Crypto Wars & The Cypherpunk Movement
First, let’s get one thing clear: Bitcoin is not a technology — It’s a movement. (I’m not personally a ‘Bitcoin maximalist’, but I have the utmost respect for the people who paved the way for Bitcoin — and the rest of crypto & web3 protocols to come into being).
The movement behind Bitcoin actually started decades before Bitcoin was invented, with what is today known as the “Crypto Wars.” The Crypto Wars had been an ongoing movement by the NSA since the 1950s, designed to limit the general public’s access to cryptography that could not be decrypted by the NSA and other intelligence agencies.
Encryption wars starting in the Cold War Era
Prior to the 1970s, encryption was only used by the US military and intelligence agencies and was specifically included as a Category XIII item in the United States Munitions List. This list was created during the Cold War because the US didn’t want the Eastern Bloc to attain Western technologies. In order to distribute the technology to persons outside of the US, an export license was required.
Data Encryption Standard (DES)
By the 1960s, the restrictions on encryption exports were becoming an issue for banks that wanted to use encryption for international wire transfers. Moreover, the US government needed encryption to protect unclassified but still sensitive information.
This motivated the government to develop encryption technology that could be used for general purposes. The National Bureau of Standards (NBS) solicited proposals for a cipher that would meet rigorous design criteria.
Many attempts were made at developing a cipher that would meet the requirements. It wasn’t until 1974 that IBM designed a standard that was accepted by the NSA, known as the Data Encryption Standard (DES).
In 1975, the NSA approved the use of DES on all unclassified data, and so it became widely used internationally.
The DES was criticized by academics for being too weak. IBM originally designed the length of the encryption key to 64 bits, but the NSA wanted it to be 48 bits to make it easier for them to break. Eventually, they settled on 56 bits. (the longer the key length, the harder it is to break the encryption.)
Moreover, the academic community was suspicious that the NSA weakened the algorithm such that only they could easily read encrypted messages. Cryptographers, who remained suspicious of the NSA, continued to research the matter. Two decades later, they came to the conclusion that 1) IBM did in fact know about the NSA’s interventions, and 2), the NSA’s interventions actually made the algorithm stronger (and not weaker). Pretty funny.
Overall, the creation of DES was an important milestone in the history of cryptography because it spawned the development of encryption algorithms outside of military use. Cryptography as an academic subject flourished because of DES.
Cryptography as an academic subject
In 1967, a researcher at Stanford, David Kahn, published the book The Codebreakers. This book became a canonical resource for nerds interested in cryptography.
Whitfield Diffie was a child prodigy who read the book and became obsessed with finding a way to use cryptography to create privacy for individuals.
The traditional password scheme was too weak because it required trusting a central administrator to manage the keys. If that person or entity was asked by the government to reveal the password, they would. That wasn’t good enough for Diffie.
He recognized that the solution was to build a decentralized system where each person held the key to his or her own privacy. Messages could only be decoded if one held the key. The problem was that sending the key to the recipient over the internet made it easy for any hacker to intercept the message and thereby gain access to the key.
Diffie went on a worldwide search to learn as much as he could about cryptography from other experts. Eventually, he and a research partner, Martin Hellman, invented what became known as public-key cryptography, where every user had both a public key and a private key. Any person could encrypt a message using the receiver’s public key, but that encrypted message could only be decrypted with the receiver’s private key.
It was a brilliant breakthrough that was generated completely outside of the government’s domain!
The cryptography movement continued to pick up steam
In 1977, three MIT scientists invented “RSA” that implemented the Diffie-Helman scheme. RSA was the first working public-key system and was stronger than the government-sponsored DES scheme we learned about above.
However, the problem with RSA was that it was built and managed by a company called RSA Data Security. The company held the patents to the RSA technology, and anyone who wanted to use it had to purchase a license. No matter how well-meaning the company might be, cryptographers felt that the level of privacy was still not good enough.
The invention of PGP
Programmer and cryptography enthusiast Phil Zimmermann wanted to combine his passion for computers and cryptography by implementing public-key cryptography for personal computers. He spent the next 15 years building his ultimate invention: PGP (Pretty Good Privacy). In June 1991, it was ready for release.
He wanted PGP to be widely disseminated so that everyone with a personal computer could have access to privacy tools. Zimmerman was afraid the government might try to prevent the use of strong encryption software like PGP by outlawing cryptography. Before anything like that could happen, he gave away the software for free, no strings attached.
Lo and behold, it became an overnight success. People around the world downloaded the software.
“It was overseas the day after the release. I’ve gotten mail from just about every country on Earth.”
PGP spread the gospel of public-key cryptography around the world. It unleashed the possibilities of cryptography to protect people’s privacy.
Encryption wars continue during the PC era
As personal computers and internet-based communications grew, government export controls on encryption became even more of a challenge. Given that all communication and data storage was now going digital, maintaining privacy of this information was even more crucial. But the government didn’t want to just let the public be in charge of privacy because it felt it needed ways to intervene when necessary, such as when investigating criminal activity.
But cryptographers were all about privacy. They didn’t want the government to have special access to intervene. This led to a lot of conflict between the government and internet companies that were using encryption to build internet-based services
For example, Netscape’s SSL technology used public-key cryptography to protect credit card transactions. The SSL-encrypted messages used a cipher that used 128-bit keys. However, the US government at the time did not allow the export of 128-bit keys. The longest key size that was allowed to be exported to other countries was 48 bits, so Netscape ended up having to create a 40-bit international browser edition and a 128-bit domestic browser edition.
Similar conflicts arose among other internet companies that were starting to boom at the time, such as e-commerce companies. This eventually led the US government to relax export controls. The government removed encryption from the US Munitions Lists, added it to the Commerce Control List, and no longer considered encryption software a technology as far as exports were concerned.
To this day, export controls are controlled by the Bureau of Industry and Security (BIS), with the standards being a lot more lax than before.
The cypherpunks
Meanwhile, a group of rebels, known as the cypherpunks, had been watching all of the encryption wars going down over the preceding three decades.
These rebels opposed state control, especially of the internet. They felt that the government intervening in the early internet had led to censorship and lack of privacy. The restrictions on the export of encryption algorithms went against their core belief that privacy is a human right. They wanted to create a world where all information on the internet could be traced ONLY if the person sending a message wanted that information revealed.
The cypherpunks believed cryptography was the path to freedom and would allow people to maintain total privacy over their own communications.
In 1992, the Cypherpunk mailing list launched with the following manifesto:
A Cypherpunk’s Manifesto
by Eric Hughes
Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn’t want the whole world to know, but a secret matter is something one doesn’t want anybody to know. Privacy is the power to selectively reveal oneself to the world.
If two parties have some sort of dealings, then each has a memory of their interaction. Each party can speak about their own memory of this; how could anyone prevent it? One could pass laws against it, but the freedom of speech, even more than privacy, is fundamental to an open society; we seek not to restrict any speech at all. If many parties speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The power of electronic communications has enabled such group speech, and it will not go away merely because we might want it to.
Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.
Therefore, privacy in an open society requires anonymous transaction systems. Until now, cash has been the primary such system. An anonymous transaction system is not a secret transaction system. An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy.
Privacy in an open society also requires cryptography. If I say something, I want it heard only by those for whom I intend it. If the content of my speech is available to the world, I have no privacy. To encrypt is to indicate the desire for privacy, and to encrypt with weak cryptography is to indicate not too much desire for privacy. Furthermore, to reveal one’s identity with assurance when the default is anonymity requires the cryptographic signature.
We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. It is to their advantage to speak of us, and we should expect that they will speak. To try to prevent their speech is to fight against the realities of information. Information does not just want to be free, it longs to be free. Information expands to fill the available storage space. Information is Rumor’s younger, stronger cousin; Information is fleeter of foot, has more eyes, knows more, and understands less than Rumor.
We must defend our own privacy if we expect to have any. We must come together and create systems which allow anonymous transactions to take place. People have been defending their own privacy for centuries with whispers, darkness, envelopes, closed doors, secret handshakes, and couriers. The technologies of the past did not allow for strong privacy, but electronic technologies do.
We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.
Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can’t get privacy unless we all do, we’re going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don’t much care if you don’t approve of the software we write. We know that software can’t be destroyed and that a widely dispersed system can’t be shut down.
Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation’s border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.
For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. Privacy only extends so far as the cooperation of one’s fellows in society. We the Cypherpunks seek your questions and your concerns and hope we may engage you so that we do not deceive ourselves. We will not, however, be moved out of our course because some may disagree with our goals.
The Cypherpunks are actively engaged in making the networks safer for privacy. Let us proceed together apace.
Onward.
Eric Hughes <hughes@soda.berkeley.edu>
9 March 1993
The cypherpunks were ready to fight back
The manifesto made it clear what the mission and purpose of the cypherpunk movement would be. The cypherpunks were ready to fight back against state control of encryption and started coding away at solutions. For example, in 1995, Adam Back invented a five-line PERL program that implemented RSA encryption and decryption. The five lines were small enough to use as an email signature.
However, the cypherpunks eventually realized that privacy alone was not enough to attain ultimate freedom. After the collapse of the Bretton Woods system, when the global economy moved off the gold standard and moved to a purely fiat system, the cypherpunks became incredibly suspicious of central banks. Many of them strongly opposed the global monetary system that diverged from the gold standard and believed that a fiat monetary system that allowed the central bank to increase the money supply at will — versus one tied to a hard asset — was effectively (over time) a theft from citizens, due to inflation that affected working class people exponentially more than the 1%.
The cypherpunks strongly felt that what was needed was un-censorable digital money that allowed for a sovereign (i.e., state-independent) economy and provided ultimate freedom in cyberspace. Using cryptography, of course.
Conclusion
In the next article in this series, we will learn about the various early attempts by the cypherpunks to build digital money. These attempts were the precursors to what ultimately came next: The Bitcoin Revolution.
