David Lee Chaum (born 1955) is an American computer scientist, cryptographer, and inventor. He is known as a pioneer in cryptography and privacy-preserving technologies, and widely recognized as the inventor of digital cash. His 1982 dissertation "Computer Systems Established, Maintained, and Trusted by Mutually Suspicious Groups" is the first known proposal for a blockchain protocol.[1] Complete with the code to implement the protocol, Chaum's dissertation proposed all but one element of the blockchain later detailed in the Bitcoinwhitepaper. He has been referred to as "the father of online anonymity",[2] and "the godfather of cryptocurrency".[3]
He is also known for developing ecash, an electronic cash application that aims to preserve a user's anonymity, and inventing many cryptographic protocols like the blind signature, mix networks and the Dining cryptographers protocol. In 1995 his company DigiCash created the first digital currency with eCash.[4]: 65–70 His 1981 paper, "Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms", laid the groundwork for the field of anonymous communications research.[5]
More recently in 2020, Chaum founded xx network, a privacy-focused blockchain platform, and in 2021 launched xx coin (abbreviation XX), a cryptocurrency designed to enhance user privacy and provide quantum resistance.[6][7]
Recently credited by Alan Sherman's "On the Origins and Variations of Blockchain Technologies",[1] Chaum's 1982 Berkeley dissertation proposed every element of the blockchain found in Bitcoin except proof of work. The proposed vault system lays out a plan for achieving consensus state between nodes, chaining the history of consensus in blocks, and immutably time-stamping the chained data. The paper also lays out the specific code to implement such a protocol.
Digital cash
Chaum is credited as the inventor of secure digital cash for his 1983 paper, which also introduced the cryptographic primitive of a blind signature.[19] These ideas have been described as the technical roots of the vision of the Cypherpunk movement that began in the late 1980s.[20] Chaum's proposal allowed users to obtain digital currency from a bank and spend it in a manner that is untraceable by the bank or any other party.[21]
In 1988, he extended this idea (with Amos Fiat and Moni Naor) to allow offline transactions that enable detection of double-spending.[22]
In 1990, he founded DigiCash, an electronic cash company, in Amsterdam to commercialize the ideas in his research.[4]: 119 The first electronic payment was sent in 1994.[23] In 1998, DigiCash filed for bankruptcy, and in 1999 Chaum sold off DigiCash and ended his involvement with the company.[12][24]
New types of digital signatures
In the same 1982 paper that proposed digital cash, Chaum introduced blind signatures.[19] This form of digital signature blinds the content of a message before it is signed, so that the signer cannot determine the content. The resulting blind signature can be publicly verified against the original, unblinded message in the manner of a regular digital signature.[25]
In 1989, he (with Hans van Antwerpen) introduced undeniable signatures.[26] This form of digital signature uses a verification process that is interactive, so that the signatory can limit who can verify the signature. Since signers may refuse to participate in the verification process, signatures are considered valid unless a signer specifically uses a disavowal protocol to prove that a given signature was not authentic.[27]
In 1991, he (with Eugene van Heyst) introduced group signatures, which allow a member of a group to anonymously sign a message on behalf of the entire group.[28] However an appointed group manager holds the power to revoke the anonymity of any signer in the case of disputes.[29]
Anonymous communication
In 1981, Chaum proposed the idea of an anonymous communication network in a paper.[30]
His proposal, called mix networks, allows a group of senders to submit an encryption of a message and its recipient to a server. Once the server has a batch of messages, it will reorder and obfuscate the messages so that only this server knows which message came from which sender. The batch is then forwarded to another server who does the same process. Eventually, the messages reach the final server where they are fully decrypted and delivered to the recipient. A mechanism to allow return messages is also proposed. Mix networks are the basis of some remailers and are the conceptual ancestor to modern anonymous web browsing tools like Tor (based on onion routing). Chaum has advocated that every router be made, effectively, a Tor node.[31]
In 1988, Chaum introduced a different type of anonymous communication system called a DC-Net, which is a solution to his proposed Dining Cryptographers Problem.[32] DC-Nets is the basis of the software tool Dissent.[33]
Chaum has made numerous contributions to secure voting systems, including the first proposal of a system that is end-to-end verifiable. This proposal, made in 1981,[30] was given as an application of mix networks. In this system, the individual ballots of voters were kept private which anyone could verify that the tally was counted correctly. This, and other early cryptographic voting systems, assumed that voters could reliably compute values with their personal computers. In 1991,[citation needed] Chaum introduced SureVote which allowed voters to cast a ballot from an untrustworthy voting system,[36] proposing a process now called "code voting" and used in remote voting systems like Remotegrity and DEMOS.[37][38]
In 1994, Chaum introduced the first in-person voting system in which voters cast ballots electronically at a polling station and cryptographically verify that the DRE did not modify their vote (or even learn what it was).[39] In the following years, Chaum proposed (often with others) a series a cryptographically verifiable voting systems that use conventional paper ballots: Prêt à Voter,[40]Punchscan,[41] and Scantegrity.[42] The city of Takoma Park, Maryland used Scantegrity for its November, 2009 election.[43] This was the first time a public sector election was run using any cryptographically verifiable voting system.[44]
In 2011, Chaum proposed Random Sample Elections.[45] This electoral system allows a verifiably random selection of voters, who can maintain their anonymity, to cast votes on behalf the entire electorate.[46]
Other contributions
In a 1979 report published as Memorandum No. UCB/ERL M79/10[47] by the Electronics Research Laboratory at the University of California, Berkeley, Chaum proposed a mechanism for splitting a cryptographic key into partial keys that could be distributed among mutually suspicious groups. This concept was a significant predecessor to what is now known as secret sharing.[48]
In 1985, Chaum proposed the original anonymous credential system,[21] which is sometimes also referred to as a pseudonym system.[49] This stems from the fact that the credentials of such a system are obtained from and shown to organizations using different pseudonyms which cannot be linked.
1991, with Torben Pedersen, he demonstrated a well-cited zero-knowledge proof of a DDH tuple.[51] This proof is particularly useful as it can prove proper reencryption of an ElGamal ciphertext.
Chaum contributed to an important commitment scheme which is often attributed to Pedersen. In fact, Pedersen, in his 1991 paper,[52] cites a rump session talk on an unpublished paper by Jurjen Bos and Chaum for the scheme. It appeared even earlier in a paper by Chaum, Damgard, and Jeroen van de Graaf.[53]
^ abcGreenberg, Andy (2012). This Machine Kills Secrets: How WikiLeakers, Cypherpunks, and Hacktivists Aim to Free the World's Information. Dutton Adult. ISBN0525953205.
^Blanchette, Jean-François (2012). Burdens of Proof: Cryptographic Culture and Evidence Law in the Age of Electronic Documents. MIT Press. ISBN026230080X.
^Chaum, D., Das, D., Javani, F., Kate, A., Krasnova, A., Ruiter, J.D., & Sherman, A.T. (2017). cMix: Mixing with Minimal Real-Time Asymmetric Cryptographic Operations. ACNS.
^David Chaum and Torben P. Pedersen. 1992. Wallet Databases with Observers. In Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO '92), Ernest F. Brickell (Ed.). Springer-Verlag, London, UK, UK, 89-105.
^Pedersen, T. P. (1992). "Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing". Advances in Cryptology – CRYPTO '91. Lecture Notes in Computer Science. Vol. 576. Berlin, Heidelberg: Springer. pp. 129–140. doi:10.1007/3-540-46766-1_9. ISBN978-3-540-55188-1.
^Chaum, D.; Damgård, I. B.; Graaf, J. (1988). "Multiparty Computations Ensuring Privacy of Each Party's Input and Correctness of the Result". Advances in Cryptology – CRYPTO '87. Lecture Notes in Computer Science. Vol. 293. p. 87. doi:10.1007/3-540-48184-2_7. ISBN978-3-540-18796-7.
^Advances in Cryptology – Proceedings of CRYPTO 82. Chaum, David., Rivest, Ronald L., Sherman, Alan T. New York: Plenum Press. 1983. ISBN0306413663. OCLC9488557.{{cite book}}: CS1 maint: others (link)
Chaum, D. (1997). "David Chaum on Electronic Commerce How much do you trust Big Brother?". IEEE Internet Computing. 1 (6): 8–16. doi:10.1109/MIC.1997.643931. S2CID8072432.