There is buried treasure in cyberspace.
The San José was a 62-gun, three-masted galleon that was sunk by the British with 600 people on board during the War of Spanish Succession (1701-1714). The British were at the time trying to prevent Spanish galleons from returning to Europe loaded with bullion and jewels that could be to fund the war. The San José was sailing from Portobelo, Panama as the flagship of a treasure fleet of 14 merchant vessels and three warships. Ela it was tracked near Cartagena by the English Commodore Charles Wager and attacked on 8th June 1708. Wager intended to capture the ship and the loot, but the galleon’s gunpowder supplies blew up and it sank in deep water.
A few years ago the Colombian navy discovered the wreck, thanks in part to the Woods Hole Oceanographic Institution (WHOI), which used its REMUS 6000 autonomous underwater vehicle (AUV) to locate the remains at a depth of about 2,000 feet. They were not doing this purely out of curiosity, because the San José was carrying a couple of hundred tons of gold, silver, emeralds and such like that are worth an estimated $17 billion in today’s money. Yep, that’s not a misprint. It is the world’s richest shipwreck. Right now there are billions of dollars worth of 18th-century Latin American fungible tokens laying on the sea floor waiting to be picked up.
(Colombia estimates that it will cost about $70 million to salvage what it calls a “national treasure,” and it wants it put on display in a museum to be built in Cartagena but there’s an interesting dispute emerging around the wreck, which is in Colombian waters. Spain insists that the treasures are theirs, since they were aboard a Spanish ship, while Bolivia’s indigenous Qhara Qhara nation say the Spanish forced the community’s people to mine the precious metals, so the treasures should belong to them.)
I was thinking about the fate of this seabed fortune because I read a story of yet another crypto-chaos-mixup that occurred recently when someone typed in the wrong destination address for a token transfer and felt $36m-worth of frictionless digital money of the future into oblivion.
There must be a lot of cryptocurrency that has sunk below the waves of the web because the USB stick/hard disk/post-it note with the key on has been destroyed (remember the poor chap searching through Welsh rubbish dumps to find his hard drive) or because the value was transferred to a wallet for which no private key exists or because the only person who knew the pass phrase has died in a swimming accident or been overcome by Alzheimers.
Those gold coins spread over the South American seabed remind me of all those bitcoins that have gone to crypto-heaven, or perhaps crypto-purgatory, because the relevant private keys have been lost. In time, new technology will come along to mean that they can be recovered, except in this case it will be a quantum computer rather than a submarine. When quantum computers break the encryption behind the digital signature schemes used for (for example) Bitcoin
It won’t be archeologists looking for these quantum computers, of course, because a great many other people (eg, organized crime, unscrupulous “whales” and the tax authorities of many nations) are searching for them too. The code-cracking quantum computers that will needed to find them are under development but they won’t happen tomorrow. Professor John Martinis, who used to be the top scientist in the Google
One of these problems is, of course, breaking the asymmetric cryptography at the heart of cryptocurrency in order to transfer money out of lost or abandoned wallets. For technical reasons to do with the way that public keys and things work, the Deloitte accountants reckon that about four million Bitcoins will be vulnerable to such a quantum attack. With Bitcoin hovering around $30,000 or so, that means a pot of more than a hundred billion dollars is at the end of the quantum rainbow.
Remember that’s just for the lost or abandoned vulnerable wallets. A further and much bigger risk to Bitcoin is the attack on unprocessed transactions. When you spend Bitcoin, you broadcast your public key. An attacker with a quantum computer can find the corresponding private key and recreate the transaction to send the money (for example) to themselves. They would need to get their bogus transactions processed before the original transaction (by paying a bigger fee). All of this would need to be well-timed and finished in a relatively small time window, which sounds hard but it is worth doing because it puts every Bitcoin transaction at risk.
Fishing for Bitcoin
Mark Webber and his team at the University of Sussex in the UK recently calculated that breaking the cryptography in a 10-minute window would require a quantum computer with 1.9 billion qubits, while cracking it in an hour would require a machine with 317 million qubits. Even allowing for a whole day, this figure only drops to 13 million qubits. In other words, the working quantum computer that can search Davy Jones cyberlocker is some way off, and it will cost a lot more than $70 million. Nonetheless, it’s coming.
The quantum version of the AUV that found the San José is an inevitability and the treasure will be discovered. And there is plenty of it laying around. The legendary Satoshi Nakamoto had in the region of a million bitcoins that he mined during the cryptocurrency’s development phase. Those coins should now be considered treasure trove as Satoshi disappeared a few years after Bitcoin’s launch. Estimates vary but somewhere between the fifth and quarter of Bitcoin is already lost like this — or at least lost until a quantum computer comes along to collect it — and never coming back into circulation.
And that’s just Bitcoin. Other cryptocurrencies are at risk as well although, as noted in a paper from Stephen Holmes and Liqun Chen at the University of Surrey in the UK last year, the risks to different cryptocurrencies are not all the same. They share a common quantum vulnerability through use of non-quantum safe Elliptic Curve Digital Signature Algorithm (ECDSA) digital signatures but the specific risks of a successful quantum attack depend on many factors, such as the block interval time, the vulnerability to an attack that delays the time for an unprocessed transaction to be completed and the behavior of a cryptocurrency user to increase the cost of a quantum computer attack.
In time, value will migrate to currencies built on quantum-resistant algorithms, or to quantum computers themselves. But right now it might be well worth spending a few billion to build a quantum submarine to dive down dredge up a hundred billion or so in lost cryptocurrency. Who’s up for crowdfunding?