The “Cypherpunks” Who Invented Private Digital Money

Years before credit card transactions gave banks and data-brokers free access to our private financial information, a man named David Chaum became the first person to really, materially grapple with the problem of privacy in money. His ideas inspired a movement of "Crypto Anarchists" who aspired to change money, forever.

Hosted By

Ran Levi

Exec. Editor @ PI Media

Born in Israel in 1975, Ran studied Electrical Engineering at the Technion Institute of Technology, and worked as an electronics engineer and programmer for several High Tech companies in Israel.
In 2007, created the popular Israeli podcast, Making History, with over 14 million downloads as of Oct. 2019.
Author of 3 books (all in Hebrew): Perpetuum Mobile: About the history of Perpetual Motion Machines; The Little University of Science: A book about all of Science (well, the important bits, anyway) in bite-sized chunks; Battle of Minds: About the history of computer malware.

Special Guest

Jacob Goldstein

Executive Producer and Host at Pushkin Industries

Co-host of NPR's Planet Money. Did stories for All Things Considered, Morning Edition and This American Life. Author of "Money: The True Story of a Made-Up Thing."

The “Cypherpunks” Who Invented Private Digital Money

It’s a question we’ve all had to ask ourselves at one point or another: What’s the best way to catch a pleasant, “fun-loving,” serial killer grandma on the loose in Florida?

On April 9th, 2018, after the manager of the Marina Village hotel in Snug Harbor, Florida found a decomposing body in the bathroom of room 404, Lee County officers began their usual procedure for investigation. They questioned guests at the hotel, and the ex-husband and friends of the victim: a middle-aged car saleswoman named Pam Hutchinson. Some of the information they gathered was useful but, ultimately, one category of evidence broke the case.

You see, Hutchinson had clearly been dead for at least a few days. But on April 6th — three days prior — she’d managed to withdraw $5,000 from a bank, and book another hotel 130 miles away. Once there she’d ordered room service, twice. On April 7th she made three $500 withdrawals from an ATM, then used the money at a casino in Louisiana, 1,000 miles from the bathroom where her body was decomposing at the very same time. She actually won at that casino — $1,500 off a $5 bet.

The woman who collected that prize handed the casino teller a driver’s license and Social Security card belonging to Lois Riess.

Like a big, messed up game of Where’s Waldo, the Lee County police were able to trace where Lois Riess — posing as Pam Hutchinson — had been at every step of her getaway. It was easy, because her withdrawals and purchases were a trail of breadcrumbs.


Hi, I’m Ran Levi, welcome to Cybereason’s Malicious Life. The story of Lois Riess — the beloved small town grandma who murdered her husband and one stranger — isn’t one you hear every day. But the crucial mistake that led to her capture is rooted in a fundamental oversight that most people make: Most people just don’t realize how much personal information is stored in their financial transactions.

You know who really understood that? Andy Warhol. Yeah, not the first person you’d have guessed. Beginning in 1976, every morning at around 9 AM, Warhol would recount all the things he’d purchased the day prior, over the phone, to his secretary. At first, it was a way to keep track of itemized deductions for tax purposes. Soon, though, he got in the habit of recounting what he’d done that day through these transactions. What began as a payments ledger turned into a diary — which later became a best-selling book — and then a Netflix series.

You don’t think about it, but just look at your credit card statement from last Monday — the coffee you got in the morning, lunch, errands, a new shirt. You hardly remember dropping 120 dollars at that bar, but your credit card company sure does. For Lois Riess, Andy Warhol, you, and me, what we buy tells a story about our lives.

That story is, of course, maintained by powerful financial institutions. And it’s sometimes being accessed by the government. In the wake of 9/11, for example, U.S. law enforcement began to test the 4th amendment rule against unreasonable searches and seizures by secretly spying on Americans’ credit card purchases. The term for it was “Hotwatch” orders, and the stated goal was to combat terrorism, but it’s unclear whether Hotwatch orders ever totally went away. As recently as 2015, attorneys on behalf of the American Bar Association complained how, quote:

“The danger with blindly complying with Hotwatch orders is that they have questionable legal authority, and compliance may set a dangerous precedent for more frequent abuse of law enforcement tools to easily obtain private financial information.”

These days, you’re most likely to find data brokers profiteering off your financial history without your knowledge. Retailers, your credit card provider, credit agencies, and all kinds of middlemen can trade what they know about you like a giant, incestuous game of hot potato.


Years before our digital dystopia actually came to pass, a man named David Chaum became the first person to really, materially grapple with the problem of privacy in money.

“[Goldstein] David Chaum is amazing.”

That’s Jacob Goldstein — co-creator of NPR’s “Planet Money,” host of a great new show called “What’s Your Problem,” and author of “Money: The True Story of a Made-Up Thing,” which inspired today’s episode.

“[Goldstein] So he is a cryptographer. Also a kind of a hippie-esque. You know, had a VW bus, hung out in Berkeley.”

Chaum didn’t start off thinking about money. He was a computer scientist who first made his name by predicting, before the rest of us, just how difficult it would be to find privacy online, even in the most ordinary of circumstances.

Just imagine, for a moment, that I’m Nate Nelson’s internet service provider. We can say, right off the bat, that I shouldn’t be able to read the content of what he’s up to online. His appointment with his doctor, his pharmacy order for butt rash cream, and his Google searches for “butt rash getting worse, even after cream,” are his business. But even the kind of information you might imagine I have — about what IP addresses he’s visited, and when — reveals a whole lot of information. A proctologist’s website,, WebMD, and so on, gives me an indication of the weird issues he has going on.

Chaum called it “the traffic analysis problem” — in general, how could any two parties expect to communicate over a network hosted by a third, without that third being able to peer inside? He sat with this for a while until, one day, as he recalled to the BBC, the answer suddenly came to him. Quote:

“I was driving from Berkeley to Santa Barbara, along the coast line in my VW campervan, and out of nowhere — beautiful scenery, I was just driving along, and it occurred to me how to solve this problem I’ve been trying to solve for a long time. Yeah, it was kind of a, you know, a Eureka moment. I felt like, hey, this is it!”

In simple terms, Chaum took the kind of encryption we use for messages, and applied it to entire networks — encrypting the very facts of who is talking to whom, and when. His invention — the mix network — would go on to inspire Tor. 

But before that, he started practically applying his idea — first to electronic mail, then electronic finance.


To anyone else, money wouldn’t have seemed an obvious use case for encryption technology. For 2,600 years privacy wasn’t even a property it held.

“[Goldstein] One of the amazing things about buying things with cash, with paper money is no third party has to know. I give you the money. You give me the thing. We’re done with the deal and that’s it and nobody has to know.”

We still use cash, and it’s still anonymous. But, right around the 80s, financial transactions started to occur through computers, as well. Therefore, like internet queries or emails, they were subject to Chaum’s traffic analysis problem.

“[Goldstein] He sees technology developing and what he realizes is that we are entering into a world that he calls the “dossier society” where basically everything we do is going to be tracked including buying stuff, right?”

It wasn’t simply a matter of evil, Orwellian corporations and governments prying in on our private lives. This futuristic dossier society, Chaum recognized, needed to be tracked.

Criminals will always exist, and they’ll always look for weaknesses in the financial system to steal, swindle and launder money. Nobody wants that, but how do you prevent that without closely monitoring transactions? “The obvious solution for organizations,” Chaum wrote, “is to devise more pervasive, efficient, and interlinked computerized record-keeping systems.” In essence, we’d have to give up on security for privacy or, more likely, privacy for security.

In three papers, published in 1983 and 1985 and 1988, Chaum gradually outlined how cryptography could be applied to fix the privacy-security tradeoffs of networked payments.


 “[Goldstein] And a few years later in the ‘90s, there is this – manin a slightly too strong a word, but there’s a tremendous excitement about this idea of digital money and you see it in all the ways you would expect to see it now. You know, articles in the New York Times magazine and Wired magazine and then Chaum goes out and starts a company called DigiCash.”

DigiCash — the culmination of years of research. A cryptographically-protected payments network you could use with what amounts to a debit card.

“[Goldstein] A card you get from your bank that has money on it and you can use it at a store.”

Simple, right? But when he founded the company in 1989, it was hardly a given that internet-based payments could work. Even years later, following the first DigiCash transaction, Chaum proudly proclaimed how with his system, quote:

“You can pay for access to a database, buy software or a newsletter by email, play a computer game over the net, receive $5 owed you by a friend, or just order a pizza. The possibilities are truly unlimited.”

“[Goldstein] You can use it wherever you want to buy stuff. But the key thing is he sets up this cryptographic system where the bank can validate for the merchant that you have the money on your card to make the purchase without knowing what you’re buying, right?”

All it took was some public-private key cryptography — blind signatures that generated verifiable yet private purchases.

“[Goldstein] It’s very clever and subtle and not intuitive that you could do that, right? That the bank could say, “Yes, Jacob has $8 on his card. Merchant, you can go ahead and process this transaction. You will get your $8.” But the bank does not know what I’m buying, where I’m buying, who I’m buying it from.”


DigiCash threatened the omniscience of financial institutions. You’d imagine, then, that those institutions would have worked to reclaim that power, by making DigiCash go away. In fact, they did the opposite.

“[Goldstein] So if the banks see the digital world coming, they know they have been kind of the center of money for hundreds of years. If you’re a savvy bank, you say to yourself, “Well, I want to stay in the game,” right? If digital money is the way things are going, I want to be the trusted intermediary for digital money.”

After a year and a half, DigiCash was partnering with banks on four continents — in the U.S., Australia, Japan, Switzerland and Germany.

Representatives of Citibank — one of the very largest banks in America — met personally with David Chaum, in order to learn from him. In the years that followed, they built their own “Electronic Monetary System,” featuring their very own digital currency. The federal government took an interest in the prototype, testing it for several years behind closed doors. In one instance, officials used Citi’s digital money to purchase tens of thousands of Dell computers. In another, they used it to collect taxes from a tobacco company. In total, these Citi e-money transactions equaled around 350 million dollars.

This was, clearly, the future. But not if Timothy May had anything to say about it.


If David Chaum is the hippie godfather of digital currencies, Timothy May is its crazy uncle. 

May was extreme in just about every way. He wasn’t just smart, for example, he was a savant. There’s a story his sister told The New York Times about how, years ago, he was accepted to Mensa — an organization for individuals who score in the 98th percentile or above in IQ tests. After attending some Mensa meetings, he concluded that its members were a “bunch of dummies” who weren’t worth his time.

In general, May didn’t vibe so well with broader society. He would write violently online about the U.S. government. He found taxes offensive. He opposed democracy for empowering the, quote, “clueless 95 percent.”

At only 34 years old, May retired from his job as a senior scientist at Intel to live a reclusive life on the beaches of Santa Cruz, California. He spent his days with his cat Nietzsche, walking on the beach, and reading: technical journals, philosophy and science fiction books, and then, one day, David Chaum’s paper on private digital money.

“[Goldstein] and it’s like a revelation to him. Timothy May actually passed away a few years ago. But I talked to him when I was working on the book and he told me, you know, he read the paper and he just thought, “This is it,” right? “This is the future. I’m reading about it right now.””

Jacob sums it up best in his book. Quote:

“As an engineer, a libertarian, and a sci‐fi fan, he grasped the technical details, the personal stakes, and the potential for profound social transformation. Indeed, his vision went even further than Chaum’s. So May did what you do when you’ve just discovered the thing that’s going to change the world and you don’t have a job and you’re living alone with a cat named Nietzsche: he wrote a manifesto.”

“[Goldstein] He calls it the “Crypto Anarchist Manifesto” and, you know, he’s going big. I mean it’s a little bit playful but he’s swinging for the fences. “

“A specter is haunting the modern world,” May wrote, “the specter of crypto anarchy. Computer technology is on the verge of providing the ability for individuals and groups to communicate and interact with each other in a totally anonymous manner.”

“[Goldstein] He says, “These developments will alter completely the nature of government regulation, the ability to tax and control economic interactions. The state will of course try to slow or halt the spread of this technology, citing national security concerns, use of the technology by drug dealers and tax evaders and fears of societal disintegration. Many of these concerns will be valid. Crypto anarchy will allow national secrets to be traded freely. It will allow illicit and stolen materials to be traded. But these will not halt the spread of crypto anarchy.””

At a Chaum-hosted cryptography event in 1988, May — big, bearded, not always so friendly — milled around, handing out copies of his manifesto. Few people paused to take an interest. But that day, May laid the seeds for a movement that would one day change money forever.


“[Goldstein] So there is actually this moment, this one gathering in 1992 at the house of a mathematician named Eric Hughes.”

Hughes had been working with David Chaum in the Netherlands. He hadn’t yet bought furniture for his new Oakland home, so his visitors — predominantly grown-ass men — had to sit around on the floor. Still, there was an energy in the room.

Timothy May opened the event with a reading of his now four-year-old manifesto, to rousing support. Then the group played a cryptography game, and ordered Thai food for dinner. Some crashed on the floor for the night.

One of the attendees at the meeting — Jude Miller — was a journalist. As a writer, she had a hunch that “crypto anarchists” was a title that would scare people away from the movement.

“[Goldstein] So she comes up with the name “cypherpunks”.

The name stuck. Chaum’s colleague Hughes summarized the movement in, of course, a manifesto: “A Cypherpunk’s Manifesto.” “We the Cypherpunks are dedicated to building anonymous systems,” he wrote. “We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.”

If the name Cypherpunks sounds familiar, that’s probably because we already mentioned the group in an earlier episode we did, about Cicada 3301 – the mysterious Internet puzzle that some people think might have been created by one of its members.


 “[Goldstein] The bigger dream is what if we could have digital money without a trusted intermediary.”

Chaum had some nice ideas in the 80’s, but DigiCash was a corporation. Citibank is an anarchist’s nightmare. The Cypherpunks wanted more.

“[Goldstein] What if there’s just some technical system, some code basically that allows for digital money without an intermediary?”

They envisioned what you might call “a purely peer-to-peer version of electronic cash” that “would allow online payments to be sent directly from one party to another without going through a financial institution.”

“[Goldstein] And that for fairly obvious reasons I think is super hard, right? Like if there’s not some central intermediary, who decides how you create money? Who decides who gets money? Who decides who – how do you know who has how much money, who validates me paying you? What if you just lie? What if I have a piece of money and I try and use the same piece of money to buy two different things? Like there’s a million ways that that shouldn’t work.”


After five years, one cypherpunk-adjacent researcher named Adam Back made the first breakthrough. Back wasn’t even working on the money problem — his research focused on email spam.

“[Goldstein] If you’re old enough to remember the ‘90s, you remember that email spam was actually a huge problem then. There just wasn’t the kind of AI filters that we have today. So, you know, you get excited about email and then suddenly like 90 percent of the things in your email box are just trying to sell you fake Viagra, right? [. . .] 

He comes up with this idea that he calls “hashcash” in order to fight email spam and the basic idea behind hashcash is if you want to send an email, your computer has to do a little bit of computational work, right? Not a lot but a little bit and it has to do it in a way that is a little bit of work to solve and then once it’s solved, it’s really easy for another computer to verify that it has been solved.”

The technical term for this is “proof of work.”

“[Goldstein] So what does that mean? It means you can’t create an email address and send 10 million emails a day because your computer just couldn’t do that much computational work to send each email.”

By the same logic — just as easily as it could prevent a computer from producing endless numbers of spam emails — hashcash could prevent a computer from producing endless sums of digital money. In a theoretical system for digital payments, users could be required to dedicate computational work to earning money, to ensure fairness.

Hashcash wasn’t a monetary system unto itself — it wasn’t even, really, for money — but it did solve one problem. It was one step, one infinity stone. Something to build on.


“[Goldstein] Another person in this community who knows about Adam Back’s work, about hashcash. This is a coder. His name is Wei Dai.

Wei Dai was just 21 or 22 years old in 1998, when he came up with what’s arguably the most unintuitive idea to ever grace digital money. To grasp it, first consider what a bank, basically, exists for.

“[Goldstein] So what is my bank account? If I have $1000 in the checking account, it doesn’t mean that there’s a pile of a thousand, you know, one dollar bills in a vault at the bank. 

All it means is the bank keeps a list and it says my name Jacob Goldstein and next to my name it says I have $1000 in my checking account and then if I want to send $100 to you, my bank minuses $100 next to my name. Suddenly I have $900 in my account. It tells your bank to add $100 next to your name. Suddenly you have $100 more next to your name on your bank’s list in your checking account.”

Without banks, how could you possibly make up for this essential function? Dai’s idea wasn’t to get rid of it but, rather, to invert it. Like an inside-out sock.

“[Goldstein] we won’t have a central intermediary keep a ledger. We will have everybody in the system keep a ledger.”

A decentralized ledger. Instead of a bank, everybody, collectively, would ensure the legitimacy of transactions.

“[Goldstein] So everybody will know how much money everybody has at all times.”

Dai called his system “b-money.” But he knew, even before posting about it online, that it was practically impossible.

“[Goldstein] He says like, look, sure, we could have everybody keep a ledger all the time. But, you know, then everybody has to be online all the time. Why would anybody do that? It’s a lot of work and there’s also the problem of how you get this new digital money out to people in the first place and he has a few ideas about that. But they don’t quite land. [. . .] So if you think about Adam Back’s hashcash and Wei Dai’s B-money, they’re creating these building blocks. But they know that they’re not all the way there yet.”

David Chaum’s DigiCash, where we left it, had everything going in its favor. All the major news outlets, and some of the biggest names in technology and finance — including Tim Berners-Lee, founder of the internet, and Alan Greenspan, Chairman of the Federal Reserve — were talking up digital money. Small, medium and giant banks alike were interested in or fully testing DigiCash for themselves. Rumor had it that Microsoft offered millions of dollars to buy out DigiCash, but Chaum turned them down.

But then, in the mid-90s, it was time for people to actually start using DigiCash. In his book, Jacob describes what happened next. Quote:

[D]espite what ordinary people said when you asked them about privacy (“We’re for it!”), people’s actions revealed they didn’t really care all that much about privacy. As people started buying stuff online, they didn’t bother with private digital cash. Instead, they used their credit cards. Eminently traceable, completely not secret, subject to significant fees. Also profoundly convenient.

A contemporaneous article from The Economist summed it up by writing, quote, “Electronic money has thus turned out to be a solution in search of a problem.” In 1998, just three years after its launch, DigiCash Incorporated filed for bankruptcy. Every other digital money system failed, too.


For all their hard work — for all their interesting ideas and technical achievements — the Cypherpunks still struggled to develop anything worth using. Even a decade after b-money — a decade and a half since that meeting on the floor of Eric Hughes’ house — all their collective genius had spawned not one functional system for private digital payments. On online forums, a new generation of Cypherpunks experimented with proof of work and decentralized ledgers, proposing funky workarounds with varying degrees of merit to them.

Until, in August of 2008, Wei Dai received an email from a stranger.

“I was very interested to read your b‐money page,” the message read. “I’m getting ready to release a paper that expands on your ideas into a complete working system.”

The anonymous sender attached a draft of their paper to the email. They titled it “Electronic Cash Without a Trusted Third Party.” Two months later they published it online, with an updated title:

“Bitcoin: A Peer‐to‐Peer Electronic Cash System.”