 Hey everyone, welcome. Are we having fun at Devcore? This is so so amazing I'm one of the things I love about this space is that I just keep learning like every single day I learned something new about Bitcoin and At least once a week my mind is blown. So that I had that experience again today listening to some of these presentations I wanted to talk about security today, and if you listen to the trolls on reddit, I don't know anything about security So I decided instead I'll talk about parenting because I don't have any kids so You know if I'm gonna talk about things. I don't know I might as well start there, right? You know parenting has changed a lot When I grew up things were very different now in in the last couple of decades parenting is completely different My my sister just had a baby and I'm watching her as a parent. I'm like a proxy parent as an uncle It's it's really strange. I'm watching these parents and you know when I was growing up Purell didn't exist It's a miracle. We actually made it, right like we survived because apparently there's bacteria everywhere and Today's parenting involves Gallon jugs of purell, right? You watch these parents like Their kid touches a bit of dirt and they give them a purell shower right there just to make sure Not the experience I had right I grew up in the 70s. We used to play in the garden roll around in the mud We'd make mud cakes Would our parents freak out? No We'd eat the mud cakes Would our parents freak out? No Mostly because they weren't around they were like get out of the house come back when the Sun goes down And so you have to wonder how did we survive without purell and Recently if you if you read some of the studies you you hear about this really interesting phenomenon The rates of asthma and allergy are through the roof turns out if You raise a child in a sterile environment They don't develop an immune system whoops and So now there's this new round of parenting that is recognizing this fact and we're going back to our roots So now we realize that eating mud cakes in the garden is how you build a robust immune system, right? you don't get allergies you don't get asthma and You know you can take this to the extreme you have For example in the in the third world Children don't have extreme allergic reactions to common medications that we'd have why because they have even more robust immune systems by being exposed To pathogens all of the time from the moment them born before they're born and Then in the other extreme you have this concept of Raising a child in a bubble Bubble boy, right you remember that story Bubble boy, it's a tragic story because it's true about a child without an immune system and there are these strange cases or medical tragedies where either children are born with compromised immunity or They lose their immunity through some kind of problem and then they live in a bubble and You have to be wondering what the hell is this guy talking about right now I thought this was gonna be a talk about security in Bitcoin and here we are we're talking about bubble boys and eating mud cakes There's a point to this hang on hang on So the reason I'm talking about this is because this has some really important implications in security You see if you create a system that is isolated from external influences Then it's not that it doesn't have bugs It's just that you don't know about the bugs that the system has and if you create a system that is exposed To external attacks all of the time It's not that it has a lot of bugs It's just that you know about the bugs that it has because you keep finding them and in the process You fix them and in the process the system gets stronger so This all comes out of a Discussion I want to have about an interesting phenomenon We have now which is this concept of permissioned ledgers and isolated blockchains because in my mind an Isolated the blockchain is bubble boy Right. It's building a system completely isolated from the world with the hopes that that's going to make it safer because banks are like a Paranoid helicopter parent that wants to shower their kid in Purell because it touched a booger and Guess what these ledgers are gonna get they're gonna get asthma and severe allergies The worst case is that eventually the bubble bursts at some point you get exposed to the outside world and Then you have a scenario where a system that's been isolated for so long has developed no immunity whatsoever It gets exposed to some horrific deadly thing like a pollen particle And dies a horrible death Because it has such low immunity that it reacts horribly to something that a properly stimulated properly Raised organism can resist with ease Now this isn't the first time we've had this discussion in fact ironically on the internet this realization that security by isolation and security by obscurity and Security by control and perimeter and security by trying to tamp down security research fails and fails miserably when I was first on the internet in the early 90s, I was talking to banks and Telling them why they should Get email servers and connect to this email thing and They said very many of the same things that I hear in Bitcoin today, which is well We don't know anyone who uses email none of the other banks use email. So who am I gonna send email to first place? Secondly that out there Uncontrolled thing might be dangerous thirdly our bankers might say something in email and how do we add a long disclosure form at the bottom and What happens if any of our people can communicate with anyone at any moment in time? That's a recipe for chaos anarchy Of course they were right They just didn't think of chaos and anarchy as a good thing Many of us in this space probably do So what did the banks do with their first? Attempts to join the internet. What did large corporations do with their first attempt to join the internet? Did they connect TCP IP systems directly to the internet and build robust applications that could communicate over TCP IP? No, they built moats and walls and Perimeters they implemented perimeter security. They built firewalls and demilitarized zones DMZ's and they use all of these military Analogies to wall themselves in and then what did they deploy behind these walls? Did they deploy the common open source protocols and capabilities and applications of the internet? No, they deployed highly denatured weak equivalents like Outlook and front page and they built Internet websites that had stale and obsolete content That was only accessible during working hours through a VPN with no influence from the outside and they said look We're doing internet We're so cutting-edge We're hip and That's how they did internet. They built these highly isolated environments and For a very long time the prevailing idea was That by building these isolated environments, they were more secure Because they could control things through the firewall Because they could control access to data creation of data access to systems And now we know that was an illusion not only Can companies not control these things? But in the process of building these isolated systems They built bubble boy IT they built IT systems that had no resilience no immunity because Outlook had bugs and front page had bugs It's just that they weren't tested on the wild internet very often because a lot of the time they lived behind walls and When we discovered those bugs it was bad, right? Because eventually someone gets inside the bubble or the thing that's inside the bubble gets outside the bubble See the problem with bubbles is that you can't trade through them, and if you're in business your business is to trade So if you're a business you do commerce and commerce can't happen in a bubble So the very concept of a bubble is antithetical to commerce you build your firewall What's your salesperson going to use on the road a? Laptop which they're going to take outside of the firewall for the very first time plug it into the hotel internet Contract 72 viruses and then bring it back into the firewall and give it to everyone else Bubbles didn't work on the internet. It didn't work. What are we seeing now? We're seeing a whole generation of companies come to the realization That in order to be nimble and effective they can't be HP MC Cisco Oracle Microsoft Havens of secluded little kingdoms that don't talk to anything else First of all because that shit's expensive and it doesn't work and secondly because it's incredibly vulnerable It doesn't have immunity and so now we see this generation of Nimble young startups that are true internet companies their products their internal systems Their collaboration all of it is out there naked on the internet It all happens on github for all the world to see they use Gmail and collaborate with external email systems all over the world their Internal systems are external There's no such thing as internal in the world of the internet and they're building robust applications because on day one Those applications live in the wild and They're more secure they learn to live out there in the big scary Internet and those companies are thriving and they have systems that are much more secure and much more robust and That was even before the era of whistleblowers and anonymous Who come along and prick these corporate bubbles and get inside and take all of the information and give it out Now you're probably thinking well If provisioned ledgers and closed internets or bubble boy Then the wild internets and Bitcoin are like a kid Eating mud cakes Right a system that has immunity something exposed to pathogens. Well almost That might have been the analogy. I wanted to go for but you know me I'll go a bit further Bitcoin isn't the kid that eat mud cakes Bitcoin is a swarm of sewer rats gnarly things missing eyes and claws and tails like those pigeons You see in Trafalgar Square that are hopping around with this mutant arm stump and what do they eat? What are they eat? They eat raw sewage. They eat your trash. They eat the most virulent things on the planet There is nothing in this world that has more Strength in its immunity system than a New York rat or pigeon or even God forbid a squirrel those things are horrible and so a Rat is not going to have allergies It's not going to sneeze because of a bit of pollen This thing is already carrying three variations of the plague And it shrugs it off Because and that's exactly what Bitcoin is Malleability Attacks DDoS out there in the open port 8333 come and get me and Is anybody trying hell? Yes Everyone is trying for six years the best of the brightest the meanest and the most malicious of throwing everything they can At this deformed swarm of sewer rats out there these 6000 nodes that are listening and God knows how many other nodes that are exposed to the vagaries of the wild internet and It survives So what are the banks do? They're gonna build bubble boy blockchains They're going to build permissioned ledgers. Do you think permissioned ledgers suffer from transaction malleability? Hell yes, they do. Do you think altcoin suffer from transaction malleability? Hell? Yes, they do They just don't get those things fixed right and neither will the permissioned ledgers and that's just one of the thousands and thousands and thousands of bugs and weaknesses and Weird Exceptions and edge cases that we're going to find while living out there in the wild and And we're going to build this incredibly robust system which is already taking shape today I mean beyond the idea that you could have a Decentralized consensus system the idea that that decentralized consensus system could actually survive For six years is kind of ludicrous and The only reason the banks have now gone to the point of thinking about permissioned ledgers is because they finally Reach the stage of bargaining the third stage in the five stages of grief For the industry they're about to lose They start with denial and The basis of denial is well this thing isn't gonna work It's gonna die any day soon and it doesn't and Then they say well, it's just silly money and it doesn't have any value until it does And nobody else is gonna play with it except that they are and serious investors won't possibly put money in this except that they did and It still refuses to die. So we go from denial To bargaining Somewhere in between there might be some anger there's going to be Some depression and eventually they're going to reach acceptance But it's gonna take a long time because if you look at the internet We're now on maybe 25 years into the internet in terms of really beginning to Broaden its use 25 years in and There are plenty of companies out there that think that as long as they put their Oracle EMCHP Cisco Microsoft shit behind a perimeter firewall all is going to be well They're still building bubble boys and Intranets on the internet. They haven't learned that lesson after 25 years. It's going to take longer in finance Not only is decentralization Open protocols open source Collaborative development and living in the wild a feature of Bitcoin That's the whole point and if you take a permission ledger and you say well, that's all nice We like the database part of it. Can we have it without the open decentralized peer-to-peer open source? non-controlled Distributed nature of it. Well, you just threw out the baby with the bathwater You're never going to build a bubble strong enough to keep financial information Ironically, this is all happening at the same time that as banks have finally gone on to the internet They're leaking They're leaking so much from every orifice. They're leaking anonymous WikiLeaks insiders All of that stuff They don't have confidential transactions. They don't have encrypted this. They don't have privacy. They don't have zero knowledge They have completely open ledgers and what do they overlay on top of them? KYC and AML so they attach identities to everything they're doing so that when that database gets leaked It will have a completely rich history not only of every transaction, but of every participant in the system That's what they're building. They're building Panopticons they're building a panopticon of financial information and it's leaking Because the truth of panopticons is when you build a panopticon it stares back And when it's the internet that's staring back, that's four billion eyeballs I'm not so worried about my financial information from my bank leaking Because maybe a couple hundred people are gonna stare back But when Angela Merkel's phone numbers and phone calls leak whoo, everybody's staring Three days ago the internal presentations and power points of the Department of Defense about their drone assassination Program leaked for a billion eyes staring back. You built a panopticon It's staring back And so the real question we should be asking about permissioned ledgers is Do you really want to put KYC AML on bubble boy? Because you go and add all of that information when that database leaks four five six ten years into the future. You're going to give anonymous WikiLeaks historians a Complete record of every transaction you ever did the secret slush budget of Lockheed Martin The black budget of your government the bribes that you paid to depose a democratically elected government or To install an oil well and a pristine rainforest all of that shit is going to be on WikiLeaks and all over the internet and you're going to provide the rich KYC metadata that you painstakingly attached to every transaction meanwhile, we're going to build Bitcoin with encrypted anonymous private transactions and You'd better rethink this panopticon. You'd better rethink this bubble boy because building resilient systems is about exposing them exposing them to Continuous attack. That's how you build resilient systems So I'm not scared of permissioned ledgers D nature D fang centralized weak systems behind bubbles Those are not going to scale. They're not going to survive. They're not going to be secure They're not going to be provide they're not going to be providing privacy and they're going to backfire badly but the funny thing is That lesson is going to take a long time to learn. I Can see it now Sir, we had all of the drone assassination things behind a firewall, but someone burst through the bubble All right, call the general get me two bubbles. We're going to double up Bubbles within bubbles Sir they burst through our double bubble titanium bubbles If we pay Lockheed Mart in a hundred million dollars, maybe they can build us a double titanium bubble that we can hide all of our data behind Sir it lasted 30 seconds before anonymous ripped it to shreds and to put all our data on the internet Hmm. I wonder if we can build more bubbles They think that having your data on the internet Without controlling it centrally is weakness. It isn't weakness That sewer rat out there isn't weak It's the strongest thing we can build because it's constantly under attack and wrapping it in a bubble It doesn't make it stronger it gradually denatures and weakens it until what's left is a pale Immunosuppressed little lab rat with red eyes That dies the first time it's exposed to the flu and so That's what security is Security is a process. It's a process of openness and exposure It's a process of continuously adapting to new attacks and in that process dynamically becoming more and more robust less and less fragile We're introducing Bitcoin in a world full of fragile systems central banking centralized banking monetary systems that Can't manage to achieve lift-off in the economy In that environment. We're introducing a robust global decentralized system And it's robust today. It's not perfect It's got bugs But we don't hide those bugs We announce them we glorify in them we discuss them We invite people to attack it and we take that information and we make it stronger every single day and That is why we win because while they're building bubble boy. We're building a swarm of sewer rats. Thank you So I'm happy to take Questions from the audience. We have quite a bit of time. So please go ahead Andre What you're trying to communicate is that? Private block chains are insecure by design. I I mean Blockchain that are built within the banks. Okay, I agree with that but we can take another software That is being used I mean as example like open source projects, okay It's like HTTP server. Let's take n drinks or Apache. It's being used by big corporations like Google Oracle whoever including banks that have a lot of private information and So what prevents the banks from taking Open source grown copy of the Bitcoin code and launching it inside Well, I'll tell you what what stops them. I think here's the problem What happens if you take a patching and You install it in a bank and you put it behind an internet and you use it internally I'll tell you what happens. You fall behind on patches. You stop doing vulnerability tests You stop exposing it to external vulnerability tests that you didn't order that just came your way Okay, so and as you do that It gets denatured it gates weaker and weaker and weaker and weaker until eventually you're running Apache But it's three versions behind it's vulnerable to anything and someone comes in pricks through the bubble breaks through the perimeter and takes that Apache for a ride and That's because you weren't under pressure To live in the wild and when the pressure goes away, so do the standards. I Would be happy to see Bitcoin as the one world currency and you probably know that I've also been working towards this direction during last five years or so, but meanwhile we have big banks and corporations Existing within the countries and Google is a good example of Like using a lot of open source software and using it properly, right? Do I agree with that? Yes, so most of their stuff runs pretty much out there So while this in while we have not yet shifted to like completely decentralized anarchist like picture of world with only one currency. We will have the banks and Bitcoin solves some problem for them. I mean private blockchain solves problem of synchronizing synchronizing transactions between the branches like not losing transactions and so on so they they have a choice either to like Not solve this problem or try to apply this Solution they have a lot more choices of that. I mean just today Greg was talking about liquid which is a Sidechain for doing exactly that's between exchanges now where are exchanges today today? They run a mysql database that stores entries for the account value of every customer We saw what happened with willy-bot and gox with that particular issue, right? This is an incremental improvement Now how does that differ from a permission ledger? Well, the main difference is that if you think Citibank is going to run their permission ledger on internet connected machines and Open to everyone to scrutinize you're sorely mistaken What they're going to do is they're going to hide it behind the tall wall and they're going to run it among their five six seven eight Bankly friends And what that's going to do is it's going to mean that that software is going to be weak And it's going to get weaker because all of the lessons we're learning in the wild won't get applied there until a whistleblower runs a little Trojan and malleates the transactions of their running exchange and Then they're gonna have a bit of a problem What I was trying to say that as long as big institutions still exist they will hold some amount of private information inevitably about their customers, right and they since blockchain solves some problem for them they will They will be using it and they really have a choice to either use open source developments like launch a copy of Ethereum within their network or try to build something on so we'll have a tool like worlds of Blockchains again like commercial blockchains built by Microsoft and Open source blockchains built by open source community and both will be used by large organizations. It's not Yeah, absolutely. I mean we are going to live in a thank you We are going to live in a world with a lot of diversity We are going to have completely closed systems that are Permissioned ledgers that have so little decentralization functionality that effectively all they are is Three-phase commit on top of a database with audit logs and instead of having audit logs in a log file They have audit logs based on Bercal trees and hashes. That's not innovation. That's 20 year old technology Applied in a slight twist to what they're doing now and on the other end of the scale You're going to have completely open systems open source systems You're going to have sophisticated cryptography and we're mostly going to be living on that end now If that's the environment and that's the competitive landscape That's great. I mean Because that's an environment in which not only can we win with Bitcoin and with other technology or rather It's not a matter of winning. It's a matter of building robust solutions that have use and Value for people all around the world that change the world. That's something we can do You know, I'm not worried about competing against the Microsoft blockchain You know described Bitcoin is an army of sewer rats, but I'm going to disagree I think our Bitcoin is a single sewer rat And because of that, it's vulnerable. The sewer rat is named Bitcoin core if we really want to be a army of Sewer rats we have to have more implementation so that if one rat dies their army remains you know, I Don't think you will find a single core developer Who will ratify the idea that the best approach is to have only one implementation? I think the real difference is that Implementing more than one implementation and creating software diversity on a consensus Sensitive system is something that's never been done before and it's bloody difficult because you have a bug and you get the May 2013 26 block fork because of Berkeley DB, which wasn't even part of the consensus rules I think if you look at the development roadmap of Bitcoin core You'll see that there is an enormous effort underway with lip consensus and lip set to 56 K to to modularize and Isolate the elements that are consensus Important and to make those available for libraries for other implementations and there are other implementations year six is A toddler right and so already there are 304 competing implementations that are fairly good and are able to keep up and in some ways Is it still? Very much a monoculture. Yes, we still have some biodiversity issues But I don't think anybody wants that it's just they recognize that it's very difficult to Move away from that in a system that is consensus critical Okay question Michael How much of it is a question of competence mean looking at operating systems iOS is a lot more secure than Android And that kind of breaks down your analogy. I don't think it's a matter of competence. I think well It depends on how you define competence if you think if you think of competence simply as an internal and intrinsic attribute of a single person Then perhaps but competence isn't to me an attribute of a single person It's an emergent aspect of a team or collaborative behavior, right? Competence is not you writing code alone very few people can exhibit competence across scale and time as coders Competence and quality of code is something that emerges from the collaboration of many people because the area that I have Competence in is different from the area that you have competence in and if we're sharing then there will be someone out there Who will notice the one thing that I missed and So I don't think that's really the case. I think What is the issue with Android I? Think the the fundamental difference between Android and iPhone is not about code quality Or security of the underlying code. It's about the difference that iPhone runs on 2025 different platforms if you take all of the versions of iPhones that exist out there and Android runs on 500 different platforms by different manufacturers all of which creates subtle variations it's a matter of uncontrolled diversity in a system and there is Android that is extremely good and there is Android that is Extremely bad. Whereas with iPhone. It's a much narrower band of higher quality That's a specific choice to align hardware software quality control services under a single umbrella and that works in some cases But it also slows down innovation And how do I know that I know that because I had a Bitcoin wallet a year and a half on my Android before it was available on iOS and that's a perfect example of how it slows down innovation wall gardens mini bubbles They reduce your ability to trade outside the bubble and so you pay a heavy price for that And over longer scales of time that price may be insurmountable. I love the the sewer rat analogy that's awesome and The helicopter parent that's equally awesome still trying to wrap my head around how the sewer rats See the helicopter parents and how they relate to them and whether they ignore them completely and They live under the grip of their business the It seems like the common element of of these Semi-cooperative entities And rats don't really collaborate and Listen, I'm not gonna make some what collaborate, but okay Let's not attempt to do a formal proof on the internal consistency of my analogies. I can tell you right now I'm just saying I love it. I'm going deep on it. So the point Is not about this biology of the rat The points is about the difference between a robustness in an environment with stimulus versus weakness in an environment that lacks stimulus or has isolation and so Use whatever analogies you want I thought that starting a title of a presentation with bubble boy and the Bitcoin sewer rat as I announced on Twitter last week Would at least brings the people here thinking what the hell absolutely? Thank you But in addition, I think that control is is the medium That that were the perception of control is the medium Perception and all and when you when you said rats I immediately thought of pizza rat in the New York subway system and and yeah And the helicopter parents like pizza, too So maybe pizza is the control well Here's the thing a control is going to be a big issue with these permissioned ledgers the illusion of control or the use of hierarchy authority and control in order to Effectively change the future That's an illusion that all of us can fall into right the the assumption that we control our Destiny and that if only we control a few more variables will have control That's what drives people crazy like if you want to be neurotic now if we wanted to make the analogy that many large Corporations are Institutionally neurotic. I'm all with you because effectively that's what that element of control is that's being terrified to open yourself up to the outside world because you are a hierarchical institution that has authority and control in its very DNA and That being a fundamental and perhaps Extinction level weakness of large hierarchical organizations I'm with you there because that is the end result of this. It is an issue of control We're not infected. All right. Let's take one more question here. I think maybe we have a bit more time Go for it. Thanks a lot Also, they agree with everybody cool analogies, but I Just would love to hear your thoughts about Whether Bitcoin has actually been attacked in all the ways or in the most effective ways Because one thing that makes sense to me as you know, if I for example had an attack that was very effective, right? I wouldn't use it now when I can't profit from it I would wait until I could profit from it Namely when a short market appeared where if I successfully executed the attack, I would make 10 million dollars 20 million dollars, you know any millions of dollars So I'm just not I get the analogy and what you're saying makes sense compared to distributed ledgers I'm just wondering on your perspective of what happens when much more economic incentive via short markets Appears for somebody who might have an attack to actually use it That's that's a really good point. And I think we should recognize and let's be realistic here Bitcoin has not been attacked in every way possible and as much as it possibly can yet and it certainly wasn't in the early days Bitcoin had one unique advantage, which was this Two-plus-year honeymoon period when nobody thought it was important or relevant or even would work If at that time people had attacked it it was it was much weaker, right? There were some horrific bugs in the early days, right? And there are plenty of core developers here who can talk about some of the hilarious things like for example being able to Create coin base with billions and billions of bitcoins in them. Whoops You know some of the validation rules slipped through blocks that had infinite coins in them And and many other bugs we got a honeymoon period then To fix the most egregious bugs and we still have a honeymoon period now because here's the hilarious thing Most of these banks most of these large organizations in finance most of the central banks They look at Bitcoin the way Walmart looks at a lemonade stand and They are still laughing Which is great? I hope they keep doing that for two more years three more years give us a bit more of a honeymoon period so we can get even more Robust because we really don't need Concerned attacks right now although from another perspective I would rather have some of the attacks materialized now Before we have mass adoption and a lot of users being disrupted, but this is a this is a continuous process in a race The real issue here is the timescale right and the interesting implication what we're saying here has is that a Lot of altcoins don't get that grace period anymore Which is why it's a lot harder to build robust altcoins because one you don't get a grace period on mining If anybody thinks it's gonna be valuable there there So it's not just like nobody noticed and you don't get a grace period on security anymore So if you've implemented things sloppily someone's gonna find it in fact just the other day I was reading this fantastic article about 42 coin. Are you familiar with 42 coin? It's a it's an altcoin that was designed To only ever have 42 coins It currently has 48 it would have taken two lines of code To constrain the mining algorithm so that after the initial Process of mining the first 42 coins as promised it stopped and in fact Several people noticed that this was missing from the code and they wrote to the developer who had since abandoned the project and So nobody patched it to nobody upgraded these systems because they were really running in an isolated environment and not really participating in a Real economy so nobody fixed them and then coin 43 was mined and At that point you have an existential crisis for this altcoin because it's no longer 42 coin This is gonna keep happening and it happens because there's not enough people interested in fixing the bugs You know, this is the other The flip side of this idea It's really hilarious to me when you talk to companies and you say hey, how about you open source your code? And they say oh my god if we do that people are going to see it and they might use it without paying us and The hardest thing to explain to a company that's doing software is you wish People would see it and use it most likely if you open source your code like the other 700,000 projects on github no one will give a shit and No one will use it and you will not create a community if you actually Managed to get people to see it use it and create a developer community around it Congratulations, you're in the 1% of projects that have achieved that it is a rare and difficult achievement And in fact Bitcoin has succeeded more in that than any of the altcoins or To go back to my previous analogy any of the permission ledgers would ever hope to have When they close themselves down from external scrutiny Do you want to pass it to the person next to you, please? Thank you Okay So I really like sewerettes too and I see them in New York City screwing around the subway And maybe they could survive a nuclear apocalypse or something more than the bankers up above But they're also living in muck and dirt in these little small passageways while the bankers up above Have huge buildings and they could they have also a lot of power and they could go live in Bermuda their bubbles give them a Lot of ability. I'd like Bitcoin to have a lot of power too. How did the sewer rats get power? Well, here's the funny thing 650 million years ago There was a big lizard species or a series of big lizard species on this planet And they were big and they were proud and they trumped around and they stomped around and they usually stopped on Little furry mammals that was scarring among the tree trunks below them They didn't pay much attention to them. But guess what they died and the little furry things became us and we won So don't underestimate the little furry mammal among the trees because someday meteors happen And here's the thing when the dinosaurs see the meteor they go through the same process of the banks seeing Bitcoin They look up and they go. Well, that's not happening That can be real and Then they start screaming at it So to me the banks at the moment dealing with Bitcoin the ones that have begun to realize what is happening are now braying at the meteors Trying to make them stop falling on their head And you can't really do that Don't underestimate the tiny scrappy little incumbent the little competitor Scarring around the tree trunks because eventually they become the dominant species and Remember where and how the internet developed in the beginning because I went into phone companies and did presentations explaining to them why they needed to Address and understand and adapt to the threat of Decentralized communications. We didn't call it that then but TCP IP and you know what they did they laughed They laughed at the internet these massive companies like AT&T and In my case I went to the Greek National Phone Company OTE Doesn't really exist anymore fell apart, but They laughed at the idea of the internet because the idea of that through this messy process of decentralized routing where You draw packets all the time. That's not a bug. That's a feature dropping packets. It's messy It's nasty that this could actually compete with these carefully constructed hierarchical systems of these global spanning copper and Increasingly digital networks. It was completely laughable They went off and designed ISDN and said ha Better than the internet it can do video conferencing The internet can't scale to do video conferencing or voice or any of those things Fast-forward 20 years now. They're running their entire voice network on top of the internet things change much faster than we anticipate and This the power and scalability of decentralized systems and the robustness of systems that initially appear to be messy and Sloppy like the internet was can often surprise But what doesn't or shouldn't surprise you is the hubris of those who think that the little scrappy competitor won't amount too much All right, I'll take one more question and then we'll wrap it up Thank you there you go Alan Turing and the enigma demonstrated that no form of Cryptography any form of cryptography can eventually be broken all through history when you had Navajo and Various types of cryptography. There was always something that no one nobody imagined that would crack it Do you believe that to be true or not? Yeah, absolutely all forms of cryptography can be broken all forms of Photography are eventually broken that is a truism including that behind Bitcoin Including that currently behind Bitcoin. Yes. The question again is timescale. You see the real secret of The enigma was the secret of the broken enigma the reason Bletchley Park was successful in essentially winning World War two at least for the North Sea and the British forces Was because they managed to hide the secret of breaking enigma because what would have happened if the secret that they broke enigma leaked Enigma would have been improved and changed and the damage that They had managed to cause which at that point was complete and systemic capture of all of the cryptographic Communications of the Germans would have been contained And so they would only be able to capture the enigma machines that hadn't yet upgraded Isolation was the downfall of that system because by definition it had to be isolated So the lesson we need to learn is We expect cryptography to be broken We expect every system and subsystem within Bitcoin eventually to be weakened and what we need to do is one make sure that any such weaknesses are not systemic and Complete and then identify the weaknesses early enough to start addressing them so that they don't become systemic and the best way You do that is by existing in an open collaborative environment where you learn about those weaknesses If we see the SA gets hacked today Or becomes weak today, what does that mean? Does that mean that every person in the world can suddenly crack? ECDSA at any scale no It will mean that for a certain class of very well-funded attackers certain types of ECDSA with an enormous effort can be cracked at which point our friend Greg back there will be building a side chain that doesn't use set 256k one sec P256k one in fact the example of the Schnorr signatures implementation on Elements alpha already shows you the possibility of having a Bitcoin subsystem that allows for a variety of Signature technologies to be used within the Bitcoin ecosystem. There's no reason why we all need to use ECDSA We can add a patch the system that recognizes Let's say Apples curve that they use. I don't remember what it's called. It's a long number Or that uses a completely different cryptographic system. I'd probably select something Created verified audited by Bruce schnarr But the bottom line is that you could create in fact an ecosystem where you don't rely on any single curve And therefore the system is robust because every customer can pick which curve they want to use or which signing system They want to use so that even if one of them was compromised that only compromises a subset That's possible to do today the real question We need to ask is like two weeks ago Shah one was shown to be weak eventually Shah 256 is going to be weak And at that point We had better have reached the point in the curve where fees matter more than rewards Otherwise the consensus mechanism won't let us upgrade But there are always weaknesses no cryptographic system lasts forever Which is why you don't want to bake it into a permission ledger behind a wall that nobody ever inspects maintains or updates Because then it's going to become weak. And in fact those systems are going to become monocultures. They will lack security biodiversity to use a to use the term Strangely, but they will lack the diversity required Bitcoin is not very diverse today But it is getting more diverse and will continue to get more diverse and more robust All right. Thank you all appreciate your time and thanks so much for coming