 This special episode of the Bitcoin show conference edition is brought to you by MtGox, that's M-T-G-O-X dot com and bit-pay dot com, that's B-I-T dash pay dot com and Mezgy Grill, M-E-Z-E grill dot com and Cablesaurus, Cablesaurus dot com. I'm going to do this now, because I was excited about Bitcoin and even though I associate it to the role of this event, this guy who's running on such a good big talks and so on, I just said, okay, I love this stuff and we'll be there. So in this particular presentation, I've sort of taken on the part of what's Bitcoin, because I figure that, you know, I'm trying to figure it out a little bit more. So what I want to talk about is some of the problems that I've found with Bitcoin, especially after this in the video. So the first thing you have to do when you download a client, obviously, you have to download a blockchain and I guess the previous speakers have talked about that for a bit. So the blockchain is just this chain of blocks with all the transactions right in there and it means basically downloading the entire history of all transactions that all humans and beings have already done with this network and obviously that's not sustainable to do with whatever blockchain it is. So it's 140,000 blocks, I mean, it's a bit more on its own. We're going to do this presentation with about 620 megabytes and it took six hours when it tested it, but I've heard, like, again, it's good inside, it can take several days. So it's obviously, it's not good to do it a bit. And okay, so the other thing that the other problem that I saw and what actually happened to me is if you have a wallet and it's basically, it is your money, you want to keep that secure. So what I did with the bounty that we won with the animated movie is I actually created a virtual box where I kept the wallet. I also created a Dropbox account and put an encrypted version of the wallet on there and also bought this hide security hardware USB key and put a property on there. Now the thing was that at some point there was an update to the virtual box and it was pretty complicated how I actually updated that. And the long story of it, the short story of it is that that version was gone. So at that point I was not too nervous because I knew I had to back up so I was just going to destroy it and it was fine. So I looked into my Dropbox and I've different the true volume which was on there and it was empty, there was nothing in there. And so what I, in retrospect, what probably happened was that I wish I could do that in real life. Okay, so yeah, there was nothing, there was probably two computers logging in and sort of like overwriting each other's versions and because it was more than 30 days ago I could restore it and it was gone. And then the final thing was the R&K and this thing actually lets you only try to password your passwords and ten times so if you don't remember your password anymore because you've been working really hard for three months and never really sleeping and didn't really think you needed that backup anyway yeah, you can basically lose the entire wallet even though you've made it. But this is pretty much the backups that we recommend, I think, even if you're a bit over the higher amount of Bitcoins or at least I used to recommend. And back when I lost it, it was about $40,000 or something so it was, I spent a week trying to restore it and since then I've been interested in wallet security. And just in case you think that I'm the only idiot who could do something like that there have been other cases and they're equally bad so really I mean this guy's in mindbox covered it by the way but it still shouldn't happen, right? We shouldn't have this covered. And then another thing is that recently this is just an example from Metasploits coming out Metasploits is a hacker tool kit and I was reading through the release notes and I was like, yeah, you know Metasploits and it said, yeah, there's kind of a new cost exploitation you have no deals, but something passes, okay and oh yeah, they support Bitcoins so if you actually own any computer Metasploits will automatically and so definitely the hackers are sort of scaling up the attacks so we need some as-gettings and much more fundamental protection against theft and un-loss. So let's apply some consensus problems. Bitcoins actually consists of several different components that we've already mentioned. It's this data structure where all the transactions are ported into and then there's the UI where you just transaction and see you whatever, all the things that are in there and then finally you have your actual keys, right? So these are the things that this is what you really have to protect. So if we look at the properties of these three things like the blockchain, it's huge, okay, it's very, very large and that's the main problem with it. It's also global and it's public so there's no big secret about it anywhere. So because these properties like that should go on the server, right? It's huge, it's global anyway and it's public anyway. So that's something why should everybody have to have a copy of that and you put that on the server and you let people refer it. You wouldn't download all eBay auction offers just to do one auction, right? You would just connect to the server that has all the data for you. Then the UI, obviously it's complex so there could be all kinds of features that right now it's simple but it's going to get more complex in the future, I think. And so, like, it can, I'm going to say later why that's important but so it's not as simple as something that we can predict how it's going to look in the future. It's personal so it doesn't, everyone has a different sort of data in the UI so they can have like a dress book and all kinds of stuff and everything that they're going to trade with. And it's private, you don't want this information about you. So obviously you want to run this on the appliance somehow. And then finally you have the wallet which is very simple. And all it does is just store keys and sign things. And it's also personal, like, that applies to you and it's also something that we have to worry about because we have to keep it very secret. So ideally you want to have those on a hardware device. So we want a device that never gives the keys away and you just sort of send the transaction to the device and look, is it correct? And if it's correct, you say, okay, I signed this. I was looking for a platform for the server and I have to say that in the beginning I went with it with a pretty open mind. So I did look at SCADA and I did look at a couple other things. I knew it was going to be a peer-to-peer note obviously. It would have to be real-time so it would have to be able to, if something happens on a network, it would have to be able to perform other components without any delay. It would have to be, it would have to have a JSON RPC because I want it to be as consistent with your main line as possible. And finally it would have to maintain a look because if you have a thousand people loving it to their well, then you want them to all be able to use it without any conflict. And so just because, I mean, it already says it in the name, that's a note, so I'm going to use note JSON to just build exactly what it's going to be. And the other thing that goes very well with note is longer to be it, which is just a database. It's a data store and I should say note is kind of like a, it's an engine that you can run in a JavaScript code on and again it's an engine that's built for this kind of stuff. So just for the developers around you, like everyone else can tune out for a second. So, developed with note.js, I found that it can be pretty strange at times so you find things like, somebody adds a little bit of syntactic sugar and in order to do that, they sort of, that was one case, a library called note binary and just so you could replay the actions or the methods that you run on that on an object, they stored everything you did for no reason at all. So sometimes you just go. So, but aside from that, the foundation is extremely good. I was continuously impressed by the performance, by how much more simple the development is and just how quickly I was making progress with how little code compared to the original client as well. So, and the other thing, obviously if you have the server, you want to be able to use it, you want to be able to have UI and wallet. So, we also started writing a query for it and, yeah, for that you need some JavaScript-based pre-properties where you can sign stuff in the client and you need to be able to store the keys on the local device. So we use something like HTML5 local storage and use something like server.io, so it's real-time. And this is the desktop version of it and just in the last week we've done the first commercial transaction with it today. So, Sheldon was at a basic rule earlier and he had worked with, you know, on his iPhone. And I might go around and show it to you later, but it's kind of tricky because, you know, I don't have to wait for it because my car is in Switzerland, so it's kind of complicated, but again, if you have an iPhone and an iPhone, just go after me and I'll show you then. And in the future, again, so one of the things that we were thinking about was sort of a domestic wallet. Again, I come from a perspective of I don't want to lose my clients, so not just I don't want to project against hackers, but I also don't want to lose it myself. And the thing with encrypting a wallet is all you're really doing is you're removing it one step because what are you encrypting? You're encrypting the key. So what are you encrypting a bit with another key? So now you've got this key and now you've got a starting key that you've encrypted. It's kind of just moving the problem a little bit. And so one of the things that can actually help is you can have sort of a master key that all of the keys are derived from and so you can trade as many keys as you want and only store the first one. And what that gives you is you don't have to update your macbook and you can do one backup and it'll be just current forever because every new key that you generate you can always regenerate from the original one. And the other thing that Gedan also mentioned is if you can actually split up this design process, it's called the distributed key generation which is part of that. There's arguments for that or for DSA which is the special digital signature algorithm that DSA has also applied to which is the signing algorithm that bid purchase is our ECDSA. And probably you can apply the same things. I don't know if you've made any progress on it. Well, okay, well. So yeah, it's good. It's a hard problem, right? So somebody has to come in and do actual, you know, original critical research. But once we have that, as Gedan said, you can actually use two software devices to get sort of the two-factor authentication as long as not both devices are compromised, you're secure. And then finally, if you have a hardware device like the little device with a display where you can actually say, you know, send a transaction to the device, the device shows you if you want to send X and Y to this address, you say yes or no. So yes, it sends it back and it goes on and on. And that's all, that's all. And if you want more information, you can obviously go to our GIF repository. Everything I've talked about is open source already. Like we've built pretty much the first line we wrote, we opened the system the same day. And if you want to follow the progress, you can also use a tool. The Twitter feed has probably, if you're not a developer, you can use the Twitter feed. And if you have a smart phone, you can actually try this out. If you're a prototype, you're going to have to stress your system traffic. But you can log in and use your smart phone on web.ch. And yeah, play around with it. Don't use too much money. Any questions? Right there. Right, so there was already, there was already a library for, what's called big integers. So big integer math. And somebody had built on top of that a elliptic curve implementation. And what we then built on top of that is the digital signature algorithm for elliptic curves. So if we, there was three steps that were done for us, and we did the last one. Okay, so when you want to write the transaction, you have to sign it with an elliptic curve, the derivative heat, right, with an elliptic curve signature. And so the main, or the most difficult function that you actually need to have is just the signature algorithm, right? All the other stuff like transaction format and so on, you can use biterries. And then when you communicate with the server, you can convert the biterry to anything you want, like phase 64 or whatever you want. Send it to the server, and the server will send it out. All the crypto-cats? Crypto-cats. It's all scripted chapters. Perhaps they're using lots of the same kind of... That's very possible. So the library that we're using, so the question was, do I know crypto-cats? Is that the scope? No, I don't. But the library that we're using is extremely popular. So the GISPN library is extremely popular. It's a part of the Chrome benchmark suite that they run against every single Chrome release. So it's actually, it's really well-optimized and it's really, really well-tested. So it was a great library if that exists, it would have been really difficult. So, yeah, I mean, the first time I heard anybody working on this was Art Fortz, who said that it is one of the one of the big minors who played around with FPGA mining and so on. And I heard that he was sort of thinking about working on it. And since then I haven't really heard anything about it, but what we're probably going to do as the next step is we're going to develop a software implementation of the device. Now, it doesn't really like, that sounds like, okay, if you want a hardware device, so why are we writing it in software? But what you can do with that is you can define all the protocols and then sort of be just that, the stuff you develop in software, you just port it over to a hardware platform. And you don't have to define anything. People can test already and you can establish all the standards. Okay. All right, thanks for your time. Security. That's just a big, that's just a big way to do this now. I encourage to promote security right now. So, you know, one of the things that I advocate now is two-factor authentication and there are a lot of systems for that. And so obviously, Starbucks being the majority of the market share, it's very important. I noticed that one thing I figured out is that these USB security keys are pretty much a meme from viruses because you're using an e-wallet system whatever the wallet file is not in your system. This is mainly for non-technical people. We wouldn't even trust their own skills enough to do all the steps that they have to do to secure the wallet. You've got it out there on another system. You use a second, what do you call it, two-factor authentication in that it eliminates the problem of the keyboard to capture viruses and Trojans because the password's only good for a couple seconds, if you know what that means. So anyway, a lot of these exchanges have one. Netflix has one called a UB key. So they've asked me to say for you guys who are watching the video here, the first 20 people who sent a e-mail to me are Bruce at onlyonetv.com. We've got a free e-mail link. It's not here. It's interesting. Sorry, it took manner. Six o'clock is on the schedule which is dinner at Hudson eatery in New York District right now. But at last minute, additionally on the schedule because Edamette Cayman discovered this. There's a really, really cool, chic rooftop lounge on the top of this building. So after dinner, early at dinner, it's basically a pleasant eatery or whatever. Like around 9 o'clock, we've got some tables reserved. I'll see you at 5 o'clock. It's a little closer to this building. It's called something like B45 or something like that. Anyway, this app's called B45. It's a different version of the first house on a special elevator. This is a real show. That's a nice one tonight. Tales have tradition, right? So we're going to put it all around. We got to go to the studio and drop everything off. And then we can... Oh, I'm probably... Bruce is going to go... Hudson eatery is our place. Right, yeah. That's what makes sense. So this is it. A special thanks to our sponsors, the first Mt. Gox, mtgaux.com. You know them by now. They are the largest exchange For Bitcoins, they are now taking the British pound, Australian dollars and Canadian dollar should be here any day now. The Euro is now here with the BitOmat Acquisition. MtGox mobile app is now on the Android market. It allows you to take Bitcoins on the go. And finally, with the USB security device, the UB key, it protects your account even on compromised computers. And brought to you by BitPay, that's BIT-Pay. They are the official merchant processor for the Bitcoin conference. They allow you to accept payment in Bitcoin and receive US dollars instead. Super simple to integrate into your website. We did it. And finally, they allow you to generate QR codes, invoices and more. Just a full inclusive merchant solution for Bitcoin. And Mezzy Grill, where authentic Mediterranean food meets modern flavor. They're now serving breakfast. They're right here on 8th Avenue at 55th Street in New York City, just a couple blocks south of Columbus Circle. They are the first brick and mortar to accept and sell Bitcoins in New York City. There are also worldwide franchising opportunities available. And we did eat there for the conference and it was delicious. And Cablesaurus.com, that's Cablesaurus like a dinosaur. It's a quality and fastly shipped specialty mining gear, gaming gear, and PC supplies shipped directly from the USA. Free shipping is available. They offer the best gear for miners and gamers such as PCIe, extender cables, GPU and PSU dummy plugs, riser converter cards, dual PSU cables, watt meters, and more essential mining gear. If you're a miner, you know what it is and you know that you need it. Thousands of satisfied customers in the Bitcoin community, accepting payment in Bitcoin and dollars. Again, that's Cablesaurus.com.