Crypto-illustration Cryptocurrency (Photo: Photo illustration Jason Doiy/ALM)
|

With the aggressive pace of technological change and the onslaught of news regarding data breaches, cyber-attacks, and technological threats to privacy and security, it is easy to assume these are fundamentally new threats. The pace of technological change is slower than it feels, and many seemingly new categories of threats have actually been with us longer than we remember. The following is the latest edition of Nervous System, a monthly blog from David Kalat of Berkeley Research Groupon which appears on The Recorder affiliate Legaltech News. Kalat approaches issues of data privacy and cybersecurity from the context of history—to look to the past for clues about how to interpret the present and prepare for the future. 

 

In 2008, a white paper entitled Bitcoin: A Peer-to-Peer Electronic Cash System introduced a new technology called blockchain and proposed a practical application of it for digital currency. Put simply, a blockchain is a database that derives its integrity and security from decentralized distribution across countless unregistered nodes—to attack and modify a record in a blockchain database would entail the logistical impossibility of simultaneously attacking every copy of that database on millions upon millions of independent computers scattered across the world. Bitcoin in turn leverages the integrity and security that derive from that peer-to-peer network as a base upon which to build trust in a public ledger of financial transactions, thereby creating an online alternative to banks.

In the years that have followed that white paper, blockchains have been deployed in a variety of scenarios. In addition to cryptocurrencies like Bitcoin and Ether, blockchains can be used to monitor supply chains, manage identity authentication, enforce intellectual property rights, transfer property rights, among many possibilities.

But despite growing public interest and attention to blockchain technology, the identity of its creator remains strangely obscure. The 2008 white paper is attributed to a “Satoshi Nakamoto,” widely understood to be a pseudonym for an unknown person or persons.

The idea of using cryptographic techniques to design a secure online currency actually predates by decades “Nakamoto” and that white paper. In the early 1980s, computer scientist David Chaum pioneered and implemented a form of digital cash that like Bitcoin also sought to disintermediate online transactions from banks.

A major technological barrier to developing viable digital currency is the “double-spend” problem. In the real world, the physical nature of cash provides clear boundaries around transactions. Once a dollar has been exchanged for some kind of good or service, the buyer no longer has it and cannot spend it again. In the digital world, those boundaries have to be constructed artificially. “Spending” money online means copying a certain chunk of data from one computer to another, at which time both computers have it. To effectively debit the spender's account by the right amount, a larger database infrastructure must log the transaction. Creating such database structures, however, erodes the privacy that was inherent in the cash transaction.

A bank has no way to know how a user intends to spend the cash she withdraws from her account; a merchant has no way to know the identity of the customer who pays in cash. Transitioning to electronic transactions has generally meant trading away anonymity and privacy in exchange for convenience.

In the early 1980s, Chaum, a privacy-minded student at the University of California at Berkeley, devised an alternative. He developed his idea from an analogy about voting by sealed ballot. The electoral authority verifies a voter's identity, ensures the voter does not vote twice, and protects the integrity of the process, without ever knowing which candidate the voter selected. The same principle can be applied, via cryptography, to online transactions. As Chaum told Forbes magazine in 2019, “Cash is a bearer instrument, and is peer-to-peer, permissionless, and confidential. Digital cash should ideally share these same characteristics.”

Chaum's 1981 thesis, “Blind Signatures for Untraceable Payments,” proposed one kind of cryptography to mask the content of a message and a second kind to digitally sign that masked message. The digital signature provides a means to mathematically prove that the message came from a specific trusted sender, but in this scenario that verification does not expose the content of the communication. In Chaum's proposal, this technique would be used to allow a payer to instruct a bank to deduct a certain value from her account and to separately convey instructions to the bank to deposit value to a payee's account, without the bank knowing the transactions were related and without the payee knowing from whom the purchase came.

In 1983, Chaum developed his idea further into a proposal for anonymous electronic money he called “eCash.” Using cryptographic blind signatures, eCash software could allow users to make purchases from vendors without having to open accounts, exchange credit card numbers, or leave an audit trail identifying themselves.

By 1989, Chaum had launched the DigiCash Corporation to implement his idea on a commercial scale. But DigiCash suffered from being too early a pioneer. Almost no one used the Internet at the time. Until there was a sufficient volume of online ecommerce to protect, Chaum was selling a solution to a problem no one had. DigiCash fell into bankruptcy in 1998.

Although his work is more notable in hindsight than it was a commercial success, Chaum's relevance to the world of blockchain technology continues today, as he has introduced his own Bitcoin rival, Elixxir. Chaum has noted that cryptocurrencies like Bitcoin and Ether rely on digital signatures, much like his 1980s version of eCash, but handle those signature calculations in inefficient ways. This limits the number of concurrent transactions those blockchains can handle. Chaum claims to have devised more efficient digital-signing techniques to allow exponentially more transactions per second. Introduced in late 2018, Elixxir began as a free messaging application, intending to build its network base before enabling payments between users at some point in the future.

David Kalat is Director, Global Investigations + Strategic Intelligence at Berkeley Research Group. David is a computer forensic investigator and e-discovery project manager. Disclaimer for commentary: The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC or its other employees and affiliates.