What are Cypherpunks? What is the history behind them and why should any of us care? To answer these questions we first need to go way back. So let’s begin by taking a look at the very first Cypherpunks, who lived 4000 years ago in an Egyptian town called Menet Khufu.
As part of his job, a scribe, and perhaps the first cypherpunk, etched out a particular sequence of unusual hieroglyphics on his master’s tomb. His master, Khnumhotep ii, was an equivalent to a modern day state governor. These unusual inscriptions were obscuring the information they contained by design.
This obscured message is one of the first known instances of an encryption method known as a substitution cipher. It is one of the simplest ciphers. In short, it replaces one character or symbol for another. The replacement character is usually based on some key or shift. What the shift key does is move the character by some index in the alphabet used.
For some strange reason, the scribe wanted to encrypt this information, which happened to be the life history of Khnumhotep II.
Encryption’s growth throughout Egypt
Over time, the popularity of this simple type of encryption started to grow in Egypt. Literate people at the time probably could easily decrypt these ciphers. There are several hypotheses as to why encryption became popular in Egypt. The ideas range from it being some formal way of writing, as in a legal document. Another idea surrounding these ciphers is that they were using them to try and impress people with how fancy they could write.
However, it is also a real possibility it was done for the exact same purpose that modern-day encryption is; privacy and security of information. It’s thought that they didn’t want “the common people” knowing their religious rituals. So to hide their sacred knowledge they obfuscated the information with encryption.
About 1400 years later, the Spartans invented an encryption device called a Scytale.
Much like modern encryption, it involved sharing an identical secret key with the parties that wanted to communicate. This secret key came in the form of a cylinder of very specific dimensions. So if you wrapped a strip of parchment around a message inscribed on it, it would be legible. But only a cylinder of the proper shape would align the letters properly revealing the secret message.
Just like with the early Egyptian encryption, the Scytale would have been relatively easy to decipher if discovered by a literate person. The level of security it provided was sufficient since literacy was relatively rare at the time.
Much like the roots of modern cryptography, the Roman military was at the forefront of developing cryptographic technology. Catching a messenger or killing one wouldn’t necessarily be the cause of leaked highly sensitive tactical information if the information was encrypted. Julius Caesar himself is the inventor of one of the first ciphers; a substitution cipher called the Caesar Cipher. Interestingly, cryptography research and development seems to have always picked up during times of war, for fairly obvious reasons.
What we think of as more modern cryptography techniques were developed largely during the First and Second World War. The first Enigma machine invented during WWI relied upon mechanical rotors and gears with some basic electric components. The machine allowed for 10^114 possible configurations, making it nearly impossible to break by brute force methods at the time.
Ir wasn’t until the Second World War that Alan Turing developed a method to crack the Enigma machines codes. His academic and military work would go on to be highly influential in many fields, including cryptography. During war times, the development of encryption was escalating. Governments put more and more resources into these techniques. Eventually they created cryptography so strong that even they couldn’t decrypt an intercepted message.
Public Key Cryptography for The Masses
By the 1970s, only a few individuals outside of government agencies practiced cryptography. It wasn’t until declassified cryptography would become available to the public following a publication by Whitfield Diffie and Martin Hellman. This would be one of the first strong cryptography techniques the public could use. It did not require parties to know each other to share a secret key.
This type of cryptography is known as Public-key cryptography because it generates a key pair – one secret, one public. Publishing the public key does not compromise the private key.
The age of personal computing
As personal computing became more popular, people like David Chaum started to philosophize about the implications of widespread information technology. In his article titled “Security without Identification Card Computers to make Big Brother Obsolete,” Chaum outlines some of his major concerns. He has such great clarity and foresight in this article that you would swear it was written today and not in 1985.
Computerization is robbing individuals of the ability to monitor and control the ways information about them is used. Already, public and private sector organizations acquire extensive personal information and exchange it amongst themselves. Individuals have no way of knowing if this information is inaccurate, outdated, or otherwise inappropriate, and may only find out when they are accused of falsely or denied access to services. New and more serious dangers derive from computerized pattern recognition techniques: even a small group using these and tapping into data gathered in everyday consumer transactions could secretly conduct mass surveillance, inferring individuals’ lifestyles, activities, and associations. The automation of payment and other consumer transactions is expanding these dangers to an unprecedented extent.
He further elaborates on how we could use cryptography to have secure and secret digital communication with various parties without them needing to know our identity directly. Chaum is largely responsible for the ideas behind what would become the Cypherpunk movement.
In the 60s and 70s, a science fiction genre started to become popular, called New Wave. This gave birth to the subgenre of Cyberpunk, which typically would feature highly advanced technology, but in gritty, dark and run down worlds. Books like “Neuromancer” are highly influential in solidifying this genre. The influence is echoed in sci-fi film classics like The Matrix Trilogy. Philip K. Dick’s novel, “Do Androids Dream of Electric Sheep?” was adapted into Ridley Scott’s 1982 film Blade Runner.
In 1992, Eric Hughes, Tim May, and John Gilmore created a group to discuss their various interests. They met monthly at Cygnus Solutions in California. The group was given the name Cypher-punks, as a play-on-words of Cyber-punks.
The Cypherpunk Mailing List
The Cypherpunk’s mailing list also started in 1992. Within two more years, the mailing list had over 700 subscribers and by 1997, had reached a whopping 2000 subscribers! Ideas on the mailing list helped to spread the thoughts, discussions, and most importantly, the software the cypherpunks were developing.
Around that time, they implemented a decentralized email system. If there was a single point of failure of the servers or people running it, they thought, the system was compromised in some way, as is inherent with all centralized systems.
Why be a Cypherpunk?
A common argument against people wanting to use cryptography in various ways is the “nothing to hide argument,” which says that “if you don’t have anything to hide you don’t have anything to fear [from surveillance]”. The problem with it is that there are many things that you would like to keep private but that are not illegal or morally wrong.
On top of that just because something is illegal doesn’t mean it is morally wrong and vice versa. So this type of reasoning is incredibly flimsy.
Losing privacy and its protections are equated to climate change by some in terms of its effect on group psychology. People may intellectually understand that driving a car damages the environment, but they can rationalize it because of the personal benefit and the fact that their individual pollution is only a very tiny amount of the total. The cost of pollution is abstract and delayed.
Similarly, the cost of loss of privacy is abstract and a bit delayed. A lot of people don’t seem to understand how important privacy is until it’s all gone.
Surveillance for The Masses
In 2018, China blocked people from buying plane and train tickets 23 million times due to a “low social credit score.” This works similarly to a dystopian credit score. Many people have pointed out the perils to this system. It was even featured in a famous episode of the popular Netflix called Nosedive.
The actual scoring method is still shrouded in secrecy (ironically) by the tech companies under contract by the Chinese government. You can have your score lowered by buying too many video games or posting “fake news” on social media.
Other ways China penalizes its people s by throttling internet speeds, preventing citizens from enrolling in good schools and obtaining good jobs. And sometimes they even have their pets taken away. The only silver lining to this system is that it has been largely up to individual municipalities to implement. So a lack of standard systems and practices mitigates the damage for now.
This is exactly the type of system that many cypherpunks would detest. As technology becomes more ingrained in our lives, the data collected on our personal life increases while our privacy has decreased.
A Cypherpunk’s Manifesto
Shortly after the creation of the mailing list, a manifesto was created by Eric Hughes called, “A Cypherpunk’s Manifesto”. In the manifesto, Hughes immediately draws a clear distinction between secrecy and privacy.
Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn’t want the whole world to know, but a secret matter is something one doesn’t want anybody to know. Privacy is the power to selectively reveal oneself to the world.
Cypherpunks don’t expect governments, corporations, or any other type of organization to give privacy by default since they have incentives not to.
The Crypto Wars
The Crypto Wars refers to the U.S. government and its allies’ attempts at restricting public and foreign access to cryptography which they were not capable of decrypting or for which they didn’t have a back door.
Initially, the U.S. government shared and allowed approved organizations commercial applications of encryption technology. However, by the mid-1970s, there were enough publications and information on cryptography floating around. This was coupled with the demand for stronger encryption from commercial financial institutions. The U.S. then lost control of the export of encryption techniques.
Encryption Regulation Eases
In the 90s, the real pressure on governments to relax regulation on encryption started. Phil Zimmermann was one of the first non-corporate entities to export and challenge the strict rules when he released his PGP email encryption software. Zimmermann’s company would later hire Hal Finney, who would go on to be one of the first Bitcoin developers. U.S. restrictions even caused early software companies like Netscape to develop separate regional versions which had encryption of varying strength depending on the country.
Facing legal challenges from privacy advocates and mounting pressure from commercial entities, President Bill Clinton signed an executive order removing many of the restrictions around the export of strong encryption. Although these events were important, many things going on beneath the surface in cyberspace helped foster an environment for the widespread use of secure encryption.
Precursor projects to Bitcoin like HashCash and B-money by Wei Dai came around the same time. These proto-blockchain systems implemented many of the same features that Bitcoin had including a proof-of-work anti-spam mechanism. And the efforts have not stopped since. Today there are many projects with a focus on privacy stemming from cypherpunks, such as the Tor internet browser, BitTorrent, and Wikileaks.
In fact, if you are reading this, you have probably benefited from and used cryptography in the last few minutes. SSL certificates, for example, allow you to make a secure connection from your browser to a server. This prevents someone from being able to easily intercept information like credit card data. This is just one of the many uses of modern cryptography.
Thanks to the Code Rebels and Cypherpunks who fought in The Crypto Wars, privacy is at least an option. Now we have encryption that has enabled all sorts of fantastic technology, such as blockchain.
Cypherpunks to Blockchains
Laying out the foundation for blockchain decades prior was the cypherpunk movement with some academic work. Stuart Haber and W. Scott Stornetta are cited three times in Satoshi Nakamoto’s Bitcoin whitepaper as they developed an early blockchain type system for verifying timestamps of digital documents.
To do this they used hash functions to generate linked lists to create an immutable ledger. Users could then reference a hash to prove when they created the document. Haber and Stornetta created a paper in the 1990s called, “How to time-stamp a digital document”. In it, they outlined their methodology.
Approaching financial institutions
Haber and Stornetta saw the potential for their technology in the financial industry and went through several pitches with large banks about implementing it in some form. However, Stornetta says that they hadn’t quite made the technology “good enough” for real-world usage. They had not ironed out all the kinks. And according to him, they weren’t very good at marketing the tech. So none of the deals worked out.
In the 2000s, Hal Finney, a very noteworthy cypherpunk himself, went on to develop a reusable proof of work building on Hashcash. Following that, Nick Szabo published a proposal of Bit Gold, further building on Hal Finney’s ideas. Bit Gold was very close to what Bitcoin would end up being. Using a proof-of-work mechanism, it would hopefully bring some kind of perceived market value to the digital assets.
The Blockchain Revolution
In 2008, a cypherpunk going by the pseudonym Satoshi Nakamoto, published his whitepaper outlining the first “true” blockchain. Satoshi cited these sources in emails, online forums, and the whitepaper as his inspiration for Bitcoin. Pulling all the useful aspects of them together to form the first successful implementation of a digital, decentralized cash and payment system.
Satoshi himself very much fits the bill of cypherpunk. He was very concerned with privacy including his own. He went to great lengths to try and obscure his identity.
Even while in early development he often would respond to emails from the other people working on the Bitcoin source code in irregular intervals. It wasn’t unusual for the developers to send him several emails throughout a week which Satoshi would reply to all at once in a single email at odd hours.
Satoshi dedicated part of the whitepaper to privacy.
The traditional banking model achieves a level of privacy by limiting access to information to the parties involved and the trusted third party. The necessity to announce all transactions publicly precludes this method, but privacy can still be maintained by breaking the flow of information in another place: by keeping public keys anonymous. The public can see that someone is sending an amount to someone else, but without information linking the transaction to anyone. This is similar to the level of information released by stock exchanges, where the time and size of individual trades, the ‘tape’, is made public, but without telling who the parties were.
The Bitcoin whitepaper flips the transaction privacy model on its head by separating identities from the transactions that they create. This way no one needs to verify who you are. They just need to see that you created a real transaction on the blockchain. Satoshi was very much concerned with banks. Not just because of credit bubbles, bank runs, and the control they exert over the financial system, but also because of privacy.
Satoshi on banking
Banks must be trusted to hold our money and transfer it electronically, but they lend it out in waves of credit bubbles with barely a fraction in reserve. We have to trust them with our privacy, trust them not to let identity thieves drain our accounts. Their massive overhead costs make micropayments impossible.
As it turns out, like many times before, Satoshi had a great insight here. Some banks even have created default, opt-out data sharing policies. Customers often don’t know about these policies. And what’s worse is that a lot of these policies don’t even give very many specifics as to how the bank is sharing your data or to whom. But “rest assured” they are profiting from your data and your lack of privacy.
Taking privacy a step further
It is actually a misconception that Bitcoin transactions are anonymous. In fact, the whole point is that the transactions are all public. It is possible to build a digital fingerprint of a Bitcoin address by some of the following techniques:
- Observers: collect data on transactions and see what addresses send and receive money. Centralized institutions like exchanges aggregate addresses making it possible to observe value flows and potentially trace users. Further, agencies or hackers could obtain information about identities and their transaction behavior from the exchange itself.
- Dust: A few years ago some Bitcoin users noticed they were receiving small amounts of unsolicited BTC. The idea is that at some point in the future you will send this dust along with your own transaction. The dust is then traceable from one wallet or transaction to the next allowing linking of transactions.
- Wallet Providers: a likely way you could be traced is by centralized institutions and wallet providers, who collect all sorts of personal information, as required by KYC regulations.
Creating new addresses
One of the most important and first steps you can take when trying to protect your privacy that’s applicable to most blockchains, is creating new addresses. Satoshi recommends in the whitepaper that users never use the same address more than once.
As an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner. Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner. The risk is that if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner.
Recent Cypherpunk Innovations
Because privacy is such a big issue, there have been many innovations in the space that help to make it much easier for regular users to stay anonymous. Read more about that here: “Blockchain Security in the Age of Surveillance.“
Bitcoin Improvement Protocol 32 aids in the user experience by making it much easier to generate new public keys. Before BIP32, every time you would generate a new public key you would have to generate a new private key as well. The keys always came in pairs. Hierarchical Deterministic or HD wallets came into effect with BIP32.
The average American makes about 50 transactions per month. So to stay anonymous there would be a need to generate potentially hundreds of private keys per year.
What HD wallets allow users to do is to generate multiple key pairs from a single twelve-word master seed key. This is why most Bitcoin wallets require you to write down those twelve random words as backups.
Elliptic Curve Diffie-Hellman-Merkle Addresses
ECDHM addresses are a special type of Bitcoin address. They use complicated cryptographic techniques to allow two parties to secretly generate a key pair together without broadcasting that to the public network. Effectively this allows two parties to create secure communication over an insecure channel. ECDHM addresses allow reuse without privacy loss.
Coins Mixers work by taking a batch of input transactions from users wanting to anonymize their transactions, mixing them together and sending them to new clean addresses.
Coin mixing has been developed using several different algorithms, but they all share some of the same fundamental flaws in their design. The biggest problem being that it might be possible to determine if you sent funds to or from a coin mixer. So even if it’s not obvious where the funds came from, it could be obvious that you used a mixer at some point making you potentially guilty by association. Even if you were doing it purely for privacy reasons.
Coin mixing techniques
- CoinJoin – A special transaction type where multiple actors join a bundle of transactions into one. CoinJoin breaks the common-input-ownership heuristic, which assumes that all the inputs of a transaction come from the same actor
- CoinSwap – Coinswap works like an atomic swap. It allows two people to swap coins of equal value while also making the transactions on the blockchain appear to be unconnected. This can help increase a user’s privacy.
- TumbleBit – A server coordinates the exchange of digital signatures without having knowledge or links between the inputs and outputs of transactions.
Coin mixers often rely on centralized services with high fees and trust reliance. Although in recent years this has become less of an issue, thanks to decentralized alternatives. These mixers haven’t always been designed in the best way either. One analysis found that it is still sometimes possible to match identities, even after coin mixing.
Cypherpunks in the crypto community have gone out of their way to increase the privacy of Bitcoin and continually work towards higher levels of privacy. But they haven’t stopped there. New privacy-focused blockchains have been developed.
- Monero – Monero is the bread and butter of privacy blockchains. By default, its transactions are anonymous. Stealth addresses and ring confidential transactions help to make this possible. The Stealth address feature generates a unique, one-time use address for every transaction. Ring signatures then help to mask future outputs from an address making it much harder to trace if the coins move to some other address in the future.
- Zcash – Using zk-SNARKS or Zero-knowledge proofs, it is possible to verify that funds are in fact sent to another party without exposing any other information other than that the funds were sent. However, the zk-SNARKS process is expensive, time-consuming and it isn’t a default feature.
- Dash – Dash, like Zcash, isn’t private by default. But it implements a feature called Private Send. Private Send uses the CoinJoin algorithm to create private transactions. To facilitate this process on the Dash network, master nodes are used.
The Cypherpunks are still fighting
Cypherpunks are activists that promote the use of cryptography and fight for individual privacy rights. They have been, and continue to be incredibly important in creating technology to protect our personal information. Without their work, the world surely would be a much worse off place.