Crypto-Current (059)

§5.85 — Perhaps not finally, but at least additionally, and decisively, there is the lineage of cryptocurrency innovation itself. It arose from the application of public key cryptography (PKC) to the specific problem of monetary transactions. The work of David Chaum, in the early 1980s, was especially decisive in this regard. Chaum’s 1983 paper on ‘Blind Signatures for Untraceable Cash’ was a landmark advance.[1] The problem it sought to solve was specific to the meaning of cash. Digital money is comparatively straightforward. It requires only the secure transmission of bank account details across the Internet, and appropriate modification of balances. Cash is more difficult (in rough inverse proportion to its superior facility). It has to operate like a bearer bond, making no reference to the identity of its holder. A cash payment is nobody else’s business.

§5.851 — Blind signatures, like cash, had a pre-digital instantiation. They required only carbon paper, envelopes, and rigorous method.[2] Everything was dependent upon procedure.

§5.852 — The basis for strong digital signatures was established by asymmetric or ‘public key’ cryptography in the mid- to late-1970s.[3] The further step to digital blind signatures was required to make these cash-like. Already with PKC there is suggestive ‘blindness’. It enables any particular private key to be recognized without ever being seen. A public key is able to validate a private key without displaying it. This already provides a strong analogy for the function of signatures, which are ideally identifiable without being reproducible. In the digital arena, where the ability to authenticate seems more obviously bound to a technical option to forge, the near-paradoxical demand placed upon traditional signatures becomes more evident. Chaum notes further that signatures are reliable only if conserved. An additional near-paradoxical demand placed upon them is that they cannot be repeatedly copied.[4]

§5.853 — Chaum’s insight was properly transcendental-philosophical, or diagonal. It achieved the apparently impossible, translating cash into Cyberspace, by conceptually breaking the false tautology of authentication and identification. The new diagonal creature thus released was the verified but anonymous holder of communicable virtual property. Something like a prototypical cryptocurrency is thus initiated.[5] Chaumian cash, or ‘ecash’ was actualized as DigiCash in 1989, which survived into 1998.

[1] Chaum, David — ‘Blind Signatures for Untraceable Cash’, Advances in Cryptology Proceedings 82 (3) (1983)

[2] For the purpose of analogy, Chaum notes (in his Blind Signatures paper) that an off-line anticipation of the procedure is provided by certain ballot validation systems. In these, too, identification (of a legitimate voter) has to be combined with the preservation of anonymity. This can be achieved by enclosing the ballot in a carbon paper sheath that certifies the voter’s credentials. An election official signs this envelope, transferring the signature to the unseen ballot inside. The sheath is then discarded, leaving the authenticated but anonymous ballot to be safely cast. Neither signer nor eventual vote-counter are able to connect the ‘message’ (vote decision) with the individual who transmits it, and who has nevertheless been securely certified to do so.

In the paper, Chaum re-describes the system algebraically to identify the algorithm:

(1) Provider chooses x at random such that r(x), forms c(x), and supplies c(x) to signer.

(2) Signer signs c(x) by applying s’ and returns the signed matter s’(c(x)) to provider. …

(3) Provider strips signed matter by application of c’, yielding c’(s’(c(x))) = s’(x).

(4) Anyone can check that the signed matter s’(x) was formed by the signer, by applying the signers public key s and checking that r(s(s’(x))).

[3] Asymmetric cryptography is the principal topic of the subsequent chapter.

[4] In Chaum’s algebraic formulation, even with s’(c(x1)) … s’(c(xn)) and choice of c, c’, and xi, it is impractical to produce s’(y), such that r(y) and y≠xi.

[5] Chaumian cash falls short of a full cryptocurrency. It is not, for instance, denominated in its own currency units. (No mechanism for currency production is involved.) Its deficiencies do not stop there. Reliance on banking institutions remains undiminished. Perhaps most defectively, it is only able to support a single monetary denomination, of arbitrary scale, but then unchangeably. Host currency inflation would therefore eventually degrade it. In Chaum’s words: “The critical concept is that the bank will sign anything with its private key, but anything so signed is worth a fixed amount, say $1.”