Julian Assange, a well-known cypherpunk who advocates for the use of cryptography to ensure privacy on the Internet.
A cypherpunk is an activist advocating widespread use of strong cryptography as a route to social and political change. Originally communicating through the Cypherpunks electronic mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography. Cypherpunks have been engaged in an active movement since the late 1980s.
Origins of the term 
The term cypherpunk, derived from cipher and cyberpunk, was coined by Jude Milhon to describe cyberpunks who used cryptography. In November 2006, the word was added to the Oxford English Dictionary.
Before the mailing list 
Until about the 1970s, cryptography was mainly done in secret by military or spy agencies. However, in the '70s, two publications brought it out of the closet into public awareness: the US government publication of the Data Encryption Standard (DES), a block cipher which became very widely used; and the first publicly available work on public-key cryptography, by Whitfield Diffie and Martin Hellman.
From that time on, people began to discuss cryptography openly and to examine its political and social consequences. Some of the substantial issues involved in these discussions had to do with the potential uses for and dangers of cryptography. Could it be used by criminals to hide their schemes or their profits, in addition to protecting personal privacy or government and corporate secrets? Should strong cryptography be widely used or strictly limited? Some of the speculations and arguments of these early debates fell along lines now referred to as cypherpunk.
In the late '80s, these ideas coalesced into something like a movement.
Cypherpunk mailing list 
Cypherpunks originated as an informal online group of people interested in privacy and cryptography who originally communicated through the cypherpunks mailing list, although there were also cypherpunk meetings and parties in real life.
The list was started in 1992, peaked around 1997, and has one remaining node as of June 2012: "email@example.com". At its peak, "cypherpunks" was a very active mailing list with technical discussion ranging over mathematics, cryptography, computer science, political and philosophical discussion, personal arguments and attacks, etc., with some spam thrown in. An email from John Gilmore reports an average of 30 messages a day from December 1, 1996 to March 1, 1999, and suggests that the number was probably higher earlier. There were well over a thousand subscribers at the peak.
For a time, the cypherpunks mailing list was a popular tool with mailbombers, who would subscribe a victim to the mailing list in order to cause a deluge of messages to be sent to him or her. (This was usually done as a prank, in contrast to the style of terrorist referred to as a mailbomber.) This precipitated the mailing list sysop(s) to institute a reply-to-subscribe system. Approximately two hundred messages a day was typical for the mailing list, divided between personal arguments and attacks, political discussion, technical discussion, and early spam.
The cypherpunks mailing list had extensive discussions of the public policy issues related to cryptography and on the politics and philosophy of concepts such as anonymity, pseudonyms, reputation, and privacy. These discussions continue both on the remaining node and elsewhere as the list has become increasingly moribund.
Events such as the GURPS Cyberpunk raid lent weight to the idea that private individuals needed to take steps to protect their privacy. In its heyday, the list discussed public policy issues related to cryptography, as well as more practical nuts-and-bolts mathematical, computational, technological, and cryptographic matters. The list had a range of viewpoints and there was probably no completely unanimous agreement on anything. The general attitude, though, definitely put personal privacy and personal liberty above all other considerations.
Early discussion of online privacy 
In at least two senses, people on the list were ahead of more-or-less everyone else. For one thing, the list was discussing questions about privacy, government monitoring, corporate control of information, and related issues in the early 90s that did not become major topics for broader discussion until ten years or so later. For another, at least some list participants were more radical on these issues than almost anyone else.
Those wishing to understand the context of the list might refer to the history of cryptography; in the early 90s, the US government considered cryptography software a "munition" for export purposes, which hampered commercial deployment with no gain in "national security", as knowledge and skill was not limited to US citizens. (PGP source code was published as a paper book to bypass these regulations and demonstrate their futility.) The US government had tried to subvert cryptography (e.g. by requiring SkipJack and key-escrow). It was also not widely known among that all communications were logged by government agencies (which would later be revealed during the NSA and AT&T scandals) though this was taken as an obvious axiom by listmembers.
The original cypherpunk mailing list, and the first list spin-off, "coderpunks", were originally hosted on John Gilmore's toad.com, but after a falling out with the sysop over moderation, the list was migrated to several cross-linked mail-servers in what was called the "distributed mailing list". The coderpunks list, open by invitation only, existed for a time. Coderpunks took up more technical matters and had less discussion of public policy implications. There are several lists today that can trace their lineage directly to the original Cypherpunks list: the "Cryptography" list (firstname.lastname@example.org), the "Financial Cryptography" list (email@example.com), and a small group of closed (invitation-only) lists as well.
Toad.com continued to run with the existing subscriber list, those that didn't unsubscribe, and was mirrored on the new distributed mailing list, but messages from the distributed list didn't appear on toad.com. As the list faded in popularity, so too did it fade in the number of cross-linked subscription nodes.
To some extent, the cryptography list acts as a successor to cypherpunks; it has many of the people and continues some of the same discussions. However, it is a moderated list, considerably less zany and somewhat more technical. A number of current systems in use trace to the mailing list, including Pretty Good Privacy, /dev/random in the Linux kernel (the actual code has been completely reimplemented several times since then) and today's anonymous remailers. As of June 2012, the list is also inactive.
Main principles 
The basic ideas are in this quote from "A Cypherpunk's Manifesto" (Eric Hughes, 1993):
Privacy is necessary for an open society in the electronic age. ... We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy ... We must defend our own privacy if we expect to have any. ... Cypherpunks write code. We know that someone has to write software to defend privacy, and ... we're going to write it. ...
Some are or were quite senior people at major hi-tech companies and others are well-known researchers (see list with affiliations below). However, the "punk" part of the name indicates an attitude:
We don't much care if you don't approve of the software we write. We know that software can't be destroyed and that a widely dispersed system can't be shut down.
This is crypto with an attitude, best embodied by the group's moniker: Cypherpunks.
The people in this room hope for a world where an individual's informational footprints -- everything from an opinion on abortion to the medical record of an actual abortion -- can be traced only if the individual involved chooses to reveal them; a world where coherent messages shoot around the globe by network and microwave, but intruders and feds trying to pluck them out of the vapor find only gibberish; a world where the tools of prying are transformed into the instruments of privacy.
There is only one way this vision will materialize, and that is by widespread use of cryptography. Is this technologically possible? Definitely. The obstacles are political -- some of the most powerful forces in government are devoted to the control of these tools. In short, there is a war going on between those who would liberate crypto and those who would suppress it. The seemingly innocuous bunch strewn around this conference room represents the vanguard of the pro-crypto forces. Though the battleground seems remote, the stakes are not: The outcome of this struggle may determine the amount of freedom our society will grant us in the 21st century. To the Cypherpunks, freedom is an issue worth some risk.
Later, Levy wrote a book, Crypto: How the Code Rebels Beat the Government – Saving Privacy in the Digital Age, covering the "crypto wars" of the 90s in detail. "Code Rebels" in the title is almost synonymous with "cypherpunks".
The term "cypherpunk" is mildly ambiguous. In most contexts it means anyone advocating cryptography as a tool for social change, social impact and expression. However, it can also be used to mean a participant in the Cypherpunks electronic mailing list described below. The two meanings obviously overlap, but they are by no means synonymous. No concrete definition has ever been defined in terms of the word cypherpunk.
Privacy of communications 
That's the kind of society I want to build. I want a guarantee -- with physics and mathematics, not with laws -- that we can give ourselves real privacy of personal communications.
Such guarantees require strong cryptography, so cypherpunks are fundamentally opposed to government policies attempting to control the usage or export of cryptography, which remained an issue throughout the late 90s. See politics of cryptography for discussion.
Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act.
This was a central issue for many cypherpunks. Most were passionately opposed to various government attempts to limit cryptography — export laws, promotion of limited key length ciphers, and especially escrowed encryption.
Anonymity and pseudonyms 
Arguably, the possibility of anonymous speech and publication is vital for an open society, an essential requirement for genuine freedom of speech — this was the position of most cypherpunks. A frequently cited example is that some of the leaders of the American Revolution published anonymously. On the other hand, the possibility of anonymity may facilitate various forms of criminal activity, notably conspiracy and libel.
On the net, one can use a pseudonym, often shortened to just nym. This has some of the advantages and problems of anonymity, but adds its own complications. A pseudonym can be tied to a public key so that only an authorised person can use it. Several people might share a pseudonym, as for the mathematician Nicolas Bourbaki who published a number of papers but never actually existed. One person might have multiple pseudonyms. A pseudonym can acquire a reputation — if clever things often appear under the pseudonym, then a new message using that name will be taken seriously. On the other hand, if many messages from a nym are idiotic, a new one may not even be read and will certainly not be accepted without caution.
Censorship and monitoring 
Questions of censorship and government or police monitoring of various things were also much discussed. Generally, cypherpunks opposed both.
In particular, the US government's Clipper chip scheme for escrowed encryption of telephone conversations (encryption secure against most attackers, but breakable at need by government) was seen as anathema by many on the list. This was an issue that provoked strong opposition and brought many new recruits to the cypherpunk ranks. List participant Matt Blaze found a serious flaw in the scheme, helping to hasten its demise.
Hiding the act of hiding 
Another important set of discussions continues to be the use of crypto itself as a flag to oppressive authorities. As a result, Cypherpunks have discussed (and even developed) several approaches to crypto that hide even the use of crypto itself or that allow interrogators to believe that they have forcibly extracted hidden information from an interogee. For instance, "Rubberhose" was a tool that partitioned and intermixed secret data on a drive with "fake secret data", each of which accessed via a different password. Interrogators, having extracted a password, will be led to believe that they have indeed unlocked the desired secrets, whereas in reality the actual data is still hidden. In other words, even its presence is hidden. Likewise, Cypherpunks have also discussed under what conditions messages could be encrypted without becoming noticed or flagged as special by network monitoring systems installed by oppressive regimes.
John Gilmore, whose site hosted the original cypherpunks mailing list, wrote:
We are literally in a race between our ability to build and deploy technology, and their ability to build and deploy laws and treaties. Neither side is likely to back down or wise up until it has definitively lost the race.
Software projects 
Anonymous remailers such as the Mixmaster Remailer were almost entirely a cypherpunk development. Among the other projects they have been involved in were PGP for email privacy, FreeS/WAN for opportunistic encryption of the whole net, Off-the-record messaging for privacy in Internet chat, and the Tor project for anonymous web surfing.
In 1998, the Electronic Frontier Foundation, with assistance from the mailing list, built a $200,000 machine that finds a Data Encryption Standard key in a few days, creating a government conspiracy; details are in Cracking DES. See DES for background.
The project leader was John Gilmore, and the goal of the project was to demonstrate beyond question that DES was insecure. As many cypherpunks saw it, this was necessary because the US government had been telling deliberate lies about the security of DES for some time.
Expert panels 
Cypherpunks also participated, along with other experts, in several reports on cryptographic matters.
One such paper was Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security. It suggested 75 bits was the minimum key size to allow an existing cipher to be considered secure and kept in service. At the time, the Data Encryption Standard with 56-bit keys was still a US government standard, mandatory for some applications.
Other papers were critical analysis of government schemes. The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption, evaluated escrowed encryption proposals. Comments on the Carnivore System Technical Review. looked at an FBI scheme for monitoring email.
Cypherpunks provided significant input to the 1996 National Research Council report on encryption policy, Cryptography's Role In Securing the Information Society (CRISIS) This report, commissioned by the U.S. Congress in 1993, was developed via extensive hearings across the nation from all interested stakeholders, by a committee of talented people. It recommended a gradual relaxation of the existing U.S. government restrictions on encryption. Like many such study reports, its conclusions were largely ignored by policy-makers. Later events such as the final rulings in the cypherpunks lawsuits forced a more complete relaxation of the unconstitutional controls on encryption software.
Cypherpunks have filed a number of lawsuits, mostly suits against the US government alleging that some government action is unconstitutional.
Phil Karn sued the State Department in 1994 over cryptography export controls  after they ruled that, while the book Applied Cryptography could legally be exported, a floppy disk containing a verbatim copy of code printed in the book was legally a munition and required an export permit, which they refused to grant. Karn also appeared before both House and Senate committees looking at cryptography issues.
Daniel J. Bernstein, supported by the EFF, also sued over the export restrictions, arguing that preventing publication of cryptographic source code is an unconstitutional restriction on freedom of speech. He won, effectively overturning the export law. See Bernstein v. United States for details.
Peter Junger also sued on similar grounds, and won.
John Gilmore has sued two US Attorneys General (Ashcroft and Gonzales), arguing that the requirement to present identification documents before boarding a plane is unconstitutional. These suits have not been successful to date.
Civil disobedience 
Cypherpunks encouraged civil disobedience, in particular US law on the export of cryptography. Until 1996, cryptographic code was legally a munition, and until 2000 export required a permit.
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
Vince Cate put up a web page that invited anyone to become an international arms trafficker; every time someone clicked on the form, an export-restricted item — originally PGP, later a copy of Back's program — would be mailed from a US server to one in Anguilla. This gained overwhelming attention. There were options to add your name to a list of such traffickers and to send email to the President of the United States registering your protest.
Cypherpunk fiction 
In Neal Stephenson's novel Cryptonomicon many characters are on the "Secret Admirers" mailing list. This is fairly obviously based on the cypherpunks list, and several well-known cypherpunks are mentioned in the acknowledgements. Much of the plot revolves around cypherpunk ideas; the leading characters are building a data haven which will allow anonymous financial transactions, and the book is full of cryptography. But, according to the author the book's title is — in spite of its similarity — not based on the Cyphernomicon, an online cypherpunk FAQ document.
Cypherpunk achievements would later also be used on the Canadian E-Wallet, the MintChip, and the creation of Bitcoin. It was an inspiration for CryptoParty decades later to such an extent that the Cypherpunk Manifesto is quoted (see below) at the header of its Wiki, and Eric Hughes delivered the keynote address at the Amsterdam, The Netherlands CryptoParty on 27 August, 2012.
Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.
Noteworthy cypherpunks 
Cypherpunks list participants included many notable computer industry figures. Most were list regulars, although not all would call themselves "cypherpunks".
- Jacob Appelbaum: Tor developer, political advocate.
- Julian Assange: WikiLeaks founder, deniable cryptography inventor, journalist, co-author of Underground, author of Cypherpunks: Freedom and the Future of the Internet, member of the International Subversives.
- Adam Back: inventor of Hashcash and of NNTP-based Eternity networks.
- Jim Bell: author of the Assassination Politics paper.
- Steven Bellovin: Bell Labs researcher, later Columbia professor. Chief Technologist for the US Federal Trade Commission in 2012.
- Black Unicorn was a frequent poster, often accused of being a group because of voluminous postings about money laundering
- Matt Blaze: Bell Labs researcher, later professor at University of Pennsylvania; found flaws in the Clipper Chip.
- Eric Blossom: designer of the Starium cryptographically secured mobile phone, founder of the GNU Radio project.
- Jon Callas: technical lead on OpenPGP specification, co-founder and Chief Technical Officer of PGP Corporation, co-founder with Philip Zimmermann Silent Circle.
- Bram Cohen: creator of BitTorrent.
- Lance Cottrell: the original author of the Mixmaster Remailer software, and founder of Anonymizer Inc.
- Matt Curtin: founder of Interhack Corporation, first faculty advisor of The Ohio State University Open Source Club, and lecturer at The Ohio State University.
- Hugh Daniel: former Sun Microsystems employee, manager of the FreeS/WAN project (an early and important freeware IPsec implementation).
- Dave Del Torto: PGPv3 volunteer, founding PGP Inc employee, longtime Cypherpunks physical meeting organizer, co-author of RFC3156 (PGP/MIME) standard, co-founder of IETF OpenPGP Working Group and the CryptoRights Foundation human rights non-profit, HighFire project principal architect.
- Hal Finney: cryptographer, main author of PGP 2.0 and the core crypto libraries of later versions of PGP; designer of RPOW
- Randy French (pseudonym of Sandy Sandfort): producer of the first Cypherpunk genre pornographic film, Cryptic Seduction.
- John Gilmore*: Sun Microsystems' fifth employee, co-founder of the Cypherpunks as well as the Electronic Frontier Foundation, project leader for FreeS/WAN.
- Mike Godwin: Electronic Frontier Foundation lawyer, electronic rights advocate.
- Ian Goldberg*: professor at University of Waterloo, designer of the Off-the-record messaging protocol.
- Rop Gonggrijp: founder of XS4ALL, co-creator of the Cryptophone.
- Peter Gutmann: researcher at University of Auckland, New Zealand.
- Sean Hastings: founding CEO of Havenco and co-author of the book God Wants You Dead.
- Marc Horowitz: author of the first PGP key server.
- Tim Hudson: co-author of SSLeay, the precursor to OpenSSL.
- Eric Hughes: founding member of Cypherpunks, author of A Cypherpunk's Manifesto.
- Peter Junger (deceased): Law professor at Case Western Reserve University.
- Phil Karn: Bell Labs researcher, later at Qualcomm.
- Paul Kocher: president of Cryptography Research, Inc., co-author of the SSL 3.0 protocol.
- Ryan Lackey: co-founder of HavenCo, the world's first data haven.
- Brian LaMacchia: designer of XKMS, research head at Microsoft Research.
- Werner Koch: author of GNU Privacy Guard.
- Isak Johnsson: Creator of the stealth technology used in Stuxnet, virus author, programmer.
- Ben Laurie: founder of The Bunker, core OpenSSL team member, Google engineer.
- Moxie Marlinspike: co-founder of Whisper Systems, author of the Convergence SSL authenticity system.
- Timothy C. May: former Assistant Chief Scientist at Intel, author of A Crypto Anarchist Manifesto and the Cyphernomicon, and a Founding member of the Cypherpunks Mailing List.
- Jim McCoy: creator of MojoNation.
- Declan McCullagh: journalist specializing in security and privacy issues.
- Jude Milhon (deceased; a.k.a. "St. Jude"): a Founding Member of the Cypherpunks mailing list, credited with naming the group; co-creator of Mondo 2000 magazine.
- Sameer Parekh: former CEO of C2Net and co-founder of the CryptoRights Foundation human rights non-profit.
- Vipul Ved Prakash: co-founder of Sense/Net, author of Vipul's Razor, founder of Cloudmark.
- Len Sassaman (deceased): maintainer of the Mixmaster Remailer software, researcher at Katholieke Universiteit Leuven, and a biopunk.
- Bill Scannell; Defcon Speaker [DC11], involved in Sealand, MoJoNation
- Steve Schear: innovator of the Warrant canary, Founding member of the International Financial Cryptographer's Association, Director, Wireless Products and Smartcards, at Cylink, eCache, CryptoRights Foundation, GNURadio, BT Counterpane, Director at MojoNation.
- Bruce Schneier*: well-known security author, founder of Counterpane.
- Bill Stewart: organizer of Cypherpunks physical meetings, researcher at AT&T Labs.
- John Young: started the Cryptome web site.
- Peter Wayner: author of book Translucent Databases.
- Barry Wels: discoverer of lock bumping, co-creator of the Cryptophone.
- Deborah Natsios: Cofounder of Cryptome, Creator of Cartome.
- Zooko Wilcox-O'Hearn: DigiCash and MojoNation developer, co-designer of Tahoe-LAFS.
- Eric A. Young: co-author of SSLeay, the precursor to OpenSSL. Invented 256 bit SSL proof of concept.
- Philip Zimmermann: original creator of PGP v1.0 (1991), co-founder of PGP Inc (1996), co-founder with Jon Callas Silent Circle.
* indicates someone mentioned in the acknowledgements of Stephenson's Cryptonomicon.
- This article incorporates material from the Citizendium article "Cypherpunk", which is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License but not under the GFDL.
- Re: Jude Milhon in WIRED
- ResourceShelf » Oxford English Dictionary Updates Some Entries & Adds New Words; Bada-Bing, Cypherpunk, and Wi-Fi Now in the OED
- Re: POST: The Frightening Dangers of Moderation
- Re: Re: Add To Your Monthly Income!!
- Cypherpunks Date Index for 1997 04
- Re: Sandy and the Doc
- Newgroup - distributed mailing list on the way?
- Switching to full traffic mode
- Hughes, Eric (1993), A Cypherpunk's Manifesto
- Levy, Steven (May 1993). "Crypto Rebels". Wired.
- Levy, Steven (2001). Crypto: How the Code Rebels Beat the Government – Saving Privacy in the Digital Age. Penguin. ISBN 0-14-024432-8.
- Timothy C. May (1992), The Crypto Anarchist Manifesto
- May, Timothy C. (September 10, 1994). "The Cyphernomicon: Cypherpunks FAQ and More, Version 0.666". Cypherpunks.to. Retrieved February 28, 2011. as well as Hughes's
- John Gilmore, home page
- Matt Blaze (1994), Protocol failure in the escrowed encryption standard
- Electronic Frontier Foundation (1998), Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design, Electronic Frontier Foundation, ISBN 1-56592-520-3
- Blaze, Diffie, Rivest, Schneier, Shimomura, Thompson & Wiener (1996). Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security.
- Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller & Bruce Schneier (1998), The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption
- Steven Bellovin, Matt Blaze, David Farber, Peter Neumann & Eugene Spafford, Comments on the Carnivore System Technical Review
- Kenneth W. Dam and Herbert S. Lin, Editors (1996). Cryptography's Role In Securing the Information Society. Washington, D.C.: National Research Council. p. 688. ISBN 0-309-05475-3. LCCN 96-68943.
- "The Applied Cryptography Case: Only Americans Can Type!".
- Schneier, Bruce (2nd edition, 1996,), Applied Cryptography, John Wiley & Sons, ISBN 0-471-11709-9
- Gilmore v. Gonzales
- Adam Back, export-a-crypto-system sig, web page
- Adam Back, post to cypherpunks list, RSA in six lines of Perl
- Vince Cate, ITAR Civil Disobedience (International Arms Trafficker Training Page)
- Neal Stephenson, Cryptonomicon cypher-FAQ
- "Warm Party for a Code Group". Wired. September 13, 2002.
- Officers | Open Source Club at Ohio State University
- A Cypherpunk's Manifesto written by Eric Hughes
- The Crypto Anarchist Manifesto written by Timothy C. May
- Assange 'The World Tomorrow' — Cypherpunks uncut version
- The Cyphernomicon by Timothy C. May ("Cypherpunks FAQ and More" from 1994)
- Archives of the first eight years of the mailing list (Zipped, 83MB)
- "Warm Party for a Code Group" - Cypherpunks 10 year anniversary (article in Wired)
- Crypto Rebels, Wired Magazine issue 1.02 (May/Jun 1993)
- The Crypto Project, a revitalization of the Cypherpunk movement
- This Machine Kills Secrets: How WikiLeakers, Cypherpunks, and Hacktivists Aim to Free the World's Information, Book on WikiLeaks and Cypherpunks by Andy Greenberg