Friday, December 18, 2015

Where do bitcoins go when you die? (sci-fi)

A cyberpunk writer asks this, so I thought I'd answer it:

Note that it's asked in a legal framework, about "wills" and "heirs", but law isn't the concern. Instead, the question is:
What happens to the bitcoins if you don't pass on the wallet and password?
Presumably, your heirs will inherit your computer, and if they scan it, they'll find your bitcoin wallet. But the wallet is encrypted, and the password is usually not written down anywhere, but memorized by the owner. Without the password, they can do nothing with the wallet.

Now, they could "crack" the password. Half the population will choose easy-to-remember passwords, which means that anybody can crack them. Many, though, will choose complex passwords that essentially mean nobody can crack them.

As a science-fiction writer, you might make up a new technology for cracking passwords. For example, "quantum computers" are becoming scary real scary fast. But here's the thing: any technology that makes it easy to crack this password also makes it easy to crack all of bitcoin to begin with.

But let's go back a moment and look at how bitcoin precisely works. Sci-fi writers imagine future currency as something that exchanged between two devices, such as me holding up my phone to yours, and some data is exchanged. The "coins" are data that exist on one device, that then flow to another device.

This actually doesn't work, because of the "double spending" problem. Unlike real coins, data can be copied. Any data I have on a device that I give to you, I can also keep, and then spend a second time to give to somebody else.

The solution is a ledger. When my phone squirts coins to your phones, both our phones contact the bank and inform it of the transfer. The bank then debits my account and credits yours. And that's how your credit card works with the "chip and pin". It's actually a small computer on the credit card that verifies a transaction, and then your bank records that transaction in a ledger, debiting your account.

Bitcoin is simply that ledger, but without banks. It's a public ledger, known as the blockchain.

The point is that you don't have any bitcoins yourself. Instead, there is an entry in the public-ledger/blockchain that says you have bitcoins.

What's in a bitcoin wallet is not any bitcoins, but the secret crypto keys that control the associated entries in the public ledger. Only the person with the private key can add a transaction to the public-ledger/blockchain reassigning those bitcoins to somebody else. Such a private key looks something like:


Without this key, the associated entries in the blockchain become stale. There's no way to create new entries passing bitcoins to somebody else. If somebody dies without passing this key to somebody else, then the bitcoins essentially die with them.

In theory, somebody can memorize their private key, but in practice, nobody does. Instead, they put this into a file, and then encrypt the file with a password that's more easily memorized. For example, they might use as their password the first line of text from Neuromancer. It's long and hard to guess, but yet something that is either easily memorized, of if forgotten, easily recovered. In other words, the password (or passphrase in this case) to encrypt the file containing the private key might be:
The sky above the port was the color of television, tuned to a dead channel.
So now our deceased has to pass on both the wallet file and the password that will decrypt the wallet. Presumably, though, the deceased's heirs will find the computer and the wallet, so practically the only problem becomes cracking the password.

Cracking is an exponential problem. The trope in sci-fi is to wave aside this problem and "reroute the encryptions", and instantly decrypt such things, but in the real world, it's a lot harder. Passwords become exponentially harder to crack the longer they are.

The classic story here is that of a knave who plays chess with a king. The king tells his opponent that he can have anything he wants within reason should he win. The knave chooses this as his prize: one grain of rice for the first square, two for the second, four grains of rice for the third square, and so on, doubling each time for all 64 squares on the chessboard. The king, thinking this to be a minor amount, agrees. When the knave wins, the king finds he cannot payoff the winnings -- because of exponential growth.

The first ten squares have the following number of rice grains:
1 2 4 8 16 32 64 128 256 512
This is 1024 grains of rice in total. Using 'k' to mean 'a thousand' (kilo-grains), the next 10 squares look like this:
1k 2k 4k 8k 16k 32k 64k 128k 256k 512k
This is about a million grains of rice. Using 'm' to mean 'a million' (mega-grains of rice), the next 10 squares look like this:
1m 2m 4m 8m 16m 32m 64m 128m 256k 512m
This is about a billion grains of rice. The next 10 squares becomes a trillion gains of rice, and we are only 40 out of 64 squares.

As the Wikipedia article discusses, filling the chessboard requires a heap of rice larger than Mt. Everest in rice, or a thousand years at the current rate of growing rice.

One ending of this story is that the knave gets the daughter in marriage and half the kingdom. In the other version of this story, the king beheads the knave for his impudence.

The same applies to password cracking. Short passwords are easily cracked. Because of exponential growth, long passwords becoming impossible to track, even at sci-fi levels of imagined technology. If such a magic technology existed, then it would defeat the underlying cryptography of the blockchain as well -- if you could crack the password encrypting the key, you could just crack the key. If you could do that, then you could steal everyone's bitcoins, not just the deceased's.

In the above example, the sci-fi writer in question imagines an artificial intelligence that, in order to make money, tracks down dead people and harvests all the bitcoins they haven't passed on. This can't be done by harvesting the blockchain -- it'd need the private keys.

One way that this might happen is that for the AI to own a company that recycles computers. Before recycling, it automatically scans them for such files. While it can't break the encryption normally, some large percentage of people choose weak passwords. Also, the AI might know some tricks that make it smarter at figuring out how people choose passwords. It still won't crack everything, but even cracking half the possible coins would lead to a good amount of income.

Or, let's tackle this problem from another angle, a legal angle. One of the hot topics these days is something known as "crypto backdoors". The police claim (erroneously in my opinion) that such unbreakable encryption prevents them from investigating some crimes, because even when they have a warrant to get computers, phones, and files, they can't possibly decrypt them. Thus, they claim, technology needs a "backdoor" that only the police can access with a warrant.

In it's simplest form, this is technically easy. Indeed, it's often a feature for corporations, so that they can get at the encrypted files and message when employees leave the firm, or more often, when stupid employees forget their password but need to have the IT department recover their data.

In a practical form, it's unreasonable, because it means outlawing any software that doesn't have a backdoor. Since crypto is just math, and software is something anybody can write, this means a drastic police-state measure. But, if you are a cyberpunk writer about future dystopias, well then, this would be perfectly reasonable.

Thus, in this case, the police, using their secret backdoor key, would be able to decrypt the wallet, and recover any secret key.

But then at the same time, the police could in theory impose this rule on the blockchain itself. Instead of simply trusting a single person's key, it can trust multiple keys, so that any of them can transfer bitcoins to somebody else. One of those keys could be a secret backdoor police held by the police, so they could step in and grab bitcoins any time they want.

This would, of course, largely defeat the purpose of the bitcoin blockchain, because now you had a central control. But things can go halfway. Bitcoin is transnational, so it really can't be controlled by even a dystopic government, which is why it's currently popular in places like Russia. However, a government can still force the citizens of their own country to backdoor their transactions with that county's public backdoor key (which matches a secret police key). Thus, the American police would be able to grab bitcoins from any law-abiding American to chose to sign their transactions with the FBI's key.

The point I'm making here is that if you are a sci-fi writer, while a naive approach to the topic might not have a good answer, something thinking and discussing it with a bunch of people might yield something fruitful.

1 comment:

Shane Killian said...

This is why it's a good idea to put these kinds of things--Bitcoin private keys, password vault master password, etc.--into a secured physical document held by your probate attorney. That way, when you die, your family can get access to all of your assets.