Genesis Document: How David Chaum’s eCash gave birth to the cypherpunk dream of cryptocurrency

 975 total views

Bitcoin and other cryptocurrencies can be traced back to this early, privacy-conscious Internet payment system.

Original Title: “Dry Goods | Genesis Document: How David Chaum’s eCash gave birth to a cypherpunk dream”
Written by: Aaron Van Wirdum
Translation: Ajian

Dry Goods | Genesis Document: How David Chaum's eCash gave birth to a cypherpunk dream

You can pay for database access, use e-mail to buy software and newspapers, play video games online, receive the 5 dollars you owe you before receiving friends, and you can buy pizza. The possibilities are limitless.

The sentence quoted above is not from a video introducing Bitcoin made in 2011. In fact, it has nothing to do with Bitcoin. Even, it is not a work of this century. The quotation comes from a speech by a cryptographer David Chaum at the first CERN conference in Geneva in 1994. He talked about eCash.

If the cypherpunk movement has an ancestor, it must be David Chaum with a beard and ponytail. To say that this cryptographer is ahead of the times — he is now 62 or 63 years old (he has not revealed his true age) — is an understatement. Before most people learned about the Internet and owned personal computers, even before the birth of Edward Snowden, Jacob Appelbaum, and Pavel Durov, Chaum was already concerned about the future of Internet privacy.

“You have to let your readers know how important this is,” Chaum once told Wired magazine, “The cyberspace has no physical limitations… There is no such thing as a’wall’… It is a complete Different, weird and weird place, and everyone knows that this is a nightmare like a panoramic prison. Isn’t it? Anyone else can know everything you’ve done and even record it forever. This is the basic principle of democracy Opposite.”

Chaum started his career as a professor of computer science at Berkeley. He is not only an advocate of digital privacy, he also designed tools to realize privacy. Chaum’s 1981 paper “Untraceable Emails, Return Addresses, and Digital Pseudonyms” laid the foundation for the research on Internet encrypted communications; these researches eventually led to privacy protection technologies, such as Tor (The Onion Network).

But the privacy of daily communication is not yet Chaum’s most concerned thing. It can be said that he has bigger ideas. The Berkeley professor wanted to design a digital currency that protects privacy.

“Whether to keep information in the hands of individuals or in the hands of organizations? Whenever a government or a company wants to automate a batch of tasks, it must make a choice,” Chaum wrote on Scientific American. “Next The social form of the century may depend on which technology dominates.” That was 1992.

And 10 years ago (1982), Chaum had solved this problem: he published his second important paper “Blind Signatures for Untraceable Payment Systems”. At that time, now the veterans in the Bitcoin circle such as Dr. Pieter Wuille, Erik Voorhees and Peter Todd were not born yet, the cryptographer had already devised an anonymous payment scheme for the Internet.

Blind Signatures

The core of Chaum’s digital currency system is his invention “Blind Signature”.

To understand blind signatures, you must first understand public key cryptography, especially, what is going on with (ordinary) cryptographic signatures.

The Public Key Cryptography Society uses a key pair. A key pair is composed of a public key and a private key. The public key is calculated by the private key (a truly random string of numbers) according to a certain mathematical formula. (Seemingly random) string of numbers. It is very simple to derive the public key from the private key, but it is almost impossible to calculate the private key backward from the public key; this is a one-way street.

Public-key cryptography can be used to construct private communication between two parties-academic papers generally refer to two parties as “Alice” and “Bob”-as long as both parties share their public keys with each other. The private key can be kept private without being exposed.

But Alice and Bob can use public key cryptography to do more than private communication. Alice can also “sign” arbitrary data (as does Bob). In fact, Alice uses her private key and data to do some mathematical operations. The result is another string of seemingly random strings called “signatures.” Similarly, it is impossible to recover Alice’s private key from the signature (regardless of whether you have the signed data or not). This is still a one-way street.

What’s interesting is that Bob (and everyone else) can use Alice’s public key to check whether the signature was generated by Alice (Translator’s Note: Verify the data that needs to be signed). After checking, Bob will know whether Alice used her private key (and the corresponding data piece) to generate this signature. The private key can sign any data, which means that the data can be any statement and request made by Alice and Bob. For example, a signature can mean that Alice agrees with what the piece of data means (just like Alice wrote a signature for the contract by hand).

Blind signatures take all this further. At the beginning, Bob first generates a random number, called “nonce”, and then uses this random number and a piece of initial data to run specific mathematical operations to get a piece of out-of-order data. This out-of-order piece of data makes it look like any other random string. Then Bob takes this out-of-order data and signs it to Alice. Alice can’t tell what Bob’s initial data is like, so she is “blind”. The result of Alice’s signature operation is the “blind signature”.

The particularity of the blind signature is that this signature is not only associated with Alice’s key (any digital signature has this feature) and out-of-order data pieces. It is also associated with the original, unobfuscated data. If the original data can be obtained, then anyone only needs to use Alice’s public key to check whether Alice has signed an out-of-order version of the original data-including Alice herself, of course.


Blind signature is the key tool used by Chaum to create a digital currency system.

To understand this, you have to think of Alice in the example above as a bank: Alice Bank. This is an ordinary bank, just like our reality, customers have special accounts and deposits in the bank.

Suppose Alice Bank has four customers: Bob, Carol, Dan, and Erin. Suppose Bob wants to buy something from Carol.

First, Bob has to request a “withdrawal” from Alice’s bank (generally, of course Bob has to withdraw the money in advance, but you don’t need to worry about these details). When withdrawing money, Bob himself creates some “electronic banknotes” in the form of a string of unique numbers called “serial numbers”. In addition, he has to generate out-of-order versions of these banknotes as in the above example, and then send these out-of-order checks to Alice Bank.

After receiving Bob’s out-of-order banknotes, Alice Bank blindly signs each out-of-order data, and then sends these signatures back to Bob. Every time a banknote is issued out of order, Alice’s bank deducts 1 yuan from Bob’s bank account.

Now, because Alice Bank blindly signed these out of order banknotes, her signature has been linked to the original electronic banknotes. So Bob can now pay Carol using these initial, unconfused banknotes. He only needs to send the data to Carol.

After Carol received these electronic banknotes, they forwarded them to Alice Bank. Alice can check whether she has signed these banknotes, which is also done by blind signature: they are all related to her private key. Alice Bank also checks whether the same banknote (serial number) has been used by others (whether he has suffered multiple payments).

After checking the banknotes, Alice Bank adds the same amount to Carol’s account and informs Carol. After confirmation by the bank, Carol also knows that what Bob paid is a valid banknote, and can ship it with confidence.

Dry Goods | Genesis Document: How David Chaum's eCash gave birth to a cypherpunk dream The rationale behind eCash. Source:

The most important thing is that Alice Bank will only know the unobfuscated banknote data when Carol wants to deposit these digital banknotes! Therefore, Alice Bank has no idea that these banknotes belong to Bob. In theory, it is entirely possible that it is Dan or Erin’s!

Therefore, Chaum’s solution provides privacy in payment. At the time, this was nothing new: back then, private payments were the norm. But it is in electronic form, which is the novelty. Therefore, Chaum chose this metaphor: cash. Electronic cash, eCash.


By 1990, almost 10 years after Chaum published his first paper (now the younger generation of cryptocurrency developers such as Matt Corallo, Vitalik Buterin, and Olaoluwa Osuntokun were not born), David Chaum founded DigiCash, It is based in Amsterdam, where Chaum has lived for quite some time. This company actually specializes in digital currency and payment systems, and its business includes a government project to replace toll booths (which was eventually cancelled) and smart cards (similar to our hardware wallets today). But DigiCash’s flagship project is its digital cash system eCash. (This system is called “eCash”, and the currency used in the system is called “CyberBucks”, which is equivalent to using uppercase “Bitcoin” to refer to the underlying protocol and lowercase “bitcoin” to refer to the currency.)

Dry Goods | Genesis Document: How David Chaum's eCash gave birth to a cypherpunk dream DigiCash’s early technical team (Chaum is not in the picture). Source:

That was the era when Netscape and Yahoo! led the technology industry to create new heights. Some people believed that micropayments, rather than advertising, would become the revenue model of the Internet. DigiCash was also considered a rising one among technology companies. New star. Of course, Chaum and his team are also confident in their own technology.

“With the maturity of online payment, you will be able to pay for all kinds of small things and small things, and the payment will be much more than today,” Chaum told the New York Times in 1994. Of course, he emphasized the importance of privacy. “You have to pay for every article you read and every question you ask.”

That year, after 4 years of development, the first successful payment system was already in testing. Later that year, eCash began to allow trials: banks that wanted to use this technology needed to request permission from DigiCash.

The banking industry is full of interest. At the end of 1995, eCash issued its first permit: Mark Twain Bank in St. Louis. Moreover, in early 1996, one of the world’s largest banks, Deutsche Bank, also tested the waters. Credit Suisse is the second major institution to join, and banks from many countries have also joined, including: Advance Bank in Australia, Advance Bank in Norway, and Bank Austria.

However, compared to the deal reached by DigiCash, what may be more interesting is the business they did not negotiate. Two of the three largest banks in the Netherlands-ING and ABN Amro-are said to have reached tens of millions of dollars worth of cooperation with DigiCash. Similarly, Visa has also been revealed to have proposed an investment of 40 million US dollars, and Netscape is also interested: eCash could have been put in the most popular Internet browser of that era.

However, the best bid is not someone else, it is Microsoft. Bill Gates hopes to integrate eCash into the Windows 95 operating system, and is said to be willing to bid $100 million. Chaum-according to the story-asks for $2 for every copy of Windows 95 sold. So things went wrong.

Although in the eyes of the technicians at the time, DigiCash seemed to be uncomfortable in business talks, so it was difficult to realize its full potential.

By 1996, DigiCash employees had seen too many failed transactions and hoped for some changes. The solution is to change the CEO: Michael Nash, a veteran from Visa. The startup also received an investment, and Nicholas Negroponte, the founder of MIT Media Lab, was appointed chairman of the board. (Recently, through this relationship of the Digital Currency Initiative, MIT Media Lab has also hired a number of Bitcoin Core contributors.) DigiCash’s headquarters has also moved from Amsterdam to Silicon Valley. Chaum was still one of them, but became CTO.

Things haven’t changed much. After several years of hard work, eCash has not been universally accepted. The participating banks have been experimenting and never pushed this technology; by 1998, Mark Twain Bank had only recruited 300 merchants and 5,000 users. As the final agreement between DigiCash and Citibank was about to be finalized-which could have given a great boost to the project-the bank withdrew for unrelated reasons.

“It is difficult to get enough merchants, so there is no way to get enough consumers. The reverse is also true.” Chaum told Forbes magazine in 1999 when DigiCash was bankrupt. “As the Internet changes The average quality of users has dropped. So it’s difficult to explain the importance of privacy to them.”

The dream of cypherpunk

DigiCash failed, even eCash failed. However, although the technology did not succeed commercially, Chaum’s work inspired a group of cryptographers, hackers, and activists, who established connections through a mailing list. This group included DigiCash contributors Nick Szabo and Zooko Wilcox-O’Hearn, later known as “cypherpunk”.

Perhaps even more radical than what Chaum did himself, cypherpunks have always had the dream of creating a kind of digital cash; from the 1990s to the early 2000s, they have been proposing different digital cash solutions. Until 2008, 10 years after DigiCash ended, Satoshi Nakamoto sent TA’s digital cash vision (Bitcoin) to the mailing list of the spiritual successor of cypherpunk.

Bitcoin and eCash do not have much in common in terms of design perspective. The most important thing is that eCash has a center, DigiCash, which cannot become a currency by itself. Even if everyone in the world uses eCash in transactions and only uses eCash, you still need a bank to provide account, balance and transaction confirmation. This also means that although eCash can provide privacy, it is not censorship-resistant. For example, even in the face of bank blockade, Bitcoin can still be used to donate to WikiLeaks, but eCash cannot. Banks can also lock WikiLeaks accounts.

However, Chaum’s contribution to digital currency can be traced back to the early 1980s and still makes sense. Bitcoin does not use blind signature technology, but the extended processing layer and privacy layer built on the Bitcoin protocol can be used. Theymos, the r/bitcoin moderator of the Bitcointalk forum and the sub-section of the reddit forum, has been advocating the development of an extensible side chain similar to eCash on the Bitcoin blockchain. Adam Fiscor, one of the leaders in the field of Bitcoin transaction privacy, is also implementing a coin mixing service using blind signatures (this idea was first proposed by Bitcoin Core contributor Greg Maxwell). The Lightning Network, which has not yet landed, can also use blind signatures to improve security. (Translator’s Note: The original text was written in April 2018.)

What about Chaum himself? He returned to Berkeley, where he wrote equivalent books, mostly related to digital elections and reputation systems. Perhaps, in another 20 years, a new generation of developers, entrepreneurs, and activists will regard these works as the foundation work of a technology that can change the world.

This article is based in part on two articles published in the 1990s: Steven Levy’s article “E-Money (That’s What I Want)” for “Wired” magazine, and “Hoe” by an unnamed author for “Next! Magazine” DigiCash alles verknalde” (translation here: “How DigiCash Blew Everything”.) website also provides a wealth of information.

Source link:

Adblock test (Why?)