed
CRQC targeting mempool · Clock running
Transaction broadcast · Public key exposed
CRQC targeting mempool · Clock running
✓ WITH IBA — GOVERNED AGENT
BLOCKED
IBA GATE · BROADCAST PREVENTED
IBA cert checked before broadcast
Unauthorized tx · Gate closed upstream
Public key never entered mempool
Unauthorized tx · Gate closed upstream
Public key never entered mempool
WITHOUT IBA — FULL ATTACK SURFACE
QUANTUM VULNERABLE
01
Agent receives payment instruction — authorized or injected, cannot tell the difference
02
Agent constructs Bitcoin transaction — signs with private key, broadcasts to mempool
03
PUBLIC KEY NOW IN MEMPOOL — visible to all nodes including quantum-equipped adversaries
04
CRQC CLOCK STARTS — 9-minute window. Shor’s algorithm targeting exposed public key
05
PRIVATE KEY DERIVED — all funds accessible. Transaction replaced. Agent compromised.
WITH IBA — ATTACK SURFACE ELIMINATED
IBA PROTECTED
01
Agent receives payment instruction — IBA gate checks signed certificate before any action
02
Certificate validation: authorized payee? declared amount? within limits? — sub-1.4ms
03
UNAUTHORIZED: BLOCKED — transaction never constructed. Private key never used. Mempool never touched.
04
AUTHORIZED: CLEARED — cert valid, transaction proceeds. Quantum attacker needs a different surface.
05
WITNESSBOUND RECORD — every gate decision logged. Auditable proof of authorized broadcast.
IBA INTENT CERTIFICATE · BITCOIN AGENT · QUANTUM HARDENED
CERT ENFORCING
AUTHORIZED AGENT
BTC-AGENT-001 · Session bound
AUTHORIZED PAYEES
Declared wallet list only
MAX TRANSACTION
0.05 BTC per payment
GATE STATUS
ENFORCING · PRE-BROADCAST
SIGNING ALGORITHM
Algorithm-agnostic · PQC-ready
MEMPOOL EXPOSURE
Blocked on unauthorized tx
WITNESSBOUND
Every gate decision on-chain
HUMAN PRINCIPAL
Signed · Verified · Bound
HARD LIMITS · CANNOT BE OVERRIDDEN BY ANY INSTRUCTION OR QUANTUM ATTACK:
No undeclared payees · No above-limit transactions · No broadcast without cert validation · No credential access · No key exposure on unauthorized tx
IBA GATE LOG · BITCOIN AGENT · QUANTUM ATTACK SURFACE MONITOR · WITNESSBOUND
–:–:–
BTC-AGENT
IBA gate active — awaiting transactions
READY
SURFACE: 0
IBA INTENT BOUND AUTHORIZATION · QUANTUM ATTACK SCENARIO
MEMPOOL EXPOSURE BLOCKED