We are talking in this post series about cypherpunks and their ultimate dream to build uncensorable digital money. No doubt you’re wondering how they went about that process. Read on to find out.
Digital money was a great idea, I’m sure you agree, but the cypherpunks were going to have to crack a very old problem, one that no one had ever cracked before: the double-spend problem.
The double-spend problem
When we exchange physical money with one another, it is easy for us to verify whether a bill is real or counterfeit. However, the same cannot be said for digital money.
Digital money is represented as a series of bits stored on a hard drive. In order to send this series of bits from one person to the next, we send it over the internet in a secure message.
However, what’s to prevent a sender from sending the same digital money to two different people on the internet? So long as the recipients don’t know each other, it is totally possible for the sender to “double-spend” the money.
The only way this kind of criminal behavior could be stopped is if there was a central party responsible for verifying the authenticity of each transaction message.
But remember that the cypherpunks were trying to build a decentralized digital currency that could not be controlled or manipulated by any central authority.
At the time, it seemed like an intractable problem to solve, though the cypherpunks weren’t about to give up.
Let’s take a look at some of the early attempts the cypherpunks made at building such a technology.
Hal Finney was a computer programmer from CalTech who helped Phil Zimmerman develop PGP, which we learned about in the previous post. Finney was a prominent cryptographic activist and was active in the cypherpunk mailing list and several other anonymous remailers.
He was a strong proponent of digital cash and privacy, as he explained in this blog post in August 1993.
“Already, when I order something over the phone or electronically using my Visa card, a record is kept of exactly how much I spent and where I spent it. As time goes on, more transactions may be done in this way, and the net result could be a great loss of privacy.
Paying in cash is still possible through the mail, but it is insecure and inconvenient. I think that the convenience of credit and debit cards will overcome most people’s privacy concerns and that we will find ourselves in a situation where great volumes of information exist about people’s private lives.”
Finney went on to propose a way to build digital cash:
While Hal Finney was dreaming up a private digital cash system, a man named David Chaum had already come up with a solution: eCash.
“When I found Chaum’s stuff, it just blew me away,” Finney said.
What Finney was referring to was eCash, an anonymous cryptographic electronic money invented by David Chaum in 1983.
David Chaum was essentially the father of the cypherpunk movement. In 1982, he wrote a dissertation,“Computer Systems Established, Maintained, and Trusted by Mutually Suspicious Groups” which was the first known proposal for a blockchain protocol. It included every element of the Bitcoin blockchain, except for proof-of-work.
He also invented Blind Signatures, a digital signature in which the content of a message is disguised before it is signed. The signer can verify the message without revealing the author and content of the message, effectively making it impossible to link the message and the author. This scheme becomes very useful when the signer and message author are different parties, and it is important to maintain the sender’s privacy. For example, in an electronic voting system where each ballot is required to be certified by an authority.
Chaum then invented mix networks in 1984. Mix networks is a protocol that makes it hard to trace end-to-end messages by taking messages from multiple senders, shuffling them, and sending them back out in random order. This happens in a series of “mixes” at each node so that by the time a message gets to a recipient, tracing the sender becomes difficult.
The concept of mix networks became the basis for remailers and eventually, Tor.
In 1989, Chaum introduced “undeniable signatures,” a type of digital signature that allows the signer to limit who can verify the message.
In 1991, he introduced “group signatures,” which lets a member of a group anonymously sign a message on behalf of the entire group.
He made several other contributions, which I won’t go into in this post. But the takeaway is that Chaum’s work laid the technical roots of the cypherpunk movement that began in the late 1980s.
Then in 1990, he went on to found DigiCash, which he used as a vehicle to commercialize his research ideas, specifically, eCash. E-cash was designed as a privacy layer for existing currencies, and Chaum’s idea was to sell it to banks.
eCash wanted to eliminate the need for credit cards by allowing users to transact anonymously using the money held in a bank.
How eCash worked?
- If users wanted to use the cash they had in a bank, they went to the bank and requested digital coins.
- The bank issued the users digital coins. Each coin had a serial number and was cryptographically signed by the bank.
- Users could spend the digital coins with any merchant.
- When a merchant received a coin from a user, the merchant relayed the coin to the issuing bank.
- The bank verified that the coin was valid and had not been double-spent.
- If both conditions were met, the merchant was paid for whatever the coins were worth.
Public-key signatures were used to help ensure security, and RSA blind signatures helped achieve unlink-ability between the coins withdrawn and where they were ultimately spent.
eCash was implemented in one bank in the US and a couple of others in Europe and Asia. Ultimately, however, credit cards and PayPal won, and DigiCash went bankrupt in 1988.
“As the Web grew, the average level of sophistication of users dropped. It was hard to explain the importance of privacy to them.” — David Chaum
eCash was headed in the right direction. But the timing was not right.
Yet another example of a peer-to-peer technology was MojoNation. MojoNation was a distributed file-sharing system developed by Jim McCoy. MojoNation developed two technologies:
- A general-purpose P2P messaging protocol called “Evil Geniuses Transport Protocol (EGTP)”
- The “Mojo Economy,” which was a distributed digital currency system (called “Mojo”)
MojoNation used “Mojo” to create an incentivized file-sharing system, where Mojo was rewarded for distributing and uploading files to the network.
Every user that wanted to be part of the system and earn Mojo was expected to contribute something, whether it be acting as a server, giving up bandwidth or disk space to be used to store files, etc. Buyers (e.g., consumers who wanted to access files) and sellers (e.g., service providers who managed and distributed files) could advertise prices for their services. This incentivized services to provide high-quality service such as good connectivity, proximity to servers, etc.
MojoNation was one of the first examples of a peer-to-peer technology that used incentives to coordinate random actors into storing and securing resources (in this case, files) online in a completely distributed manner.
While the technology was novel and innovative, the service did not end up taking off.
E-Gold was a digital gold currency system that was launched in 1996. It allowed users to buy, sell, and transfer digital gold. The digital gold was backed by real gold that was stored in a bank safe deposit box.
By 2004, e-Gold had over one million accounts. At the time, it was the only digital currency to achieve meaningful adoption. Beyond buying, selling, and transfers, the company also built APIs (to allow e-commerce business to build on top) and wireless mobile payments. Moreover, e-Gold allowed transactions as small as one ten-thousandth of a gram of gold, making it the first micropayments services in the world. e-Gold also offered instant settlement of transactions based on the current exchange rates.
Unfortunately, e-Gold suffered from lots of abuse:
- Russian and Ukranian hackers used e-Gold for criminal activity.
- Criminals and hackers in Romania used e-Gold to move money from victims in America back to the country from which the attacks were originating.
- Fraud artists from Western countries ran international Ponzi schemes by selling fake or nonexistent items on eBay.
In short, e-Gold became popular among criminals, terrorists, and child pornographers.
Eventually, e-Gold was prosecuted for money laundering and illegal money transmitting. After vigorously contesting the charges for a year, the company pleaded guilty, and eventually had to close its doors.
To this day, there is controversy on whether e-Gold should have been prosecuted. Originally, the US Treasury reported that e-Gold accounts were excluded from the definition of “currency” under the United States Congress and Code of Federal Regulations definitions. Therefore, e-Gold (the company) did not attain a money transmitter license. However, between 2006-2008, the U.S. Treasury and Department of Justice stretched the definition of money transmitter to include any system that allowed transfers of any kind of value. Under this new definition, they were able to prosecute e-Gold.
HashCash was a proof-of-work scheme invented by Adam Back in 1997 that was used to prevent email spam. The basic idea was that a sender would have to solve a proof-of-work algorithm in order to send an email. We will spend a lot of time understanding the concept of proof-of-work when we learn about Bitcoin. In simple terms, a proof-of-work algorithm requires solving for a hash that meets certain criteria defined by the algorithm.
The concept behind HashCash was that it would be trivial for a sender to compute the hash for sending one email, but a spammer who wanted to send millions of spam emails would have to spend a lot of resources (i.e., energy) to compute that many hashes. The cost of this would deter the sender from sending spam.
This system was very influential in Bitcoin’s own proof-of-work system.
What came next were two notable digital cash proposals that were based on proof-of-work: Nick Szabo’s “BitGold” and Wei Dai’s “B-money.” As you’ll learn next, these two proposals came even closer to Bitcoin.
B-money was an “anonymous, distributed electronic cash system” proposal created by Wei Dai in 1998. Dei was heavily influenced by crypto-anarchy.
Wei Dei described B-money as “a scheme for a group of untraceable digital pseudonyms to pay each other with money and to enforce contracts amongst themselves without outside help.” The system described in the paper was very similar in many ways to Bitcoin.
For example, broadcasting a transaction in B-money required solving an “unsolved computational problem,” where the solution must be verified by the community in a collective ledger and workers were then rewarded for their input. This is analogous to how proof-of-work works in Bitcoin. Moreover, B-money used digital signatures to authenticate transactions, also similar to Bitcoin.
Dei concluded the paper by stating:
Despite the similarities, there was one notable difference between Bitcoin and B-money: monetary policy. In the Bitcoin protocol, new Bitcoin is created in every new block, and this continues until 21 million Bitcoin are created. Bitcoin is a deflationary asset, and its value is not tied to anything. Rather, the value is determined by the current supply and demand of Bitcoin.
In B-money, however, a stable coin value was explicitly part of Dei’s vision. The value of B-money was coupled to the value of a basket of goods. In other words, 100 B-money today would buy the same basket of goods in the past and in the future. Issuing new B-money coins required solving a new proof-of-work problem relative to the value of a basket of goods. For example, if I picked a basket of goods worth $110, I would need to complete a proof-of-work computation that would cost me $110 to compute.
Unfortunately, Wei Dei didn’t end up implementing B-money.
Wei Dei later said in the LessWrong forum that:
Satasho Nakamoto referenced B-money in the Bitcoin white paper. However, Wei Dei recently denied his connection to Bitcoin:
The jury is still out on the connection between B-money and Bitcoin.
BitGold is a digital currency designed by long-time cypherpunk, Nick Szabo. Szabo had been contributing to the cypherpunk movement all along and knew he wanted to create a new form of money that did not depend on a centralized trusted party.
He believed precious metals had the properties desired in a currency:
Szabo also explored the downside of using precious metals, such as being hard to transport and the inability to pay online with metal.
BitGold, similar to HashCash and B-money, used computationally expensive proof-of-work hashes to generate new BitGold. The proof-of-work hashes presented new BitGold units. Moreover, the system used a digital asset registry to track ownership of coins, using public-key cryptography.
The design had a “Byzantine Quorum System,” where a voluntary quorum of distributed computers would maintain the digital asset registry. The overall design of the system was quite elaborate. Szabo put a great deal of time into envisioning how the system would function in a real-world scenario.
Many years after proposing the design, he went public to ask if anyone was interested in helping him build a prototype of the system.
Unfortunately, just like B-money, BitGold was never implemented. Nonetheless, Satoshi Nakamoto gave credit where it was due:
“Bitcoin is an implementation of Wei Dai’s B-money proposal […] and Nick Szabo’s BitGold proposal.” – Satoshi Nakamoto, 2010
Remember our friend Hal Finney? In August 2004, he, too, proposed a digital currency system of his own: RPOW (“Reusable Proof-of-Work”). His idea was to generate reusable tokens using proof-of-work computation.
Finney drew inspiration from Adam Back’s HashCash’s proof-of-work system for currency generation.
He also took inspiration from Nick Szabo’s BitGold:
Unlike Szabo and Dai, who didn’t code up their proposals for BitGold and B-money, Finney actually went on to implement his solution. It worked, but still suffered from one major problem: it relied on a centralized server to prevent double-spend or forging of tokens.
The server was a high-quality secure processor that was tamper-proof and open-source. Even Finney did not have access to tamper with the server. Nonetheless, it was still a centralized IBM server. What if a rogue IBM employee tampered with it? Or what if the server went down? This would render all the tokens useless.
RPOW never saw significant use. Nonetheless, it showcases yet another example of how similar the predecessors to Bitcoin were.
If there is anything you should take from this lesson, it’s this: no invention, not even something as crazy as Bitcoin, is born in a dark, secret cave.
Typically, inventions like Bitcoin are built based on the shoulder of giants. In this case, the giants were people like Wei Dei, Hal Finney, Nick Szabo, Adam Back, and others.
Cryptographers and cypherpunks had been dreaming of an uncensorable digital currency and tinkering away at the problem for decades, slowly inching their way forward, finally culminating in Bitcoin.
With that, we are now ready to move on to Part 3 of this post series: distributed systems.
This part will be very brief (just one lesson), and you will attain a high-level understanding of what a distributed system is and how it works. And then we can finally begin learning about Bitcoin!
Hope you are as excited as I am 🙂