Genesis Document: How David Chaum’s eCash spawned a cryptopunk dream

You can pay for database access, buy software and newspapers with email, play video games online, receive the $5 a friend owes you from earlier, and buy pizza. The possibilities are endless.

Genesis Document: How David Chaum's eCash spawned a cryptopunk dream

“You can pay for database access, buy software and newspapers with email, play video games online, receive the $5 a friend owes you from earlier, and buy pizza. The possibilities are endless.”

The quote above is not from some video made in 2011 that introduces Bitcoin. In fact, it has absolutely nothing to do with Bitcoin. It’s not even from this century. The quote is from a talk given by a cryptographer, David Chaum, at the first CERN conference in Geneva in 1994, where he talked about eCash.

If the cryptopunk movement had an ancestor, it would be the bearded and ponytailed David Chaum, and to say that this cryptographer was ahead of his time – he is now 62 or 63 years old (he has not revealed his true age) – is an understatement. – would be an understatement. Chaum was concerned about the future of Internet privacy long before most people learned about the Internet and owned personal computers, and even before Edward Snowden, Jacob Appelbaum and Pavel Durov were born.

“You have to let your readers know how important it is,” Chaum once told Wired magazine, “that there are no physical limits to Cyberspace at all …… No There are no ‘walls’ …… It’s a completely different, weird, strange place, and everyone knows it’s a panoramic prison nightmare. Isn’t it? Anyone else can know everything you’ve done and even have it permanently recorded. It’s antithetical to the basic tenets of democracy.”

Chaum’s career began as a professor of computer science at Berkeley. Chaum’s 1981 paper “Untraceable Email, Return Addresses, and Digital Pseudonyms” laid the groundwork for research into encrypted communications on the Internet; this research eventually led to privacy-preserving technologies such as Tor (The Onion Network). such as Tor (The Onion Network).

But the privacy of everyday communications wasn’t Chaum’s main concern. Arguably, he had bigger ideas. The Berkeley professor wants to design a digital currency that protects privacy.

“The choice of whether to keep information in the hands of individuals or in the hands of organizations must be made whenever a government or a company wants to automate a group of transactions,” Chaum writes in Scientific American, “and the next century The shape of society in the next century may depend on which technology dominates. That was 1992.

And 10 years earlier (1982), Chaum had already solved the puzzle: He published his second major paper, “Blind signatures for untraceable payment systems”. At that time, the veterans of the current Bitcoin scene like Dr. Pieter Wuille, Erik Voorhees and Peter Todd were not even born yet, and this cryptographer had already devised an anonymous payment scheme for the Internet.

Blind Signatures
At the heart of Chaum’s digital currency system is his invention “Blind Signatures”.

To understand blind signatures, you have to understand what public-key cryptography and, in particular, (ordinary) cryptographic signatures are all about.

Public-key cryptography uses key pairs. A key pair consists of a public key and a private key, where the public key is a (seemingly random) string of numbers calculated from the private key (a truly random string of numbers) according to a certain mathematical formula. It is very simple to derive a public key from a private key, but it is almost impossible to compute a private key from a public key in reverse; it is a one-way street.

Public-key cryptography can be used to construct private communications between two parties — generally referred to as “Alice” and “Bob” in academic papers — as long as both parties share their public keys with each other. The private key can be kept private and not exposed.

But Alice and Bob can use public-key cryptography for more than private communication; Alice can also “sign” any data (as can Bob). In effect, Alice uses her private key to do some math with the data. The result is another seemingly random string called a “signature”. Again, there is no way to recover Alice’s private key from the signature (whether you have that signed data or not). This is still a one-way street.

Interestingly, Bob (and everyone else) can use Alice’s public key to check if the signature was generated by Alice. After checking, Bob knows whether Alice generated the signature with her private key (and the corresponding data piece) or not. The private key can sign any data, i.e. the data can be any statement or request from Alice and Bob. For example, a signature can mean that Alice agrees to what the piece of data says (as if Alice had handwritten a signature to the contract).

Blind signatures take all this a step further. At first, Mr. Bob generates a random number, called a “nonce”, and then takes that random number and runs a specific mathematical operation with a piece of initial data to come up with a garbled slice of data. This garbled piece of data makes it look like any other random string. Bob then takes this piece of garbled data and signs it for Alice. alice has no way to determine what Bob’s initial data looks like, so she is “blind”. the result of alice’s signature operation is a “blind signature “.

The special feature of the blind signature is that this signature is associated not only with Alice’s key (as any digital signature is) and the disordered data piece. It is also associated with that initial, unmangled piece of data. If that original data is available, then anyone can check whether Alice has signed a garbled version of that original data using only Alice’s public key — including, of course, Alice herself.

Blind signatures are the key tool Chaum uses to create digital currency systems.

To understand this, you need to think of Alice in the example above as a bank: Alice Bank, which is a normal bank, just like in our reality, where customers have special accounts and deposits.

Suppose that Alice Bank has four customers: Bob, Carol, Dan, and Erin, and suppose that Bob wants to buy something from Carol.

First, Bob has to request a “withdrawal” from Alice’s bank (generally speaking Bob has to get the money beforehand, of course, but you should ignore those details for now). When withdrawing the money, Bob creates some “electronic bills” himself, in the form of a unique string of numbers called a “serial number”. In addition, he generates garbled versions of these bills, as in the example above, and then sends these garbled checks to Alice’s bank.

After receiving Bob’s garbled bills, Alice Bank blind signs each piece of garbled data and sends those signatures back to Bob. for each garbled bill issued, Alice Bank deducts $1 from Bob’s bank account.

Now, because Alice’s bank blind-signed these garbled bills, her signature has been associated with the initial electronic bills. So Bob can now use these initial, unmangled bills to pay Carol. He simply sends this data to Carol.

Carol receives these electronic bills and forwards them to Alice’s bank, who can check that she has signed them, something she can do with blind signatures: they are associated with her private key, and Alice’s bank also checks that the same bills (serial numbers) have not been used by others (and that she has not experienced multiple payments).

Once the check is complete, Alice Bank adds the same amount to Carol’s account and informs Carol that, after the bank’s confirmation, Carol knows that Bob has paid a valid bill and can ship it with confidence.

Genesis Document: How David Chaum's eCash spawned a cryptopunk dream
  • The fundamentals behind eCash. Source: –

The bottom line is that Alice Bank only knows the unobfuscated bill data when Carol wants to deposit these digital bills! Therefore, Alice Bank had no idea that the bills belonged to Bob. In theory, it’s entirely possible that they could be Dan’s or Erin’s too!

Thus, Chaum’s solution provided privacy in payments. At the time, this was nothing new: back then, privacy payments were the norm. But it was in electronic form, and that was the novelty. So Chaum chose this metaphor: cash. Electronic cash, eCash.

By 1990, almost 10 years after Chaum’s first paper (the younger generation of cryptocurrency developers like Matt Corallo, Vitalik Buterin and Olaoluwa Osuntokun were not yet born either), David Chaum founded DigiCash, a company based in Amsterdam, where Chaum has been living for quite some time. The company actually specialized in digital currency and payment systems, and its business included a government project to replace toll booths (which was eventually cancelled) and smart cards (similar to the hardware wallets we have today). But DigiCash’s flagship project was still its digital cash system, eCash. (The system was called “eCash” and the currency used in the system was called “CyberBucks”, which is the equivalent of the capitalization we use for (The system is called “eCash” and the currency used in the system is called “CyberBucks”, which is equivalent to using the capital “Bitcoin” to refer to the underlying protocol and the lowercase “bitcoin” to refer to the currency in it.

Genesis Document: How David Chaum's eCash spawned a cryptopunk dream
  • DigiCash’s early technical team (Chaum is not in the photo). Source: –

It was a time when Netscape and Yahoo! were leading the tech industry to new heights, and some thought micropayments, not ads, would be the revenue model for the Internet, and DigiCash was seen as a rising star in the tech business. And, of course, Chaum and his team are confident in their technology.

“As online payments mature, you’ll be able to pay for all kinds of little things and objects, and pay for a lot more than you do today,” Chaum told the New York Times in 1994. Of course, he stressed the importance of privacy. “Every article you read, every question you ask, you pay for.”

That year, after four years of development, the first successful payment system was in testing, and later that year, eCash began allowing trials: banks that wanted to use the technology needed to request permission from DigiCash.

Banking interest was high. eCash issued its first license in late 1995: Mark Twain Bank in St. Louis. And, in early 1996, one of the world’s largest banks, Deutsche Bank, also tested the waters. Credit Suisse was the second major institution to join, as were banks in several countries, including Advance Bank in Australia, Advance Bank in Norway, and Bank Austria.

More interesting than the deals DigiCash made, however, may be the deals they didn’t make. Two of the big three Dutch banks — ING and ABN Amro — are said to have struck deals worth tens of millions of dollars with DigiCash. Similarly, Visa has been revealed to have offered a $40 million investment, and Netscape is also interested: eCash could have fit into the most popular Internet browser of the era.

However, the most capable bidder was none other than Microsoft. Bill Gates wanted to integrate eCash into the Windows 95 operating system and was reportedly willing to pay $100 million. Windows 95 for $2. And that was the end of the story.

While not a bad idea in the eyes of the techies of the time, DigiCash seemed to be a poor negotiator and therefore struggled to realize its full potential.

By 1996, DigiCash’s employees had seen too many failed deals and wanted something to change. The startup also received an investment and Nicholas Negroponte, founder of MIT Media Lab, was named chairman of the board. (MIT Media Lab has also recently hired several Bitcoin Core contributors through this Digital Currency Initiative connection.) DigiCash has also moved its headquarters from Amsterdam to Silicon Valley, and Chaum is still part of it, but as CTO.

Things haven’t changed much. After a few years of fighting, eCash wasn’t universally accepted. The banks that joined kept experimenting before ever pushing the technology; by 1998, Mark Twain Bank had enrolled only 300 merchants and 5,000 users. As the final agreement between DigiCash and Citibank was being finalized — which could have given the project a big boost — the bank pulled out for unrelated reasons.

“It’s hard to get enough merchants, so there’s no way to get enough consumers. The converse is also true.” Chaum told Forbes magazine in 1999, when DigiCash went bankrupt, “As the Internet has gotten bigger, the average quality of users has gone down. So it’s hard to explain to them the importance of privacy.”

The crypto-punk dream
DigiCash failed, and with it, eCash. But while the technology was not a commercial success, Chaum’s work inspired a group of cryptographers, hackers and activists who connected on a mailing list. This group, which included DigiCash contributors Nick Szabo and Zooko Wilcox-O’Hearn, became known as the “cryptopunks.

Perhaps even more radical than Chaum himself, the CryptoPunks had always dreamed of creating a digital cash; from the 1990s to the early 2000s, they were coming up with different digital cash schemes. It wasn’t until 2008, 10 years after the fall of DigiCash, that Satoshi Nakamoto sent TA’s vision of digital cash (Bitcoin) to the mailing list of the crypto-punk’s spiritual successors.

Bitcoin and eCash have little in common in terms of design perspective. Most importantly, eCash has a center, DigiCash, which can’t be a currency by itself. Even if everyone in the world used and only used eCash in their transactions, you would still need a bank to provide accounts, balances, and transaction confirmations. This also means that eCash, while providing privacy, is not censorship-resistant. For example, bitcoin can be used to donate to WikiLeaks even in the face of a bank lockdown, but eCash can’t do that, and banks can lock down WikiLeaks accounts just as well.

However, Chaum’s contribution to digital currency, which dates back to the early 1980s, still makes sense. Bitcoin doesn’t use blind signature technology, but the extended processing and privacy layers built on the Bitcoin protocol can be used. Theymos, moderator of the Bitcointalk forum and the reddit forum subforum r/bitcoin, has been advocating the development of an extensible sidechain on the Bitcoin blockchain similar to eCash. Adam Fiscor, one of the leaders in privacy for bitcoin transactions, is also implementing a hybrid coin service that uses blind signatures (an idea first proposed by Bitcoin Core contributor Greg Maxwell). The current Lightning Network, which has not yet been implemented, could also use blind signatures to improve security. (Translator’s note: Originally written in April 2018.)

What about Chaum himself? He’s back at Berkeley, where he’s written equivocal books, mostly related to digital elections and reputation systems. Perhaps, in another 20 years, a whole new generation of developers, entrepreneurs, and activists will hold these books up as the foundational work for a technology that could change the world.

This article is based in part on two articles published in the 1990s: Steven Levy’s article “E-Money (That’s What I Want)” for Wired magazine, and the unnamed author’s article “Hoe,” for Next! DigiCash alles verknalde” (translation here: “How DigiCash Blew Everything”.) The website also provides a wealth of information.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-05-31 08:39
Next 2021-05-31 08:49

Related articles