Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies - David Chaum: The Forefather of Cryptocurrencies and the Cypherpunk Movement
Episode Date: September 10, 2019We’re pleased to be joined by the legendary cryptographer and computer scientist, David Chaum. From his early beginnings at Berkley, David pioneered many of the cryptographic techniques used in secu...re systems and cryptocurrencies today. Blind signatures, which are used in zero-knowledge proofs, and mix networks, used in Tor heavily rely on his work. At the dawn of the Internet, David founded DigiCash, what many believe to be a direct ancestor of Bitcoin. Today, David continues to pursue his mission to bring data privacy to all as his most recent project, Elixxir, aims to create a truly private messaging and payment app with a mass-market appeal.Topics covered in this episode:- David’s background as a Ph.D. student at Berkeley and his thesis entitled “Computer Systems Established, Maintained, and Trusted by Mutually Suspicious Groups”- What drove him to work on cryptography and privacy systems- His relationship to the early cypherpunk movement- David’s contribution to cryptography primitives such as blind signatures, undeniable signatures, group signatures and mixers- The story of DigiCash and how the company was founded- The idea behind Cyberbucks and why the company ultimately went bankrupt- Cryptocurrency adoption as a chicken-and-egg problem- David’s personal views and practices with regards to online privacy- His thoughts on the blockchain space today and his views on the future of the industry- His current project, Elixxir, a messaging and payment app which protects users’ data and metadataEpisode links: - [David Chaum’s website](https://chaum.com)- [DigiCash](https://www.investopedia.com/terms/d/digicash.asp)- [lists.cpunks.org Mailing Lists](https://lists.cpunks.org/mailman/listinfo)- [DigiCash - Wikipedia](https://en.wikipedia.org/wiki/DigiCash)- [Blind Signatures for Untraceable Payments](https://www.chaum.com/publications/Chaum-blind-signatures.PDF)- [DigiCash announcement article from 1994](https://www.chaum.com/ecash/articles/1994/05-27-94%20-%20World_s%20first%20electronic%20cash%20payment%20over%20computer%20networks.pdf)- [Project Page: Multiparty Computation](https://www.chaum.com/spymasters/)- [Security without Identification](https://www.chaum.com/publications/Security_Wthout_Identification.html)- [Elixxir - Home](https://elixxir.io/)- [Elixxir - Real Cryptography, Real Time: Precomputations in Elixxir](https://elixxir.io/blog/real-cryptography-real-time)- [Elixxir - Why Mark Zuckerberg wants no privacy, why he wrote his letter, and why it won’t help him](https://elixxir.io/blog/why-zuckerberg-wants-no-privacy)- [Elixxir - Point of Departure](https://elixxir.io/blog/point-of-departure)- [cMix white paper](https://drive.google.com/file/d/1B1jv03qc8E1kx0kvGFx4blzwXrQepMyy/view)Sponsors: - Vaultoro: Trade gold to Bitcoin instantly and securely starting at just 1mg - http://vaultoro.com- Trail of Bits: Trust the team at the forefront of blockchain security research - https://trailofbits.comThis episode is hosted by Sebastien Couture & Friederike Ernst. Show notes and listening options: [epicenter.tv/304](https://epicenter.tv/304)
Transcript
Discussion (0)
This is Epicenter, episode 304 with guest David Chom.
This episode of Epicenter is brought to you by Valturo, the gold hedging platform for the crypto community.
Trade gold to Bitcoin instantly and securely, starting at just one milligram.
Go to Voltoro.gov slash epicenter to get early access to their V2 platform and to start trading.
And by Trail of Bits, don't leave your project's security audit to just any firm.
Trust a team with decades of experience at the forefront of blockchain security research.
Go to trail of bits.com to learn more.
Hi, welcome to Epicenter.
My name is Sebastian Kutu.
And my name is Federica Ernst.
Or maybe today, Freddie.
Hey.
I think I'm going to start calling you Freddy from now on.
Please don't.
Freddie Ernst.
How are you doing?
I'm fine.
We just had a fantastic interview with David Chy.
Chaum, who is, who truly is the godfather of cryptography.
And what did you think, Sebastian?
I was so excited to this interview.
I mean, we emailed him, Brian and I, like, years ago.
I think before Mayher was even a guest on the podcast, just to have him on.
Like, because he's freaking David Chom, you know.
And so it never happened.
And now that he's working on this new thing, Elixir, I guess, maybe he's.
Maybe he felt that it was more appropriate.
But yeah, we spent like an hour talking to him about, you know, his history and his early days at Berkeley, Digi Cash, all that stuff.
And I think he's just such an insightful person and has a lot of really great ideas and, you know, about personal privacy and data sovereignty.
And also is kind of optimistic about where things are heading, which I'm totally not.
but it's good to have optimistic people in the space.
This was actually what struck me most or what may be surprised me most.
So basically he's been in this field for such a long time and he thinks it's all going to end well.
And to me, that is a great consideration.
Yeah, I hope he's right.
Me too.
We initially wanted to also talk more about Elyxia, but since the project, it's still evolving,
but there's still white papers that need be written, this sort of thing.
and the project hasn't launched yet, we thought that it'd be better to have them back on
in some time whenever they're ready to talk more about that specifically. So we would go
a bit more technical aspects of that project. So this conversation is mostly just
picking David's brain. And so it was really terrific. And so I really hope that you all
will like it. Before we go to the interview, I do want to talk a little bit about Tel Aviv blockchain
week. As this really is coming out, I am probably heading on a plane to go to Tel Aviv. I'll be at
scaling Bitcoin.
and also Ethereum and Starkware Sessions.
We've partnered with Starkware Sessions.
It's on the 16th on Monday,
and you can get 20% off the regular ticket price
by using the code Epicenter.
And if you want to register,
there's still tickets available.
It's epicenter.rocks slash Starkware.
I'm also speaking on a panel on the evening of September 11th.
It is entitled,
The Era of New Rising Chains and Assets.
It is hosted by Zengo,
and will be moderated by the,
CEO, Oriole Ohioan. The panel will be Zachianian of Tenement and Mason Borda of Tokensoft and myself.
So if you're interested in listening to us talk about new rising chains and assets, please
register for that. You can register at zengo.rocks slash meetup. So with that, here's our interview with
David Chom. We're here with David Chom. David Chombe. David Chom needs no introduction.
in this space because he really has pioneered and set the stones that are the foundation for a lot of
the things that we're building in the blockchain space. And personally, for me, it's a real pleasure
and a real honor to have you on just because I'm so concerned by my own privacy and a lot of these
concepts are concepts that, you know, date back to when you were initially working on them
and researching them and writing the papers that put all this stuff in motion.
So thank you for joining us today.
It's a real pleasure.
Well, thank you, Sebastian.
It's great to be here, really.
I appreciate.
And thanks for the kind words.
Let's start with the beginning.
Tell us about your background, your time at Berkeley, studying computer systems there.
And, you know, what was it like back then to be working on these technologies?
Well, you're taking me back.
But, you know, this was Berkeley, of course.
So it was a very exciting, progressive place.
And my office mates and colleagues there were people that, you know,
created a lot of famous stuff in the computer science field.
You know, I was working in that kind of department.
And then like Bill Joy and Eric Schmidt and all these people were, you know,
people I'd talked to all the time there and,
everything, Dave Patterson, with the risk architecture, and a lot of key things were happening then,
as well as in cryptography.
Those were really exciting times for all the real basic research.
And so we had all kinds of people coming through constantly visiting and talking about their research and in cryptography and so forth.
So it was, but there was also a kind of backdrop of most of the graduate students were being recruited to work for the kind of military industrial complex.
But there were a lot of posters up saying, don't do this.
So there were a lot of ethical issues in the air.
I mean, this was Berkeley, you know, 77 to like 80 and 82.
It was quite a mix of interesting things going on.
So there were some people that were going to work for kind of the government or maybe in industry.
And then there are others that were kind of opposed to that.
What were they doing?
Were they mostly working on research or did they have their own ideas about what they wanted to build?
I guess you fell in that second category.
Yes.
Well, I believe that my work was, as far as I know, probably unique in taking advantage of the opportunity to do unconstrained research in order to find a way to use the technology to really advance dramatically the causes of public interest.
So you got a PhD from Berkeley with a thesis entitled Computer Systems established.
maintained and trusted by mutually suspicious groups, which to anyone who's familiar with
cryptocurrency sounds very modern. And if you actually look into this, the thesis puts forward a system
that bears a lot of the hallmarks of Bitcoin. So basically, you have the cryptographic signatures,
you have the peer-to-peer system. You don't have the proof of work, but everything else kind of
is there already. So what actually made you interested?
in these specific systems?
This is the most fundamental problem in security of information technology, generally, right?
How can you make a computation that can be trusted by a group of people who don't trust each other?
And more specifically, each, say, participant should have a privacy,
protected channel with the computation.
It's based on a published and mutually agreed algorithm that the computation is supposed to perform,
but all of the state and data and the computation is hidden from everyone.
But when the computation speaks publicly or over the secure channels to the individual participants,
everyone can be certain that what it is saying is correct.
And this is a problem that I recognized early on as being kind of the fundamental issue.
You could think of it as the sort of church touring theorem for or conjecture for information security.
Because if you can solve that problem, then you, I believe, can solve any information security problem with that mechanism.
Now, that's an unproven conjecture, but it's just.
like, you know, saying that a toy machine can do any computation. You can't really prove that,
but it's a conjecture that seems to have held up. So that's why I was interested in it,
and I proposed a way to solve it in my dissertation. Now, it's a little bit ironic, I guess,
that my concern about digital sovereignty and all made me not sign the copyright of my dissertation
over to something called dissertation abstracts
that would, like most theses, they'd be online,
and people could find them over, you could order copies.
So I kept the copyright and everything from mine,
so it just basically lived in the library
in a paper form.
There were three copies in three different parts
of the Berkeley library system,
but it was never digitized.
and so it pretty much escaped notice, although you know how library books, in the old days when there were physical books and you go to library,
then they would put a little stamp with a date on a little sticker that was kind of on the inside cover of the book or something.
So you can go back and look at these copies and see that there were instances of when they were checked out,
and because of the lengths of time that people had them, you can make inferences about the type of,
library status they had.
Library metadata is a very dangerous.
Yeah.
Because you could go back now and you actually look at the library records
and find out exactly who read those papers
and basically just figure out exactly who the finite number of people
who read that paper pretty much.
Right.
But so at least from these little stamps,
you can see that it was checked out occasionally,
but sometimes people kept it for like a whole year.
are only certain people that are allowed to check out books for a whole year. So that's it.
There was a, you know, it down pretty much. But any event, yeah, so actually, there is a
recent paper that is mentioned on my Wikipedia page, or the Wikipedia page about me,
I guess one should say, that is by Professor Alan Sherman and others that goes through.
and I think it provides the best kind of taxonomy and explanation of all the different variants
that we've seen in the blockchain space and it sort of organizes those.
And it highlights my contribution.
And basically, as you said, pretty much the only thing that I didn't anticipate in that work
was the proof of work.
But, you know, there are a lot of other types of consensus mechanisms, as you know,
And there's a point I'd like to make about that, which is I think worth trying to keep in mind,
and that is that back in those days, let's say in 1980, the idea of burning up tons of computing time
in order for a consensus algorithm was beyond reasonable.
And it wasn't until, I believe, 12 years later or so about 94,
that the idea of burning up time to, you know,
to have sort of a winners who could be the next block producer and so on,
or the whole idea of using proof of work for anything
was proposed by actually one of my co-authors,
Monina Orr, and I remember very clearly sitting in the auditorium there
where I believe Cynthia Dwork, the other co-author,
presented the paper.
and I remember actually where I was sitting
and, you know, just thinking about this,
wow, that's, they proposed it in the context
of a way to defeat or impede spam email at the time.
Was that a precursor to hash cache?
You could say that,
but what I'm trying to point out is that
the technique was already pretty well known.
It's just that you had to kind of wait
until there was enough computing power and bandwidth
and everything out there, that any of this kind of stuff would make sense.
So to say that someone in 82 didn't fully invent blockchain
just because that one type of consensus algorithm wasn't included,
I don't think that's reasonable.
Oh, no, no, and it was very much not meant as a criticism in that sense.
I was marveling at your foresight that, you know, basically you...
No, okay, yeah.
I mean, I should maybe say it in that way.
I think maybe differently, but differently, what's really interesting to observe is that there
has been a kind of inflection point that occurred in the last decade or so where we had enough
computing power.
It was cheap enough, and connectivity to everything was there that we could have these unpermissioned
chains and use proof of work, say, to control the consensus.
and that just wasn't technically feasible prior to that.
And so, it's in my mind, a whole new idea.
It was that we really had to wait till there was enough computing power out there and everything to do this.
And that's the thing that made the world different, in my opinion.
If you're holding a significant portion of your net worth in crypto,
you're probably waiting for your portfolio to moon at any time.
But holding crypto doesn't mean you should be irresponsible in the face of volatility risk.
That's where Voltauro comes in.
Voltoro is the leading gold hedging solution for the crypto community.
And as a stable asset, trusted for millennia, gold is the perfect long-term hedging solution.
And at Epicenter, we've been using Volturo since 2014 to protect a portion of our company's assets against volatility.
Now, you might ask, why not use a stablecoin, Seb?
Which is a great. And don't get me wrong, stablecoins are great and a real benefit for crypto adoption.
But algorithmic stable coins are still very new and experimental asset type.
And some asset-backed stable coins have been scrutinized for being under-reserved.
With Voltoro, your gold is 100% insured and secure it in vaults deep in the Swiss
mountains protected by Brinks.
Every single gram of gold is audited and holdings are made transparently available
on their website for anyone to verify.
And most importantly, it's quite literally your gold.
You can choose to have it delivered to you at any time.
To learn more and to get access to Voltoro's brand new V2 platform, which includes
an interface overhaul and trading in dash, like coin, ether, and silver, go tovoltoe.
That's V-A-U-L-T-O-R-O-D-G-E-S-E-Sysenter.
We'd like to thank Voltero for their support of the podcast.
I want to come back maybe to some earlier times.
When you were at Berkeley and you were working on these things and people were getting arrested
for printing the RSA algorithm and trying to get it across the border and this, were you,
were you gravitating around those people?
Like, did you know Mark Miller and like what he was up to and like all the other cyber
cypherpunks and yes of course and in some sense I think the way that it's told is that I was the
inspiration but behind the whole cypher punk thing however you know I wasn't really a hundred percent
on board with let's say the tactics that were kind of enlivening the movement right and so
you know I wasn't a big fan of like automatic weapons and explosives and all this other stuff
I was more like, you know, maybe we could just trick the powers that be into using stuff that would protect our privacy and we'd be a lot better off because like going to war against them didn't make a lot of sense to me.
I mean, it was a real lot of fun, you know, to be in a movement thinking that you could actually, I don't know, do stuff like that, but I didn't think that was that realistic.
It didn't prove to be that realistic.
So I was really trying to affect the change and not just have fun doing so.
But that's different.
You have similar views about the way people working in the blockchain space now.
And so you were recently at Web 3 Summit, like all these young people now that are building these privacy technologies
and sort of trying to, I guess, in some way, fight the system.
Do you feel similarly about their approach to trying to build permissionless technologies
that can't be circumvented by governments, et cetera?
Well, Sebastian, that's a pretty deep question. And I'd like to say that, you know, I've been trying to make the world a better place for my whole career. And very often I see a number of different avenues and approaches that, you know, my peers and colleagues take. And there's a multi-factor evaluation that you have to make about each one. I mean, so.
Is it an approach, okay, yes, it's in a positive direction,
but is it an approach that can go the full distance that's needed?
What are the obstacles to that?
Are those fundamental, or are those things that will just improve over time
and over what time frame you expect that they will improve?
So you have to kind of try to pick your best bet and sort of ride that out.
If you're really serious about affecting change,
if you're just trying to be happy that you're doing something that isn't a bad thing or that's in a good direction, that's a different consideration.
So I guess I'm, I try to be, I've tried to put some real thought into finding ways to actually do things that could really make a substantial difference.
And that makes me appreciate all the people that are working, but it doesn't mean that I wouldn't try to redirect.
their efforts if I thought that could work. Does it make sense? Yeah, that makes sense.
It's like a pity to have to say so, I would say, but this is, you know, I'm pretty serious
about all this, and I tend to try to figure out what I think the best thing to do is, and
the primary consideration is not about me personal. I get that. So the impact that you've made
on cryptography is really hard to overstate. So you just, just,
for the benefit of our listeners.
So you invented blind signatures,
undeniable signatures, group signatures.
You invented mixes.
You introduced the first predecessor to secret sharing,
and you jumpstart at the field of zero knowledge proofs
and probably many other things that I have neglected to list now.
Tying into what you said just earlier,
which one of these do you think is going to become the most important to society and why?
Well, let me answer an easier question first.
Well, I'm thinking about that.
The most fundamental work is, you didn't mention, which is the multi-party computation work.
And so in that work, there's a series of paper.
So you could say that zero knowledge, which I was like on par with the, there's sort of two competing groups,
the MIT group and my group.
So we kind of had all three results at more or less the same time.
And actually we ended up winning the best paper awards
and the papers invited the journals and stuff like that.
But you could prove things to the world.
That's like zero knowledge or minimum disclosure
with the two models that I proposed
where the MIT people only had the zero knowledge model.
Then the computationally based multi-party computation work,
and then there's the honest majority work.
So those are two different full multi-party computation with models.
And then the final thing that tied it all together
It was my work, and they didn't do, which is the Spymaster's double-agent problem.
You can see it on my website, tron.com.
So this has the best of both worlds.
If you have unlimited computing power, then you still have to have a majority of participants
in order to defeat the security system.
So this is the real most fundamental stuff, but I'm really hoping that the two things that I'm focused on now
can dramatically change the world.
And I think it's become very clear
that this stuff is really needed.
And one is to,
and you can see like on the Elixional landing page,
the video up there,
explain a little more in detail,
but basically the sort of messaging integrated
with payments with DAPs or mini apps
in the same namespace
has proven to be the killer app
consumers. You can see that by WeChat and what Facebook's tried to do and the other major
platforms in smaller markets. So this is like an indisputable fact. That's, and it makes perfect
sense. That's what people want. So if we can provide that, which is what my current companies
dedicated to in an unpermissioned manner that shreds the metadata in real time and has a very secure
payment system that is comparable to the non-secured to the other systems in terms of performance,
user interface, so forth, and where we have an easy-to-build-to-dap platform, then I think that is
one of the two key things that's needed, because that's, if you don't have a protected space
where people can communicate with certainty that they're not being observed among the
their like friends and family and to obtain information about what's going on in the world
and to support the collection and distillation information financially, if you don't have
those protected spheres, you cannot have meaningful democracy.
And that's becoming, you know, unfortunately, quite abundantly clear these days.
We could come back to that.
But the other thing, which I think is really fundamental, and I'm very excited about,
However, it's taken a little bit of a backseat right now because there's so much going on with the messaging and the payments, the damage and stuff that we're working on.
But the new type of voting that I've proposed and that as we run binding elections with, which is called sample voting, is something that looks extremely promising to me because it allows direct democracy to see.
scale with both the size and the complexity of society. And it's quite applicable for governance
of our blockchain. And I think that will really demonstrate and it will really shine there.
But if you ask me what I think might be the most important contributions, I think those
two and they're interrelated right now.
I'd like to ask you about something you mentioned a few times already, and that's about metadata.
Why do you feel that metadata is so critical to the privacy and sovereignty of individuals?
Because a lot of times people talk about their privacy, and I think they consider, they think about the message.
Like, I don't want people to be able to read my message, but I don't think people really consider the importance of metadata.
How would you effectively communicate that to someone that, that,
beyond the message that all the extra inferences that we can make about the metadata are as equally
weaponizable, I guess.
Well, what I'd like to say is that back in the 80s and so forth, privacy was kind of a
freestanding issue.
And I think in the last year or so, the public has come to recognize the significance of metadata
as far as it's enabling the manipulation of public opinion
and allowing for the sort of taking control of nation states
in the democratic portions of the world.
And this is just a fundamental and sort of irreversible phenomena.
Whereas if you look at the sort of non-democratic portion of the world,
you see that the same manipulation of media, social,
so that, so on, is underway and diffusing any real hope of kind of a rise of public sentiment.
Just look at the way China has manipulated, mainland opinion related to the recent events in Hong Kong.
I was just reading about it.
It's quite, quite stunning.
And then that's sort of the carrot side.
And then the stick side is, you know, there are people that are disappeared and they're, you know,
their access to their bank accounts don't disconnected and so forth.
based on the surveillance of WeChat and so forth.
So it's like this type of ferreting out who can be manipulated around which issues
and manipulating the apparent will of the public online is something that's so powerful
for almost all of the populations on the planet.
It's, like I said, I think it's a profound and sort of irreversible danger,
especially given the progress in artificial intelligence
and sort of the immense amount of data
that's already been kind of vacuumed up.
This is fascinating,
and we will definitely get back to this in a little bit,
just before we do.
And it's completely fine if you don't want to.
But would you mind disclosing how you protect your privacy online at the moment?
Just because most of us, I mean, most of us use Google
and almost all of us at some point or other used to use Facebook.
And I mean, Facebook's not such a thing anymore.
But I mean, I know very few people who can actually live without Google and, you know, other big tech giants.
And it's very difficult to protect yourself, right, and your privacy and your data.
Like Linus Torval, I have not been a user of social media.
And there's a few things that come out, but it's not really for me, actually.
but in any event, now that the Elixir platform is starting to become available,
I really have no excuse not to use something that actually does protect privacy and shred the metadata and so forth.
So I'm going to start to become a user.
That's about as much as I'd like to say about my own personal activities.
Okay.
So, I mean, you don't use Facebook or any social media, anything like that, I presume.
do you use services like Google, like Gmail, this sort of thing?
Or do you have some sort of personal upsec process that you've developed to protect your privacy
but still have the ability to communicate effectively with people?
Like I said, I'm not a user of social media, but I will start using elixir.
and I try to make the best use of my personal energy
to make the most effective change globally
and sometimes that means making compromises
in terms of my own personal protection
where I better put the energy into trying to come up with things
that really can address the key issues
and trying to find a way to get them out
that seems attractive to the widest possible audience.
I get that. I mean, we all have to make compromises at some point. I mean, like, so personally, in the last year or so, I've pretty much stopped using any Google services for anything personal. Like, I have my own mail server in my house. I've set all that up. I use signal with my family. But it takes a lot of time, right? And I've invested maybe hundreds of hours in getting all this OPSEC set up and everything. And having products that a
appeal to the masses where you don't need to like know how to use Linux, for example, or
anything more complex than just installing an app is highly desirable. So in that context,
something like Elixir, which we'll get to in a few minutes, I think fulfills that need
where it's a simple app that you install on your phone, like WhatsApp or anything like that.
And people can use it just as they're used to using any sort of messaging app. One of the
things that I found challenging was getting friends and family to use the systems that I was using
and that I thought would protect my privacy. So, for example, I got my family and most of my friends
that I talked to regularly with to use Signal. And Signal is sort of like an encrypted
end-end encryption, open source version of WhatsApp where there's still metadata, you know,
presumably, but not under the Facebook umbrella, I guess. And so the challenge was getting people to
use that with something like Elixir and some of the, maybe the, maybe the,
the steps that you've taken, how have you effectively communicated that with, you know,
your friends and colleagues for them to start using those systems where you're not, you know,
using Facebook or WhatsApp or any of these other things that normal people use, I would say.
Like, you know, people that are not so concerned about the privacy like we are.
Well, the history of social media, even though at any moment in time, it looks like
the most dominant systems are never going to be displaced. The history proves that every few
years, there's the mass migration to the next best thing. And this has happened, you know,
more than a half dozen times. And I believe that now the public has become quite disenchanted
with the tech powers that be they feel betrayed by the fact that their data has been misused
without their, and without their permission, of course, and with such devastating consequences
for, like, faith in democracy and so on.
And so there is a huge opportunity at this moment,
which is to create an unpermissioned social media system,
which is a messaging, which is all the new users
is basically interested in messaging,
integrated with payments, like we chat and the rest, as I've said,
that supports DAPs in the same name space,
that shreds metadata in real time and that is free to users, the consumers, to ordinary people,
and that has the capacity to scale to address a full-out global use.
So such a technology, which we are building and starting to roll out,
has the ability to destroy what amounts to essentially a trillion dollars worth of market cap
of these companies that have been exploiting the public secretly
and creating this huge danger to society
and to sort of give away for free to the public
what it is they really want,
which is these abilities to transact without being spied on.
And there's interestingly no way that these major players
can compete with such a thing
because they are not unpermissioned.
They are companies.
and so they cannot shred the data, apparently,
because governments seem to want to be able to force them to give it to them.
And their business model is based on it.
So we have this ability to dramatically change the whole landscape
by creating an unpermissioned chain which offers these kind of capabilities to the public for free.
So I think that with the thought leaders and people like yourselves and your listeners,
on this podcast and so forth,
this can provide the sort of initial critical mass
that will then, because of the network effect,
lead to a mass migration.
And that can be a tremendously helpful thing
for the future of the free world.
Yeah, and these things, after they've crossed a certain point,
they permeate society way faster than one would have ever thought, right?
I mean, basically, you get these major consensus narrative shifts
where beforehand everyone had like one opinion and then everyone just kind of shifts more or less at the same time
and you get like you get this mass migration to a new thing and I think you may be completely right
and that we may be seeing that soon because people are being sensitized about what Facebook and the
Facebooks of the world are doing.
There recently a movie on Netflix came out, a documentary called The Great Hack.
Have you seen it?
Yes.
Yeah.
So basically if you, dear listeners haven't seen it yet,
It's totally worth a watch.
It's about Facebook and how Cambridge Analytica used metadata to influence voting behavior.
It's very scary, so it's very dystopian.
And I'd just like to point out that if you were to just look into it a bit, you'd see that Cambridge Analytica, by its own admission, has been active in most of the large democracies around the globe.
and there are dozens of other companies which seem to be apparently pursuing similar business models and similar approach.
So it's not something that's going to go away.
It's only quite surprising to me that it even became known to the general public.
It's quite a sea change that we're witnessing.
Yeah.
I want to go into your solution for this problem a little bit later on in the show.
But let's talk about your first company first.
So your first company was Digicash.
Can you tell us when, when you got the idea for Digicash and how it actually worked?
Sure.
Well, in 1982, I published a little paper on blind signature-based payments.
And then in the mid-90s, I was running a research group,
one of the top research groups in the world on cryptography.
And the Dutch government, and it was in Amsterdam and the Netherlands,
And the Dutch government came to us and said, we want to do a road toll system here in the Netherlands,
but we don't want the government to be able to know where everyone is driving.
And so we're wondering, is it possible to have like a smart card-based automatic road toll collection system,
you know, with the radio transponders, just like we see around the world today,
but where the identity of the vehicles is not disclosed,
but the payments are made,
and the pricing varies during the day.
And I said, well, that's funny you should ask.
I actually invented something in 1982 that could do that.
And they said, oh, really?
Well, I mean, would it be fast enough?
You know, like at 100 kilometers an hour,
the radio connection only exists for about a meter of road travel.
So that's not a lot of time to complete a payment.
And I said, oh, yeah, I think we could do it.
And they said, oh, really?
Well, I said, yeah, well, tell you what, if we can do it in two weeks,
will you give us a contract to build it?
We can prove to you that we can do it in two weeks.
They said, they said, sure.
So I got a bunch of students, and we, like, wired up this house
and it was a crash project.
And in about 10 days, actually built a lot of,
little hardware gizmo that used the same kind of microcontroller as in a smart car of 60805.
And we demonstrated that we could make these blind signature payments in a special way
at that kind of speed.
And so they gave us the contract.
And so we had to build it.
And so I hired the students and we started building it.
And this was done on the same campus as my research group, but it was in the same.
in a separate facility, and eventually, as the web started to emerge, I moved over to actually
run the company.
So from there, this was kind of the inception of DigiCash, and so DigiCash was used to manage this
toll payment system.
Well, they never built the road toll systems, actually.
But that wasn't because our part didn't work.
We partnered with a company called Amtech, and we demonstrated it, and everything.
but the government, I guess, got cold feet.
That it's really interesting, but I think you can get a lot of insider perspective from their big fear
was that if they built this, that people would, in mass, ignore it and just not pay.
And even though they would have photographs of all the cars and stuff, there'd be such a mass
opposition to it that it would erode the power of government.
It would be extreme embarrassment to them.
That was, I think, why they decided not to do it in the end, because, I mean, Dutch don't
like to pay for anything.
Let's put it that way.
So how was the G-Cash put you used then?
Well, in 1994, I gave one of two keynotes, and it was the first keynote at the World Wide Web Conference.
It was the first World Wide Web Conference in Geneva.
and what I did in those days it was, you know,
we used the web browser to make the slide presentations, right?
And this was projected by it.
Those days it was a huge projector.
And I made the first e-cash payment,
and it was from Geneva to Amsterdam,
and launched this idea that a number could be worth money,
a so-called digital bearer instrument,
and launched the DigiCash company, really,
and this was picked up by all kinds of media around the world.
Within a couple days, there was a lot of interest
and the idea that a number could be worth money,
a digital bear instrument.
And so we were very much in the spotlight,
and we kind of started with the first thing,
which was called the CyberBox.
and this is like a digital currency as currently understood, but it differs in a few ways.
So one commonality is that it had a limited amount of the currency that was going to ever be issued.
So that was an interesting and good innovation.
Another thing was that, of course, all the transactions were conducted online.
It differs technically from current blockchain, which have, you know, arguably,
zero privacy, right?
Whereas DigiCash used
the blind signature concept
you mentioned earlier that has
a really nice
special kind of privacy
which sometimes is called one-way privacy or pay
or anonymity, which is essentially
that
only the person who
forms the digital coin initially
at random, to be the
user, can recognize
it later. So it's hidden
by a blinding
process when it receives the validating signature by the issuer so that when the user receives it back,
they can unblind it and spend it, and everyone can see that it's really signed, and they just
have to check for the double spending, but that digital coin is unlinkable to the withdrawal
process where it was originally signed. So what it amounts to is that as the payer, you can always
irrefutably prove who received the money from you, but they cannot find out who you are.
And that, it turns out, is an ideal kind of privacy because at the time of what's called
the Bank for International Semments, BIS, the Central Bank, Citadel Bank, Proclaim that
criminal use of payments could be divided in three types, extortion, black markets, and
bribery.
And if you think about it, such a one-way privacy makes the money.
unsuitable for any criminal use because what kidnapper would accept payment by check or, you know,
what politician would accept a bribe by, you know, wire transfer or, you know, in a black market,
it's always sort of follow the money up the hierarchy. So it was quite unique. And so what this means is
that each coin has a one of a fixed set of denominations, unlike current blockchain where,
that is in effect a digital check system, where each transfer has a potentially unique amount,
which links it horizontally from account to account from wallet ID to wallet ID with digit cash,
each one cent or two cent, four cent, eight cent.
We use the binary denomination scheme just is a little more efficient.
But each such denomination has its own type of signature and its own sort of free.
standing digital bear instrument that's kind of like a containerized,
discretized version of money that prevents the,
or reduces, let's say, the horizontal traceability from,
let's say, from account to account to account.
So that because of the standardization of,
and that's sort of breaking the payments up into,
just like paper money and coins today, metal coins.
So another difference of the Digi-Cesh technology.
Let's talk about security.
You know, DAPs are pretty unique because unlike other types of software, they can hold astronomical amounts of value.
That's why getting systems audited, creating robust security processes, and fostering a culture of security in your organization is so important.
And to do this, you should only trust experts with real security expertise.
There are a lot of security firms in the blockchain space, but few have the experience and track record of trail of bits.
And they've been in business since 2012, long before things like,
like the Dow hack or even imaginable.
Trail of Bits works with your team
to audit every aspect of your project.
And smart contract code is just the beginning.
They'll help you implement best practices
around things like DevOps,
key storage, and user-facing applications.
And once your software's been rigorously tested
and reviewed by Trail of Bits,
they'll provide the tools you need
to make sure that your code remains safe
over every new commit.
They can even put a software security expert
at your team's disposal
who'll give you advice
and answer your questions when you need them.
It's like having your own security engineer
on staff, but don't take my word for it. Go to their publications repo on GitHub to read their
papers, presentations, and security reviews. It's no wonder teams like parody, status,
new cipher, and organizations like Facebook and DARPA trust TrillowBits for their security audits.
To learn more, go to trailfbits.com, and if you decide to reach out, make sure you let them
know you heard about them on Epicenter. We'd like to thank TrillofBits for their support.
So who are the users of digit cash?
Were there sort of classes of people that you could kind of say were using this?
Was it mostly for online purchases or were there certain use cases that you were starting to kind of pick up on when it started getting traction?
Well, so those initial payments were part of the cyberbucks.
You could call it today an air drop.
So basically we said we're only going to issue this amount and we will give it away for,
free, but our condition on that was that you have to create a shop, an online web-based shop
that accepts cyberbucks for something, and then we would give you like 100 cyberbox.
And that's how we rolled it out.
And if you go to chom.com, you can see sort of the e-cash museum, you can see all the press
releases and so on, but you can actually see the icons of a lot of the shops that were up
issuing, selling things for e-cash and that participated in the cyberbucks, let's say,
launch of e-cash. But then we also subsequently licensed banks around the world to issue
e-cash in their national currency at the time, as well as for internal use. So like
Nemuris securities, they used it internally. But we had issuers in,
most continent. So we had Australian dollars. We had U.S. dollars. We had, in those days,
it was pre-Euro. So this, we had the Deutsche Mark and then a number of other licenses in Scandinavia
and so forth. So actually Deutsche Bank in those days was like the biggest bank in Europe,
indisputably. And they were our like toughest customer. They had a data center that was in an old
bunker underground and they wanted every kind of industrial audit backup, you know,
roll in every kind of protection and everything.
And so we had to build all that stuff for them and they deployed it.
And there were shops that accepted payments by e-cash Deutsche Marks.
And so they were very enthusiastic about it.
And so they were like moving forward and as were, you know,
so there was a lot of interest in the technology.
and in the product from a lot of perspectives,
but, you know, the web was growing very, very rapidly in those days.
And I don't know if you recall, but people were reluctant
to make payments using their credit cards
because, you know, but e-commerce was projected
as, you know, something that was going to happen.
And so it was just, it was very difficult to deploy.
It was somewhat of a labor of love to install an e-cash client
in your computer in those days and keep it up to date.
And so forth.
it was interesting times.
I remember back in my mid-teens in the late 90s
wanting to buy some,
I wanted to order like an SSH server or something.
And the only way to do it was to pay online.
And of course, I didn't have a credit card as a teenager.
So I asked my mom if I could use hers.
And she's like, I'm not putting my credit card number online.
Are you crazy?
So what she ended up doing, she got an extra credit card
with like a $500 limit just so that I could buy stuff online.
And, you know, so having something like Digitash back then would have been very useful or something like, obviously like Bitcoin or something like that also.
But so Digit Cash was backed by actual reserves, right?
Like there was US dollars or Deutsche Bank or something in a bank account representing these individual coins, correct?
A handful of banks around the world which issued e-cash.
And what that technically meant was that if you had an account at their bank,
then you could withdraw money from your account into e-cash,
just like you could visit an ATM machine and withdraw it into paper money.
So you could load up your e-cash wallet from your bank account,
and then you could spend that money.
But it was in the form of these binary denominated digital bear instruments
that all of our payments were privacy protected in that way,
with blind signatures,
and you could spend it
at any of the shops
that were online to accept it.
It strikes me that this is kind of similar to
some of the
asset back stable coins that we see in the space
now, and in some way
setting aside all the privacy
issues, etc.
But in some way it is a little bit similar
to what Facebook has proposed in
Libra and that cryptocurrency.
Would you not say so?
Well, the way I
frame it is that we issued
a freestanding digital currency, Cyberbox, and we had a way to get it accepted a lot of
merchants, and we gave it away. So we were trying to create our own currency with a bounded
cap, and in parallel with that, we allowed others to issue their own versions of it, and we helped
them do that. And those others all turned out to be banks or I think there were also like
Noura was a research organization and I think that Sweden Post licensed it. So there were people that
want to use it beyond other than banks. But we tried to make it available to anyone who wanted to use
it. But in those days, we had to help them do it. And so we wanted this stuff to become like the
digital currency, but there was such a rapid growth,
and hesitation and then lurch forward of growth,
and it was not anywhere near as convenient as like credit cards
once that became a viable option.
So as a merchant or private person,
if I accept your e-cash, what's my route to redeeming it for Fiat?
Can I do that with any bank or just my bank or how does it work?
Back in the digit cash days, there were banks that accepted e-cash in different currencies and were willing to convert them like exchanges.
There was a bank called Mark Twain Bank in the U.S. They issued U.S. dollars, but they would also accept other currencies and convert.
So the only way that you could get, let's say, into or out of fiat was,
through a bank account that was denominated in that fee of currency
and that was provided by a bank that was actually part of the e-cash system.
And so basically the banks within the e-cash system,
they then settled amongst themselves?
I think it was a little simpler than that,
but more or less, yeah, I mean, they had,
just like, if you don't understand how national banking works,
I mean, they had accounts at correspondent banks and so on.
Okay, I see.
And what was the business model of e-cash?
You mean you meant the business model of the company, Digi-Cash?
Yeah, exactly.
So basically, how was DigiCash meant to make money?
Well, Dig-Cash did make money.
And, I mean, we did the CyberBucks thing for free.
And we hope to really foster the creation of an alternative currency based on a, you know, pretty idealistic vision for that.
but we also licensed banks and other organizations that I mentioned.
And for that, you know, they paid us for the right to do it and paid us to help them.
And we had, I think, a sound and sustainable business model.
But then as the web really started to take off, I decided that this technology was too important
to not be given a chance to really rise with the tide.
So we took in a substantial investment,
and I think the strings attached to that
in the end didn't really have the same interest
in making the world a better place.
So that was a decision I made because, you know,
it was put very clearly internally.
You know, we could have just kept on keeping on
in a modest way, and that would have been
have been much safer for us and that would have been fine. You mentioned business model
and your question, but I decided that we should really just go for trying to make the world a better
place and try to rise with the tide. So we took in a fair amount of money under terms that
assume that those people who put the money in really had the same concern about changing the world
as us. But in the end, that didn't prove to be the case. Let's get back to
this topic that has been following us through this conversation, which is Elyxir.
So it's your current project.
So can you give us a high level overview of what is Elyxir and what's the goal here?
Like what are you trying to achieve with this new project?
Elixir aims to be a free to consumers messaging and payments platform that is second to none in terms of privacy because it's unique.
and its ability to shred the metadata, to provide the kind of transaction speeds that people
are accustomed to and has the capability to scale the bandwidth that's needed for mass adoption,
and that also allows for the integration of DAPS.
And in that way, positions itself as a full alternative to a WeChat or a Facebook
with Libra or some of these other offerings, and I believe, a very attractive alternative.
And with the network effects, we can expect, like, perhaps a very rapid transition.
That sounds super exciting, and we are doing an episode, especially on Elixir in the near
future, so like an entire hour dedicated to this topic.
It seems to me that maybe we're at some sort of turning point.
I mean, basically the past couple of years or the past couple of decades have been, you know, an arms race between people who are interested in surveillance and surveilling people, nation states and other actors, and people who are developing ways to preserve your privacy.
Would you agree with this?
And what do you think the possible outcomes are here?
So what's the possibility space that you anticipate?
Well, I wouldn't characterize the past couple of decades as an arms race between governments and, let's say, good intention developers.
But rather, unfortunately, it's a pity to have to say so.
But I think that there's been a lot of kind of honeypots set up that lured good intentioned people into using systems.
that were a little bit hard to use,
but actually simply revealed them as people
who were concerned about their privacy.
And if you look at things like the Arab Spring,
so-called, or other kinds of movements,
it's always pretty surprising how easily all the leaders
are identified and eventually arrested or whatever disappeared.
And it recently was revealed that China also has
what Snowden told us, the U.S. government has sort of the full take, the ability to surveil the
entire network. And what that means, of course, is that Tor is simply a transparent to both of these
major power groups. And, you know, similarly, a lot of other good intention things turned out
not to really be adequate solution.
So, you know, I think that we're at a really great point because all that good work and
intention and so on has resulted in a culture of an understanding of a lot of these issues
at a technical level by developers and so on, a real interest to see this happen.
So we've gone a lot of momentum.
and now with the ability to do unpermissioned chains
and with some of the technology bricks
that I've been working on to try to speed up
some of this stuff and so forth,
we have a thousand X speed up in mixing with elixir,
which is needed for chat.
With the parallel realization by the public,
in effect, this is the whole game.
If you cannot have a protected sphere,
then you've lost control over governance
and that may be something that's very difficult to recover.
So I think it's now we're at a really exciting point in this process.
I'm glad you're optimistic about this because my views on this stuff
has become slightly tainted over the last couple of years.
And I've become more pessimistic about it.
I feel that these platforms have gained so much power
and they've gained power for a couple of reasons, but one of the reasons that they've become
powerful is because, well, obviously they connect people, right? Like, people want that connection.
But I think that they also exploit very primitive aspects of what makes this human. So I believe
there's quite a few studies out there that talk about kind of like how Facebook and Instagram and
like the light culture affects like neuroreceptors in their brains and like how they accurately
hit our pleasure receptors, etc. And it's almost like an exploit, right? It's almost like
these platforms are exploiting our brains like some malware. And I think for platforms that
try to, you know, do the right thing and not use people's data to exploit their privacy and their
voting habits and like, you know, get them to buy stuff, all those people that are on the other
side doing the right thing, I think that they maybe also need to try to approach this with that same
malware approach, but like the white hat version of that, right? Like what's the white half version of
like the Facebook like button that or like the Instagram like button that just gets you coming back
all the time but but doesn't, you know, exploit you as a user? And I think that the space of like
good intentioned people haven't yet figured out what the white hat version of that is. And I really hope
that people like you and the folks working on elixir and other products like it,
you know, get to figure that out and get to create that that massive network effect
that topples Facebook and like makes it the next MySpace.
You know what I mean?
But in principle, there's not a reason why you shouldn't be able to build that.
Yes, that's right.
That's what we, what I proved back in the late 80s.
What the multi-party computation results prove is,
that if there's any way to create a white hat incentivization,
a reward scheme that doesn't inherently exploit data,
then cryptography can allow for it to be realized securely and transparently.
Do you feel that Daos have a place in this, in the governance of these protocols?
I think that, yes, it's essential that there is a,
kind of democratic structure that controls this infrastructure.
And that's, as I mentioned earlier,
of one of the two key ingredients.
I think you need protective spheres
and you need a kind of democracy
that scales with complexity and size of the system.
Those two ingredients, together, that can solve it.
I think those are nice last words.
Maybe this is a good point.
to end this episode. It was a great pleasure to have you on. We talked about this before the
episode. We'll have you on again very soon when you're ready to talk about Elyxia, your platform
and blockchain that runs on it, Praxis. Great. Well, this was really a blast and interesting,
and I appreciate your question is interesting and your thoughts and I look forward to
continuing the conversation. Thank you very much. Thanks so much, David. It's been a real pleasure.
Thank you for joining us on this week's episode.
We release new episodes every week.
You can find and subscribe to the show on iTunes, Spotify, YouTube, SoundCloud, or wherever
you listen to podcasts.
And if you have a Google Home or Alexa device, you can tell it to listen to the latest episode
of the Epicenter podcast.
Go to epicenter.tv slash subscribe for a full list of places where you can watch and listen.
And while you're there, be sure to sign up for the newsletter, so you get new episodes
in your inbox as they're released.
If you want to interact with us, guests or other podcast listeners, you can follow us on Twitter.
And please leave us a review on iTunes.
It helps people find the show, and we're always happy to read them.
So thanks so much, and we look forward to being back next week.