Crypto-Current (067)

§5.863 — The final ingredient in the suite of soft technological advances that are drawn together in the initiation of cryptocurrency simultaneously resolves the Byzantine coordination conundrum and secures monetary tokens against duplicitous proliferation. It thus integrates the seemingly disparate challenges of decentralization and deflation. To repeat the point with reverse emphasis, it protects a decentralized monetary system against the twin threats of coalescence (into the enemy ‘city’) and inflationary devaluation. It has, in both aspects, to fully substitute for the function of pseudo-transcendent trusted authority. This requires a production of immanent or intrinsic credibility. The computer science solution was found in proof-of-work.

§5.8631 — Proof-of-work dates back to the final years of the last millennium. The critical step was taken by Adam Back[1] in his proposed ‘counter-measure’ to the exploding Internet spam problem.[2] Proof-of-work credentials could be used to indicate the seriousness – or non-frivolity – of a message. By demonstrating that trouble has been taken, they recommend attention. In the case of the Byzantine generals, they separate committed communications from glib deceptions, without recourse to extrinsic validation. In the case of monetary accounting, they preclude cheap forgeries, and thus eliminate every normal incentive to forge.

§5.86311 — Back quickly realized that proof-of-work credentials (or cost tokens) were intrinsically money-like. “We use the term mint for the cost-function because of the analogy between creating cost tokens and minting physical money,” he notes.[3] They were both earned, and valuable. In fact, all six of the essential monetary qualities could be attributed to them. This insight was formalized – as hashcash – in 1997.[4] Back described hashcash as a ‘denial-of-service counter-measure’, although its potential applications were far wider.

§5.8632 — A cost-function is time-like, or asymmetric. It has the synthetic a priori characteristic, essential to cryptography, of being difficult to discover but easy to check. Back states that it “should be efficiently verifiable, but parameterisably expensive to compute.” The combination defines (valid) work. Concretely, work measures applied computational power. It has the game-theoretic meaning of commitment. While deterministic cost-functions are possible, those adopted by hashcash and subsequently Bitcoin are probabilistic, producing tokens based on the performance tested set by particularly arduous (trial-and-error) exercises, precluding short-cuts.[5]

§5.86321 — Among the practical concepts introduced into monetary history by proof-of-work, perhaps the most important is difficulty. Several points are worth noting explicitly. Firstly, the asymmetry in the difficulty of production relative to checking is so massive that the latter is treated as of negligible difficulty. This comparatively informal side-concept then contributes precision to the idea of convenience. Secondly, and of greater technical consequence, difficulty – while probabilistic – can be exactly quantified. In this second critical asymmetry, the problems posed as proof-of-work tests are fully understood even while completely unsolved. They can not only be finely determined, but also set, and adjusted. This makes difficulty a technical variable. In cryptocurrency, it substitutes for all macroeconomic controls.

§5.86322 — Hashcash catalyzed a theoretical breakthrough in cryptocurrency-oriented computer science during the final years of the last century. Most notable were two sophisticated proposals published in 1998, Wei Dai’s B-Money and Nick Szabo’s Bit Gold. Both were conceived as decentralized money systems based on a proof-of-work function. Compared to Bitcoin, neither proposal was fully realized.[6] Neither, in any case, was implemented. Proof-of-work had, however, securely established itself in principle as the foundation upon which money would come to rest.


[1] In a 2002 retrospective on hashcash, Adam Back refers to earlier work by Dwork and Naor who had already “proposed a CPU pricing function for the application of combating junk email.”

Dwork, Cynthia and Naor, Moni Naor, ‘Pricing via processing or combating junk mail’, Proceedings of Crypto (1992).

Dwork and Naor: http://www.wisdom.weizmann.ac.il:81/Dienst/UI/2.0/Describe/ncstrl.weizmann_il/CS95-20.Back: http://www.hashcash.org/hashcash.pdf

[2] ‘Spam’ is used here in an expansive sense. It encompasses the primary explicit object of Back’s concern, which is the Sybil attack. A Sybil attack ‘spams’ online identities, rather than advertising messages, in order to overwhelm systems with voting procedures (which would include pre-proof-of-work consensus mechanisms). The term ‘Sybil attack’ is much younger than spam. It seems to have been coined in 2002 (or earlier) by Microsoft researcher Brian Zill. The term took its name from the book Sybil, a case study in dissociative identity disorder.

[3] For this and subsequent Back quotes, see: http://www.hashcash.org/hashcash.pdf

[4] Of the critical computer science components required for the Bitcoin protocol, proof-of-work was the latest to become available. Cryptocurrency predecessors B-money (Wei Dai) and Bit Gold (Nick Szabo) were both formulated in 1998, less than two years after hashcash was introduced. That Bitcoin did not arrive for another decade might, then, be considered a puzzle of interest. It suggests, at least, that momentum in software development is easily over-estimated. It is also possible that the PC hardware and Internet infrastructure conditions for Bitcoin ignition were not earlier in place. Perhaps an accelerated arrival of Bitcoin, even if conceptually mature, would have been practically premature. Additionally, regarding supportive conditions, the socio-cultural context of the 2008 financial crisis and resultant mass disillusionment with central bank monetary competence is suggestive. In the final years of the new millennium’s first decade, the case for an escape from macroeconomically-managed money made itself. It awaited only cogent formulation.

[5] “The hashcash CPU cost-function computes a token which can be used as a proof-of-work,” Back explains. This cost-function “is based on finding partial hash collisions on the all 0 bits k-bit string 0k,” as would also be adopted later by Bitcoin.

http://www.hashcash.org/hashcash.pdf

[6] B-Money remained dependent upon third parties for dispute resolution, while Bit Gold did not employ proof-of-work for Byzantine consensus (but only as generator of value) leaving it vulnerable to Sybil attacks. It is difficult to note these deficiencies without recognizing the economical genius of the Bitcoin synthesis. With Bitcoin it was for the first time shown what proof-of-work could do.

Crypto-Current (066)

§5.862 — Under even modest techno-historical scrutiny, cryptocurrency divides within itself, or doubles. Beside the major topic of money-production is revealed a minor (and inward-turned) twin. Cryptocurrency has its own – additional – use for money, which is to say for itself, intrinsic to its possibility. It folds upon itself essentially. While making money – in multiple senses – it also makes of money a new, specific machine-part. There are things it needs doing which will not be done unless rewarded. Thus the initial return on the issuance of money – seigniorage – is allocated by Bitcoin to the maintenance of its own decentralization.[1]

§5.8621 — Only by way of money in its minor sense – i.e. as the mining compensation token – does money in its major sense undergo practical redefinition as an automatically self-sustaining decentralized system. The path of money production is shaped by the protocol in such a way as to spontaneously reinforce those user behaviors the system depends upon. So tightly is this incentive mechanism constructed that all bitcoins originally reward Bitcoin maintenance, while also stripping Bitcoin maintenance of discretion, by integrating it rigorously into the process of mining. There is nothing a bitcoin miner can do to sustain Bitcoin beside mining bitcoins. Sheer industrial effort, alone, is rewarded, and that has been made enough.

§5.8622 — It is particularly important to note that bitcoin mining rewards make no payment for loyalty, as compensation for non-defection. The miner is not in any respect a trusted official. The relation between money and trust has been fundamentally re-ordered. It is rather, now, that the miner makes bitcoins trustworthy through an activity which demands no trust whatsoever. The historical passage, as previously remarked, is from the consumption of trust to its production. §5.8623 — Currency units denominate incentives. There is nothing notably novel in this insight. Making incentive engineering inherent to currency production, however, proved a decisive technological break. Bitcoin initiates the epoch of cryptocurrency, strictly speaking, by structuring its protocol as a game. This is the sense the token now carries. Besides providing money, it directs those behaviors specifically required for its social implementation. The positive cybernetic loop here is conspicuous, and remarkably ingenious. The value of money is made a function of its own operation, as a directive force. The more bitcoins are worth, the more they engender an industry which builds Bitcoin.[2]


[1] It might be asked: Was it not always necessary to pay gold-miners – or at least for gold-mining – as also for work in the mint, or the central bank? Did not money, then, always involve a minor internal digression or auto-productive reflex? What is really new here? Raising this question is potentially informative, since it tends to isolate the cryptocurrency innovation. The incentive system at work in Bitcoin substitutes for monetary authorities. The only forerunner is to be found in primary precious-metal production, in which – crucially – the miner is rewarded immediately and automatically for industrial activity. Neither work contract nor marketing is necessary. Mining, of this kind, produces money. In the case of Bitcoin, all money – without exception – is mined, originating as property of the miner. Bitcoin is not, however, reducible to simulated gold. Bitcoin mining, unlike its concrete precious-metal predecessor, is also, simultaneously, minting, or monetary validation. A functional analog of the assay is built into the mining process, integrally. Its cycle produces trust, rather than drawing upon it. What makes it good money is made part of the way it makes money. This seamless loop is its essential innovation, synonymous with what cryptocurrency means.

[2] In the electronic wholesale markets of Shenzhen, cryptocurrency mining rigs have been added to the range of commodities on offer, alongside such comparatively recent product lines as vaping devices and drones. Here the power of incentives is starkly illustrated. This outcome was – of course – entirely unanticipated by the Bitcoin white-paper, which assumed general purpose personal computers (rather than dedicated ASICs) would be the engines of cryptocurrency mining, perhaps in perpetuity. 

Crypto-Current (065)

§5.8613 — As differences accumulate in a decentralized database, it tends naturally to divergence. No authoritative tribunal exists in which to resolve disagreements. Not only is trustlessness the default, but the space for malicious deception is not easily limitable. Since contracts are agreements, a decentralized system without trusted third parties is a challenging place to do business of any kind. Those special – if typically momentary – contracts which are monetary transactions are no less profoundly problematized than any other. More specifically, insoluble controversies over their unique execution would generate double spending problems, which no money system could tolerate. Without an effective consensus mechanism, the basic compatibility of commerce with radical decentralization is plausibly questionable.

§5.86131 — The general solution space for dissensus and double-spending problems in decentralized systems has been explored under the name of Byzantine fault-tolerance (BFT).[1] This measures the resilience of a network in respect to the operation of treacherous nodes. ‘Byzantine’ references the Byzantine Generals Problem, which was conceptually formulated in the late 1970s, although the name itself is a few years more recent.[2] The Byzantine Generals Problem belongs to a larger class of ‘Generals Problems’ in computer science, all of which address questions of coordination between independent networked modules or agencies, especially when complicated by trustless communication. The joint work of Leslie Lamport, Robert Shostak, and Marshall Pease is the crucial reference.[3]  

§5.86132 — When apprehended teleologically, which is to say given Bitcoin, the Byzantine Generals Problem and Proof-of-work fit together like lock and key. Current discussion thus tends to scramble the two together, with the term ‘Byzantine Fault Tolerance’ serving as something close to a synonym for proof-of-work validation. Satoshi Nakamoto’s engagement with the Byzantine Generals Problem inaugurates the genre.[4] The consequence is an obscured synthesis. Something is brought together by Bitcoin Byzantine Fault-Tolerance whose original geneses were quite distinct.

§5.86133 — The central concern of Lamport, Shostak, and Pease is to determine the cost of reliability in insecure systems. Since fault-tolerance – in their estimation – is attained only through redundancy, it has a price determined by the measure of necessary message duplication. The message validation algorithm they propose requires that at least two-thirds of the communicating nodes are trustworthy (without – of course – knowing in advance which ones). No appeal is made to proof-of-work credentials, or in general to any kind of intrinsic message credibility.[5]

§5.86134 — Beyond their function as a technical designation, the Byzantine Generals mark the emergence of a rare modern myth. They plot an assault upon a city, under conditions that typify the ‘nomad war-machine’ in its philosophical acceptance – that is, dominance of external relations.[6] Having no interiority, the attackers have no default information security. Their domain is trustless, and primordially disunited. Integration is never given, but only strategically produced, as a precarious synthesis. It is this condition that the word ‘Byzantine’ is hijacked for, irrespective of the historical incongruity involved. The attack is – strictly – a critique. We have then, in the Byzantine Generals Problem, the mythical image of an assault upon centralization, unity, and interiority, staged from the Outside. Computer science, and later a far wider audience, is drawn into dramatic sympathy with this attack, and its ‘Byzantine’ heroes. In tackling the problem, or watching it tackled, we root for the unnamed city to fall.


[1] See §4.08+

[2] The Byzantine Generals Problem was immediately preceded  According to a comment appended to the 1982 article, the ‘generals’ confronted by this archetypal network coordination problem were Chinese, and then Albanian, before finally being identified – for reasons of diplomacy – as Byzantine.

See: https://www.microsoft.com/en-us/research/publication/byzantine-generals-problem/

[3] See in particular Lamport, Leslie; Shostak, Robert; and Pease, Marshall; ‘Reaching Agreement in the Presence of Faults’ (April 1980) and

‘The Byzantine Generals Problem’ (1982).

https://www.microsoft.com/en-us/research/uploads/prod/2016/12/The-Byzantine-Generals-Problem.pdf

[4] See §4.08

[5] Some qualification of this claim might be suggested by the fact that in their 1982 paper, Lamport, Shostak, and Pease entertain the possibility that secure digital signatures could contribute to Byzantine solutions.

[6] “As for the war machine in itself, it seems to be irreducible to the State apparatus, to be outside its sovereignty and prior to its law: it comes from elsewhere.” (Deleuze & Guattari, A Thousand Plateaus, p.352)

Crypto-Current (064)

§5.8612 — Decentralization of the ledger requires massive multiplication, and thus an effective method of compression. Only in this way does it become tractable to distributed, modestly-sized nodes. The crucial computer science innovation in this regard is the Merkle Tree. The capabilities drawn upon date back over a decade before linked timestamping, with Ralph Merkle’s original hash tree patent was granted in 1979.[1]

§5.86121 — Hashes are economizations.[2] They reduce the cost of checking, by securely summarizing units of data, and therefore cheapen the process of verification. Any radically decentralized (open fully-peer-to-peer) network is necessarily trustless, since it connects strangers in the absence of validating authorities. Consisting of both massively redundant distributed databases and numerous untrusted nodes, checking is at once especially inconvenienced, and especially necessary.

§5.86122 — As their name suggests, Merkle Trees map an order of proliferation, typically – though not necessarily – modeled by successive bifurcation. Their function, however, is the precise inverse of tree-like exponential growth. A Merkle Tree works towards its roots, in increments of convergence. As users proceed down the tree, hashes of network content are bundled, recursively, into ever more comprehensive groups. The ‘root’ or (confusingly) ‘top hash’ over-hashes the entire tree. It thus serves as a concise compendium for the entire network, against which the hash of any file (or block) can be conveniently checked. Recursive hashing – hashes of hashes of (ever more) hashes – is the principle of the ‘tree’.

§5.86122 — Cryptographic hashing has a peculiarly intimate[3] relationship with cryptocurrency, and thus with money as such in its emergent characteristics. This is in part, and primarily, because the hash is the privileged semiotic of singularity – to the extent that ‘hash collision’ is calamitous for it. Hashing therefore tends to affinity with the allocative or economic sign.


[1] Ralph Merkle’s hash-tree patent (US4309569A) is titled a “Method of providing digital signatures”. Its abstract (in full) runs: “The invention comprises a method of providing a digital signature for purposes of authentication of a message, which utilizes an authentication tree function of a one-way function of a secret number.” The description that follows expands upon its potential applications. “The present invention has been described with respect to authentication of signatures. However, its use is not limited to signatures. It may be used to authenticate a piece of information in a list of information, or one item in a list of items.”

The patent can be accessed online at: https://patents.google.com/patent/US4309569

[2] See §2.31

[3] See §3.422-4

Crypto-Current (063)

§5.8611 — Even before timestamps were conceptually, and then practically, linked, a timestamp was already a ‘trusted timestamp’ if it was anything. Verifiable dating of digital documents poses a problem closely analogous to that of digital money, brought to a point of criticality by the ease of perfect replication. In both cases, initial solutions involved procedures of formal vouching by trusted third parties. For timestamps, the role of supervised banks is taken by Time Stamping Authorities (TSAs).[1] Public Key Cryptography is employed to render time-stamps indelible – resistant to modification by anyone accessing the document in question, including its creator.

§5.86111 — Linked timestamping draws primarily on work by Haber and Stornetta, dating back to the beginning of the 1990s.[2] This work was directed towards secure notarization, which is to say the verification – within a digital environment – of a document’s historical existence, with special reference to questions of priority. A facility of this kind has obvious relevance to legal documents, such as contracts and intellectual property claims. Linking timestamps adds dynamic to the procedure, by extending it to digital entities undergoing successive modification, such as changing inventories, and accounts. At each (discrete) stage of transformation, an additional timestamp is signed, or (in later versions) hashed, constituting a chain, pointing into an increasingly edit-resistant past. Each timestamp in the chain envelops the preceding series. It thus establishes public order, or absolute succession, in which the past is uncontroversial, and secure. As Satoshi Nakamoto notes in the Bitcoin paper, “Each timestamp includes the previous timestamp in its hash, forming a chain, with each additional timestamp reinforcing the ones before it.”

§5.86112 — A series of linked timestamps is already, at least in embryo (or larva), a ‘block-chain’. The stamps operate as irreducible moments, whose order is settled (immanently) by embedding. Their time is sheer order, without cardinality. Any timestamping system nevertheless inherits a time-keeping procedure, amounting to a fully-functional calendar, whose granulated ‘dates’ it competently codes. Unix time is the most widely applied system of this kind. Bitcoin adopts it.[3]

§5.86113 — Taking timestamping into trustlessness was a development that had to await Bitcoin.[4] While linked timestamping provides the basic architecture for secure (edit-resistant) ledgers, their robust decentralization depends upon additional cryptographic advances, supporting validation, compression, and consensus.  


[1] As the Internet Society remarks in 2001, in proposing the RFC 3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol: “In order to associate a datum with a particular point in time, a Time Stamp Authority (TSA) may need to be used. This Trusted Third Party provides a ‘proof-of-existence’ for this particular datum at an instant in time.”

See: https://tools.ietf.org/html/rfc3161

[2] See: Haber, S. and Stornetta, W.S. ‘How to time-stamp a digital document’ (1991)

[3] Unix time counts forwards, in seconds, from 00:00:00, January 1, 1970, (a Thursday). It ignores leap seconds, treating the length of each day as 86,400 seconds. It therefore gradually drifts from Universal Time.

When encoded in 32-bit format this time system reaches (Y2K-type) crisis on January 19, 2038. This poses no direct threat to Bitcoin, which employs a fully future-competent 64-bit Unix time code.

https://en.wikipedia.org/wiki/Unix_time

[4] See (for e.g.): Bela Gipp, Norman Meuschke, and André Gernandt, ‘Decentralized Trusted Timestamping using the Crypto Currency Bitcoin’ (National Institute of Informatics Tokyo, Japan, 2015)

https://www.gipp.com/wp-content/papercite-data/pdf/gipp15a.pdf

Crypto-Current (062)

§5.861 — The early 1990s saw the conceptual innovation of robust (or ‘append-only’) data-structures capable of providing secure ledgers. Such structures introduce a gradient. They make data-bases sedimentary, and time-like.[1] The past is protected against revision, as a type of artificial, hard or ideal memory. Irrevocable commitments were thus digitally supportable. Since backing out of an executed deal is the typical mode of double-spending, a capability for the hardening of commitments has special relevance to the implementation of cryptocurrency. Indeed, its importance is such that there is a tendency among much Bitcoin commentary to reduce the innovation to ‘the blockchain’ which is itself then summarized as a distributed, revision-resistant ledger. Remaining within the Narayanan and Clark schema, the technological lineages leading to the emergence of such decentralized chronotypic databases are themselves susceptible to further triadic classification. Specifically, they assemble advances in the fields of linked time-stamping, Merkle trees, and byzantine fault tolerance.


[1] Narayanan and Clark capture the philosophical essentials well. “In a simplified version of Haber and Stornetta’s proposal, documents are constantly being created and broadcast. The creator of each document asserts a time of creation and signs the document, its timestamp, and the previously broadcast document. This previous document has signed its own predecessor, so the documents form a long chain with pointers backwards in time. An outside user cannot alter a timestamped message since it is signed by the creator, and the creator cannot alter the message without also altering the entire chain of messages that follows. Thus, if you are given a single item in the chain by a trusted source (e.g., another user or a specialized timestamping service), the entire chain up to that point is locked in, immutable, and temporally ordered.”

https://queue.acm.org/detail.cfm?id=3136559

Crypto-Current (061)

§5.86 — Arvind Narayanan and Jeremy Clark helpfully decompose cryptocurrency – as initiated by the Bitcoin synthesis – into three functional modules, which can be traced back along distinct technical lines. Crossing the threshold into cryptocurrency requires bringing together a resilient decentralized registry, secure value-tokens, and a gauge of computational contribution, in a fully-converged operational singularity.[1] Within this combination, each thread exposes its complicity with an abstracted realization of money, in one of its three ineliminable semiotic aspects. The index of value-storage, the sign of accountancy, and the token of actual payment (i.e. exchange), are the exhaustive, irreducible, indispensable, and mutually-dependent features of any functional monetary order.


[1] See: Arvind Narayanan and Jeremy Clark, ‘Bitcoin’s Academic Pedigree’ (2017). Bitcoin is a triadic dynamo. “In bitcoin, a secure ledger is necessary to prevent double spending and thus ensure that the currency has value. A valuable currency is necessary to reward miners. In turn, strength of mining power is necessary to secure the ledger. Without it, an adversary could amass more than 50 percent of the global mining power and thereby be able to generate blocks faster than the rest of the network, double-spend transactions, and effectively rewrite history, overrunning the system. Thus, bitcoin is bootstrapped, with a circular dependence among these three components.”

Crypto-Current (060)

§5.854 — Chaum has a reputation for prickliness which intrudes into the story-line, at least insofar as it led him to turn down an offer of US$100 million from Microsoft to incorporate DigiCash into Windows 95. It is difficult not to see history fork here. An alternative history exists in which cryptocurrency was mainstreamed by the late 20th Century. With cryptocurrency having missed this early turn-off into actuality, the types now arriving are almost certainly harder, and more socially abrasive, than they might have been. It seems as if the Ultras booked a pre-emptive win.

Crypto-Current (059)

§5.85 — Perhaps not finally, but at least additionally, and decisively, there is the lineage of cryptocurrency innovation itself. It arose from the application of public key cryptography (PKC) to the specific problem of monetary transactions. The work of David Chaum, in the early 1980s, was especially decisive in this regard. Chaum’s 1983 paper on ‘Blind Signatures for Untraceable Cash’ was a landmark advance.[1] The problem it sought to solve was specific to the meaning of cash. Digital money is comparatively straightforward. It requires only the secure transmission of bank account details across the Internet, and appropriate modification of balances. Cash is more difficult (in rough inverse proportion to its superior facility). It has to operate like a bearer bond, making no reference to the identity of its holder. A cash payment is nobody else’s business.

§5.851 — Blind signatures, like cash, had a pre-digital instantiation. They required only carbon paper, envelopes, and rigorous method.[2] Everything was dependent upon procedure.

§5.852 — The basis for strong digital signatures was established by asymmetric or ‘public key’ cryptography in the mid- to late-1970s.[3] The further step to digital blind signatures was required to make these cash-like. Already with PKC there is suggestive ‘blindness’. It enables any particular private key to be recognized without ever being seen. A public key is able to validate a private key without displaying it. This already provides a strong analogy for the function of signatures, which are ideally identifiable without being reproducible. In the digital arena, where the ability to authenticate seems more obviously bound to a technical option to forge, the near-paradoxical demand placed upon traditional signatures becomes more evident. Chaum notes further that signatures are reliable only if conserved. An additional near-paradoxical demand placed upon them is that they cannot be repeatedly copied.[4]

§5.853 — Chaum’s insight was properly transcendental-philosophical, or diagonal. It achieved the apparently impossible, translating cash into Cyberspace, by conceptually breaking the false tautology of authentication and identification. The new diagonal creature thus released was the verified but anonymous holder of communicable virtual property. Something like a prototypical cryptocurrency is thus initiated.[5] Chaumian cash, or ‘ecash’ was actualized as DigiCash in 1989, which survived into 1998.


[1] Chaum, David — ‘Blind Signatures for Untraceable Cash’, Advances in Cryptology Proceedings 82 (3) (1983)

http://www.hit.bme.hu/~buttyan/courses/BMEVIHIM219/2009/Chaum.BlindSigForPayment.1982.PDF

[2] For the purpose of analogy, Chaum notes (in his Blind Signatures paper) that an off-line anticipation of the procedure is provided by certain ballot validation systems. In these, too, identification (of a legitimate voter) has to be combined with the preservation of anonymity. This can be achieved by enclosing the ballot in a carbon paper sheath that certifies the voter’s credentials. An election official signs this envelope, transferring the signature to the unseen ballot inside. The sheath is then discarded, leaving the authenticated but anonymous ballot to be safely cast. Neither signer nor eventual vote-counter are able to connect the ‘message’ (vote decision) with the individual who transmits it, and who has nevertheless been securely certified to do so.

In the paper, Chaum re-describes the system algebraically to identify the algorithm:

(1) Provider chooses x at random such that r(x), forms c(x), and supplies c(x) to signer.

(2) Signer signs c(x) by applying s’ and returns the signed matter s’(c(x)) to provider. …

(3) Provider strips signed matter by application of c’, yielding c’(s’(c(x))) = s’(x).

(4) Anyone can check that the signed matter s’(x) was formed by the signer, by applying the signers public key s and checking that r(s(s’(x))).

[3] Asymmetric cryptography is the principal topic of the subsequent chapter.

[4] In Chaum’s algebraic formulation, even with s’(c(x1)) … s’(c(xn)) and choice of c, c’, and xi, it is impractical to produce s’(y), such that r(y) and y≠xi.

[5] Chaumian cash falls short of a full cryptocurrency. It is not, for instance, denominated in its own currency units. (No mechanism for currency production is involved.) Its deficiencies do not stop there. Reliance on banking institutions remains undiminished. Perhaps most defectively, it is only able to support a single monetary denomination, of arbitrary scale, but then unchangeably. Host currency inflation would therefore eventually degrade it. In Chaum’s words: “The critical concept is that the bank will sign anything with its private key, but anything so signed is worth a fixed amount, say $1.”  

Crypto-Current (058)

§5.8 — Whether history ‘in general’ is anything other than the history of money remains an open question. Certainly, the distinction between ‘history’ and ‘pre-history’ seems to have been decided by monetary innovation. The earliest digital recordings are accounts.[1] In the beginning was the registry. If this distribution of emphasis seems unbalanced, the fact that – in our own time – a distributed ledger manifests primarily as a monetary innovation tends, nevertheless, to vindicate it. Commentary in the “Bitcoin is about much more than money” vein, while copious, also comes later.[2] The monetary model sets the matrix.

§5.81 — A bitcoin, or part of a bitcoin, is a number of numbers, or several. In this it reproduces an abstract structure that is essential to the nature of money, in any of its variants, although realized at very different degrees of formalization. The semiotic complexity of money is expressed by a multiplicity of numerical dimensions. (Money not only quantifies, it quantifies multiplicitously.) Even prior to the introduction of allocation as a topic, monetary numbers divide by signification and designation. They function arithmetically as counting numbers and indexically as registry numbers (indices). The distinction is illustrated by the coexistence of a denomination number and a serial number on every bank note. The final term in the semiotic triad – the allocative number – corresponds to a tallying of bank notes, for instance – most concretely – through their bundling into ‘bricks’. These dimensions are primeval. Yuval Noah Hariri writes (in Sapiens: A Brief History of Humankind, p.182): “The first coins in history were struck around 640 BC by King Alyattes of Lydia, in western Anatolia. These coins had a standardized weight of gold or silver, and were imprinted with an identification mark. The mark testified to two things. First, it indicated how much precious metal the coin contained. Second, it identified the authority that issued the coin and that guaranteed its contents.” The coin bears an index of composition and a sign of credentials. The third semiotic dimension is added in a counting house, and introduces – from the beginning – the ledger.

§5.82 — Every commercial transaction involves a conversion into numbers. There is no primordial difference between monetary circulation and digitization, recognized as the historical process. In its narrower, electronic sense, however, the digitization of money does not date back very far. The first electronic money precedes Bitcoin by no more than half a century. Precursors are retrospectively identifiable, including charge coins, charge cards, ‘charga-plates’, and air travel cards. Western Union began issuing charge cards to frequent customers as early as 1921, but the runaway electronic ‘derealization’ of money is a far more recent phenomenon.[3] The first credit card[4] – accessing a bank account by means of a plastic identification document – was the BankAmericard, launched in September 1958 (and renamed ‘Visa’ in 1977). It took another eight years for the system to be extended beyond the United States (to Britain, with the ‘Barclaycard’, in 1966). The spread of electronic banking outside the English-speaking world was far slower still. Widespread adoption of the new monetary medium in Continental Europe, for instance, did not take place until the final decade of the 20th century. Most of the world skipped this stage of monetary evolution altogether.

§5.821 Electronic monetary transfers – as required by credit cards – are not yet an online payment system. The former involves electronic settlement, but not yet digital cash.[5] Electronic bank credit operates exclusively between trusted parties. The cash-like aspect of the transaction takes place offline, between the cardholder and the goods or services provider. Even here, some basic characteristics of cash are sacrificed, most notably anonymity. It is ‘cash’ in this reduced sense that is translated online by the first consumer-level digital money services, exemplified by PayPal.[6]

§5.83 — It was not the personal computer that set the frame for the next stage of money’s technological evolution, but the mobile phone. Within this new epoch of consumer electronics, ‘personalization’ is intensified, through heightened communicative-orientation and the massive distribution of computational capability.[7] It is easy to miss the full complexity of the mobile phone as a technological nexus. Not only does it serve as a telecommunications and Internet-access device, but also as a scanner, and a personal identity hub. In combination, these features enable convenient, efficient, and passably secure monetary transactions. The serendipitous contribution of an in-built camera to the mobile phone’s function as a monetary platform is especially worthy of note. A facile photographic shot closes the transaction. The era of the bar-code thus passes into that of the QR-code.

§5.831 — The age of mobile payments dates back only to 2007. In that year, Safaricom and Vodacom, the largest mobile network operators in Kenya and Tanzania respectively, released their M-Pesa mobile-phone based finance application, developed by Vodafone. ‘M-Pesa’ abbreviates ‘mobile money’ in hybrid tech-jargon and Swahili. The application was designed to support elementary banking services on wireless telecommunications, in drastically under-banked societies. It enabled monetary exchanges between users, with the additional capability to facilitate microfinance credit. Anybody with identity certification (such as a national ID card or passport) could use M-Pesa to deposit, withdraw, or transfer money through their mobile device. Its rate of adoption exceeded all expectation, resulting on social, cultural, and commercial success on a now already legendary scale. From its take-off point in East Africa, the service was subsequently expanded into Afghanistan, South Africa, and India, reaching Eastern Europe in 2014. It has been in China, however, that the new fusion of money and telecommunications has developed most explosively. China’s mobile payment market has been opened by its Internet giants Alibaba and Tencent. Up to late 2015, Alipay dominated, accounting for over two-thirds of mobile purchases by value. Tencent’s competitor system, based upon its WeChat[8] social media application, consolidated its position through a highly-successful marketing campaign themed by digital emulation of traditional ‘red-envelope’ monetary gifts. By the first quarter of 2017, Alipay and WeChat between them were servicing 94% of the country’s mobile payment market. Chinese late-mover advantage has enabled the country to leap-frog plastic, transitioning directly from paper to wireless. By early 2017, US online payments amounted to scarcely 2% of the Chinese figure (which had reached the equivalent of US$8 trillion).

§5.84 — The story of electronic money is not exhaustively subsumed into that of banking. In has various quite separate lineages, of greater and lesser independence. One of the most important of these passes through online multi-user environments and games. The fictional quality of in-game monetary systems has shielded them from regulatory scrutiny, to a degree that cannot easily be philosophically defended. They thus open a zone of special interest in regards to the ontology of money.[9] What is the relation of ‘real’ money to simulated money? Virtual currencies, such as the Linden Dollars (L$) of Second Life, made this question ineluctable. If online ‘pretend’ currencies had an exchange value denominated in offline ‘real’ currencies – as they soon did – how solid could any ontological discrimination between the two be? It began to dawn upon commentators that a new age of private currency issuance had been surreptitiously initiated. It is perhaps a matter of mere historical contingency that far more consequential developments have not yet been catalyzed in this zone. There are few obvious limits to what might have come.

§5.841 — The industrialization of virtual currency production in the crypto-epoch was partially anticipated by the phenomenon of ‘gold farming’ in the world of MMORPGs (or Massively Multiplayer Online Role-Playing Games). Many of the most popular MMORPGs permit trading in items of in-game value. For instance, a special weapon acquired at the cost of much (in-game) effort and peril, and therefore scarce enough to be precious, might be surrendered by one avatar to another in exchange for an out-of-game payment between their respective players. Such arrangements called out for economic rationalization, through specialization, concentration, and Internet-enabled geographical labor arbitrage. China’s business renaissance during the reform-and-opening period coincided with the emergence of this opportunity, and its new entrepreneurs moved nimbly to take advantage. Tedious game play was quickly transformed into commoditized labor, as cheap, capable, Chinese youngsters were organized by upstart businesses to undertake grueling virtual activities. Such ‘gold farms’ thus functioned as exchanges. Through them, game currencies could be laundered into ‘real’ money. A Möbian economic circulation now crossed seamlessly between the virtual and the actual.


[1] See Denise Schmandt-Bessera, The Earliest Precursor of Writing (1977 / 06): “Evidently a system of accounting that made use of tokens was widely used not only at Nuzi and Susa but throughout western Asia from as long ago as the ninth millennium BC to as recently as the second millennium.”

http://en.finaly.org/index.php/The_earliest_precursor_of_writing

[2] Morgen E. Peck writes: “… money is only the first, and perhaps the most boring, application enabled by Bitcoin technology.”  http://spectrum.ieee.org/computing/networks/the-future-of-the-web-looks-a-lot-like-bitcoin

[3] Conceived as a popular cultural theme, the guideline to the plastic phase of money was invisibility. In this respect it evidences a teleological model, defining an axis of progress. Monetary improvement is sublimation, or dematerialization. In accordance with classical precedent, finality is identified with the pure idea, beyond all contamination by, or compromise with, particular substance. As previously noted, something more than a convergence with mathematical Platonism is at work here. The history of money – whether actual or fantastic – does not draw upon idealism as an extrinsic inspiration. Rather, it idealizes practically, and even preemptively. Elimination of friction – as implicit and later explicit goal – serves as a convenient proxy for the monetary ideal. Keynesian derision of the “barbarous relic” – the primitive lump sum – is once again the critical reference. Progress – conceived implicitly as financial dematerialization – is projected into space as a ripple pattern. Differential adoption rates and patterns of diffusion mark out stages of development, organized by a definite telos (distinguishing advanced from primitive money). According to this schema, at the end of money, the transaction coincides exactly with its Idea. The medium is then nothing. If the notion of a direct private relation without frictional mediation carries certain historic-religious associations, these are probably not coincidental.

[4] The term ‘credit card’ seems to have first been employed by Edward Bellamy, in his utopian-socialist novel Looking Backward (1887). 

[5] Marc Andreessen says of Bitcoin, in a Washington Post interview (May 21, 2014): “…if we had had this technology 20 years ago, we would’ve built it into the browser. […] E-commerce would’ve gotten built on top of this, instead of getting built on top of the credit card network. We knew we were missing this; we just didn’t know what it was. There is no reason on earth for anybody to be on the Internet today to be typing in a credit card number to buy something. It’s insane …”

http://www.washingtonpost.com/blogs/the-switch/wp/2014/05/21/marc-andreessen-in-20-years-well-talk-about-bitcoin-like-we-talk-about-the-internet-today/

[6] PayPal was created from the merger of Confinity (founded in December 1998 by Ken Howery, Max Levchin, Luke Nosek, and Peter Thiel) with X.com (founded in March 1999 by Elon Musk). The new company was established in March 2000, acquiring its name the following year. PayPal went public in February 2002, in an IPO that generated over $61 million. The company was sold to eBay in July of the same year for $1.5 billion. (The resulting Musk and Thiel fortunes have been among the most nourishing seed-beds of 21st century capitalism.) The extreme synergy between eBay’s online market-making business and PayPal’s secure digital payment service propelled its initial growth, first in the US, then through eBay’s international business, and finally beyond eBay. PayPal was spun-off from eBay in July 2015, following the firm recommendation of hedge fund manager Carl Icahn. It began to accept bitcoin in September 2014, announcing partnerships with Coinbase, BitPay, and GoCoin. While PayPal has been rewarded by the market for its pioneering role in facilitating financial transactions over electronic networks, its limitations are severe, and in the age of cryptocurrency increasingly obvious. Its users are entirely unprotected from the company’s radical discretion, and receive no exit benefits from the service in respect to the national-financial regime in which they operate. Essentially, PayPal adds a new ‘trusted third party’ to the financial ecology, and one of minimal autonomy. Nothing very much has been disrupted by it.

[7] The resonance between mobile consumer technology and portability as an essential monetary quality cannot be coincidental to the emergence of mobile currency. A desktop wallet is patently inconvenient. By its abstract nature, money is destined to eventual convergence with the communicative situation in general, which it tends to haunt as an accessible semiotic dimension. Wherever speech can occur, the potential for contractual execution will finally follow. Only in this way is Homo economicus completed. At the confluence of these currents lies the inevitable formula: Money is speech. It not only assumes, in the Anglosphere cultural context, informal and formal constitutional protection in the cynical culmination of liberalism. The claim extends further – into identity with the claim as such. Money – the pure power of acquisition – seizes for itself the mantle of realizable logos. The conceptual fusion of the smart contract is reversible. Transactions can be augmented by machine intelligence because intelligence is inherently transactional. Minds and market-places tend to convergence.

[8] The scale of WeChat (微信, Wēixìn) can be hard for those outside China to appreciate. With over a billion regular users, the application is truly ubiquitous. WeChat messaging accounts for over a third of the country’s (massive) mobile phone usage.

[9] Given the striking philosophical importance of (ludic) virtual currencies, the social under-development of the problem is remarkable. An obvious exit ramp from the Macro financial regime has been almost entirely ignored.