There's a group of cryptography researchers at Microsoft who believe that e-cash is the future of money. One day, they say, we'll carry little cards with computer chips called e-wallets and exchange encrypted bits of information for things we need, just as we carry bills and coins today. They are working to build a prototype of such a system, something that many companies have tried without success. No matter, they say. Eventually, the efficiencies and flexibility afforded by computers and cryptography will make e-cash a viable form of payment.

The researchers are Jerry Kuch, Yacov Yacobi and Paul England. In order to think about money's future, they say, it's important to consider money's past and its evolution from barter to credit cards and online stock trading. Money is a social construct; it proceeds out of shared notions about what is valuable. To build a new economic structure, they must examine people's behavior with money and work backwards from there, tailoring the technology to social realities.

Money's history starts with barter: so many chickens for a sheep, so many sheep for a piece of land. Then, because you can only keep so many sheep, it was necessary to invent a medium of exchange. In the ancient Near East, where western culture originated, they settled on precious metals, gold and silver, to represent a standard of value. Later, governments entered the picture, minting coins in standard weights and guaranteeing their value.

A big leap in money's evolution came in the late Renaissance with the invention of the bank. The Rothschild family were the first to think of issuing letters of credit to traveling merchants that they could redeem at their destination, sparing them the inconvenience and danger of traveling the bandit-infested roads with their gold. Governments quickly picked up on this game as well and issued paper money. A dollar bill - born during the Civil War when the U.S. government found itself short of gold to pay its armies - is just a grimy piece of paper. Its value lies in the universally held belief that it's worth a cup of coffee, a hamburger, a bus ride.

Americans in the past 50 years have seen a movement away from cash. Paychecks go directly to our bank accounts. We pay our bills with checks or from an online account. We go shopping not with a wad of cash, but with a plastic card. We have gotten used to thinking of money as numbers on a screen or on a statement. At each step in its evolution, money has become more abstract - from something you could actually eat to a rare metal to a common piece of paper to a series of ones and zeroes on some bank's computer somewhere. The more meaningless the tokens we exchange, the greater our reliance on trust and on a shared sense of money's reality.

None of today's plastic cards can match the virtues of cash: portable, liquid and anonymous, it allows people to operate outside the system of banks and accountants. People collect dollars now the way they used to hoard gold, stashing them in waterproof packages under the bed for the proverbial rainy day. E-cash is not meant to replace the dollar bill, but it can go where dead presidents cannot - onto the Internet, down a copper or fiber optic wire at the speed of light.

So far, the model for successful Internet commerce has been companies like Dell Computer: buy things at a discount from a retailer who deals in huge volumes, pay with a credit card over a secure connection, receive the item a day or two later by parcel post. Other sites make money by selling banner advertisements so that web surfers lured by the free information will be unable to resist taking in the brand name placement. The subscription model - reserving the choice contents of the site to those who have parted with their money up front - has worked only for hard information in matters of finance and law.

The Achilles heel of credit cards is that the banks that issue them charge the merchant between 70 cents and $2 for each transaction. This leaves a niche for e-cash, which would make it possible for the first time to sell things on the Internet for less than $5, the point at which a credit card transaction is no longer worth the bother. It would open a vast market for goods that can be delivered over the wires rather than in a physical package. Recorded music could be sold by the song, journalism by the story, stock tips by the tip, software upgrades and patches and applets and images by the piece. Yacobi estimates the value of e-cash commerce on the Internet could reach $30 billion a year - a fraction of the total amount of money changing hands in cyberspace, but an attractive slice of pie for the one who first figures out how to cut it.

Unlike a credit card, where the bank handles and records every transaction and never lets go of the money, e-cash, in order to be liquid and anonymous, must stay in the hands of the user. There are several ways to do it. In a server side wallet, the customer's financial information is stored on a remote server in a place where he frequently does business. In a client side wallet, the confidential information lives on a device the user keeps, a "smart card," palmtop computer or PC, and he doesn't have to trust anyone else to keep it confidential.

There are two types of client side wallets. Coin wallets dispense little "coins" cryptographically encoded by the financial institution with serial numbers that establish their validity and distinguish them from one another. Balance wallets work by subtracting from the user's prepaid balance each time he buys something.

Where there is cash, someone will always think of a way to steal it, by force or by forgery. This is where cryptography comes in, and it's a really interesting problem because the person who owns the encoded data could be the enemy, the one who wants to steal the code and reproduce money endlessly.

"We need to achieve a degree of tamper resistance to escape the fact that it spends its lifetime in the hands of potential miscreants and thieves," says Kuch. There is an entire cottage industry of smart people, some of them with sophisticated chip-making machinery, thinking of new ways to crack tamper-resistant systems, reverse-engineering chips to find out what makes them work, figuring out the secret codes that allow them to exploit supposedly secure software. The cryptographers realize that no system is foolproof, but they can design it so that it takes a very high degree of skill to get inside. "We must design our system so that easy software attacks cannot result in theft," says England.

With that much money lying around, a certain degree of the petty theft merchants call "shrinkage" is inevitable, so the designers of the system must make sure it doesn't get out of hand. Yacobi proved a theorem in a paper in this year's Financial Cryptography conference on the amount of theft that can be predicted from each type of wallet when only a fraction of the transactions are audited. Auditing every little transaction would be prohibitively expensive, and without a full audit, the system will be prone to pilferage. Yacobi showed that under partial audit conditions, the upper bound on theft (that is: the maximum amount of money that can be stolen with a forged card before the theft is discovered and the spending disallowed) can grow exponentially with a balance wallet. A coin wallet - where each piece of money carries its own signature and can be accounted for - cannot be exploited as easily.

Kuch and England are starting to build prototype elements for an e-cash system. First, they need a secure wallet that is easy to install and use, then they need a model for how to use it. Some payment scenarios they're investigating are:

• One-click micro-payments over the Internet: A visitor to a site clicks on a link to buy access to an article for a nickel; one click and he gets to read.
• Anonymous payments on the Internet: People are increasingly concerned about being tracked through their purchases on the web, and worry about giving out their credit card number on sites they don't know.
• Payments from non-traditional devices: The user would keep his wallet in a Windows CE device like a palmtop, or a smart phone, and make payment wirelessly by pointing it at a vending machine or entering a code into the phone to charge movie tickets from the car on the way to the theater.

The researchers look out upon a field littered with the skeletons of other entrants. They are hoping to learn from the mistakes of previous players, some now in bankruptcy, and see where they went wrong. They're also studying successful systems, the smart cards used in Europe for public telephones and in the U.S. on university campuses and for subway systems in New York and Washington.

They have resolved to avoid competing in markets where existing modes of payment work fine and there is no demand for a new one. They want to make sure their technology is effective and secure; a bad first experience with a new form of money is a sure way to turn away potential customers. Just as with a credit card, the consumer would be held harmless for any spending that results from the theft of his data.

Perhaps the most important lesson of past failures is not to alienate established banks, but rather to form partnerships with financial institutions to deploy this new technology. For e-cash to work, says Yacobi, the banks have to be on board. "There is an element of trust without which money would not exist. Only banks, regulated by government, can provide this trust."

Money is a social construct, not just a technological one. For e-cash to be money, everyone has to agree that it's money.