in

The ‘godfather of crypto’ wants to create a privacy-focused CBDC: Here’s how


When it comes to the “crypto” part of cryptocurrencies, David Chaum’s work predates the crypto ecosystem. His efforts as a renowned cryptographer date back to 1989, long before Bitcoin (BTC) was a thing. 

Chaum developed the protocols that act as the basis of DigiCash — the world’s first digital currency secured by cryptography. As the CEO of privacy-focused network developer Elixxir, David Chaum is working with the Swiss central bank to develop a central bank digital currency (CBDC) that could also attract the crypto ecosystem due to its privacy features.

Named eCash 2.0, the new project aims to develop digital cash that would be “inalienably private” and quantum-resistant to counterfeiting. Since the technical details require a deep understanding of cryptography, Cointelegraph sat down with Chaum at Istanbul Blockchain Week to get a better understanding of the mechanics behind this crypto-friendly CBDC project.

A censorship-resistant CBDC

It all started when Thomas Moser, a board member at Swiss National Bank, invited David Chaum to Zurich for a conference and told him “he wanted to make eCash great again,” asking for his help in a new project.

“[Moser] couldn’t understand why people weren’t using eCash for CBDC,” Chaum started explaining. Big banks have too much to consider in terms of reliability and future readiness. So, they are not eager to invest in something that isn’t quantum-resistant.

As part of the project, which is internally called “Project Tourbillon,” Chaum developed a cryptographic protocol that proves a CBDC can protect privacy, be censorship- and quantum-resistant, scalable and even compatible with decentralized finance (DeFi) blockchains. One of his goals was to make the total supply number of coins transparent.

At first, the project team tried to use the legacy eCash but quickly realized it wasn’t a good fit for what they had in their mind. That’s why the BIS Innovation Hub, Swiss National Bank and xx Network based the joint project on eCash 2.0. Chaum noted that user-controlled privacy, “the best feature of the original eCash,” carried over to this new project.

According to the official announcement, Project Tourbillon aims to reconcile trade-offs between cyber resiliency, scalability and privacy by combining technologies like blind signatures and mix networks with the groundwork prepared by David Chaum and Thomas Moser.

Chaum pointed out that privacy is pivotal for banks, along with scalability and blockchain compatibility, as the public is very concerned about it. He noted the European central bank’s public call for comments about CBDC, highlighting that 40% of the comments were about privacy.

Recent: Will FTX’s ill wind reach the Global South? Maybe not

“You can withdraw $500 every day with your ATM card, but you can’t walk into a bank and withdraw $1,000,000 in cash — that’s privacy for the people,” Chaum explained. It should be similar in electronic payment systems, he noted. “Those systems should make it very difficult for someone to gather enough and use it for bad purposes, like hiring a hitman without being noticed.”

Inalienable keys: A new approach to privacy

To meet the privacy requirements of a digital currency, Chaum envisioned a privacy system in which it’s possible to prove a user knows their secret phrase without revealing it. It’s a relatively new approach that Chaum called “inalienable.”

The name, inalienable key, is derived from its key ability: This new private key type cannot be given or taken away by nature. The key itself is a phrase or a sentence that can be easily memorized by the owner but is impossible to guess by third parties.

Within the context of central bank digital currencies, when a user wants to join the CBDC system as a user, they can go to a bank office to prove that they know their inalienable key by confirming specific placements of random letters in the phrase.

When it’s done in a privacy-focused physical setting, as exemplified by Chaum in the image below, it helps users to prove that they know the key without actually revealing the private key. 

Once users confirm their identity, they can establish a whole family of related pseudonyms that can’t be seen together, although they are all linked to the user’s passphrase.

In the inalienable system, the user doesn’t have to go through the physical confirmation step after the first time. They can send their confirmation electronically and also create pseudonyms for every other specific situation, Chaum explains. He likened the pseudonyms to notebooks with specific signatures or “credentials.” He believes that the usability of inalienable keys extends beyond finance.

“They can represent that a user paid their taxes this year. Or they have graduated with high honors,” Chaum said, adding: “If they are asked for proof about any of those, they can use one of these pseudonyms and confirm it in a zero-knowledge way.”

Quantum resistance can’t wait for quantum computers

Any conversation with the “godfather of crypto,” a moniker given to David Chaum for his decades-long contributions to cryptography, would not be complete without discussing quantum resistance. While it’s not a direct threat to crypto — yet — quantum computers that can easily break Bitcoin’s SHA-256 cryptographic protocol are expected to arrive within the next decade. Therefore, being ready against attacks from such devices is a must for any future-proof systems and services.

Chaum advised that quantum resistance should be on everyone’s agenda. “Because the data, even though it can’t be read now, is easily saved.” Once quantum computers arrive on the scene without any warning, today’s encrypted data will be much easier to crack.

His company, Elixxir, is focusing on the quantum-resistance aspect of cryptocurrencies with xx Network, which uses quantum-resistant backup keys to support its xx coins. Chaum claimed that xx Network was able to do 3,500 quantum-resistant transactions per second during the xx coin public test.

Recent: Decentralized solutions for climate change are key as COP disappoints

But, money is not everything; communication also matters. Chaum stressed that most of today’s chat services use end-to-end encryption as a promotional label. He added that most modern messengers are misdirecting people to prevent them from noticing that there’s no metadata shredding, adding that anyone who taps one of these messengers can see all of “who talks to who” globally:

“We thought, we’ll put quantum-resistant encryption to protect the message content, then announce it and see what happens. And we did, and we have it, and none of the other messengers followed.”

Instant messaging services don’t care about their so-called strong end-to-end encryption, Chaum claimed, “because they don’t have it.”