A while back I was paying for gas at a nearby gas station when the clerk fumbled my credit card. When he bent down to pick it up he momentarily disappeared behind the counter. Because credit card transactions are always such repetitive affairs, this slight break from routine raised my hackles. Might the clerk have done something with my card while out of sight, perhaps taken a quick photo of it?
Credit and debit payments require the relay of personal information. But this information-richness is also their weakness, since valuable data can be "skimmed" and used to attack the payer later on. That's why an anonymous payments medium is so important; it provides buyers with a shield from everyone else involved in a transaction. The next time I payed for gas at the nearby station, I bought myself some peace of mind by handing the clerk a few $20 notes instead.
Like banknotes, bitcoin is a (near) anonymous payments medium. My gas station doesn't accept bitcoin, however, nor would I be able to pay for a tank of gas with bitcoin since I'm wary of holding more than a few dollars of the volatile stuff. There is no inherent reason that an anonymous digital money must be volatile. David Chaum's eCash, first proposed in the 1990s, was a monetary product that, unlike bitcoin, offered stability while still allowing for anonymity.
Here's a broad-brush description of how eCash worked. A customer would kick the process off by creating $x worth of digital coins, each with a unique serial number. The bank would in turn sign the coins and debit the customer's bank account for that amount. Thanks to Chaum's invention of blind signatures, the bank would not be able to see the serial numbers of the coins it had signed, and thus could not match those coins to a specific person. This 'blinding' provided a measure of anonymity.
What about the double spending problem that bedevils digital cash? Because digital coins can be copied ad infinitum, a mechanism must be introduced to prevent a dishonest actor from buying up the entire world. Chaum solved this by having the bank rig up a database of already-spent coins. When the customer spent $x at a merchant, the merchant would call up the bank and provide it with each coin's unique serial number. The bank would check the number against its database to ensure that the coins had not been spent. If they hadn't, the transaction was free to proceed. The merchant in turn had to return the $x to the bank to be redeemed.
Bitcoin's creator(s) Satoshi Nakamoto doesn't seem to have been a fan of Chaum's eCash. In his famous white paper, Nakamoto says (not referring to eCash in particular) that the "problem with this solution is that the fate of the entire money system depends on the company running the mint, with every transaction having to go through them, just like a bank." Later on in a forum post Nakamoto talks about the "old Chaumian central mint stuff," noting that:
a lot of people automatically dismiss e-currency as a lost cause because of all the companies that failed since the 1990s. I hope it's obvious that it was only the centrally controlled nature of those systems that doomed them. I think this is the first time we're trying a decentralized, non-trust-based system.Nakamoto thus designed Bitcoin so that it had no central points of control. There is no third party database to record serial numbers; instead, the task of validating transactions is outsourced to a distributed network of anonymous miners and nodes. As for the money supply, there is no "Chaumian central mint" that issues and redeems tokens; rather, the evolution of bitcoin supply is set ahead of time by the Bitcoin protocol.
By sacrificing this last central point of control, Nakamoto condemned bitcoin to being a permanently volatile instrument. Unlike eCash, which is stable because the issuing bank pegs its price to that of bank deposits at a 1:1 rate, bitcoin's purchasing power is left entirely to the whims of market demand. Should market demand suddenly rise, bitcoin can double in price. Should it collapse, bitcoin will be worth $0.
Sacrificing the Chaumian issuer/redeemer leads to another, more nuanced, trade-off. Because bitcoin is not pegged to the dollar, retail prices will always be expressed in dollars with the bitcoin equivalent bobbing up and down every few seconds or so. Put differently, bitcoin users must get accustomed to the unit of account and medium of exchange being divorced from each other.
Contrast this to eCash. Thanks to the peg, the two functions of money—unit of account and medium of exchange—are married. Anyone who owns eCash can relax knowing that they possess the same exact unit that all other economic actors are using to express prices. This provides eCash users with a degree of certainty. As a service to their customers, retailers tend to keep prices sticky in terms of the unit of account for days, even months. So if carrots are going for $2 today, an eCash owner knows that they'll be going for that same amount next week. This fixity makes planning one's life a much easier affair. Those who own bitcoins enjoy no such certainty. Carrots that cost 0.005 bitcoins today may cost 0.01 next week.
So these two monetary products provide users with a degree of anonymity while asking them to make very different sacrifices. Bitcoin foregoes both stability and the convenient marriage of unit of account and medium of exchange. Chaum's eCash retains both stability and a marriage but introduces several central points of control that might render it subject to attack. Pick your poison. My gut feeling, however, is that over the long term, the public will prefer to stomach some degree of centralization in return for a stable anonymity product that doesn't suffer from medium of exchange/unit of account divergence. But I could be wrong.