David Chaum, the legacy cryptographer, thinks what crypto is doing today has a real shot of changing the world. He drew a comparison to 30 years ago, around the time his company, DigiCash – the one that earned him the moniker the «Godfather of Cryptocurrency» – sent its first online transaction.
“I jumped in with all four,” he said. “I wasn’t hedging my bets.”
The article is part of Road to Consensus
It’s a familiar story: Chaum was early to see the potential good and horror of the internet. On one hand, he predicted a surveillance trap. On the other, he saw a communications tool that could reinvent everything from commerce to voting. He felt incredibly motivated to start building the tools that would empower individuals and prevent the total usurpation of the internet by governments and corporations.
It all depended on the widespread adoption of cryptography (or the ability to encode secrets), which was anything but guaranteed at the time. In fact, in a recent series of interviews ahead of CoinDesk’s Consensus festival, Chaum shared that he was confronted point-blank by federal agents because of his work with encryption.
The secret of cryptography got out, but Chaum’s first business did not – it failed in what an anonymous insider called a blowout of «paranoia, idealism, amateurism and greed.» Chaum’s digital cash tool was built using cryptography to compete against centralized players like credit cards and banks – and it’s still remembered as a flash of brilliance. More so because many of Chaum’s worst predictions came to pass.
Somehow, Chaum is still optimistic, he told CoinDesk. He’s now an unabashed supporter of the blockchain industry, which can evade the pitfalls of proprietary technology and centralized corporations. He’s often still called the «Godfather of Cryptocurrency» (one of Satoshi Nakamoto’s few citations given in the Bitcoin whitepaper), and his cryptography research into blind signatures, group signatures, mix networks, secure digital voting and zero-knowledge proofs, and more, is still fertile ground for modern crypto developers.
See also: Consensus 2022 Visitor Guide: CBDCs and Public Money
Chaum’s latest company, xx network, is an attempt to future-proof this technology by creating a “quantum-resistant” blockchain – or a crypto that cannot be broken by a supercomputer. Indeed, if Web 3 is meant to stick around for the long haul, it needs to put humans first. That means privacy, security and real innovation. Chaum thinks he’s got it right this time.
CoinDesk caught up with Chaum for two hour-long conversations one day in May. Chaum, who has reason to brag, loves to discuss his accolades and has a healthy skepticism of the press that may be apparent in the lightly edited transcript. There’s a sense that his current work is being ignored, and that he doesn’t always get the credit he knows he’s earned. As the conversation moved from his legacy to his latest work to his motivations both then and now, he grew more reflective.
Web 3 developers, he said, need to find the right mix of passion, philosophy and know-how if they want to sustain the ongoing fight for public cryptography over generations. But he thinks no matter what, this web with «a conscience» is on the right side of history. And he thinks he will still be making contributions. «Watch this space,» he said, adding that his latest (yet-to-publish) writing on cryptography will again be game-changing.
The conversation has been edited for brevity and clarity. (And, by the way, Chaum said he has been doing pretty grueling physical therapy recently, so be kind if you see him in Austin, Texas, at Consensus.)
What do you see as your role in the industry? Do you see yourself as a world-famous historical figure?
Well, I don’t think anyone should answer questions like that, but let me just turn the clock back 40 years. If there’s one thing that I want to communicate here, it’s that 40 years ago, I saw the inevitable progression of the digital world very clearly. It was inevitable that the continuing trend of escalating digital technology – which, at the time, was providing new opportunities, new entertainment for consumers – for the general public operating at that level, their information would not be protected. It would inevitably be siphoned off – overtly, covertly or clandestinely – and used as an unprecedented source of power in society.
There was the possibility of using cryptography – which I realized now later in life, I risked my whole life by publishing in journals on American soil to set cryptography free from jail in the 1980s – which has the potential to reverse that trend and allow people to wrest control over the maintenance and use of information about themselves.
That’s the way I framed it. You can go back and read those articles – I saw it as a kind of cops-and-robbers situation that would only escalate. As people become more aware of these issues, there would be more pushback and then – what I predicted as a best case scenario – there would be an opportunity for companies to provide people with these kinds of protections and win over the public. The xx network is endeavoring to be that company. I mean, it’s not like we don’t have a clear-cut road map and the technology to do it.
Consistency is rare in this industry.
The wind hasn’t always been at my back, Daniel.
What do you say to people who think crypto is a solution in search of a problem?
I guess I don’t spend much time thinking about what to say. I read all the major stuff that comes out on Web 3 – it’s quite a broad spectrum, none of it fully reverential. Everybody’s hedging their bets. You know, when I jumped in 40 years ago, I jumped in with all four. I wasn’t hedging my bets. I wasn’t making some prediction where I could say I was right whatever happened.
I’m not just talking by book, I’m walking the walk. That’s the essence of it: creating the technology to enable it because that’s not a slam dunk. And it is a creative act, because it’s not easy to see how to make it.
Even after 13 years of boom and bust cycles, there’s no sort of hesitancy?
I don’t prognosticate about prices of various things – I don’t have the bandwidth – but I would say that I’m not 100% sold on this being another 18-month bear market. If people in the industry keep talking like this, yes, it will be. Who knows? But to me, Web 3 is bigger than that. With what I saw 40 years ago, the inevitable growth of digital technology is showing no signs of slowing down. It is moving forward [because] these problems are continuing to get worse and worse.
If the people who are trying to push forward a solution based on the current level of technology all lose their mojo, then that’s just going to harm everyone. I’ll still be there, trying to find the new technologies and new segues and do my utmost to give an opportunity to everybody on the planet. It’s not countercultural for technology’s sake, but about creating a real alternative for ordinary people to vote with their feet.
You’ve called Web 3 a more «conscious» web. What does that mean?
Well, I wouldn’t say that. It has been redefined several times, as you may know.
You’ve described it as “the web with a conscience.” What does that really mean?
With all due respect, I don’t think this is the right moment to enunciate a more borne-out definition. If you look at the irrefutable, serious, responsible public-opinion polling, it shows that the vast majority of people are not happy with so-called Web 2. Their main unhappiness is the fact that they’ve lost control of their data and privacy. I hope that Web 3 will solve those issues.
A lot of your early work focused on voting. You’ve also written a lot recently – on CoinDesk and elsewhere – on the notion of democracy. Has your thinking on the subject changed?
It’s been my experience that voting, democracy, has been intertwined with privacy in various ways over the past 40 years. When I invented mixing, a way to form anonymous communication channels, I did so as a solution to part of the voting problem. Voting is a kind of prototypical poster child for situations where you need privacy. That’s undisputed. But it’s more subtle than that – you see, it’s not really privacy you need when voting but what we call ballot secrecy, which is a different thing. The public – you can say the state but I would say the public – in a democracy has an interest in voters being unable to show others how they have voted.
Why is that?
Because of the danger to democracy that is posed by what we call “improper influence” in the voting sphere – or vote buying and coercion or any combination thereof. Today, the possibility of vote buying is far more problematic than it’s ever really been. That’s just a true statement. Before we had the so-called secret ballot – which is like a 150-year-old institution recovered from the Greeks and reinvented as the so-called Australian ballot – which is basically marking a ballot in a booth and putting it in a box, we had a system that was way too manipulatable.
Nowadays, the hope for democracy is not based on just more-of-the-same kind of polling-place voting. We need new kinds of voting, and more voting. I don’t mean that it has to take more time from people, but it does have to be more meaningful – but that’s a whole ‘nother subject.
Democracy needs more-engaging voting, and that’s probably not going to be in booths. But the electronic solution is so obvious, if you want to allow voting outside of booths. Nowadays, I can livestream my voting act very easily, I can receive payments electronically and nation-state law only extends as far as the national boundaries. Coercion is trivial. So there’s a real chance we are not going to be able to take advantage of electronic technology to enhance or improve democracy in the ways that I think could save it.
Does privacy make this impossible?
It’s essential that we have inalienable privacy. Society has an interest in people not giving away their secrets.
There is an argument to be made that electronic technologies or digital transformation has challenged democracy. Why should we have faith in tech to expand democracy through the type of voting that you’re talking about?
That’s an interesting way to look at things. I hope we could make the distinction between Web 2 technology – where if cryptography is used, it’s only a small concession to users – and the extraordinary power of multiparty computation, which is a profoundly different way to do information technology.
I recently got this “most enduring” award for a theoretical computer-science paper written 30 years ago on MPC – a term I coined. This is something that’s sort of like a smart contract but is far more powerful. Multiparty computation could be easily proven to be the equivalent of the Church-Turing thesis in the context of secure computation.
In other words, we don’t know that a Turing machine could do such computation [concerning natural numbers], but we believe it. And similarly, because we think Turing machines look like they could do anything, what we’ve proposed is that multiparty computation can solve any security problem that is well defined. So if you could write the software, and it is run by good and honest agents, then I believe we’ve solved many security problems.
And that’s the interesting thing about the digital world: That’s now quietly advanced to the point where that’s now possible where it wasn’t really practical when I proposed it 30 years ago. One thing I keep in mind when I think about technology and society is that somehow the needs of the people haven’t really changed much in 2,500 years. It’s constant, but computing power is, like, doubling every year. That’s huge. If it isn’t already, if we sit on our hands for another week, multiparty computation is going to be very practical.
Sorry if I sound a little aggressive. It’s been a rough day. I had to battle with my physical therapist earlier today.
I’m sorry to hear that.
If you go back and look at the literature, look at my website, publications, what you’ll see is that – together with my co-authors where we invented called quantum cryptography and in a separate multiparty computation paper – I showed a construction that included both models [for private computation]: zero knowledge and minimum disclosure. Those are dual models. And the public has now been misled into conflating them and thinking I had nothing to do with it, when I in fact proved both models. To say that I’ve done research on zero knowledge is a little bit, you know, unfairly deprecating.
Didn’t mean anything by it. My question was more about the future of theoretical research, considering your background in academia and applying concepts in blockchain. Do you think the cryptocurrency industry is meaningfully contributing to the body of useful computer science?
You know, I have complained about academia from time to time. I founded the International Association for Cryptologic Research about 30 years ago – possibly risking going to jail for having done so. That’s what the NSA said, but we did it anyway. That organization continues to be the organization for researching cryptography globally. We have a journal and three or four flagship conferences each year – workshops.
Around the time of the Snowden revelations, I took it upon myself to survey people at one of those conferences – the 650, 800 people who were there – about what they felt about the government spying on us. I was literally shocked – before Snowden, I never made a personal decision whether the government was really spying on everything or not. I just left it as unknown because it was just unclear, but still focused on countermeasures. Anyway, I can say objectively that none of these academics – it’s mainly academics and some industry people who attend these events – the real people who know about cryptography are very concerned about this.
I found that very upsetting. It’s a nice cocktail-party line for academics to say they want to change the world. They’re not trying to save anything. In the blockchain space, we’re sort of clear on what the incentives are. It isn’t so clear in academia. So, I came away from that deciding that I should jump back into it and actually try to do something about this. Because things were going horribly wrong.
[EDITORS NOTE: Later that day, Chaum and I continued our conversation.]
You’ve written about the particular risks of data accumulation in light of artificial intelligence (AI), and that we could never know what AI would do with that information. Is there a path where AI is actually good for the world?
You know, Daniel, I grew up in LA, and there’s a story about some Sheriff McCoy, 40 years ago, who had stolen a copy of the police department’s records and was using it out of his garage or something. I’m not fully characterizing this, but it was an incident that changed my thinking permanently.
In the analog world, you can run up against limits. When a supposed guardian goes awry, you can catch them. There’s a paper trail. The digital world does not have that kind of issue. It keeps moving forward at an exponential rate. With AI, you could talk all day long about what the ultimate form of it is and whether that’s even possible – there are probably crazy people running this stuff in their garage, using it for no good. And if there aren’t, there will be.
It’s so trite to say, but you can’t stop this. It’s already happening – it’s part of progress. The question is: Is there a way through for democracy? I believe there is. I have a road map, I have a plan, I’ve written some serious, thoughtful stuff on it, which has not yet been released. But, you know, watch this space. As I mentioned before, multiparty computation is a powerful thing. AI is a powerful thing. Maybe we can pit one against the other in a clever way to solve these issues. And I found a way to do that.
Do you wish that you had done DigiCash differently?
I’ve been asked this question by very unfriendly media. My answer was that I don’t feel any regrets whatsoever about DigiCash. In those days, we were working on these distributed and decentralized systems. We converted our beautiful conference room into a “decentralized cash” lab, and worked on into the evenings. It was a passion – but you know, in those days computers weren’t really up to it. So there was nowhere to go. It’s nothing to do with the way we ran the company.
You asked me, do I feel regret? I do not. Somehow, people are much more concerned about losing their money than their privacy. And so, before e-commerce was really a thing, it was hard to convince people they needed money on the internet. Same when ATM machines were introduced, it took about 10 years before people would trust them enough to use them. You know that?
So having ecash at that juncture, where the technology wasn’t really able to support it in anything less than a highly centralized model – it wasn’t the computing power to have today that can support thousands of nodes replicating a ledger. It’s quite a coup to get that meme out there: that you could control your own money. Your own information.
You’ve used that word meme in a few previous interviews. What does it mean to you?
The point is, that I have said publicly many times, that the reason I did ecash was to try to alert the public that they could control their own information. Cryptography. And my hope was that inkling of an idea could be extrapolated and extended to other spheres. Credential magazines or books, at libraries, are simply a generalization of ecash … so we can know who checked out which books – so if you didn’t bring them back, you’d have to pay a fee – but your information would remain concealed.
That basic signature, an empowerment, could be generalized. You could show a police officer identification that reveals your age but not your address. That kind of stuff. That meme would parlay and morph if it really caught on. But you know the way things unfold.
NFTs are allowing “meme creators” to perhaps more easily monetize their work. At the same time, definition-wise, memes belong to everyone. It would be a meme if it didn’t spread. Is there something contradictory about taking ownership over ideas?
Controlling information, “owning your own keys” is a meme at the core of the [blockchain] community – but it’s not breaking out. A lot of central exchanges defuse it to a certain extent. But maybe a meme is not really going to propagate unless the people you’re hoping it will propagate through are somehow impinged upon by its absence. It has to be meaningful, to solve some pain point or provide a new opportunity. I mean, I don’t know how else you can explain it because, I mean, the blockchain spaces have done a pretty good job of proving how powerful owning your own keys is. But I don’t see people using that concept elsewhere much.