 Okay, what is the difference between public keys and addresses? Addresses are produced by hashing the public key twice. So you start with a private key. You multiply it by the generator points and you produce a public key. You cannot go back. From the public key, you cannot go back to the private key. From the private key, you can produce the public key with a multiplication. You can't go back. And then from the public key, you hash it twice and you produce the address. You cannot go back. You cannot calculate the public key from the address. But you can easily calculate the address from the public key. So private keys produce public keys. Public keys produce addresses. Addresses cannot be reversed to public keys. Public keys cannot be reversed to private keys. If my wallet automatically generates a new address for each transaction, will funds sent to me previously on a different address be transferred to the new address generated? And if one is going to send me funds to a previously used address, will I still receive them? And in which of those addresses will they end up? Yanis, this is a great question, which is commonly a cause of confusion for many people. What happens to all the addresses if your wallet generates a new one? So the important thing to understand here is that wallets that operate like that have, almost all of them, have a seed, which is used to generate all of the addresses that your wallet will use. And as your wallet is generating new addresses, it's not forgetting the old ones, it's remembering them. In fact, it's still tracking them on the blockchain to see if they receive money. If someone sends money to one of your old addresses, then that's where the money will arrive. It will arrive at the old address, or in fact it will be recorded on the blockchain as being spendable by that older address, the private key of that old address. And so as a result, if you want to spend that, you have to sign with the private key of that older address to spend. And what your wallet is going to do is it's going to find all of the fractions of Bitcoin that exist, and it's going to use those to produce a transaction. Let's say you have a tenth of a Bitcoin, a hundredth of a Bitcoin, a twentieth of a Bitcoin, and you need all three of those to make a payment. Your wallet is going to do a transaction where it takes all three of those fractions from three different addresses and makes all three of them the inputs of your transaction. And the output of the transaction will be the payment to whoever you want to pay, and maybe some change that goes to a fourth new address. For every one of those inputs, your wallet is going to find the original private key that corresponds to each one of those three addresses, and sign that input with that private key, producing a signature for that input. So when the rest of the blockchain looks at that transaction, they'll look at the first input, they'll see that it is spending coins that were locked to a specific address, they'll validate the signature, and that signature will correspond to that address. Then they'll do the same for the second and third inputs, and therefore all three inputs are validated. So when your wallet is spending money, it's not spending from one address. It could be spending from 100 different addresses with 100 different inputs, each signed with 100 different private keys that correspond to those addresses. Your wallet keeps track of all of the addresses and all of the private keys. How can we generate a new address to receive change? Susanna, your wallet does that for you. Your wallet will generate new addresses as needed, and when it receives change on one of these new addresses, in the future it can use that address and the change that it will contain as an input to a transaction, so it can spend it later. Why not just have a single output, the exact amount of bitcoins instead of output zero and output one, which is the change? Leonard, the reason is that you cannot spend part of an output, and therefore if I have a wallet that has an output that is one bitcoin, I cannot spend one third of that. I have to spend all of it as an input, and if I spend all of it as an input and the payment I want to make is only one third, well, I have to do something with the rest. I can either give it to the miners as fee, that's not very smart, or I return it back to myself as change, so that's why change is required. It's because inputs spend previously unspent outputs in total, each fraction of a bitcoin that's stored in an output must be spent, all or nothing, it cannot be split. It's treated as a discrete value coin that cannot be split into smaller values. Are transactions with multiple inputs and one output paying a miner fee despite the fact that the wallet may only be reorganizing our funds? Yes, Miguel, if you do a transaction where you take multiple inputs and you send them to one output in your own wallet in order to aggregate small outputs into one big output, something that is actually a good idea to do from time to time, you will have to pay a fee. It's transaction, the miner has no idea whether that transaction is a transaction inside your own wallet or between your wallet and somebody else's wallet, there is no difference in the transaction, it looks like any other transaction. And it has to be done on the blockchain because everybody needs to see it, which means it has to use up the resources of the entire network, which means it has to pay a fee. So yes, you do pay a fee, which is why this type of activity, aggregating, cleaning up, aggregating dust transactions, transactions that are too small to be profitably spent or spent with a reasonable fee, all of these kinds of activities happen mostly when fees go down. So as soon as the mempool is near empty and the fees have dropped significantly, I'm going to go and clean up my wallets. I'm going to use that opportunity to aggregate UTXO if I can and considering the privacy implications or if I want to, and then I will use a period where fees are low to take advantage of that. That's the same thing that I did when I moved from non-segwit to segwit addresses, I waited for a time when transaction fees were really low. Can you explain the vanity gen commands, which is a command for generating vanity addresses? What is a vanity address? A vanity address is one where the address has characters in it that spell something interesting. So for example, I have a vanity address that I use, which starts with one, Andreas. I have another one that starts with one love, which is a bit of a Bob Marley reference. And vanity gen is a program that allows you to generate these addresses. And you're thinking, how can you possibly generate an address that looks like that that has special characters in it? I mean, private keys are generated randomly. How can you randomly end up with an address that has these special characters? Well, the simple answer is what you do is you keep trying. So let's take a vanity address with just one character. What does it take for me to find an address that starts with one A? The one is part of the Bitcoin address format. What does it take for me to find an address that starts with A? Well, there are 58 characters in a Bitcoin address, which means that on average, if I generate 58 different private keys in a row, I'm likely to have one of those start with A. Simple, right? If I want to get A, I have to generate 58 private keys on average. Maybe it's not going to be 58. Maybe it takes me 60, 70, 80. Within a small deviation from that 58, I am going to find a private key that, when converted to a public key and then an address, starts with A. Great. Now, what if I wanted to start with An for Andreas? I'm going for Andreas. So I wanted to start with An. How difficult is that? Well, one out of 58 keys is going to start with A. One out of 58 square keys, because the first two characters, is going to start with An. So now I need to generate on average 58 times 58 private keys. And if I do that, eventually I'll generate one private key that when converted to an address starts with An. And all I need to do is keep that private key. And I have a vanity address that starts with An. If I wanted to do this with Andreas, A, N, D, R, E, A, S, and I'm counting with my fingers under the table, is seven characters. And so seven characters is 58 to the power of seven. Oh boy, that's a lot of addresses I need to generate, which means it's a lot of private keys I need to try. On average, if I generate 58 to the power of seven distinct private keys, on average, one of them will just by coincidence start with An. And that requires a very, very large amount of compute power. Vanity Gen will do that. You can even set up Vanity Gen to do it with a GPU. In fact, to generate one Andreas took about a week, and it used about 20 GPUs running in parallel, 24 hours a day for a week, to generate enough addresses, 58 to the power of seven, to find one that started with one Andreas. So that's how vanity addresses work. The sick hash flag all is supposed to sign all inputs and all outputs. How can all inputs be signed by one signature when each of the inputs have a different private key? That's a great question, Pavel. It's also an often a point of confusion. Each of the inputs will be signed by the private key that corresponds to that address so that it can be verified by everyone. However, what is being signed? That is determined by the sick hash flag. The private key applies a signature, and it applies it to a hash. And the sick hash all flag tells the system that the hash that is being calculated is a hash of all inputs and outputs that hash is then signed by the private key that corresponds to that input, and the signature is stored in that input. In the next input, maybe the same hash, maybe a different hash, is signed by the next private key and stored as another signature in the next input. So each input has its own signature. Each signature in each input is made by the private key corresponding to that input's address, and what they sign, what's put into the hashing algorithm to sign is what changes by the sick hash flag.