Cryptocash, cryptocurrencies, and cryptocontracts


One of the central challenges for mathematical cryptography is to create a payment system that provides the advantages of cash in a digital world. In this expository article we describe two very different solutions to this problem. The first is an elliptic-curve-based version of a construction of Brands, and the second is Bitcoin. We also discuss a generalization of Bitcoin that supports peer-to-peer contracts.

This is a preview of subscription content, access via your institution.

Fig. 1


  1. 1.

    A Bitcoin address is derived from the public key but is not identical to it, since it is convenient to shorten the address by hashing. However, we shall disregard such features of Bitcoin in the interest of simplicity.

  2. 2.

    The reward will be halved every 210,000 blocks until the year 2140, when the total number of bitcoins will reach 21 million; after that, the only incentive to miners will be the transaction fees.

  3. 3.

  4. 4., A next-generation smart contract and decentralized application platform (2015). (accessed 18 Nov 2015).

  5. 5.


  1. 1.

    Adams D.: Analysis: U.S. sanctions make Cuba’s bank account too toxic for banks (2013). Accessed 18 Nov 2015.

  2. 2.

    Brands S.: An efficient off-line electronic cash system based on the representation problem. Technical Report CS-R9323, CWI (1993).

  3. 3.

    Brands S.: Untraceable off-line cash in wallets with observers. In: Advances in Cryptology—Crypto’93. LNCS, vol. 773, pp. 302–318. Springer, Berlin (1994).

  4. 4.

    Chaum D.: Blind signatures for untraceable payments. In: Advances in Cryptology—Crypto’82, pp. 199–203. Plenum Press, New York (1983).

  5. 5.

    Diffie W., Hellman M.: New directions in cryptography. IEEE Trans. Inf. Theory IT-22, 644–654 (1976).

  6. 6.

    FIPS 180-3: Secure Hash Standard (SHS), Federal Information Processing Standards Publication 180-3, National Institute of Standards and Technology, Gaithersburg (2008).

  7. 7.

    FIPS 186-4: Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-4. National Institute of Standards and Technology, Gaithersburg (2013).

  8. 8.

    Galbraith S., Gaudry P.: Recent progress on the elliptic curve discrete logarithm problem. Des. Codes Cryptogr. (2015). doi:10.1007/s10623-015-0146-7.

  9. 9.

    Kiley B.: What marijuana businesses are doing with their stacks of cash (2014). Accessed 18 Nov 2015.

  10. 10.

    Law L., Sabett S., Solinas J.: How to make a mint: the cryptography of anonymous electronic cash. Am. Univ. Law Rev. 46, 1131–1162 (1996).

  11. 11.

    Matonis J.: WikiLeaks bypasses financial blockade with Bitcoin (2012). Accessed 18 Nov 2015.

  12. 12.

    Merkle R.C.: Protocols for public key cryptosystems. In: Proc. Symp. Security and Privacy, pp. 122–133. IEEE, Oakland (1980).

  13. 13.

    Nakamoto S.: Bitcoin: a peer-to-peer electronic cash system (2008). Accessed 18 Nov 2015.

  14. 14.

    Pagliery J.: Bitcoin and the Future of Money. Triumph Books, Chicago (2014).

  15. 15.

    Szabo N.: Formalizing and securing relationships on public networks. First Monday, 2(9) (1997).

  16. 16.

    Taylor D.: Now that it’s over: the blockchain fork explained for regular users (2013). Accessed 18 Nov 2015.

Download references

Author information



Corresponding author

Correspondence to Alfred J. Menezes.

Additional information

This is one of several papers published in Designs, Codes and Cryptography comprising the 25th Anniversary Issue.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Koblitz, N., Menezes, A.J. Cryptocash, cryptocurrencies, and cryptocontracts. Des. Codes Cryptogr. 78, 87–102 (2016).

Download citation


  • Cryptography
  • Public key
  • Cryptocurrency
  • Bitcoin
  • Ethereum

Mathematics Subject Classification

  • 94A60
  • 68P25
  • 14G50
  • 94-02