'%3e%3crect%20x='109.185'%20y='253.397'%20width='350.859'%20height='857.656'%20fill='white'/%3e%3cpath%20d='M274.77%20708.572H233.194V888.205H286.632C302.651%20888.205%20314.635%20883.711%20322.461%20875.088C330.287%20866.465%20334.322%20851.404%20334.322%20830.149V779.138C334.322%20752.539%20329.797%20734.2%20320.382%20723.997C310.966%20713.795%20295.681%20708.451%20274.77%20708.451V708.572Z'%20fill='%23FF5C00'/%3e%3cpath%20d='M310.966%20610.558C320.015%20601.206%20324.539%20585.295%20324.539%20563.19V530.518C324.539%20490.559%20308.887%20470.519%20277.705%20470.033H232.949V624.768H269.512C287.977%20624.768%20302.039%20619.91%20311.088%20610.436L310.966%20610.558Z'%20fill='%23FF5C00'/%3e%3cpath%20d='M277.582%200C124.362%200%200%20123.399%200%20275.704V1069.3C0%201221.48%20124.239%201345%20277.582%201345C430.803%201345%20555.165%201221.6%20555.165%201069.3V275.704C555.165%20123.52%20430.926%200%20277.582%200ZM426.523%20833.064C426.523%20878.367%20414.539%20912.739%20390.817%20936.423C375.898%20951.241%20356.7%20961.322%20333.221%20966.909V987.677C333.221%201002.5%20320.993%201014.64%20306.075%201014.64C291.156%201014.64%20278.805%201002.5%20278.805%20987.677V971.888H232.949V987.677C232.949%201002.5%20220.721%201014.64%20205.803%201014.64C190.884%201014.64%20178.655%201002.5%20178.655%20987.677V971.888H170.218C150.53%20971.888%20140.625%20962.05%20140.625%20942.496V415.743C140.625%20396.188%20150.53%20386.35%20170.218%20386.35H178.655V357.201C178.655%20342.383%20190.884%20330.238%20205.803%20330.238C220.721%20330.238%20232.949%20342.383%20232.949%20357.201V386.35H278.805V357.201C278.805%20342.383%20291.034%20330.238%20306.075%20330.238C321.115%20330.238%20333.221%20342.383%20333.221%20357.201V388.78C333.221%20389.994%20332.977%20391.087%20332.855%20392.18C354.499%20397.524%20371.863%20406.512%20384.703%20419.386C406.469%20441.491%20417.597%20475.377%20417.597%20521.045V544.364C417.597%20604.363%20397.42%20642.743%20357.556%20659.14V660.719C403.656%20676.265%20426.646%20717.074%20426.646%20782.782V833.064H426.523Z'%20fill='%23FF5C00'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_1_174'%3e%3crect%20width='555'%20height='1345'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Bitcoin Wallet Architecture4.7(94)
Intermediate
Dive into the cryptographic principles that power Bitcoin wallets.
- The Emergence of Modern Cryptography
- Blind Signatures and Electronic Cash
- Implementations of eCash
- The Legacy of David Chaum's Model
Before delving into the actual story of Bitcoin's creation by Satoshi Nakamoto, it is appropriate to discuss what preceded it. We will address the topic in three stages: first, we will introduce the concept of Chaumian digital cash commonly called eCash; then, we will talk about private currencies based on centralized systems such as e-gold; finally, we will describe the technical models that were imagined before the implementation of the robust distributed system that is Bitcoin.
Let's start with the first concept, eCash. eCash stems from the work of David Chaum, an American computer scientist and cryptographer born in 1955. He is considered a pioneer in the field of anonymous communications and a forerunner of the cypherpunks. He made a major contribution to the development of cryptography in the 1980s. At the same time, he developed his digital cash model ("Chaumian") and attempted to implement it in the 1990s through his company DigiCash.
David Chaum's action followed a conceptual revolution: the unveiling of asymmetric cryptography in 1976 by Whitfield Diffie and Martin Hellman. The idea of digital currency also emerged from this seminal discovery. Besides concealing the information contained in a message, asymmetric cryptography allowed the establishment of signature processes. It thus became possible for a person to mathematically prove that they owned a certain amount of digital account units.
In this chapter, we will study the contributions of asymmetric cryptography, how David Chaum used it to design eCash, and how his concept was subsequently implemented.
The Emergence of Modern Cryptography
Cryptography is the discipline that aims to secure communication in the presence of malicious third parties by ensuring the confidentiality, authenticity, and integrity of the transmitted information.
For centuries, the sole method of concealing the content of a message involved a type of encryption that relied on a unique key for both encrypting and decrypting the message. This is known as symmetric cryptography. The Caesar cipher, which involves replacing each letter in a text with another letter a fixed distance away in the alphabet, is the most well-known example (the chosen distance then becomes the key). Encryption algorithms have become significantly more complex with the development of telecommunications and the construction of the first calculating machines and computers during the 20th century. However, even though this type of cryptography works very well, it has one major drawback: the need to exchange the key in a secure manner before communication can take place.
To solve this problem, asymmetric cryptography, also known as public key cryptography, was developed. It relies on two distinct keys: a private key, which is supposed to remain secret, and a public key, which is derived from the private key. Theoretically, the private key cannot be easily found from the public key, which means the latter can be shared with everyone without concern.
This type of cryptography allows for implementing both encryption algorithms and signature processes. Asymmetric encryption involves using the public key as an encryption key and the private key as a decryption key. The user generates a pair of keys, keeps the private key, and shares the public key with their correspondents so they can send messages. This type of encryption is analogous to a mailbox that the recipient uses to receive letters, of which only they possess the key.
Digital signatures, on the other hand, rely on using the private key as a signature key and the public key as a verification key. The user generates a pair of keys, signs a message with the private key, and sends it to their correspondents, who can verify its authenticity using the public key. Thus, they never need to know the private key.
Asymmetric cryptography was discovered independently by several groups of researchers during the 1970s. However, the first to present their findings were Whitfield Diffie and Martin Hellman, two cryptographers from Stanford University. In November 1976, they published an article entitled “ New Directions in Cryptography ” in the journal IEEE Transactions on Information Theory, which described a key-exchange algorithm (intended for the transmission of secret keys for symmetric encryption) as well as a digital signature method. In the introduction to this article, they wrote:
"We stand today on the brink of a revolution in cryptography. The development of cheap digital hardware has freed it from the design limitations of mechanical computing and brought the cost of high-grade cryptographic devices down to where they can be used in commercial applications such as remote cash dispensers and computer terminals. In turn, such applications create a need for new types of cryptographic systems which minimize the necessity of secure key distribution channels and supply the equivalent of a written signature. At the same time, theoretical developments in information theory and computer science show promise of providing provably secure cryptosystems, changing this ancient art into a science."
Here is a photograph from 1977, taken by Chuck Painter for the Stanford News Service. In it, you can see Whitfield Diffie (on the right) and Martin Hellman (in the center). The person on the left is the cryptographer Ralph Merkle, who was on the verge of making the same discovery.
The article by Diffie and Hellman paved the way for many innovations. One of these was the RSA cryptosystem, which was designed in 1977 by cryptographers Ronald Rivest, Adi Shamir, and Leonard Adleman (who gave it their names) and patented by MIT in 1983. This system allows both the encryption and signing of messages, thanks to the interchange of the roles of the keys. RSA was publicly presented for the first time in an article by Martin Gardner published in the magazine Scientific American in August 1977, which was titled "Mathematical Games: A new kind of cipher that would take millions of years to break."
The discovery of asymmetric cryptography also motivated the creation of one-way functions, which made calculating an image (forward direction) and obtaining a pre-image (reverse direction) very difficult. In particular, it led to the development of the first cryptographic hash functions, which transformed a variable-size message into a fixed-size digest. Between 1989 and 1991, Ronald Rivest designed several hashing algorithms (MD2, MD4, and MD5) for MIT.
The basic cryptographic elements of Bitcoin stem from this research. The ECDSA signature scheme, allowing the authorization of spending a traditional transaction, was created in 1992 for NIST. The SHA-256 hash function, used in multiple places in the protocol, was published in 2001 as part of the SHA-2 algorithm suite made public by the NSA. For more information on this topic, refer to the course CYP201 written by Loïc Morel.
Blind Signatures and Electronic Cash
This revolution in cryptography also inspired the young David Chaum, a computer scientist from the West Coast who was then a doctoral student at the University of Berkeley. He quickly became passionate about privacy protection and was very concerned about the future of freedom and confidentiality in a society that was becoming increasingly computerized.
David Chaum in the 90s (source: Elixxir)
In his foundational article, "Security Without Identification: Transaction Systems to Make Big Brother Obsolete" published in 1985 in Communications of the ACM, he wrote:
"The foundation is being laid for a dossier society, in which computers could be used to infer individuals' life-styles, habits, whereabouts, and associations from data collected in ordinary consumer transactions. Uncertainty about whether data will remain secure against abuse by those maintaining or tapping it can have a 'chilling effect,' causing people to alter their observable activities. As computerization becomes more pervasive, the potential for these problems will grow dramatically."
This obsession with privacy protection explains his interest in the field of cryptography, to which he contributed as early as 1979. In 1981, he described the foundations of anonymous communication through mix networks, which would notably serve email relay services (Mixmaster) and the Tor anonymous network. In 1982, he participated in the founding of the International Association for Cryptologic Research (IACR) at the annual CRYPTO '82 conference. That same year (and this is what interests us here), in an article titled "Blind Signature for Untraceable Payments", he published the blind signature process, which is at the heart of his privacy-respecting digital currency model: eCash.
As David Chaum explained in a press release in 1996:
"Ecash is a digital form of cash that works on the Internet where paper cash can't. Like cash, it offers consumers true privacy in what they buy."
The eCash model is a digital currency concept that allows customers to make relatively confidential payments. It is a form of cash because users can hold digital notes directly, rather than in an account managed by a trusted third party. However, the system relies on servers, called banks or mints, which issue and replace users' notes with each transaction. When a note is transferred, the recipient sends it to their bank, responsible for verifying it and giving them one or more others in return. The banks each maintain a register of spent notes to prevent double-spending. Each eCash system is overseen by a central authority that issues authorizations.
Digital notes can be issued without a guarantee or can be backed. In the first case, they form a base currency that must acquire value. In the second case, they are supported by another currency (typically the dollar), and the user can return their notes to their bank at any time to recover the corresponding amount.
In its technical operation, the eCash model is based on the blind signature process, which allows a signer to sign something without seeing what they are signing. A user generates each note, which is then signed by a bank to ensure its authenticity, without the bank being able to identify the note. Each note represents a specific amount of monetary units (denomination), and each bank in the system has a private key to sign each type of denomination. The mathematical procedure involved (which we will not describe here) is analogous to the signing of a physical note on carbon paper placed in a sealed envelope.
Here is an illustration of the different steps involved in the creation and replacement of a Chaumian note (from L'Élégance de Bitcoin):
The actions (each corresponding to a mathematical operation or an information transmission) are as follows:
- A user named Alice creates a carbon paper note.
- She places it in a sealed envelope.
- Alice sends the envelope containing her note to the bank and communicates the desired denomination.
- The bank signs the envelope, indicating the number of units the note represents, which involves signing the inside carbon paper note.
- The bank returns the envelope to Alice.
- Alice opens the envelope to retrieve her signed note.
- It verifies that the bank's signature is authentic. The transfer of the signed note is done by giving it to another user of the system, whom we will call Bob. The steps are as follows:
- Alice sends the note to Bob.
- Bob verifies that Alice's bank has indeed signed it;
- He immediately sends the received note to his bank.
- Bob's bank checks that the note has not been used and, if so, signs a new note or credits Bob's account (if there is backing).
All this implies that no bank in the system can link the payment to Alice's identity, which explains why we discuss customer confidentiality. However, the merchant (here, Bob) must go through a bank to confirm the payment, and his bank can be aware of the amounts received. Moreover, the system depends on a trusted third party – the central authority that designates the participating banks – which makes it fragile by design.
Implementations of eCash
In 1990, David Chaum founded Digicash B.V., a company based in Amsterdam, the Netherlands, to implement his idea of electronic cash. This company held the patents for his invention. At that time, the Internet was still in its infancy (the Web was still under development), and e-commerce did not exist; thus, the eCash model constituted a formidable opportunity.
However, it was not David Chaum's company that first tested the model: it was the cypherpunks who implemented it without regard for the patents and did not ask for permission to do so. Thus, a protocol named Magic Money was proposed on the cypherpunks mailing list on February 4, 1994, by an anonymous developer going by the name Pr0duct Cypher. This protocol allowed for creating one's currency by operating an email server that served as an eCash mint. The cypherpunks had fun making all sorts of units of account like Tacky Tokens, GhostMarks, DigiFrancs, and NexusBucks. However, the utility of these tokens was minimal, and exchanges were very rare.
On the side of DigiCash, after a few years of development, a prototype was presented in May 1994 at the first international conference on the World Wide Web at CERN in Geneva. The company then conducted a trial on October 19 of that year, issuing units called "CyberBucks", which were not backed by any other currency. Various merchants accepted CyberBucks as part of this experiment. The cypherpunks also took to it, using it to conduct real exchanges. Thus, CyberBucks acquired value on the market. However, this value collapsed when eCash was deployed in the traditional banking system.
Photo (blurry) of the DigiCash team in 1995: David Chaum is on the far left (source: Chaum.com)
The introduction of eCash into the banking system began in October 1995, when DigiCash's partnership with Mark Twain Bank, a small bank in Missouri, started. Unlike the case of CyberBucks, whose exchange rate was floating, the unit of account was backed by the US dollar. Between 1996 and 1998, six banks followed Mark Twain Bank: Merita Bank in Finland, Deutsche Bank in Germany, Advance Bank in Australia, Bank Austria in Austria, Den norske Bank in Norway, and Credit Suisse in Switzerland. The press then promised a bright future for this system.
Nevertheless, not everything went as planned. Because of his stubborn and suspicious nature, David Chaum wished to maintain control over his company and refused partnerships with major players such as ING, ABN AMRO, Visa, Netscape, and Microsoft. He left his post in 1997 and the same year the company moved its headquarters to California. During the year 1998, the partner banks announced that they were abandoning eCash. DigiCash eventually went bankrupt in November 1998, putting an end to this implementation of Chaumian electronic cash.
The Legacy of David Chaum's Model
However, the development of the eCash model was not fruitless. It laid the groundwork for multiple initiatives.
During the 1990s, other technical solutions for making payments on the Internet took advantage of the trend started by eCash: this was the case with CyberCash, First Virtual, or Open Market, which benefited from the disadvantages of credit card payments, which were impractical, costly, and insecure at the time. Micropayment systems such as CyberCoin (managed by CyberCash), NetBill, and MilliCent also emerged. These systems never really took off, but they paved the way for the development of PayPal, which started in 1999, a case we will discuss in the following chapter.
Other alternative centralized systems, such as e-gold and Liberty Reserve, also appeared in parallel. These managed private digital currencies and benefited from the legal ambiguity that could exist in cyberspace. We will also discuss this in the next chapter.
Then, eCash inspired the cypherpunks who developed models such as b-money, bit gold, and RPOW. They added proof of work and other elements later found in Bitcoin. We will study these concepts in Chapter 3.
Finally, David Chaum's model significantly influenced Satoshi Nakamoto when he developed his concept of currency. This is evidenced by the multiple references in the white paper (the title, the description of the problem in section 2, the name of the PDF sent to Wei Dai in August 2008), as well as his private and public interventions. In this sense, eCash is the main predecessor of Bitcoin, even if it is not the only one.
Satoshi Nakamoto created a robust and confidential digital currency, real electronic cash, with Bitcoin. In doing so, he realized the prediction of Milton Friedman, Nobel Prize in Economics and founder of the Chicago School, who said in an interview with the National Taxpayers Union Foundation in 1999:
"I think that the Internet is going to be one of the major forces for reducing the role of government. The one thing that's missing, but that will soon be developed, is a reliable e-cash, a method whereby on the internet you can transfer funds from A to B without A knowing B or B knowing A."
Quiz
Quiz1/5
his2012.1
In what year was David Chaum's eCash concept implemented?