There is treasure buried in cyberspace.
The San José was a three-masted 62-gun galleon that was sunk by the British with 600 people on board during the War of the Spanish Succession (1701-1714). The British were trying at the time to prevent Spanish galleons from returning to Europe laden with bullion and jewelry that could be used to finance the war. The San José sailed from Portobelo, Panama, as the flagship of a treasure fleet of 14 merchant ships and three warships. It was followed near Cartagena by the English commodore Charles Wager and attacked on June 8, 1708. Wager intended to capture the ship and the spoils, but the galleon’s gunpowder stores exploded and it sank in water deep.
A few years ago, the Colombian Navy discovered the wreckage, thanks in part to the Woods Hole Oceanographic Institution (WHOI), which used its REMUS 6000 Autonomous Underwater Vehicle (AUV) to locate the remains at a depth of ‘about 2,000 feet. They weren’t doing this out of sheer curiosity, as the San José was carrying a few hundred tons of gold, silver, emeralds and the like that are worth around $17 billion in today’s money. Yes, that’s not a typo. It is the richest wreck in the world. Currently, billions of dollars worth of 18th century Latin American fungible tokens lie on the seabed waiting to be retrieved.
(Colombia estimates it will cost around $70 million to save what it calls a “national treasure,” and it wants it on display in a museum to be built in Cartagena, but there’s interest CONTESTATION around the wreck which is in Colombian waters. Spain insists the treasures belong to them, as they were aboard a Spanish ship, while Bolivian indigenous nation Qhara Qhara says the Spaniards forced the community’s inhabitants to mine the precious metals, therefore the treasures should belong to them.)
I was thinking about the fate of this seabed fortune because I read a story of yet another mix of crypto chaos that happened recently when someone typed in the wrong destination address for a token transfer and sent $36 million in frictionless digital money from the future In oblivion.
There must be a lot of cryptocurrency that sank under the waves of the web because the USB stick/hard drive/post-it note with the key was destroyed (remember the poor guy rummaging through welsh dumps to find his hard drive) or because the value was transferred to a wallet for which no private key exists or because the only person who knows the passphrase died in a swimming accident or was overcome by illness of Alzheimer’s.
Those gold coins strewn across the South American seabed remind me of all those bitcoins that went to crypto-heaven, or maybe crypto-purgatory, because the corresponding private keys were lost. In time, new technologies will come to mean that they can be recovered, except in this case it will be a quantum computer rather than a submarine. When quantum computers break the encryption behind the digital signature schemes used for (eg) Bitcoin
It won’t be archaeologists who will be looking for these quantum computers, of course, because a lot of other people (eg organized crime, unscrupulous “whales” and tax authorities in many countries) are also looking for them. The code-cracking quantum computers that will be needed to find them are under development, but they won’t arrive tomorrow. Professor John Martinis, who was once Google’s top scientist
One such problem is, of course, breaking the asymmetric cryptography at the heart of cryptocurrency in order to transfer money from lost or abandoned wallets. For technical reasons related to how public keys and things work, Deloitte accountants estimate that around four million Bitcoins will be vulnerable to such a quantum attack. With Bitcoin hovering around around $30,000, that means a pot of over a hundred billion dollars is at the end of the quantum rainbow.
Remember this is just for vulnerable lost or abandoned wallets. An additional and much bigger risk for Bitcoin is the attack on unprocessed transactions. When you spend Bitcoin, you broadcast your public key. An attacker with a quantum computer can find the corresponding private key and recreate the transaction to send the money to themselves (for example). They would need their fake transactions to be processed before the original transaction (paying higher fees). All of this should be well timed and completed in a relatively short window of time, which sounds difficult, but worth it as it puts every bitcoin transaction at risk.
Mark Webber and his team at the University of Sussex in the UK recently calculated that cracking the crypto in a 10-minute window would require a quantum computer with 1.9 billion qubits, while cracking it in an hour would require a machine with 317 million qubits. Even taking into account an entire day, this figure only drops to 13 million qubits. In other words, the working quantum computer that can research Davy Jones’ cyberlocker is a far cry from it, and it’s going to cost a lot more than $70 million. Nevertheless, it comes.
The quantum version of the AUV that found the San José is inevitable and the treasure will be discovered. And there are a lot of them lying around. The legendary Satoshi Nakamoto owned around one million bitcoins which he mined during the development phase of the cryptocurrency. These coins should now be considered treasure, as Satoshi disappeared a few years after the launch of Bitcoin. Estimates vary but somewhere between a fifth and a quarter of Bitcoin is already lost like that – or at least lost until a quantum computer comes to retrieve it – and never comes back into circulation.
And that’s just bitcoin. Other cryptocurrencies are also at risk although, as noted in a paper by Stephen Holmes and Liqun Chen at the University of Surrey in the UK last year, the risks of different cryptocurrencies are not all the same. They share a common quantum vulnerability through the use of quantum insecure Elliptic Curve Digital Signature Algorithm (ECDSA) digital signatures, but the specific risks of a successful quantum attack depend on many factors, such as the time interval between blocks, vulnerability to an attack that delays the time it takes to complete an unprocessed transaction, and the behavior of a cryptocurrency user to increase the cost of a quantum computing attack.
Over time, value will migrate to currencies built on quantum-resistant algorithms, or to quantum computers themselves. But right now, it might be worth spending a few billion to build a quantum submarine to sink into a hundred billion dollars in lost cryptocurrency. Who’s up for crowdfunding?