I have been writing and thinking a lot about digital cash recently, and recent attendance at the Financial Cryptography conference in Anguilla has prompted me to post this brief guide to what is here on my web page regarding digital cash, and to explain where I am going with this.
First, two items of general background before getting to digital cash proper. My professional background is in international finance, and my textbook International Financial Markets, 3rd Edition is still the leading text in international finance at an MBA level. Copies are found in central banks around the world, and it is widely used in bank training programs and at leading universities--including the Wharton School of the University of Pennsylvania, where I taught, and Harvard, where I got my Ph.D. in economics. When the first edition appeared in 1986, it was revolutionary for its attention to markets and for its careful analysis of derivative products.
Just recently the book was adopted as one of 12 "essential" business management and finance texts to be translated into Chinese. Mannie Liu, a Cornell Ph.D., has done the translation. (This is separate from the pirate Chinese translation mentioned in the comments section for the book on my web page.)
Some comments and background on digital cash are found in my essay The End of Ordinary Money. At the recent financial cryptology conference in Anguilla, David Chaum defended his semi-anonymous digital cash system (DigiCash's "ecash"), which has customer or spender anonymity but no anonymity for the merchant-depositor. Mr. Chaum believes this latter privacy-invading feature will eliminate organized crime. I totally disagree, and the essay The End of Ordinary Money (Parts 1 and 2) can be taken as my refutation of Chaum's contention, even though Chaum was the further thing from my mind as I wrote the essay.
In the End of Ordinary Money I make the case that the weedy growth of money laundering and "financial crime" legislation since the early 1980s has (1) done nothing to prevent money laundering, (2) done nothing to inhibit organized crime, (3) been used by government agencies to eliminate competition (although this point is made more so in other articles than in End of Ordinary Money), and--mostly importantly-- (4) been used as an excuse for the employment of increasingly intrusive technologies of political control in everyday life.
But technology can be used both ways. The same technology that is employed to monitor the population, to create surveillance data bases, and to promote the Big Brother State, can also be used to counter this trend, and to restore aspects of individual privacy and freedom. Hence my focus on cryptology and on privacy-preserving digital cash.
Most of the political articles on my web page had their origin in my personal investigation of the state of world-wide money laundering as it exists today. Most of that information has not been--and may never be--made public. But, among other things, it has transformed my whole view of the political process. And the investigation lead High Times, which is more savvy than most of the conventional media, to dub me a "money-laundering expert".
The article The Mathematical Ideas Behind Digital Cash was a speech given to the Libertarian Party of Colorado. It is intended as an intuitive guide to some of the mathematical concepts behind digital cash. The end of the same article contains my strong critical statements about David Chaum's DigiCash. An introduction to digital cash which uses no mathematics is Concepts in Digital Cash, published in the Laissez Faire City Times, which explains many of the terms used in digital cash, and clarifies their importance. Yet a third introduction to digital cash, this one from the point of view of monetary economics, is found in Digital Cash and the Future of Money. In this article I give a formal definition to digital cash (no one seems to have done this before), and show how the move to Internet banking is being driven by banking transactions costs.
A different, but equally important, incentive for digital cash can be found in Digital Cash and the Regulators. I call this incentive "seigniorage recapture," because it transfers back to the digital cash issuer some of the profits that central banks make by issuing currency. This article shows some of the issues that digital cash presents to banking regulators (such as the Federal Reserve, the Comptroller of the Currency, and the FDIC), and makes the case for digital cash issuers to avoid irrelevant or inappropriate legislation by going offshore. Any digital cash system has to please its customers and inspire user confidence, but regulated digital cash is corrupted digital cash.
A series on Internet Payment Schemes appearing in Laissez Faire City Times sorts out the differences between credit-card like transactions protocols, such as iKP and SET (in Part 1), digital cash book entry systems (in Part 2), and digital cash token systems--such as Mondex and DigiCash (in Part 3).
To get into the nitty-gritty of relevant digital cash systems requires some background in cryptology and number theory. I supply a brief tutorial in Cryptography and Number Theory for Digital Cash. This tutorial supplies all the background that is used to understand Stefan Brands System of Digital Cash. In the latter essay, I put systems from three of Stefan Brands' papers on a common notational basis, survey them in parallel fashion, and fill in some of the computational details that are omitted in Brands' articles.
I consider Stefan Brands system and its variants as the best theoretical work that has been done in digital cash. His approaches have been widely imitated in the last several years--and widely polluted. One pollution method has been to modify the system for key escrow and other backdoors, as was done by Brickell-Gemmell-Kravitz. Of course key escrow can be a quite valid policy in some corporate or group contexts, but I suspect the various "Clipper chip" (Escrowed Encryption Standard) proposals were behind the latter work. Jan Camenisch and colleagues have likewise modified Brands' system to "fair" digital cash systems that allow judges (or other corrupt agencies, like the U.S. Department of Justice) to break the anonymity of digital cash. There are many other less competent examples. I realize that researchers are always looking for an excuse to write new papers, and have to supply justifications for their new offerings, but it would appear there is a ready scientific willingness to cave-in, or cater, to the Big Brother surveillance state.
The cure to this nonsense is the creation of a bona fide anonymous digital banking system. The path to such a system, however, requires educated users who understand what has been happening in the world, who can grasp the important rationale for a system of financial privacy, and who can appreciate the underlying principles on which it is founded. And that's why I've been writing about digital cash.
February 28, 1998