• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Idelto

Cryptocurrency news website

  • About
  • Monthly analysis
    • August 2019
    • July 2019
    • June 2019
  • Bitcoin/Ethereum
  • How to invest in cryptocurrencies
  • News

encryption

How To Lock And Protect Away Secret Files With GNU Privacy Guard

13/05/2022 by Idelto Editor

Users can take advantage of the cryptographic protection offered by GPG to secure files and data that they want to keep well under wraps.

In this guide, I will explain the options at your disposal for encrypting files using open-source software on a Linux, Mac, or Windows computer. You can then transport this digital information across distance and time, to yourself or others.

The program “GNU Privacy Guard” (GPG) an open-source version of PGP (Pretty Good Privacy), allows:

  1. Encryption using a password.
  2. Secret messaging using public/private key cryptography
  3. Message/Data authentication (using digital signatures and verification)
  4. Private key authentication (used in Bitcoin)

Option One

Option one is what I’ll be demonstrating below. You can encrypt a file using any password you like. Any person with the password can then unlock (decrypt) the file to view it. The problem is, how do you send the password to someone in a secure way? We’re back to the original problem.

Option Two

Option two solves this dilemma (how-to here). Instead of locking the file with a password, we can lock it with someone’s public key — that “someone” is the intended recipient of the message. The public key comes from a corresponding private key, and the private key (which only the “someone” has) is used to unlock (decrypt) the message. With this method, no sensitive (unencrypted) information is ever sent. Very nice!

The public key is something that can be distributed over the internet safely. Mine is here, for example. They are usually sent to keyservers. Keyservers are like nodes that store public keys. They keep and synchronize copies of peoples’ public keys. Here’s one:

Ubuntu Keyserver

You can enter my email and find my public key in the result. I’ve also stored it here and you can compare what you found on the server.

Option Three

Option three is not about secret messages. It is about checking that a message has not been altered during its delivery. It works by having someone with a private key sign some digital data. The data can be a letter or even software. The process of signing creates a digital signature (a large number derived from the private key and the data that’s getting signed). Here’s what a digital signature looks like:

It’s a text file that begins with a “begin” signal, and ends with an “end” signal. In between is a bunch of text that actually encodes an enormous number. This number is derived from the private key (a giant number) and the data (which is actually always a number also; all data is zeros and ones to a computer).

Anyone can verify that the data has not been changed since the original author signed it by taking the:

  1. Public key
  2. Data
  3. Signature

The output to the query will be TRUE or FALSE. TRUE means that the file you downloaded (or message) has not been modified since the developer signed it. Very cool! FALSE means that the data has changed or the wrong signature is being applied.

Option Four

Option four is like option three, except that instead of checking if the data has not been modified, then TRUE will mean that the signature was produced by the private key associated with the public key offered. In other words, the person who signed has the private key to the public key that we have.

Interestingly, this is all that Craig Wright would have to do to prove he is Satoshi Nakamoto. He doesn’t have to actually spend any coins.

We already have the addresses (similar to public keys) that are owned by Satoshi. Craig can then produce a signature with his private key to those addresses, combined with any message such as “I really am Satoshi, haha!” and we can then combine the message, the signature, and the address, and get a TRUE result if he is Satoshi, and a CRAIG_WRIGHT_IS_A_LIAR_AND_A_FRAUD result if he isn’t.

Option Three And Four — The Difference.

It’s actually a matter of what you trust. If you trust that the sender owns the private key to the public key you have, then verification checks that the message has not changed.

If you don’t trust the private key / public key relationship, then verification is not about the message changing, but the key relationship.

It’s one or the other for a FALSE result.

If you get a TRUE result, then you know that BOTH the key relationship is valid, AND the message is unaltered since the signature was produced.

Get GPG For Your Computer

GPG already comes with Linux operating systems. If you are unfortunate enough to be using a Mac, or God forbid a Windows computer, then you’ll need to download software with GPG. Instructions to download and how to use it on those operating systems can be found here.

You don’t need to use any of the graphical components of the software, everything can be done from the command line.

Encrypting Files With A Password

Create the secret file. This can be a simple text file, or a zip file containing many files, or an archive file (tar). Depending on how sensitive the data is, you might consider creating the file on an air-gapped computer. Either a desktop computer built with no WiFi components, and never to be connected to the internet by cable, or you can build a Raspberry Pi Zero v1.3 very cheaply, with instructions here.

Using a terminal (Linux/Mac) or CMD.exe (Windows), change your working directory to wherever you put the file. If that makes no sense, search the internet and in five minutes you can learn how to navigate the file system specific to your operating system (search: “YouTube navigating file system command prompt” and include your operating system’s name).

From the correct directory, you can encrypt the file (“file.txt” for example) like this:

gpg -c file.txt

That’s “gpg”, a space, “-c”, a space, and then the name of the file.

You’ll then be prompted for a password. This will encrypt the new file. If you’re using GPG Suite on the Mac, notice the “Save in Keychain” is checked by default (see below). You might want to not save this password if it’s particularly sensitive.

Whichever OS you use, the password will be saved for 10 minutes to the memory. You can clear it like this:

gpg-connect-agent reloadagent /bye

Once your file is encrypted, the original file will remain (unencrypted), and a new file will be created. You must decide if you will delete the original or not. The new file’s name will be the same as the original but there’ll be a “.gpg” at the end. For example, “file.txt” will create a new file called “file.txt.gpg”. You can then rename the file if you wish, or you could have named the file by adding extra options in the command above, like this:

gpg -c –output MySecretFile.txt file.txt

Here, we have “gpg”, a space, “-c”, a space, “–output”, a space, the filename you want, a space, the name of the file you are encrypting.

It’s a good idea to practice decrypting the file. This is one way:

gpg file.txt.gpg

This is just “gpg”, a space, and the name of the encrypted file. You don’t need to put any options.

The GPG program will guess what you mean and will attempt to decrypt the file. If you do this immediately after encrypting the file, you may not be prompted for a password because the password is still in the computer’s memory (for 10 minutes). Otherwise, you’ll need to enter the password (GPG calls it a passphrase).

You will notice with the “ls” command (Mac/Linux) or “dir” command (Windows), that a new file has been created in your working directory, without the “.gpg” extension. You can read it from the command prompt with (Mac/Linux):

cat file.txt

Another way to decrypt the file is with this command:

gpg -d file.txt.gpg

This is the same as before but with a “-d” option as well. In this case, a new file is not created, but the contents of the file are printed to the screen.

You can also decrypt the file and specify the output file’s name like this:

gpg -d –output file.txt file.txt.gpg

Here we have “gpg”, a space, “-d” which is not strictly required, a space, “–output”, a space, the name of the new file we want, a space, and finally the name of the file we are decrypting.

Sending The Encrypted File

You can now copy this file to a USB drive, or email it. It is encrypted. Nobody can read it as long as the password is good (long and complicated enough) and can’t be cracked.

You could send this message to yourself in another country by storing it in email or the cloud.

Some silly people have stored their Bitcoin private keys to the cloud in an unencrypted state, which is ridiculously risky. But if the file containing Bitcoin private keys is encrypted with a strong password, it’s safer. This is especially true if it’s not called “Bitcoin_Private_Keys.txt.gpg” – Don’t do that!

WARNING: It’s important to understand that in no way am I encouraging you to put your Bitcoin private key information on a computer (hardware wallets were created to allow you to never need to do this). What I am explaining here is for special cases, under my guidance. My students in the mentorship program will know what they are doing and will only use an air-gapped computer, and know all the potential risks and problems, and ways to avoid them. Please don’t type seed phrases into a computer unless you are a security expert and know exactly what you are doing, and don’t blame me if your bitcoin is stolen!

The encrypted file can also be sent to another person, and the password can be sent separately, perhaps with a different communication device. This is the simpler, and less secure way, compared to option two explained at the beginning of this guide.

There are actually all sorts of ways you can construct the delivery of a secret message across distance and time. If you know these tools, think hard and carefully about all the risks and scenarios, a good plan can be made. Or, I am available to assist.

Good luck, and happy Bitcoining!

This is a guest post by Arman The Parman. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

Filed Under: Bitcoin Magazine, Cryptography, encryption, English, Feature, GPG, Marty's Bent, PGP, privacy, security, technical

These Basic Privacy Tools Can Help Anyone Avoid Surveillance On The Open Internet

09/02/2022 by Idelto Editor

As the resurgence of the EARN IT Act shows, we’re all in need of tools for communicating privately online — particularly Bitcoiners.

With the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act, two U.S. senators have reintroduced a surveillance bill that could have major impacts on privacy and free speech, turning the offering of encryption services into legal risk territory for service providers.

While the censorship of free speech is already flourishing on public platforms such as Twitter, the EARN IT act would enforce the transmission of all communication between users in plain text format, transforming our inboxes into searchable data mines. But here’s the good news: there are numerous ways to encrypt our communication by ourselves.

“Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.”

–John Perry Barlow, “Declaration Of Independence Of Cyberspace,” 1996

The EARN IT Act, first proposed in 2020, seeks to amend section 230 of the Communications Act of 1934, which originally regarded radio and telephone communication, granting service providers immunity from civil lawsuits for removing inappropriate content.

The Communications Act of 1934 was first overhauled with the Telecommunications Act of 1996, which included the Communications Decency Act, aiming to regulate indecency and obscenity on the internet, such as pornographic material. Section 230 of the Communications Decency Act protects service providers from legal proceedings regarding content issued via their platforms by stating that service providers are not to be understood as publishers. It is this section which the EARN IT Act attempts to alter, putting more responsibility on website operators and service providers.

Under the guise of stopping the distribution of child pornography, the EARN IT Act would render the deployment of end-to-end encryption and other encryption services as punishable acts, which would affect messaging services such as Signal, WhatsApp and Telegram’s Secret Chats, as well as web hosting services such as Amazon Web Services, pressuring service providers to scan all communication for inappropriate material.

If the EARN IT Act is passed, our inboxes will turn into fully-searchable databases, leaving no room for private conversation. While it may be possible to forbid end-to-end encryption as a service, can the banning of the use of end-to-end encryption be deemed unconstitutional by infringing on our right of the freedom of speech, as encryption is nothing but another way to communicate with each other in the form of written text?

While it is unclear whether the EARN IT Act will pass at the time of writing, it is clear that the regulation of speech is a tedious and close-to-senseless endeavor on behalf of governments, as it is impossible to stop the spread of words without divulging toward a totalitarian superstate. We can all use encryption to stay private in our communication, ranging from easy-to-use cyphers to military grade encryption mechanisms.

Circumventing The Twitter Police With Cyphertext

Anyone who isn’t careful in their communication on public platforms such as Twitter has probably spent a fair share of time in the ominous “Twitter jail”: preventing them from posting on the platform for defined periods of time as a consequence of saying things the Twitter algorithm found inappropriate. An easy way to circumvent surveillance and, consequently, censorship by the Twitter police is ROT13 encryption.

ROT13 is an easy form of encryption which circumvents the readability of Twitter’s policing mechanisms by rotating letters by 13 places, initially used to hide the punchlines of jokes on Usenet.

Want to express your opinion on COVID-19 without getting punished by the Twitter algo? Rotate the letters of what you’d like to write by 13 places, making your text readable for anyone who knows that you’re using ROT13 encryption, while causing the Twitter algorithm to detect nothing but gibberish in what you wrote. For example: “COVID SUCKS” turns into “PBIVQ FHPXF.” ROT13 encryption can be translated via free online service providers such as rot13.com, or by hand via the board below.

While ROT13 is not deemed a secure form of encryption, as anyone may be able to decipher what has been written, it is a fun and easy way to get used to protecting one’s communication on the open internet. It is also possible to come up with one’s own encryption mechanisms, such as rotating letters seven instead of 13 places.

Source

Circumventing Location Detection With Where39

When we communicate our location via unencrypted messengers such as iMessage or Telegram, we are also leaking our location to anyone who gets their hands on the contents of our inboxes. Services such as Google Maps automatically detect locations in our written text, and are able to form patterns of our movements. If you’d like to meet someone without revealing your location to Googlezon MacCrapple, you should obviously leave your phone at home, but need to find a way to communicate your meeting place without being detected as a meeting place from the get go.

Ben Arc’s Where39 is an easy way to encrypt meeting places in plain text communication by assigning every square meter in the world with four words. Originally building on the service What Three Words, Arc’s version uses the most distributed word list in the world which every Bitcoiner has heard of in one way or another, as it is also used to generate our passphrases: the BIP39 word list.

For example, if I wanted to meet a friend for coffee at Francis Place, on the corner of Edinburgh Drive near Clayton University in St. Louis, Missouri,, I’d text them “Rapid Thing Carry Kite.” My coffee date could then look up the location via the Where39 map, without the plain text being detected as an address.

Encrypting Messages To Dedicated Recipients With PGP

When texting with friends, we assume that our messages are only read by us as the senders, and our counterparties as the receivers. Unfortunately, when messages are sent via unencrypted messengers, anyone with access to the servers or one of the sending or receiving parties’ devices may read these messages as well.

As the EARN IT act makes it incredibly risky for service providers to offer in-app encryption mechanisms, this is where PGP comes into play for anyone wanting to keep their messages private: Military-grade encryption which can only be deciphered by those holding the private key to decipher communications.

PGP, short for Pretty Good Privacy, was invented by Phil Zimmerman in 1991, and has seen its fair share of government combating in the past. With PGP, we assign ourselves secret keys used to encrypt and decrypt messages, so that only those in control of the secret keys are able to read what we have written. This way, I can copy/paste an encrypted message into any unencrypted messenger, while keeping it unreadable for third-party adversaries.

Here’s an example of an encrypted message I have sent to a friend via Telegram, which is only readable for the person holding the secret key to decrypt it:

—–BEGIN PGP MESSAGE—–

hQIMA0Y84L8CE6YzAQ/9GzF8eO0sj+2QJ9CNn8p7IJfA+iCB1IbUFQwQkiefxoQe

K7XXVKX2V9HnOMaQH66VuweqGqq8TVqUVil4xvHfWOiX/ytvQC3D9zaEz3hsX8qB

WFVAQL37wBAMSjefb73VqnV7Fiz5K5rWzxT5IdimICpHEkei7PQ2ccy4hGnBWh3z

f4HWBMruO3U4Lf8SPAwHOJhvCSCBz0wkk6IQC9sQnzFv0bcEmZ4NvU8k/Ke6GER3

94xbJu+GEXST9CGoGZviJL+48lNwWfIrtro1rCVdqZJE/gyS557VKJXkxWj06D1U

6+2aG64ELMqvlxjbjUAVr5oumtz2WWPwRU4mVuuYq2s90ooWd0x1YqvAFsL8jJqu

jtyEQounGdHMbALRK9QBXQqEm5izxNIH4Wlrvj+OcgBBNsbyRhBV6o7IE49onVBC

PdqjDSrbk6He42DRoRrBmpaYwhEQwSsp/yRhcjJg49sDp7YHBwu9TqZGSc8/WxJx

VlLyW94dmmL7Es/hqcW+/tt35sQyasjQExXIiYNm9mDSNQg2ebMwi5+yDalwMTW5

lgrM4GMiTKjC2rMM8X1gpcfkPX+SjsN44RaCxLGwuZauBmaq6emol1OE3bGNmAri

9UMDRoV/9450e0BHz3RgPjzldLohThIAgf6OvbNIQFoc0NOlSzVZ7xpZsp6EpJjS

QwGXJ/zqRLSLncumZreunbv6Bs98zidS1cfvK5abHMgioS+2J5bSnsaxGrALkVRK

i6KJaJWcGVTBckPpfdWuPu/AzJo=

=J55a

—–END PGP MESSAGE—–

PGP will likely be the most powerful tool to circumvent the EARN IT act when it comes to keeping our communications private. To generate your own PGP keys, you first need to install the GnuPG software. This is most easily done via terminal on Linux, by running “sudo apt-get install gnupg.” Next, you generate your keys by running “gpg –gen-key” and adding an alias, like an email address to your key.

To check whether your keys have been generated, run “gpg –list-keys.” Next, you export your keys via “gpg –output public.pgp –armor –export [your alias, which you can find via gpg –list-keys]” and “–output private.pgp –armor –export [your alias, which you can find via gpg –list-keys].” Make sure to never share your private keys with anyone, and to keep the keys safely stored in a password-protected folder. Once you’ve lost access to your private keys, or to the passphrase you’ve been prompted to generate for your keys, you will not be able to access messages sent to you which are encrypted toward the keys in question.

Next, you should share your public key with people you’d like to communicate with via PGP, so that those parties can encrypt messages that are only readable by the person holding your private key (which is hopefully only you). The easiest way to do this is to upload your public key file to a public key server, such as keys.openpgp.org, via its web UI. You can also share the fingerprint of your keys in your social media profiles or on your website.

To find the fingerprint for your key, run “gpg –list-keys” again, and select the long string of letters and numbers appearing under the “pub” section. If the entire string is too long to share, for example in your Twitter bio, you can also share your short fingerprint, which consists of the last 16 characters of your fingerprint. People who’d like to send you an encrypted message can now find your public key via the terminal command “gpg –recv-keys [fingerprint].” But remember: A PGP key which you’ve retrieved online does not guarantee that this key actually belongs to the person you’re wanting to communicate with. The safest way to receive someone’s keys will always be in person.

Let’s use PGP to send an encrypted message to me. In your terminal, import my keys via “gpg –recv-keys C72B398B7C048F04.” If you’ve configured to access your keys via a different keyserver than openpgp, then run “gpg –keyserver hkps://keys.openpgp.org –recv-keys C72B398B7C048F04.” Now, run “gpg –list-keys” to check whether the key import was successful. To encrypt a message for me, run the command “gpg -ae -r [my alias, which you can find via gpg –list-keys]” and hit “enter.” Write whatever it is you’d like to share with me in plain text, such as “Hello PGP,” then end the message with “ctrl+d.” Next, a PGP message block should appear on your screen. Copy/paste this message including “BEGIN PGP MESSAGE” and “END PGP MESSAGE” into any public forum or messenger of your choice, sending an encrypted message over the open internet, only readable by its designated recipient. For example, you could now send this message to me via Twitter direct message, post it publicly on GitHub or share it in a public Telegram group of which I am a part.

Once I’ve received your message, I will send you a message back via PGP. For me to be able to send you an encrypted message back, make sure that your message includes your PGP fingerprint. The easiest way to do this is to include it in your encrypted message. When you receive an encrypted message back, you can decrypt it by running “gpg -d” in your terminal and copy/pasting the encrypted message, including “BEGIN PGP MESSAGE” and “END PGP MESSAGE.” The message should then be resolved to plain text. Et voila, you are now set to communicate in private with your counterparties over the open internet, giving law enforcement no chance to surveil the contents of your communication.

Conclusion

It can be assumed that our technocratic overlords will continue to increase pressure to deanonymize communication over the open internet in the years to come. Proposals such as the EARN IT Act will only be the first steps.

But as the cypherpunks had proven in the 1990s, encryption is speech and it is impossible to ban. As long as we resort to informing ourselves on the possibilities of private communication, there is no way for governments and big tech to stop us from cutting them out of the picture, and enacting our right to the freedom of speech across all communication channels.

Privacy notice: This article only gives an overview of encryption mechanisms for beginners. If you are dealing with sensitive data, it makes sense to inform yourself further on more secure handlings of PGP, such as managing GPG via Tor and encrypting and decrypting messages via air-gapped devices.

This is a guest post by L0la L33tz. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

Filed Under: Bitcoin Magazine, Communication, encryption, English, Feature, PGP, privacy, Regulation, surveillance, technical

The Quest For Digital Cash

13/10/2021 by Idelto Editor

How Satoshi Nakamoto’s Bitcoin project married the concepts of digital cash and digital gold and how pioneering cryptographer Adam Back continues the work of making it a better tool for freedom.

One summer day in August 2008, Adam Back got an email from Satoshi Nakamoto.

It was the first time Nakamoto had reached out to anyone about a new project that the pseudonymous programmer or group of programmers called Bitcoin. The email described a blueprint for what a group of privacy advocates known as the cypherpunks considered the Holy Grail: decentralized digital cash.

By the mid-2000s, cryptographers had for decades tried to create a digital form of paper cash with all of its bearer asset and privacy guarantees. With advances in public-key cryptography in the 1970s and blind signatures in the 1980s, “e-cash” became less of a science fiction dream read about in books like “Snowcrash” or “Cryptonomicon” and more of a possible reality.

Censorship-resistance was a key goal of digital cash, which aimed to be money beyond the reach of governments and corporations. But early projects suffered from a seemingly inescapable flaw: centralization. No matter how much cutting-edge math went into these systems, they ultimately still relied on administrators who could block certain payments or inflate the monetary supply.

More “ecash” advances occurred in the late 1990s and early 2000s, each one making a critical step forward. But before 2008, a vexing computing riddle prevented the creation of a decentralized money system: the Byzantine Generals Problem.

Imagine that you are a military commander trying to invade Byzantium hundreds of years ago during the Ottoman Empire. Your army has a dozen generals, all posted in different locations. How do you coordinate a surprise attack on the city at a certain time? What if spies break through your ranks and tell some of your generals to attack sooner, or to hold off? The entire plan could go awry.

The metaphor translates to computer science: How can individuals who are not physically with each other reach consensus without a central coordinator?

For decades, this was a major obstacle for decentralized digital cash. If two parties could not precisely agree on the state of an economic ledger, users could not know which transactions were valid, and the system could not prevent double-spending. Hence all ecash prototypes needed an administrator.

The magic solution came in the form of a mysterious post on an obscure email list on Friday, October 31, 2008, when Nakamoto shared a white paper, or concept note, for Bitcoin. The subject line was “Bitcoin P2P e-cash paper” and the author wrote, “I’ve been working on a new electronic cash system that’s fully peer-to-peer, with no trusted third party.”

Satoshi Nakamoto’s email announcing Bitcoin. Source.

To solve the Byzantine Generals Problem and issue digital money without a central coordinator, Nakamoto proposed to keep the economic ledger in the hands of thousands of individuals around the world. Each participant would hold an independent, historical, and continually-updating copy of all transactions that Nakamoto originally called a timechain. If one participant tried to cheat and “double-spend,” everyone else would know and reject that transaction.

After raising eyebrows and objections with the white paper, Nakamoto incorporated some final feedback and, a few months later on January 9, 2009, launched the first version of the Bitcoin software.

Today, each Bitcoin is worth more than $55,000. The currency boasts a daily transaction total greater than most countries’ daily GDP and a total market capitalization of more than $1 trillion. Nakamoto’s creation is used by more than 100 million people across nearly every country on earth and has been adopted by Wall Street, Silicon Valley, D.C. politicians, and even nation-states.

But in the beginning, Nakamoto needed help, and the first person they reached out to for assistance was Adam Back.

I. The Birth Of The Cypherpunks

Back was one of the cypherpunks, students of computer science and distributed systems in the 1980s and 1990s who wanted to preserve human rights like the right to associate and the right to communicate privately in the digital realm. These activists knew that technologies like the internet would eventually give enormous power to governments and believed cryptography could be the individual’s best defense.

The original cypherpunks: Tim May, Eric Hughes and John Gilmore. Source.

By the early 1990s, states realized that they were sitting on an ever-growing treasure trove of personal data from their citizens. Information was often collected for innocuous reasons. For example, your Internet Service Provider (ISP) might collect a mailing address and phone number for billing purposes — but then hand this identifying information along with your web activity to law enforcement without a warrant.

The collection and analysis of this kind of data spawned the era of digital surveillance and eavesdropping, which, two decades later, led to the intricate and highly-unconstitutional war on terror programs that would eventually be leaked to the public by the NSA whistleblower Edward Snowden.

In his 1983 book “The Rise Of The Computer State,” New York Times journalist David Burnham warned that computerized automation could lead to an unprecedented level of surveillance. He argued that in response, citizens should demand legal protections. The cypherpunks, on the other hand, thought the answer was not to lobby the government to create better policy but instead to invent and use technology that the government could not stop.

The cypherpunks harnessed cryptography to trigger social change. The idea was deceptively simple: political dissidents from across the world could gather online and work together pseudonymously and freely to challenge state power. Their call to arms was: “Cypherpunks write code.”

Once the exclusive domain of militaries and spy agencies, cryptography was brought into the public world in the 1970s through academics like Ralph Merkle, Whitfield Diffie and Martin Hellman. At Stanford University in May 1975, this trio had a eureka moment. They figured out how two people could trade private messages online without needing to trust a third party.

One year later, Diffie and Hellman published “New Directions In Cryptography,” a seminal work that laid out this private messaging system that would become key to defeating surveillance. The paper described how citizens could encrypt and send digital messages without fear of snooping governments or corporations figuring out the contents:

“In a public-key cryptosystem enciphering and deciphering are governed by distinct keys, E and D, such that computing D from E is computationally infeasible (e.g. requiring 10100 instructions). The enciphering key E can be disclosed [in a directory] without compromising the deciphering key D. This enables any user of the system to send a message to any other user enciphered in such a way that only the intended recipient is able to decipher it.”

In simple terms, Alice can have a public key that she posts online. If Bob wants to send a private message to Alice, he can look up her public key, and use it to encrypt the message. Only she can decrypt the note and read the text inside. If a third party, Carol, does not have the private key (think: password) for the message, she cannot read the contents. This simple innovation changed the entire information power balance of individuals versus governments.

When Diffie and Hellman’s paper was published, the U.S. government, through the NSA, tried to prevent the spread of its ideas, even writing a letter to a cryptography conference at the time, warning the participants that their participation might be illegal. But after activists printed hard copies of the paper and distributed them around the country, the Feds backed off.

In 1977, Diffie, Hellman, and Merkle would file U.S. patent number 4200770 for “public-key cryptography,” an invention that created the foundation for email and messaging tools like Pretty Good Privacy (PGP) and today’s popular Signal mobile app.

It was the end of government control of cryptography and the beginning of the cypherpunk revolution.

II. The List

The word “cypherpunk” did not appear in the Oxford English Dictionary until 2006, but the community began gathering much earlier.

In 1992, one year after the public release of the world wide web, early Sun Microsystems employee John Gilmore, privacy activist Eric Hughes, and former Intel engineer Timothy May started to meet up in San Francisco to discuss how cryptography could be used to preserve freedom. That same year, they launched the Cypherpunks Mailing List (or “The List” for short), where the ideas behind Bitcoin were developed and eventually published by Nakamoto 16 years later.

Eric Hughes’s email announcing The List. Source.

On “The List,” cypherpunks like May wrote about how monarchies in the late Middle Ages were disrupted by the invention of the printing press, which democratized access to information. They debated how the creation of the open internet and cryptography could democratize privacy technology and disrupt the seemingly inevitable trend toward a global surveillance state.

Like many cypherpunks, Back’s college education was in computer science. But, serendipitously, he first studied economics between the ages of 16 and 18, and afterward, added a Ph.D. in distributed systems. If anyone was adequately trained to one day become a Bitcoin scientist, it was Back.

While he studied computer science in London in the early 1990s, he learned that one of his friends was working on speeding up computers to run faster encryption techniques. Through his friend, Back learned about the public-key encryption invented 15 years earlier by Diffie and Hellman.

Back thought this was a historic shift in the relationship between governments and individuals. Now citizens could communicate electronically in a way that no government could decrypt. He resolved to learn more, and his curiosity eventually led him to The List.

During the mid-1990s, Back was an avid participant on The List, which at its peak, was populated by dozens of new messages every day. By Back’s own account, he was the most active contributor at times, addicted to the cutting-edge conversations of the era.

Back was struck by how the cypherpunks wanted to change society by using code to peacefully create systems that could not be stopped. In 1993, Hughes wrote the movement’s seminal short essay, “A Cypherpunk’s Manifesto”:

“Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn’t want the whole world to know, but a secret matter is something one doesn’t want anybody to know. Privacy is the power to selectively reveal oneself to the world…

“…We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. We must defend our own privacy if we expect to have any. We must come together and create systems, which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.

“We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.

“Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can’t get privacy unless we all do, we’re going to write it… Our code is free for all to use, worldwide. We don’t much care if you don’t approve of the software we write. We know that software can’t be destroyed and that a widely dispersed system can’t be shut down.”

This kind of thinking, Back thought, was what actually changes society. Sure, one could lobby or vote, but then society changes slowly, lagging behind government policy.

The other way, Back’s preferred strategy, was bold, permissionless change through inventing new technology. If he wanted change, he thought, he just had to make it happen.

III. The Crypto Wars

The original enemies of the cypherpunks were governments trying to stop citizens from using encryption. Back and friends thought that privacy was a human right. On the other hand, nation-states were petrified that citizens would create code allowing them to escape oversight and control.

Authorities doubled down on old military standards — which classified cryptography alongside fighter jets and aircraft carriers as munitions — and tried to ban export of encryption software to kill its use globally. The aim was to scare people away from using privacy tech. The conflict became known as the “Crypto Wars,” and Back was a frontline soldier.

Back knew that the big picture effects of such a ban would cause many U.S. jobs to move offshore, and force vast amounts of sensitive information to remain unencrypted. But the Clinton Administration was not looking ahead, just at what was directly in front of it. And its biggest target was a computer scientist named Phil Zimmerman, who had in 1991 released the first consumer-level secret messaging system, called Pretty Good Privacy, or “PGP” for short.

In the mid-1990s, WIRED covered the cypherpunks in a detailed profile:

View the 4 images of this gallery on the original article

PGP was an easy way for two individuals to communicate privately using PCs and the new world wide web. It promised to democratize encryption to millions of people and end the state’s decades-long control over private messaging.

As the face of the project, however, Zimmerman came under attack from corporations and governments. In 1977, three Massachusetts Institute of Technology (MIT) scientists named Rivest, Shamir, and Adelman, implemented Diffie and Hellman’s ideas into an algorithm called RSA. MIT later issued a license for the patent to a businessman named Jim Bidzos and his company, RSA Data Security.

The cypherpunks were uneasy with such a vital toolkit being controlled by one entity, having a single point of failure, but all through the 1980s, licensing and fear of being sued had largely prevented them from releasing new programs based on the code.

At first, Zimmerman asked Bidzos for a free license for the software, but was denied. In defiance, Zimmerman released PGP as “guerilla freeware,” disseminating it through floppy disks and internet message boards. A young cypherpunk by the name of Hal Finney — who would later play a major role in the Bitcoin story — joined Zimmerman, helping to push the project forward. A 1994 WIRED feature hailed Zimmerman’s brazen release of PGP as a “pre-emptive strike against such an Orwellian future.”

Bidzos called Zimmerman a thief and mounted a campaign to halt the spread of PGP. Zimmerman eventually used a loophole to put out a new PGP version, which piggybacked on code that Bidzos had released for free, defusing the corporate threat.

But the federal government ultimately decided to investigate Zimmerman for exporting “munitions” under the Arms Control Export Act. In defense, Zimmerman argued that he was merely enacting his First Amendment rights of free speech by sharing open-source code.

At the time, the Clinton Administration argued that Americans had no right to encrypt. They pushed for legislation to force companies to install backdoors (“clipper chips”) into their equipment so that the State could have a skeleton key to any message these chips encrypted. Led by White House officials and congressmen like Joe Biden, they argued that cryptography would empower criminals, pedophiles and terrorists.

The cypherpunks rallied to support Zimmerman, who became a cause célèbre. They argued that anti-encryption laws were incompatible with U.S. traditions of free speech. The activists started to print the PGP source code in books and mail them overseas. Via the publishing of the code in printed form, Zimmerman and others theorized they could legally circumvent anti-munitions restrictions. Recipients would scan the code, reconstitute it, and run it, all to prove the point: you cannot stop us.

Back wrote short pieces of source code that any programmer could turn into a fully-functional privacy toolkit. Some activists tattooed snippets of this code on their bodies. Back famously started selling t-shirts with the code on the front and a piece of the U.S. Bill of Rights with “VOID” stamped over it on the back.

Adam Back’s “crypto” t-shirt. Source. 

Activists finally sent a book containing the controversial code to the U.S. government’s Office of Munitions Control, asking if it could share it abroad. They never got a response. The cypherpunks guessed that the White House would never ban books, and in the end, they were right.

In 1996, the U.S. Department of Justice dropped its charges against Zimmerman. The pressure to force companies to use “clipper chips” subsided. Federal judges argued that encryption was a right protected by the First Amendment. Anti-cryptography standards were overturned, and encrypted messaging became a core part of the open web and e-commerce. PGP became “the most widely used email encryption software in the world.”

Today, companies and apps ranging from Amazon to WhatsApp and Facebook rely on encryption to secure payments and messages. Billions of people benefit. Code changed the world.

Back is self-deprecating and said that it is hard to say if his activism in particular made a difference. But certainly, the fight that the cypherpunks mounted was one of the main reasons that the U.S. government lost the Crypto Wars. The authorities tried to stop the code and failed.

This realization would loom large in Back’s mind 15 years later, in the summer of 2008, as he worked through that first email from Nakamoto.

IV. From DigiCash To Bit Gold

As the computing historian Steven Levy said in 1993, the ultimate crypto tool would be “anonymous digital money.” Indeed, after winning the fight for private communications, the next challenge for the cypherpunks was to create digital cash.

Some cypherpunks were crypto-anarchists — deeply skeptical of the modern democratic state. Others believed it was possible to reform democracies to preserve individual rights. No matter what side they took, many considered digital cash to be the Holy Grail of the cypherpunk movement.

In the 1980s and 1990s, major steps were taken in the right direction, both culturally and technically, toward digital cash. From a cultural perspective, science fiction authors like Neal Stephenson captured the imagination of computer scientists around the world with depictions of future societies — where cash was gone — and different kinds of digital e-bucks were the currency du jour. At a time when credit cards and digital payments were already on the rise, there was a nostalgia for the privacy involved in making a cash payment, where the merchant does not know, store, or sell any information about the customer.

On the technical front, a cryptography scholar at the University of California, Berkeley named David Chaum took the powerful idea of public-key encryption and started to apply it to money.

eCash inventor David Chaum. Source.

In the early 1980s, Chaum invented blind signatures, a key innovation in the evolution of being able to prove ownership of a piece of data without revealing its provenance. In 1985, he published “Security Without Identification: Transaction Systems To Make Big Brother Obsolete,” a prescient paper that explored how the growth of the surveillance state could be slowed through private digital payments.

A few years later in 1989, Chaum and friends moved to Amsterdam, applied theory to practice, and launched DigiCash. The company aimed to allow users to convert euros and dollars into digital cash tokens. Bank credits could be turned into “eCash” and sent to friends outside of the banking system. They could store the new currency on their PC, for instance, or cash them out. The software’s strong encryption made it impossible for authorities to trace the money flow.

In a 1994 profile of DigiCash at its heyday, Chaum said that goal was to “catapult our currency system into the 21st century… in the process, shattering the Orwellian predictions of a Big Brother dystopia, replacing them with a world in which the ease of electronic transactions is combined with the elegant anonymity of paying in cash.”

Back said that cypherpunks like him were initially excited about eCash. It prevented outside observers from knowing who had sent how much to whom. And the tokens resembled cash in as much as they were bearer instruments that users controlled.

Chaum’s personal philosophy also resonated with the cypherpunks. In 1992, he wrote that mankind was at a decision point, where “in one direction lies unprecedented scrutiny and control of people’s lives; in the other, secure parity between individuals and organizations. The shape of society in the next century,” he wrote, “may depend on which approach predominates.”

DigiCash, however, failed to get the right funding, and later that decade went bankrupt. For Back and others, this was a big lesson: digital cash needed to be decentralized, without a single point of failure.

Back had personally gone to great lengths to preserve privacy in society. He once ran a “mixmaster” service to help people keep their communications private. He would accept incoming email and forward it along in a way that was not traceable. To make it hard to figure out that he was running the service, Back rented a server from a friend in Switzerland. To pay him from London, he would mail physical cash. Eventually, the Swiss Federal Police showed up at his friend’s office. The next day, Back shut down his mixer. But the dream of digital cash kept burning in his mind.

Centralized digital money could fail operationally, come under regulatory capture, or go bankrupt, à la DigiCash. But its biggest vulnerability is monetary issuance dictated by a trusted third party.

On March 28, 1997, after years of reflection and experimentation, Back invented and announced Hashcash, an anti-spam concept later cited in Nakamoto’s white paper that would prove foundational for Bitcoin mining. Hashcash would eventually enable financial “proof of work”: a currency that needed the expenditure of energy to produce new monetary units, thus making money harder and fairer.

Governments historically have frequently abused their monopolies on the issuance of money. Tragic examples include ancient Rome, Weimar Germany, Soviet Hungary, the Balkans in the 1990s, Mugabe’s Zimbabwe, and the 1.3 billion people today living under double, triple, or quadruple digit inflation everywhere from Sudan to Venezuela.

Against this backdrop, cypherpunk Robert Hettinga wrote in 1998 that properly decentralized digital cash would mean that economics would no longer have to be “the handmaiden of politics.” No more making new huge amounts of new cash with the click of a button.

One vulnerability of Hashcash was that if someone tried to design a currency with its anti-spam mechanism, users with faster computers could still cause hyperinflation. A decade later, Nakamoto would solve this issue with a key innovation in Bitcoin called the “difficulty algorithm,” where the network would reset the difficulty of minting coins every two weeks based on the total amount of power spent by the users on the network.

In 1998, the computer engineer Wei Dai released his b-money concept. B-money was “an anonymous, distributed electronic cash system,” and it proposed a “scheme for a group of untraceable digital pseudonyms to pay each other with money and to enforce contracts amongst themselves without outside help.”

Dai was inspired by Back’s work with Hashcash, incorporating proof of work into b-money’s designs. While the system was limited and turned out to be impractical, Dai left behind a series of writings that echoed Hughes, Back, and others.

In February 1995, Dai sent an email to The List, making a case for technology, not regulation, as the savior of our future digital rights:

“There has never been a government that didn’t sooner or later try to reduce the freedom of its subjects and gain more control over them, and there probably never will be one. Therefore, instead of trying to convince our current government not to try, we’ll develop the technology… that will make it impossible for the government to succeed.

“Efforts to influence the government (e.g., lobbying and propaganda) are important only in so far as to delay its attempted crackdown long enough for the technology to mature and come into wide use.

“But even if you do not believe the above is true, think about it this way: If you have a certain amount of time to spend on advancing the cause of greater personal privacy (or freedom, or cryptoanarchy, or whatever), can you do it better by using the time to learn about cryptography and develop the tools to protect privacy, or by convincing your government not to invade your privacy?”

That same year, in 1998, an American cryptographer named Nick Szabo proposed bit gold. Building off of the ideas of other cypherpunks, Szabo proposed a parallel financial structure whose token would have its own value proposition, separate from the dollar or the euro. Having worked at DigiCash, and seen the vulnerabilities of a centralized mint, he thought gold was a worthwhile asset to try to replicate in the digital space.

Bit gold was important because it finally linked the ideas of monetary reform and hard money to the cypherpunk movement. It tried to make the “provable costliness” feature of gold digital. A gold necklace, for example, proves that the owner either expended significant time and energy and resources to dig that gold out of the ground and make it into jewelry, or paid a lot of money to buy it. Szabo wanted to bring provable costliness online. Bit gold was never implemented, but it continued to inspire the cypherpunks.

The next few years saw the rise of e-commerce, the dot-com bubble, and then the emergence of today’s internet mega-corporations. It was a busy and explosive time online. But there was not another major advancement in digital cash for five years. This points to the fact that first, there were not many people working on this idea, and second, making it all work was extraordinarily challenging.

In 2004, former PGP contributor Finney finally announced reusable proof of work, or “RPOW” for short. This was the next major innovation in the path toward Bitcoin.

RPOW took the idea of bit gold and added a network of open-source servers to verify transactions. One could attach some bit gold to an email, for example, and the recipient would acquire a bearer asset with provable costliness.

While Finney launched RPOW in a centralized fashion on his own server, he had plans to eventually decentralize the architecture. These were all key steps toward Bitcoin’s foundation, but a few more puzzle pieces still needed to slide into place.

V. Running Bitcoin

In 1999, Back finished his Ph.D. in distributed systems and began work in Canada for a company called Zero Knowledge Systems. There, he helped build the Freedom Network, a tool that allowed individuals to browse the web privately. Back and his colleagues used what are known as “zero-knowledge proofs” (based on Chaum’s blind signatures) to encrypt communications over this network, and sold access to the service.

Back, as it turns out, was also ahead of his time on this key innovation. In 2002, computer scientists improved on Zero Knowledge System’s model by taking a U.S. government private web browsing project called “onion routing” open source. They called it the Tor Network, and it inspired the age of the virtual-private networks (VPNs). It remains the gold standard for private web browsing today.

In the early and mid-2000s, Back finished his work at Zero Knowledge Systems, was recruited by Microsoft for a short stint as a cybersecurity researcher, and then joined a new startup doing peer-to-peer encrypted collaboration software. All the while, Back kept the idea of digital cash in the back of his mind.

When the email from Nakamoto arrived in August 2008, Back was intrigued. He read it carefully and responded, suggesting that Nakamoto look into a few other digital money systems, including Dai’s b-money.

On October 31, 2008, Nakamoto published the Bitcoin white paper on The List. The first sentence promised the dream that so many had chased: “a purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution.” Back’s Hashcash, Dai’s b-money, and earlier cryptography research were all cited.

As digital cash historian Aaron van Wirdum wrote, “in Bitcoin, Hashcash killed two birds with one stone. It solved the double-spending problem in a decentralized way, while providing a trick to get new coins into circulation with no centralized issuer.” He noted that Back’s Hashcash was not the first ecash system, but a decentralized electronic cash system “might have been impossible without it.”

On January 9, 2009, Nakamoto launched the first version of the Bitcoin software. Finney was one of the first to download the program and experiment with it, as he was excited that someone had continued his work from RPOW.

On January 10, Finney posted the famous tweet: “Running bitcoin.” The peaceful revolution had begun.

Hal Finney’s “Running Bitcoin” tweet. Source. 

VI. The Genesis Block

In February 2009, Nakamoto summarized the ideas behind Bitcoin on a peer-to-peer tech community message board:

“Before strong encryption, users had to rely on password protection to keep their information private. Privacy could always be overridden by the admin based on his judgement call weighing the principle of privacy against other concerns, or at the behest of his superiors. Then strong encryption became available to the masses, and trust was no longer required. Data could be secured in a way that was physically impossible for others to access, no matter what reason, no matter how good the excuse, no matter what.

“It’s time we had the same thing for money. With e-currency based on cryptographic proof, without the need to trust a third-party middleman, money can be secure and transactions effortless. One of the fundamental building blocks for such a system is digital signatures. A digital coin contains the public key of its owner. To transfer it, the owner signs the coin together with the public key of the next owner. Anyone can check the signatures to verify the chain of ownership. It works well to secure ownership, but leaves one big problem unsolved: double-spending. Any owner could try to re-spend an already spent coin by signing it to another owner. The usual solution is for a trusted company with a central database to check for double-spending, but that just gets back to the trust model. In its central position, the company can override the users…

“Bitcoin’s solution is to use a peer-to-peer network to check for double-spending… The result is a distributed system with no single point of failure. Users hold the crypto keys to their own money and transact with each other, with the help of the P2P network to check for double-spending.”

Nakamoto had stood on the shoulders of Diffie, Chaum, Back, Dai, Szabo, and Finney and forged decentralized digital cash.

The key, in retrospect, was to combine the ability to make private transactions outside of the banking system with the ability to hold an asset that could not be debased via political interference.

This last feature was not top of mind for the cypherpunks before the late 1990s. Szabo had certainly aimed for it with bit gold, and others inspired by Austrian economists like Fredrich Hayek and Murray Rothbard had long discussed getting the creation of money out of government hands. Still, generally, cypherpunks had prioritized privacy over monetary policy in early visions of digital cash.

The ambivalence towards monetary policy shown by privacy advocates is still evident today. Many left-leaning civil liberties groups that have protected American digital rights over the past two decades have either ignored or been outright hostile to Bitcoin. The 21 million-coin limit, scarcity, and “hard money” qualities proved foundational to achieving privacy through digital cash. Yet, digital rights advocacy groups have largely not recognized nor celebrated the role that proof of work and an unchanging monetary policy can play in protecting human rights.

To underline the primary importance of scarcity and predictable monetary issuance in the making of digital cash, Nakamoto released Bitcoin not after a government surveillance scandal, but in the wake of the Global Financial Crisis and ensuing money printing experiments of 2007 and 2008.

The first record in Bitcoin’s blockchain is known as the Genesis Block, and it is a political rallying cry. Right there in the code is a message worth pondering: “The Times / 03 Jan / 2009 Chancellor on brink of second bailout for banks.”

Bitcoin Genesis Block: Chancellor on brink of second bailout for banks. Source. 

The message refers to a headline in The Times of London, describing how the British government was in the process of bailing out a failing private sector through increasing both sides of its balance sheet. This was part of a broader global movement where central banks created cash for commercial banks out of thin air, and in return acquired assets ranging from mortgage-backed securities to corporate and sovereign debt. In the U.K., the Bank of England was printing more money to try to save the economy.

Nakamoto’s Genesis statement was a challenge to the moral hazard created by the Bank of England, which was functioning as a lender of last resort for British companies that had followed reckless policies and were now in danger of going bankrupt.

The average Londoner would be the one to pay the price during a recession, whereas the Canary Wharf elite would find ways to protect their wealth. No British bankers would go to prison during the Great Financial Crisis, but millions of lower- and middle-class British citizens suffered. Bitcoin was more than just digital cash, it was an alternative to central banking.

Nakamoto did not think highly of the model of bureaucrats increasing debt to save ever-more financialized economies. As they wrote:

“The root problem with conventional currency is all the trust that’s required to make it work. The central bank must be trusted not to debase the currency, but the history of fiat currencies is full of breaches of that trust. Banks must be trusted to hold our money and transfer it electronically, but they lend it out in waves of credit bubbles with barely a fraction in reserve.”

Nakamoto launched the Bitcoin network as a competitor to central banks, offering the automation of monetary policy and eliminating the smoky back rooms where small handfuls of elites would make decisions about public money for everyone else.

VII. An Engineering Marvel

Initially, Back was impressed by Bitcoin. He read a technical field report that Finney published in early 2009 and realized Nakamoto had solved many of the problems that had previously prevented the creation of an effective digital cash. What perhaps impressed Back most, and made the Bitcoin project stronger than any he had ever seen, was that sometime in early 2011, Nakamoto vanished forever.

In 2009 and 2010, Nakamoto posted updates, discussed tweaks and improvements to Bitcoin, and shared their thoughts on the future of the network, mainly on an online forum called Bitcointalk. Then, one day, they disappeared, and have never been conclusively heard from since.

At the time, Bitcoin was still a nascent project, and Nakamoto was still conceivably a central point of failure. In late 2010, they were still acting as a benevolent dictator. But by removing themselves — and giving up a lifetime of fame, fortune, and awards — they made it impossible for governments to be able to damage the network by arresting or manipulating its creator.

Before leaving, Nakamoto wrote:

“A lot of people automatically dismiss e-currency as a lost cause because of all the companies that failed since the 1990s. I hope it’s obvious it was only the centrally controlled nature of those systems that doomed them. I think this is the first time we’re trying a decentralized, non-trust based system.”

Back agreed. Beyond being struck by the way Nakamoto revealed Bitcoin and then disappeared, he was especially intrigued by Bitcoin’s monetary policy, which was programmed to issue a smaller and smaller amount of coins each year until the 2130s, when the last bitcoin would be released and no further bitcoin would be issued. The total number of coins was set in stone at just shy of 21 million.

Every four years, the new Bitcoin provided to winning miners as part of the block reward would be cut in half, in an event now celebrated as the “halving.”

Bitcoin’s predictable issuance. Source.

When Nakamoto was mining bitcoin in early 2009, the subsidy was 50 bitcoin. The subsidy dropped to 25 in 2012, 12.5 in 2016, and 6.25 in April 2020. As of late 2021, nearly 19 million bitcoin have been mined, and by 2035, 99% of all bitcoin will be distributed.

The remainder will be distributed over the following century, as a lingering incentive to miners, who over time must shift to making their profit from transaction fees instead of the ever-shrinking subsidy.

Even in 2009, Nakamoto, Finney, and others speculated that Bitcoin’s unique “hard-capped” monetary policy with a limit of 21 million total coins could make the currency extremely valuable if it one day took off.

In addition to the innovative monetary policy, Back thought the so-called “difficulty algorithm” was also a significant scientific breakthrough. This trick addressed a concern Back had originally had for Hashcash, where users with faster computers could overwhelm the system. In Bitcoin, Nakamoto prevented this from happening by programming the network to reset the difficulty required to successfully mine a block every two weeks, based on how long mining the last two weeks took.

If the market crashed, or some catastrophic event happened (for example, when the Chinese Communist Party kicked half the world’s Bitcoin miners offline in May 2021), and the total global amount of energy spent mining Bitcoin (the “hash rate”) went down, it would take longer than normal to mine blocks.

However, with the difficulty algorithm, the network would shortly compensate, and make mining easier. Conversely, if the global hash rate went up, perhaps if a more efficient piece of equipment were invented, and miners found blocks too quickly, the difficulty algorithm would shortly compensate. This seemingly-simple feature gave Bitcoin resilience and has helped it survive massive seasonal mining turmoil, precipitous price crashes, and regulatory threats. Today, Bitcoin’s mining infrastructure is more decentralized than ever.

These innovations made Back think that Bitcoin could potentially succeed where other digital currency attempts had failed. However, one glaring problem remained: Bitcoin was not very private.

VIII. Bitcoin’s Privacy Problem

For the cypherpunks, privacy was a key goal. Previous iterations of e-cash, like the one produced by DigiCash, had even made the tradeoff of achieving privacy by sacrificing decentralization. There could be immense privacy in these systems, but users had to trust the mint and were at risk of censorship and devaluation.

In creating an alternative to the mint, Nakamoto was forced to rely on an open ledger system, where anyone could publicly view all transactions. It was the only way to ensure auditability, but it sacrificed privacy. Back says that he still thinks this was the right engineering decision.

There had been more work done in the area of private digital currencies since DigiCash. In 1999, security researchers published a paper called “Auditable Anonymous Electronic Cash,” around the idea of using zero-knowledge proofs. More than a decade later, the “Zerocoin” paper was published as an optimization of this concept. But to try to achieve perfect privacy, these systems made tradeoffs.

The math required for these anonymous transactions was so complicated that it made each transaction very large and each spend very time-consuming. One reason Bitcoin works so well today is that the average transaction is just a couple of hundred bytes. Anyone can cheaply run a full node at home and keep track of Bitcoin’s history and incoming transactions, keeping power over the system in the hands of users. The system does not rely on a few supercomputers. Rather, regular computers can store the Bitcoin blockchain and transmit transaction data at low cost because data use is kept to a minimum.

If Nakamoto had used a Zerocoin-type model, each transaction would have been more than 100 kilobytes, the ledger would have grown huge, and only a handful of people with specialized datacenter equipment could have run a full node, introducing the possibility for collusion, censorship, or even a small group of people deciding to increase the monetary supply beyond 21 million. As the Bitcoin community mantra asserts, “don’t trust, verify.”

Back said that he is, in retrospect, glad that he did not mention the 1999 paper to Nakamoto in his emails. Creating decentralized digital cash was the most crucial part: privacy, he thought, could be programmed in later.

By 2013, Back decided Bitcoin had demonstrated enough stability to be the foundation for digital cash. He realized he could take some of his applied cryptography experience and help make it more private. Around this time, Back started spending 12 hours a day reading about Bitcoin. He said that he lost track of time, barely ate, and barely slept. He was obsessed.

That year, Back suggested a few key ideas to the Bitcoin developer community on channels like IRC and Bitcointalk. One was changing the type of digital signature that Bitcoin uses from ECDSA to Schnorr. Nakamoto did not use Schnorr in the original design, despite the fact that it offered better flexibility and privacy for users, because it had a patent on it. But that patent had expired.

Today, Back’s suggestion is being implemented, as Schnorr signatures are being added to the Bitcoin network next month as part of the Taproot upgrade. Once Taproot is activated and used at scale, most types of wallets and transactions will look the same to observers (including governments), helping to fight the surveillance machine.

IV. Confidential Transactions

Back’s biggest vision for Bitcoin was something called Confidential Transactions. Currently, a user exposes the amount of bitcoin they send with each transaction. This enables auditability of the system — everyone at home running the Bitcoin software can ensure that there are only a certain number of coins — but it also enables surveillance to happen on the blockchain.

If a government can pair a Bitcoin address with a real-world identity, they can follow the funds. Confidential Transactions (CT) would hide the transaction amount, making surveillance much more difficult or perhaps even impossible when used in conjunction with CoinJoin techniques.

In 2013, Back talked to a handful of core developers — the “Bitcoin Wizards,” as he calls them — and realized it would be extremely difficult to implement CT, as the community understandably prioritized security and audibility over privacy.

Back also realized that Bitcoin was not very modular — meaning one could not experiment with CT inside the system — so he helped come up with the idea of a new kind of experimental testbed for Bitcoin technology, so that he could test out ideas like CT without harming the network.

Back quickly realized that this would be a lot of work. He would have to build software libraries, integrate wallets, get compatibility with exchanges, and create a user-friendly interface. Back raised a $21 million seed round in Silicon Valley to try to build a company to make it all happen.

With seed funding in hand, Back teamed up with noted Bitcoin Core developer Greg Maxwell and investor Austin Hill and launched Blockstream, which is today one of the world’s biggest Bitcoin companies. Back remains CEO, and pursues projects like Blockstream Satellite, which enables Bitcoin users around the world to use the network without needing internet access.

In 2015, Back and Maxwell released a version of the Bitcoin “testnet” they had envisioned and called it Elements. They proceeded to enable CT on this sidechain — now called Liquid — where today hundreds of millions of dollars are settled privately.

Bitcoin users fought what is known as the “Blocksize War” against big miners and corporations between 2015 and 2017 to keep the blocksize reasonably limited (it did increase to a new theoretical maximum of 4 megabytes) and keep power in the hands of individuals, so any plan to significantly increase the size of blocks in the future could be met with stiff resistance.

Back still thinks it is possible to optimize the code and get CT transactions small enough to implement in Bitcoin. It is still several years away, at best, from being added, but Back continues on his quest.

For now, Bitcoin users can improve their privacy through techniques like CoinJoin, CoinSwap, and by using second-layer technology like the Lightning Network or sidechains like Mercury or Liquid.

In particular, Lightning — another area where Back’s team at Blockstream invests heavily through work on c-lightning — helps users spend bitcoin more cheaply, quickly, and privately. Through innovations like this, Bitcoin serves as censorship-resistant and debasement-proof savings tech for tens of millions of people around the world, and is becoming more friendly for daily transactions.

In the near future, Bitcoin could very well fulfill the cypherpunk vision of teleportable digital cash, with all of the privacy aspects of cash and all of the store-of-value ability of gold. This could prove one of the most important missions of the coming century, as governments experiment with and begin to introduce central bank digital currencies (CBDCs).

CBDCs aim to replace paper money with electronic credits that can be easily surveilled, confiscated, auto-taxed, and debased via negative interest rates. They pave the way for social engineering, pinpoint censorship and deplatforming, and expiration dates on money.

But if the vision for Bitcoin’s digital cash can be fully achieved, then in Nakamoto’s words, “we can win a major battle in the arms race and gain a new territory of freedom for several years.”

This is the cypherpunk dream, and Adam Back is focused on making it happen.

This is a guest post by Alex Gladstein. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

Filed Under: Adam Back, Bitcoin Magazine, culture, Cypherpunks, David Chaum, encryption, English, freedom, Hal Finney, Martin Hellman, Marty's Bent, PGP, Ralph Merkle, Whitfield Diffie

KYC Will Not Protect Us, Bitcoin And Encryption Will

15/08/2021 by Idelto Editor

As regulators attempt to institute KYC and AML rules at the peril of our personal data, Bitcoin and encryption offer salvation.

Our world is filled with atrocious threats, crimes and violence. Human trafficking, child abuse, state-sponsored violence, terrorism and a laundry list of other heinous acts require tools to fight back and ultimately reduce their frequency to as close to zero as possible. Unfortunately, there are massive disagreements about the types of tools we should use in order to be as successful as possible in this endeavor.

In one camp, we have offensive tactics. These tools attempt to reduce the level of horrific crimes by making the criminal activity more difficult. This could be in the form of cutting off terrorist financing through know-your-customer (KYC) anti-money laundering (AML) regulations or giving corporations the power to scan user photos to catch images of child abuse.

What is KYC?

Know your customer (KYC) regulations are sets of rules implemented by the U.S. Financial Crimes Enforcement Network (FinCEN). These rules apply to actors in the investment and securities industries, including broker-dealers, banks and cryptocurrency exchanges such as Coinbase. The stated purpose of KYC is to prevent money laundering and other criminal activity. In order to comply with KYC, firms must verify the identification of all customers as well as continuously review customer activity for any suspicious activity. While KYC proponents claim that these regulations reduce the amount of illegal activities in the financial sector, the anti-KYC side argues that KYC is a privacy disaster that simply pushes criminals to better hide their activities or use different tools.

NOTE: In this post, I define KYC as the requirement for a person to provide identification and/or private information before they can receive a product or service, regardless of industry.

What is AML? How is it related to KYC, and how is it different?

Anti-money laundering (AML) regulations were created by an unelected global organization called the Financial Action Task Force (FATF). Similar to KYC rules, the stated intention of AML rules is to target criminal activity in the banking and financial sector, specifically to target money laundering and terrorist activities. In short, AML puts the burden on the institution to determine whether or not its customers are participating in illegal activities. These rules require companies to collect private information about their customers and continuously monitor activity for any suspicious transactions.

While KYC and AML are similar in their intentions, KYC is technically a subset of AML. KYC is specifically about verifying the identity of customers, whereas AML is a broader set of requirements. AML requirements include KYC, as well as things like reporting any transactions over $10,000 and verifying the origin of large amounts of money. KYC and AML rules require surveillance and mass collection of customer data. While this data is collected for a stated purpose of reducing criminal activity, it also provides a honeypot of information for potential attackers, a massive regulatory burden for companies and a hurdle for the most vulnerable members of society to access financial services. 

While offensive tactics are easy to rally people behind — who doesn’t want to stop human trafficking? — the long-term effectiveness and downstream consequences of these tactics are rarely discussed. Some of the consequences, such as a reduction in business efficiency, are easily laughed off by proponents of offensive tactics. Who cares if a corporation loses some profits if it means we can catch child abusers? However, these tactics come with very real costs to the most vulnerable among us, as well as society at large. Furthermore, the long-term effectiveness of offensive tactics is questionable at best.

The Downsides Of Offensive Regulation Tactics

Let’s talk about the downsides of offensive tactics, using KYC regulations as an example. While the legal definition of KYC is specific to banking and finance, there are similar rules in place across various industries. In this post, I define KYC as the requirement for a person to provide identification and/or private information before they can receive a product or service, regardless of industry. KYC is required for getting bank accounts, healthcare, employment, housing and even phone/internet services. The stated purpose of KYC is essentially to ensure that a terrorist is restricted from using the banking system to finance their activities, or a human trafficker is prevented from using the local internet provider. This sounds noble enough, but is it actually effective?

In the short-term, KYC can be effective at catching the less intelligent and less adaptable criminals. It is certainly possible that banks will help catch some money laundering when an ID verification program is first launched. However, we should expect most criminals to quickly adapt by using forged documents, bribing officials or going outside of the banking sector entirely. The more skilled criminals will find and design tools that allow them to continue their activities in the long run.

While the benefits of KYC are fuzzy, the costs are clear. First, the costs to everyday people are massive. Personally-identifying information such as social security numbers, birthdates and addresses can be used to steal identities, physically attack or financially rob completely innocent individuals and their families. Even if the data is not stolen from the primary source, it can be sold to secondary organizations without the user’s permission. While some people may prefer to opt-in to such a system, the inability to opt-out of personal data collection is an asymmetry that benefits corporations and governments at the expense of everyday people.

Second, KYC presents incalculable potential future costs for society at large. KYC provides a treasure trove of data to government entities. If you trust the current government regime, this may seem fine. However, an increase in power for political leaders that you like today also means an increase in power for political leaders that you may vehemently disagree with tomorrow. If you would be terrified to grant a certain power to an enemy, then that power should simply not exist in the first place.

To sum up the societal costs: In the short-term, KYC requires all users to upload private information, increasing the potential attack surface for every single individual. In the long-term, KYC provides increased surveillance powers to unknown future government leaders who may use this power to harm society.

How does the proposed U.S. infrastructure bill fit in?

KYC and AML regulations are especially relevant right now with the recent battle over the U.S. infrastructure bill. An initially proposed version of the bill included extremely broad definitions of a “broker” which could be interpreted to apply to miners, nodes or developers. If this broad interpretation is to be used in practice, it would potentially require almost all cryptocurrency participants to collect and report information about the transactions they are interacting with.

For example, a Bitcoin miner could be required to report customer information to the IRS related to the transactions included in any block that it mines. While it would be impossible for many participants to comply with such a regulation, the concept has major negative implications for user privacy and security purposes. Someone mining Bitcoin in their garage should not be expected to collect the private information of thousands of users; nor should a user be forced to provide their private information to a random person mining Bitcoin in their garage.

While it wouldn’t fall directly under KYC or AML regulations, this provision could have similar impacts on the Bitcoin ecosystem, if enforced. Users would be harmed by being coerced to give up private information which could be hacked or sold to third parties. Operators would be harmed by needing to comply with stringent regulations — many, if not most, would likely shut down or move to a different jurisdiction. Meanwhile, criminals or tax evaders looking to use cryptocurrencies would simply use the tools to route around these regulations. Similar to KYC and AML regulations, the net effect of this infrastructure bill provision would likely be bad for good actors and neutral for bad actors. 

Beyond the societal costs that impact everyone, KYC comes with major costs for the most vulnerable members of society. A natural effect of KYC is that anyone who wants to participate in society needs to have a government-issued ID. This seems harmless, until we consider the types of people who either do not have a government-issued ID, cannot get a government-issued ID or feel unsafe needing to use government-issued ID. The people who have trouble getting government identification typically come from a difficult background. Whether this is someone with deadbeat parents that never registered them with the state or a refugee with no official records on hand, KYC requirements exclude people from society, often based on factors that are completely beyond their control.

Even people who have government-issued IDs may not necessarily feel safe putting their information out there where it can be leaked, hacked or sold to unknown actors. Victims of domestic abuse, those who escape cults and whistleblowers must fear for the safety of themselves (and their family) due to the mass availability of their personal information. If a major goal of KYC is to protect the most vulnerable among us by preventing heinous crimes, then we cannot ignore instances where KYC does the exact opposite by negatively impacting the health and safety of the victims of humanity’s most atrocious acts.

The importance of considering the scope of offensive tactics cannot be understated. While certain types of targeted offensive tactics such as investigative work done by the police are effective tools, many of the offensive tactics employed today (e.g., KYC) are broad brush regulations that impact everyone, regardless of their relation (or lack thereof) to criminal activity. Police work directly affects those who are involved or adjacent to a crime, while KYC directly affects every single person in the entire jurisdiction.

Bitcoin Presents Hope

While broadstroke offensive tactics provide a litany of downsides with questionable upside, there is yet hope. If the goal is to prevent bad actors from winning, defense is more important than offense due to a key asymmetry: if you score, you might win; if your opponent does not score, they cannot win. Thus, providing the tools for individuals to defend themselves and others is paramount.

KYC is a clunky, one-size-fits-all approach. As such, it is destined to be mostly ineffective, as individual criminals can adapt far faster than national or global KYC regulations can. Encryption, however, provides a defensive tool that individuals can harness in different ways, depending on the circumstances. Encryption, when done properly, is unhackable and thus completely private from any and all attackers. It is the ultimate defensive tool for individuals in the digital age. Remember, if attackers cannot score, they cannot win. Whether encrypted messaging (e.g., Signal), encrypted email (e.g., ProtonMail), or encrypted value (e.g., Bitcoin), encryption gives power not only to those who want privacy, but most importantly, to those that truly need privacy. While KYC harms vulnerable people that require privacy, encryption enables these same people to defend against threats.

The current state of the world makes it quite difficult to live in society without consistently giving up private information. However, this is quickly changing. First, the increased amount of data collection and surveillance has woken many people up to the importance of privacy. The common question of “why do you need privacy if you’re not a criminal?” is being challenged more potently with each major data leak and each personalized advertisement based on an item mentioned in a private conversation. While increased surveillance has forced many to start caring more about their personal privacy, perhaps the most important development is the increase in encryption-based tools available to the world.

For many, the introduction to Bitcoin, the world’s premier encrypted money, leads them to discover the world-changing power of encryption. Bitcoin uses encryption to provide the most defensive form of property that has ever existed. It is an unhackable method of value storage which can be effectively teleported anywhere on earth, secured across multiple physical jurisdictions using multisig or carried across borders via memorization. Traditional forms of value storage such as gold, dollars and real estate are limited either by their physical nature, regulations such as KYC or both. Dollars cannot be teleported across an ocean in ten minutes. Gold cannot use multisig to distribute its bearer properties across different physical locations. One cannot memorize words, flee a dangerous situation and use those words to regain access to one’s house once in a safe location.

Many politicians argue that Bitcoin and other encryption-based innovations are a threat because they cannot be regulated like more traditional technologies. Others conclude that encryption-based technologies are primarily for evading taxes or hiding bad deeds. Both completely miss the point by framing the situation through the lens of the existing system. Encryption is a step change in the fabric underpinning our entire society. Never before has there existed a thing that is non-confiscatable, unhackable and undestroyable.

Encryption allows for these things to exist, while Bitcoin provides the financial incentive for people across the globe to learn, use and advocate for encryption. The critics are indeed correct that Bitcoin and other encryption tools cannot be regulated and can be used to evade taxes or hide bad deeds. However, their being correct is as useless as a king from the 1400s realizing that the printing press can be used to print information he does not want to be published. In the long run, they are fighting against an inevitable force that cannot be shut down, hacked or destroyed. When faced with an inevitable technology, it is far better to embrace, build upon, and advocate for its positive qualities than to waste energy trying to stop it. Fortunately, all types of people from across the world are starting to realize this, with Bitcoin leading the way due to its embedded financial incentives.

The power and availability of defensive tactics has never been as strong as it is today. The reality is that criminals can and will use the most powerful tools available to them in order to commit terrible crimes. This has and always will be true. Again, we must remember the importance of defense over offense: an attacker cannot win if they cannot score. Would-be victims and those living in fear can now start to improve their safety by simply reducing their attack surface. If we want to help the most victimized people among us, we must encourage the distribution of defensive tactics to empower everyday people rather than take untargeted offensive actions that harm everyday people.

This is a guest post by Mitch and inspired by @AnarkioC’s Medium post. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

Filed Under: AML, Bitcoin Magazine, culture, encryption, English, KYC, Personal Data, privacy, Regulation

As Governments Seek Encryption Backdoors, Bitcoin Becomes Critical

12/11/2020 by Idelto Editor

YouTube Video

On November 6, 2020, the Council of the European Union released a “Draft Council Resolution on Encryption.” The document is supposed to serve as a precursor to a final text to be presented to the Council, on November 19 for potential legal adoption. It emphasizes support for data encryption in general, but also notes the challenges that encryption technologies pose for investigators who want to access criminals’ communications. 

“The European Union fully supports the development, implementation and use of strong encryption,” the report notes. “However, there are instances where encryption renders analysis of the content of communications in the framework of access to electronic evidence extremely challenging or practically impossible despite the fact that the access to such data would be lawful.”

It goes on to call for a “better balance” between communication encryption and lawful access of that communication, both ensuring the continued implementation of strong encryption technology while also ensuring that “competent authorities must be able to access data in a lawful and targeted manner.” 

This call for balance raised a red flag for privacy and encryption advocates around the world. Notably, a report from Austrian publication Radio FM4 falsely labeled this as an “EU ban on encryption” that included requiring platforms like WhatsApp and Signal to create master keys that would allow their end-to-end- (E2E) encrypted chats to be monitored.

Naturally, the privacy-focused Bitcoin community voiced concern about any resolution that would seek to weaken encryption. Though this particular draft resolution does not specifically call for encryption backdoors or loopholes, it offered a chance to consider regulators’ roles in pushing back on technology that allows unmonitored communications.

“There’s no such thing as a balance, you either have encryption or you don’t,” said Alex Galdstein, the chief strategy officer for the Human Rights Foundation, in an interview with Bitcoin Magazine. “So, we don’t want a balance. We want strong encryption. And when governments say that they want to balance, they’re acknowledging that they’re worried about people doing things with encryption that they can’t control.”

Despite the concerns that the idea of encryption backdoors from governments raise, in this case, Gladstein noted that we are “very far from an actual law being passed in the EU that would mandate some sort of forced backdoor into devices.” And, in general, the idea of establishing these backdoors would require cooperation from the tech industry implementing this encryption, which also appears unlikely.

“They want a software backdoor which I don’t think they’re going to get,” Gladstein said. “It’s not quite clear that tech companies are going to undermine their value propositions and openly give the government access to everybody’s messages… Even in the world’s most authoritarian places, tech companies want some sort of independence.”

Ultimately, this emphasizes the importance and power of technologies like Signal and Bitcoin. Governments can seek to mandate encryption backdoors or to collaborate with the technology creators, but without a private key they cannot access encrypted data.

“I think that we should be concerned about statements like this, but we should be confident that the technology can repel a lot of this,” explained Gladstein. “Bitcoin is … going to allow us to have this incredible tool that can really push back and allow us to have the digital cash that the cypherpunks dreamed of. And that can be a very powerful repellent against this increasing surveillance state.”

Gladstein encouraged those of us who can leverage encrypted technologies like Signal and Bitcoin to do so as much as possible, and to support the groups that make these technologies possible. While those living in democracies still have the chance to push back on draft resolutions, those living in regions that are ruled by dictatorships depend on these technologies as last resorts.

“I think we need to take advantage of some of the rights and liberties that we still have here in these domestic societies: make these companies push the technology as far as we can, put pressure on the courts, fund civil society organizations that will protect us, while knowing at the same time that most people on earth don’t have these privileges,” Gladstein said. “Their only hope is the technology. If you live in a dictatorship, your only hope is the tech.”

Listen To Bitcoin Magazine’s Interview With Alex Gladstein About The Importance Of Encryption In The Face Of Government Surveillance:

  • Apple
  • Spotify
  • Google
  • Overcast
  • Libsyn

The post As Governments Seek Encryption Backdoors, Bitcoin Becomes Critical appeared first on Bitcoin Magazine.

Filed Under: Alex Gladstein, Bitcoin Magazine, encryption, English, human rights foundation, Privacy & security, Signal, surveillance

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Interim pages omitted …
  • Go to page 7
  • Go to Next Page »

Primary Sidebar

Archives

Recents articles

  • Indian Regulator SEBI Proposes Banning Public Figures From Endorsing Crypto Products
  • Iran Blocks 9,200 Bank Accounts Over Suspicious Foreign Currency, Crypto Transactions
  • Former Fed Chair Bernanke: Bitcoin Is Mainly Used in Underground Economy for Illicit Activities
  • Five Stalls That Caught My Attention At Bitcoin 2022’s Bitcoin Bazaar
  • How Bitcoin Should Be Upgraded In The Future
  • Grayscale Launches European ETF While Urging SEC to Approve GBTC Conversion Into Spot Bitcoin ETF
  • China Backed Publication: Terra LUNA Crash Vindicates Country’s Ban on Crypto-Related Activities
  • Bitcoin Songsheet: Wind And Solar Are The Altcoins Of Energy

© 2022 · Idelto · Site design ONVA ONLINE

Posting....