Quiz Entry - updated: 2026.07.14
What cryptographic mechanisms underlie e-Cash systems (Bitcoin, etc.)?
Anonymity (blind signatures), coin integrity (digital signatures), double-spending protection (zero-knowledge proofs / public ledger), unique-coin binding (hash functions), transaction confidentiality (symmetric encryption), and session security (Diffie-Hellman).
| Goal | Crypto mechanism | Typical algorithm |
|---|---|---|
| Anonymity & blinding | Blind signature schemes | RSA (with blinding factor) |
| Integrity & coin authenticity | Digital signatures | RSA, DSA, ECDSA |
| Double-spending protection | Identification protocols / public ledger | Zero-Knowledge proofs, blockchain commitments |
| Account/coin binding | Cryptographic hashes | SHA-256, SHA-3 |
| Transaction confidentiality | Symmetric encryption | AES-128 / AES-256 |
| Session security / key exchange | Asymmetric crypto | Diffie-Hellman, ECDH |
Two design families:
- Centralised e-cash (Chaum's DigiCash, 1990s) — relies on a bank that issues signed coins; uses blind signatures so the bank can't link coins to customers. Failed commercially because banks were uninterested.
- Decentralised e-cash (Bitcoin, 2009) — replaces the bank with a public blockchain + proof-of-work. Double-spending prevented by everyone agreeing on the global transaction order; anonymity provided only weakly (pseudonyms, easily linked with chain analysis).
Privacy-preserving cryptocurrencies (Monero, Zcash) recover stronger anonymity using:
- Ring signatures (sign on behalf of a group; verifier can't tell which member).
- zk-SNARKs (zero-knowledge proofs that a transaction is valid without revealing sender, receiver, or amount).
Tip: "Bitcoin is anonymous" is wrong — every transaction is permanently on a public ledger. The right phrase is pseudonymous. True anonymity requires extra crypto layers (CoinJoin, mixers) or different protocols (Monero, Zcash).