 Yanis asks, how am I sure that a private key is generated at random? This is a really good question, Yanis, because it is actually fairly difficult to evaluate randomness. In terms of generating random keys, you have to trust that the software and the device you are using, that software is doing the necessary things to generate good quality entropy, good quality randomness for your keys. For example, hardware wallets have built-in random number generators. Your operating system has a built-in secure random number generator, and if your software running on your computer uses it correctly, then that will be high quality randomness. Ultimately, there is an element of trust there. However, you can actually generate seeds and keys on your own by using natural randomness. This is an exercise more for those who are either extremely paranoid or just want to see how this works. But effectively, you can use playing cards, dice, or other things like that in order to generate a private key. A private key is just a number. That applies also to generating a seed for a hierarchical deterministic wallet. You can do that in terms of generating the entropy for 256 bits by flipping a coin 256 times, and writing down 0, 1 for heads and tails. Basically, you have your private seed entropy, 256 bits of randomness. Stephen asks, is there a risk that someone, such as the developer of the wallet application, can access the private key and therefore steal the cryptocurrency stored on a mobile wallet? Steve, absolutely. Yes, and this has happened numerous times. Not only have we seen a number of rogue mobile wallets being introduced on different platforms, we have seen this happen repeatedly. For example, people will upload fake versions of popular mobile wallets onto application stores, such as Google Play or iTunes, and then users will inadvertently download the fake one instead of the real one. We have also seen a couple of occasions where an account has been compromised and an update to a real wallet or other application has been uploaded that contains Trojan software that compromises a mobile or desktop computer and steals cryptocurrency keys. Of course, there is a possibility that the developer themselves may do this, although the developers of most mobile wallets are interested in building a good product rather than a Trojan horse. They would get caught pretty soon. Many of the reliable wallets have been around for quite a while. It is important that you are very careful when installing software on any device that has cryptocurrency keys on it. To be very careful what software you install, that you are very sure that that software is good, and that you minimize your exposure to attacks. For example, the browser I use on my desktop in order to do cryptocurrency transactions, even though I am using a hardware wallet at the time, is a different browser than the one I use for daily browsing on the web. It has only one or two extensions, mostly security extensions and plugins in the browser that block scripts and things like that, in order to harden that browser. The reason I do that is because, while my keys are secure on a hardware wallet, I am still concerned about the possibility of a Trojan or malware system compromising my clipboard and changing an address without me noticing. Of course, if I pay attention to my hardware wallet and compare the address I see on the screen of my hardware wallet, I will probably notice that because I always check, but to be careful, I use a different browser for one function than the other. I don't install extensions willy-nilly on my browser, I don't install applications willy-nilly on my phone, because I am always careful because of the possibility of compromise software, whether by the cryptocurrency wallet developers, which is unlikely but still possible, or more likely the developers of another application that has access to the operating system or pretends to be your mobile wallet. Again, this is why hardware wallets exist. This is why we keep the keys separate from the software that creates and signs transactions. Satender asks about vanity addresses. In your bookmastering bitcoin, there is a section around vanity addresses and how there are pools that can generate such addresses for some fee. I am surprised to not see any mention of how those private keys are secured, considering that they are generated for you by someone else. That is a great question, Satender. First of all, let's describe what vanity addresses are. You probably have seen that I have a vanity address, you can see it on my website. It is a bitcoin address that says OneAndraeus, so it is OneA-N-D-R-E-A-S, and then 30 other characters after that. How did that get generated? The simple answer of how it got generated is that each character in that sequence has a certain probability of showing up. For example, if I wanted to create an address that started with OneA, a simple example. There are 58 characters in the base 58 encoding of an address. In order to find an address that starts with OneA, all of them start with one, at least in that address format. Ignore the one. The second character is A. On average, if I just pick random private keys and calculate the address that corresponds to that private key, one out of every 58 private keys I create will have an address that starts with A, because there is a one-in-fifty-eight chance out of the 58 characters that that letter or number might be, that it will be an A. What about the N? Well, there is one out of 58 chances that the second letter is going to be an N. So 58 times 58 is the probability of me getting A-N as the first two characters. So I have to generate 58 times 58 keys before I happen to find one whose address by coincidence starts with A-N. For A-N-D, 58 times 58 times 58, A-N-D-R, 58 to the power of 4, A-N-D-R-E, power of 5, A-6, S-7. So I need to generate 58 to the seventh power, or 58 times itself, seven times private keys, before I happen to chance upon one, on average, that starts with one address. That is exactly what I did. Although I didn't do it, I used the pool. Why would you need a pool? Simply because the calculations you need to do to generate the Bitcoin private key, to then do an elliptic curve multiplication to find the public key, hash that twice, calculate the check sum by hashing again, and then producing a base-58 encoded address. So you can see if that address matches by coincidence the pattern that you want. That takes a fair amount of computation. I can do it on my laptop with a GPU. But what if instead there were 100 computers with four GPUs each, that were very powerful, and they could do that at a rate of billions and billions of keys per second? Well, I'd get to my 58 to the power of 7 much faster and do it much sooner, if I had access to that many computers. You can rent computers like that to do your calculation. So to Satinder's question, why is that secure? How is that secure if they generate the private key? Well, it has to do with a little trick of elliptic curve arithmetic that allows you to have the vanity pool, generate private keys, so as to produce a vanity address without knowing the full private key of that vanity address. And it relies on the simple fact that the sum of private keys produces a public key that is the sum of public keys. So if you take two private keys, A and B, and you produce the public key for A and the public key for B, then the sum of the two private keys, A plus B, and you take that private key, which is the sum, and you produce its public key, its public key is the sum of the two public keys of the two constituents. And that applies also to multiplication, so A times B produces a public key that is the factor of A and B. So the sum of private keys, the public key of the... Let me try this again. Pause, deep breath. The public key of the sum of two private keys is the same as the sum of the two public keys derived from those private keys. And what that means is that when you use a vanity pool, you have a private key, B, they have a private key, A. You calculate the public key, let's call that capital B, for your private key, B, that they don't know. And you give them this public key, capital B. They then calculate capital A plus capital B, the sum of the two public keys, and see if that address is a good vanity address. If they find one that matches your vanity address, that produces one address, what they know is that the sum of the two public keys, A plus B, produces this vanity address, but they only know one of the two private keys. They only know lower case A, which is the one they were calculating. They can iterate very quickly on that one private key, and then calculate the vanity address of the sum of the two public keys. When they find a result, they send you their part, their private key. And they don't know how to produce the sum of the private keys, because you have the other half. So you can take their private key and your private key and add them together, and now you have the private key for this vanity address. And they don't, because they only had half of it. So that's how you work a vanity pool, or how vanity pools work, in a way that they can iterate through billions of private keys, and produce a vanity address that you can use without them knowing the private key to that vanity address. I hope that was a good explanation. It's perhaps something that's easier to do with a whiteboard than it is just by speaking it.