This chapter is an overview of the main ideas in cryptographic money over the last three decades, culminating in the development of Bitcoin. There are two difficult features for electronic money to achieve: anonymity and decentralization.

Anonymity is usually understood as both lack of knowledge of the users and impossibility to link operations performed by the same user, such as withdrawal and spend operations. Anonymity is also deemed important because it generates fungibility. Fungibility is the property of money that makes different units mutually substitutable. The lack of anonymity breaks fungibility because it makes possible to trace the origin of the funds.

Most proposals, including Bitcoin, lean towards achieving either anonymity or decentralization. Early proposals focused on preserving user privacy, while later developments shifted the focus more towards decentralization. It has been notoriously difficult to merge the two requirements into a coherent system. One notable early exception is the proposal of Sander and Ta-Shma (section 10.4).

Bitcoin leans towards achieving robust decentralization, while leaving the users pseudonymous. However, there has been renewed interest in increasing the anonymity of Bitcoin, or creating decentralized cryptocurrencies that are fully anonymous. This topic is explored in Chapter 13.

Many of the ideas used to create digital currencies were generated inside the cypherpunk movement, and some proponents ...