In a captivating talk (slides here, youtube here), Anna Lysyanskaya from Brown University took us on a deep dive into the cryptographic building blocks that can enable systems balancing privacy and accountability. Building on the ideas of David Chaum’s seminal work on anonymous digital cash in the 1980s, she walked through innovative protocols that put user privacy front and center while still providing important safeguards.
The Functions of Digital Money and e-cash
Lysyanskaya started by simplifying the concept of digital money down to three core functions:
- withdrawing from the bank,
- spending with a merchant,
- and the merchant depositing funds back to the bank.
The key challenge is making this entire cycle unforgeable and private. Chaum’s blind signatures provided an elegant solution, allowing users to withdraw “tokens” from the bank without revealing any information, and then spend them with merchants in an anonymized form.
But Lysyanskaya wanted to take this basic e-cash framework further. She described how “compact e-cash” protocols allow users to withdraw multiple coins in a single transaction and then incrementally spend them with different merchants. The complexity grows only logarithmically with the size of the “wallet”, making it much more efficient.
The core techniques powering these protocols are digital signatures, secure two-party computation, zero-knowledge proofs, and pseudorandom functions. In a withdraw transaction, the bank provides the user with random “seed” values and a blind signature, without learning anything about the user’s identity. The user can then derive unique serial numbers and double-spending equations to anonymously spend the tokens with merchants, proving the validity of the transactions without revealing their source.
Cryptography for Compliance
Lysyanskaya demonstrated how this base protocol can be augmented to enable important compliance features as well. For example, by having two linked serial numbers for each token – one for the coin itself, and one for the specific coin and merchant pair – it becomes possible to set limits on how much a user can transact with any single merchant before their identity is cryptographically revealed. This creates an automated way to prevent money laundering that’s impossible with physical cash.
She also outlined protocols for “glitch protection”, where a user’s identity is only revealed after multiple instances of double-spending, as well as features for adding encrypted watchlists that allow auditors to secretly track certain users’ transactions.
All of these advanced capabilities stem from composing various cryptographic primitives like Pedersen commitments, CL digital signature schemes, and pseudorandom proofs. The key is choosing and combining the right tools to construct verifiable, private, and auditable transactions.
Lysyanskaya emphasized that much of this foundational work has actually been around for years, proven secure in theory. The remaining barriers are more around standardization, practical implementations, and alignment on policy requirements. While promising standards like BBS+ signatures are emerging and platforms like Hyperledger are experimenting, there is still a need for further collaboration between cryptographers, developers, businesses, and policymakers.
As digital currencies and decentralized systems become more pervasive, the ability to maintain privacy while enabling compliance is becoming increasingly vital. No-one wants a future where all transactions are indiscriminately surveilled, but unchecked anonymity also carries risks. Lysyanskaya’s talk highlights how cutting-edge cryptography can bridge this divide, opening up new possibilities for inclusive and responsible systems – paving the way to the proverbial scenario of “having your cake and eating it too.”
The journey to realizing this vision will require continued innovation and dialogue across multiple domains. But as Lysyanskaya demonstrated, many of the core cryptographic components are already well-understood. The path is illuminated – now we must choose to walk it.
