 My name is Howard Chu. I'm here to tell you today about Monero. I have my own company called Simon's Corporation. We've been around since 1999. I've actually been writing free software since the 1980s. If you were here for Simon Phipps's keynote talking about this is the 20th year of open source, and I've been writing free software since before open source was a thing. Some of the stuff I've done over the course of time, you might have been here when I spoke in FOSD a couple of years ago talking about LMDB, the embedded database engine. I've been working on Open LDAP for close to 20 years now, as Michael reminded me yesterday. I was also working on file systems, network file systems for PCs and for Macs. I've worked on speed recognition, various other things. If you are a software developer and you use GNU Make, you have probably been using my Parallel Make code, which has been around for 27 years. Now, while I've been doing all of these other non-security related things, I do actually have a fairly decent history in security-oriented code, sometimes creating security and sometimes breaking it. So I used to work on a project called RTMP Dump. How many of you have seen that or used that before? So that was a project to reverse engineer Adobe's encryption systems. It was an interesting arms race that eventually got a little tiresome. So we would break one of their schemes and they would introduce a new one. And then a couple of weeks later, we would break that and they would introduce a new one. And then we would break that and they would introduce a new one. And it's like, OK, you guys, have you got the message yet? Anybody can break DRM. So today's topics. First of all, what is Monero? It's a cryptocurrency. Well, what is a cryptocurrency? And then what's special about how Monero works? How does it work? So Monero is a totally private cryptocurrency, even though it's built on a public blockchain. Every transaction on the blockchain is completely opaque. The name Monero comes from the Esperanto language. It just means money. And the project was started in 2014. Now, this is a slide from seven months ago. At that time, the market value of Monero was on a sharp incline and it was only worth $22 a coin. And then two days ago, it was worth $200 a coin. And even that was down from its all time high, which was close to $500 for some month ago. So it's been an interesting project. It's on a very sharp upward slope. So what are cryptocurrencies in general? Obviously, they're an attempt to create a digital form of money. Most of the cryptocurrencies that exist today are forks of the Bitcoin code that was released in 2009. Now, normally, when we talk about things in the digital realm, they're very easy to copy. So one of the innovations from Bitcoin was the notion of digital scarcity, where you can create a digital asset and prove that it's unique using digital signatures. And as you're transmitting, sending coins back and forth, creating transactions, these transactions are stored on something called a blockchain, which is a public distributed ledger. So essentially, a blockchain is just a distributed database. It is somewhat transaction oriented. But if you think about it, it's a transaction system with group commit and delayed commits. There's typically a very high commit latency in Bitcoin. The block time is 10 minutes. So a block is committed on average once every 10 minutes. In Monero, the block time is two minutes. And every block carries the digital hash of its preceding block. And so from the very beginning, you can trace the chain of hashes and prove that everyone is authentic. The blocks and transactions are transmitted around a peer-to-peer network. And every node in the network participates in the validation. So every block that goes by, every transaction that goes by, every node looks at the hashes of these transactions to prove that they are valid. So all of this processing is extremely redundant. Every node participating in the network is repeating the same work. But the reason to do this is so that you can verify that there are no bad actors in the network. Nobody is handing you bad data because you've proved that it's valid. Now the actual process of compiling transactions into blocks is called mining. Mining is extremely compute-intensive. It generally involves running millions of iterations of hashes. And this is intentional. The cost of mining is a security feature. It's a way of deterring someone from attacking the network and trying to forge the data. So the fact that mining costs a lot of CPU resource prevents most actors from being able to inject bad data. The mining is somewhat of a race, a competition. So the first miner that generates a valid block gets a reward for creating that block. Race conditions in this process occur very frequently. And that means multiple miners can arrive at a valid block at just about the same time. And depending on network propagation delays, the block chain may think there are multiple valid branches at a point in time. But eventually, one longest chain emerges. So all of the miners will choose which branch they want to follow. And they start adding blocks to that chain. And whichever chain gets to be the longest first becomes the next valid chain. So we get back to cryptocurrency. Let me back up one second here. So if blockchains are a massive buzzword in the industry right now, you should be aware that it really is a distributed database. It's not all that fancy. And it's not all that magical. It's not the silver bullet that will solve every competing problem in history. It's nothing like that. OK, so Bitcoin, first really successful digital currency. It had a couple of missions. It was aiming to be a trustless system, permissionless, and completely decentralized system of money. The point to being trustless was to avoid needing to require third parties to participate in every transaction. In the modern banking system that we have today, you are always dealing with trusted third parties. You're always dealing with banks and credit card processors and all these others that you trust with your data to carry your transactions out from point A to point B. And if you look over the history of where Bitcoin came from, evolving out of 2008, 2009, this was a direct backlash against the global recession. Where basically all of the banks in the world proved that you cannot trust them. So to design a system that is inherently trustless made a lot of sense in that context. And the notion of being permissionless, meaning anybody can use a network and nobody can deny you access to a network, this is a fairly significant thing in a lot of situations. But for example, in the US, many states have legalized the use of marijuana. But if you are a company that sells marijuana, you cannot get a bank account. The banks will not deal with you. They consider this an illegitimate business, even though it's completely legal now. So a lot of companies who were dealing with marijuana as dispensaries had to use alternate means of financing and alternate means of conducting business. And one of those alternates would have been cryptocurrency. The point of it is that when you have a centralized system controlling all of your finances, they can deny you access to your finances anytime they want to. And so again, the goal of a system like Bitcoin is to prevent you from being cut off. It's to ensure that you maintain your own individual rights. And the point of decentralization is again to prevent a single point of control. The banking system, I just read an interesting article today. Again, in the US, Wells Fargo Bank, very large bank in the US, just had multiple members of its board of directors removed by the Federal Reserve. So here you see a situation where you believe you are free and independent to do as you wish. You believe private corporations can do as they wish. But in fact, there is a central point of control that you have no influence over that is controlling all of these systems. So in a decentralized system, the objective is to make sure that all nodes are equal and nobody has more influence than anybody else. Now the reality is that Bitcoin fails on just about all of these points. Bitcoin is not a permissionless system. If you look around at the businesses that are built up around it, many of these businesses actually censor transactions. And they can freeze user accounts for arbitrary reasons. This is not theoretical. This has happened to lots of users already. In actuality, even though Bitcoin is used all around the world, it's not a decentralized system. The majority of mining power in the Bitcoin network is concentrated in a handful of companies all located in China. And Bitcoin itself doesn't actually behave like money. There's a huge problem with Bitcoin, which is that whenever you spend Bitcoin, whenever you conduct a transaction, not only is all of the contents of that transaction public, but once you deal, once I buy something from a seller, the seller knows everything about my financial history and I know everything about the seller's financial history. So not only do you see what their balance is, how much money they have at this moment, you can see every transaction they've ever conducted in the past and they can see the same for you and they can keep watching you into the future. So Bitcoin has a bunch of really negative properties. Now aside from its properties as a form of money, it fails on a number of technological points. For the past nine years, it has been claimed that the Bitcoin network can support up to seven transactions per second. Now the reality, if you watch all the transaction history, it has never gone faster than three or four transactions per second. And the people behind Bitcoin, who are pushing this as the currency of the future, they kind of miss the fact that, for example, the Visa network processes thousands of transactions per second, 24 hours a day, seven days a week. All right. So you're talking about multiple orders of magnitude difference that simply can't compete. The Bitcoin implementation is riddled with hard-coded constants that constrain how it performs. If you've been following the Bitcoin community, you're probably aware of this block-size debate that's been going on for years. Supposedly, it has been resolved with the introduction of these new techniques they call Saigwit and other things, but the reality is there's, it's still a very large political battle between different factions. And as a result, the network itself is still crippled. The Bitcoin technology is based around a fixed coin supply. There will only ever be 18 million coins ever created, and once the last coin is created, no more will get produced. The interesting part about that is, well, a lot of people lose their keys to their wallets, and so that effectively means those coins get destroyed. So Bitcoin is supposed to be a deflationary system and that might have some virtues, but over the course of time, that is going to make the coin supply dwindle away so much that it won't remain usable. So Monero, it's kind of like Bitcoin 2.0. If you consider Bitcoin a prototype, which I consider it, it's a design that was proposed back in 2008, and people tried it out and said, oh, we have a lot of these problems with it, but none of those problems got fixed. So let's consider that Monero is Bitcoin 2.0. It actually is permissionless, all right? The coins are completely fungible, which means they don't have a traceable history, so you cannot ban someone, you can't censor them, because you can't identify that they were used for any particular thing. It is highly decentralized. The proof of work algorithm and mining algorithm makes centralization very difficult, and it actually behaves like cash, right? When I spend Monero with somebody, there's no trace of my history given to the other person and there's no trace of their history given to me. It's as if I would take a 50 cent coin out of my pocket and hand it to someone, and he tosses it into a coin jar, right? When you look at that coin jar, nothing in there tells you that I ever gave him a coin. The act of giving him the coin doesn't tell me how many coins are in the coin jar, and if he spends one of those coins, I can't see that happen, right? That's what real money behaves like, and that's what Bitcoin doesn't behave like, and the majority of cryptocurrencies don't behave that way, but Monero does. Most of the interesting network parameters in Monero are dynamically adjusted, self-adjusted, so there's no hard-coded constants like block size or fee levels, right? And unlike Bitcoin, it has a perpetual tail emission, which means, okay, there's a coin emission curve that says over the course of time, fewer and fewer coins can get produced, but that curve of emission never hits zero. It drops to a minimum of 0.6 coins per block for the rest of eternity, and the point of this is, you know, as I mentioned before, the blockchain miners get a reward for mining a block, right? And this emission is part of that reward. If that reward goes to zero, then the miners don't have incentive to keep mining anymore, and if they don't have incentive to keep mining anymore and they stop, then your network ends. The Monero code base is based on a completely different protocol and a different origin of code. So unlike the majority of cryptocurrencies out there that are just forks of the Bitcoin code, this is a completely independent code base called Kryptonote. It inherits none of Bitcoin's flaws, but it also doesn't inherit any of Bitcoin's usability, all right? Most of the businesses around the world that have adopted cryptocurrencies, they support the Bitcoin APIs. And so this is actually one of the weak points of Monero is that it has a completely different set of APIs and it's not as widely adopted yet. This graph just shows you the coin emission curve and the total number of coins that will ever exist so that you can see that the blue line for Bitcoin eventually flattens out, no new coins ever get created. And the Monero curve actually continues and the quantity of Monero versus Bitcoin will cross over in around the year 2040. So the interesting bits of the technology, how does Monero do what it claims to do? How do we get permissionless operation? To get this, you must have fungibility. Fungibility means that one coin cannot be distinguished from another and so the coins that you're presented with are always worth the face value that they claim to be. In Bitcoin, because coins can be traced, companies will tend to ban coins that they believe were used improperly. Coins that were used in thefts or stolen, coins that were used in illegal businesses such as drug businesses, they can all be blacklisted and if one of these coins ends up in your wallet, you can have your wallet frozen. So it's vital to be a functioning currency to actually act like money that your coin has to have fungibility. You can only get fungibility through privacy. You can only get it if your coins have no traceable history and again, in Bitcoin, everything about the money is public, all right? The sender's address, the receiver's address, the amounts that are being sent, all of this is public and so you can always trace a complete history of any user through the Bitcoin network. There are a lot of coins out there now that call themselves privacy coins, okay? This is becoming a big buzzword but all of them fall short in a number of ways, mostly because their privacy systems are optional, right? In Monero, the privacy is built in and active by default all the time. Nobody can opt out of it which means every transaction has the same protections on it. When you have optional protection, the transactions that are private or shielded stand out from the rest of the transactions. Once they stand out, that makes them traceable. So another feature that Monero uses is called stealth addresses. You always have, if you own a wallet, you have your own wallet address and it's public so if you want somebody to send money to you, you give them your public wallet address but the address you give them never actually shows up in the blockchain. Instead, you get a randomly generated address that's associated with the transaction. So even though all of the transactions are recorded in a public ledger, none of them can actually be linked to a real address. Another mechanism used is called a ring signature. So the transactions don't just include the money that you're sending, they also include decoys from other users on the network. And using these ring signatures, it means you can prove that the signature is valid but you cannot prove whose key was used to sign it. So for example, if you're familiar with public key digital signatures, you have your public key and your private key and if you sign something with your public key, you can decrypt it with your private key and vice versa. With a ring signature, you have a whole bunch of public keys, you choose one which is yours and you mix a bunch of other people's public keys into it and you generate a signature that can be validated by anybody but they cannot detect who the original signer is. These features were all built into the crypto note protocol back when it was created back in 2013. Ring confidential transactions are a new feature that the Monero developers created and released January of 2017. In this system, all of the transaction amounts are also hidden. Before this was developed, even though the senders and receivers were hidden, the amount of coins being sent was public. Now they're completely hidden. It's funny because the system behind confidential transactions was invented for use in Bitcoin but has never actually been deployed in Bitcoin. I'm not gonna get deep into the math here but just to give you an idea of how things work, basically you are taking the amount that you wanna send and you create a hash of it by combining your amount with a randomized blinding factor. This hash is kinda special because the hash of the sums is also equal to the sum of the hashes. So you can validate that these inputs add up to the number you claim them to without revealing what the number is and independent parties can also do this validation. And this is important to prevent counter-fitting of coins. There's another complication to this which is even though you can assert that A plus B equals zero, it's possible without certain constraints, it's possible for you to choose some very large numbers that when added up will wrap around an integer arithmetic. This was actually a bug that occurred in the Bitcoin network early on back in 2010. So we also have something called a range proof that declares that these values do not exceed the range of a two to the 64-bit integer. And range proofs are another application of ring signatures where you basically say each bit of the value could be this value or could be that value but you don't know which. There's one other aspect of privacy that isn't quite covered yet which is that when you participate in the Monero network, your IP address might be visible. It'll be visible on your first hop into the network. Now the IP address doesn't travel across the network with your transactions so it doesn't really give away very much information. But the Monero project is working on an implementation of I2P and that's going to be bundled in in the near future. If you've used Tor or I2PD, it's the same idea where you have multi-layered routing, multi-layered addresses. So for decentralization, the big problem that we see again looking at Bitcoin is a few companies in China control 80 or 90% of the hash power of the Bitcoin network. So in the kryptonite proof of work, the algorithm requires a two megabyte scratch pad so it's fairly expensive to implement this in specialized hardware simply because fast RAM is fairly expensive. Also instead of just using a single crypto primitive it uses a set of five different primitives. So the algorithm is fairly resistant to ASIC implementation. Now of course over the course of time as memory gets cheaper and integration gets denser these things get easier to accomplish. But currently it's still fairly difficult. It's also it's been implemented in GPUs but there isn't a very vast performance difference between GPUs and CPUs. Mainly because graphics memory is optimized for sequential access and the algorithm that we use is very heavy on random access. In contrast, the Bitcoin network uses SHA-2256 which is actually an extremely fast hash algorithm. It's cheap to implement and it takes very little memory. It takes very little circuitry to accomplish it. So when you look at the Bitcoin network they talk about having petahashes of hash power in their network simply because hashes are so cheap to compute. In the Monero network it's currently several hundred mega hashes. So it's much slower by several orders of magnitude. Now I talked about in Bitcoin there's a block size that's hard coded to a maximum of one megabyte. In Monero the block size is dynamic and it's based on the median size of the previous 100 blocks. So if more transactions are being conducted and the network starts seeing more usage the block size will automatically grow to accommodate the increased use. The growth is based on the previous 100 blocks to control the rate of growth. We don't want it to grow too quickly and we don't want to allow an attacker to spam the network and just create millions of transactions and blow out the block size in an instant. Part of the way we discourage spamming is there's a transaction fee and it's based on the byte size of the transaction. So there's a fee per kilobyte. The fee itself is also dynamic and it's again computed based on the previous 100 blocks as well as the value of the current mining reward. Now this is actually the part where I get personally involved in the project. Before 2015 the Monero blockchain was stored completely in RAM. This was a problem for the project because that meant they actually couldn't run on 32 bit PCs once they got over a couple of gigabytes. And by 2015 their blockchain was five gigabytes in size but they started using my database LMDB and brought their memory footprint down to 10 megabytes. Also in 2015 they had a blockchain with 585,000 blocks in it and it used to take 4.2 hours to sync that using their in-memory database and once they switched to LMDB the sync time went down dramatically. We talk about the Bitcoin network having a maximum speed of seven transactions per second. The Monero network was measured at about 1,000 transactions per second before LMDB and about 1,700 transactions per second after LMDB. So you can actually run a full node on a first generation Raspberry Pi without too many problems. The Pi will be quite busy CPU-I's but it can do it. So that's where things have been looking ahead a little bit. You find that you can't have both security and efficiency at the same time and this bugs the hell out of me because I spend most of my time working on efficiency. When you see these charts produced by the Bitcoin project or the Monero project they talk about being the currency of the future and they project their usage out to say the year 2050 which is interesting but there are other groups around the world saying we're gonna put a colony on Mars by the year 2030. That really means the currency of the future doesn't need to only scale across global scale. It needs to be interplanetary. It needs to scale across vast distances, vast latencies and none of these current designs will do that. The Bitcoin block time of 10 minutes is fine but it can take 15 minutes for a radio signal to get from Earth to Mars. That means if you're sending blocks across interplanetary space your blockchain will always be out of sync. It'll never converge. So the very blockchain protocol that we're using today is completely inadequate. So again when you see all this buzz in the media about blockchain is the greatest thing in slice bread, no it's not. Just understand that. There's a lot of work to be done here. We don't have the perfect solution in Monero yet but we're thinking about it and we're working on it. So the takeaways I wanna give you. Monero is the world's first cryptocurrency that actually acts like real money. It actually behaves like a real currency. And in fact I would say everything else that calls itself a cryptocurrency is nothing of the sort. The word crypto comes from the Greek word cryptos which means hidden. None of those other coins out there actually hide anything. And none of them actually behave like a currency. The design of Monero obviously benefits from being a second mover. We can look at what Bitcoin did. We can look at the problems that it has and say well how do we fix those problems? So Monero works a lot better than Bitcoin simply because we could see what Bitcoin was doing. And it works well enough for today but obviously there's challenges that remain to be solved going forward. Hi, thanks for the speech and for the contributions to the open source. You defined blockchain as a thing where we need to have proof of work in order to have it secure and stuff. You also said that mining is a kind of race and a competition. So I totally agree with those and this means that game theory applies. And what happens then is that if we compete about mining the coins, it means that each of us wants to put as many nodes as possible and therefore burn as much energy as possible and this applies to every single miner. And in my opinion this could lead the humanity to some kind of doom because we are going to burn everything just to calculate some hashes. Don't you think that proof of stake or some other mechanism of proving value should come into cryptocurrencies? That's a good question. But proof of stake has a bunch of problems. It can't really secure anything. It's like the old saying of pulling yourself up by your own bootstraps. Physically it's not possible. You're talking about using the value you've already invested in the network to prove that you're going to stay honest and not cheat the network. There's no external enforcement of integrity. And again like with proof of work it's the actual cost of electricity and compute resources that secures the network. In proof of stake there is nothing that actually secures anything. I've heard the horrendous figure that cryptocurrency transaction produces 500 times more carbon dioxide as a credit card transaction. Could you confirm that or could you comment? First of all I don't think that figure is correct but again it is the cost of electricity and the value of compute that you're performing that provides security to the network. So if you made it cheaper or if you diverted those resources to another purpose then it would no longer be as secure. Yeah, my question would be so a bitcoins achieves so what branch is authentic is achieved by mining, right? By spending a lot of compute basically and the number of transactions is still limited to a very small amount. You say you have a very big number of transactions so that is achieved by compute as well, right? So how do you achieve so much branch to believe that? So is it easier to then fool the network and yeah, if you have a lot of pies then you can basically dictate, decide who cheats. I didn't quite get that question, I'm sorry. Could you say it again? Again, so the question is Bitcoin, in Bitcoin what branch is truly the branch? So these are the transactions that did happen is achieved by mining, right? And confirming those transactions and the longest chain wins as you explained. Yes. Right, that's achieved by a huge amount of compute by companies in China, right? Okay. So what prevents companies in China putting lots of pies and basically being the ones who define how it goes? I think the answer to what you're asking is that there is a fee associated with grading each transaction. So a company can't just pump as many transactions as they want. One to one. First of all, I want to thank you for your presentation and I have a question regarding Monero. Similar to how Bitcoin currently has Lightning network proposals, Ethereum has Rayton network. Is there any off-chain scalability for Monero? The Monero project is looking into adopting the Lightning network, yes. Hi. What difference is in the privacy of Monero with respect to the cash and the classic methods of zero-proof technology? I didn't get that question either, I'm sorry. What's the main difference between Monero and Zcash about the privacy protection? Okay. Zcash, they talk about the ZK snark as a zero-knowledge proof. It's an interesting technology but it's still immature. It isn't well optimized. It still takes three or four gigabytes of RAM to create a Zcash transaction. It still takes about a minute of CPU time to create a transaction. So it's not actually practical to use right now. If you look at the Zcash network, less than 1% of their transactions are actually fully private. Simply because it's not really usable. Is it me? Please enter and exit quietly. We're still in the talk. Thank you. Yes. Hi. My question is about scaling also. You mentioned Monero's looking into adopting the Lightning network. How does this go together with the need for a decentralized secure network? Because with Lightning network, I know you'll get nodes. Maybe you can comment on this. That's a very good question. And I think at this point, we can only look at Lightning network for very low value usage. Small value transactions. Hi. Is it to your left? Fifth row from the bottom. Hi. So first of all, thanks for making buying drugs more anonymous. That's a killer use case. Second of all, I'm kind of wary of presentations that tout all the benefits, but don't mention any of the downsides. So what are some of the current downsides of Monero? Currently, a Monero transaction is like 30 times larger than the size of a Bitcoin transaction. So it has much more storage requirements and network bandwidth requirements, right? It's very resource intensive, okay? But aside from that, that's really the biggest negative at this point in time. Zero MQ developers are here. Hello. So I've heard that Zero MQ is actually used in Monero for the internet communication. So is it using encryption or not at all? Encryption for Zero MQ? Yes, actually I've had a poster of Monero and it says it uses Zero MQ. So I want to know where it's used in Monero and for what? In the current implementation, it's used for communication between the wallet and the demon, okay? In a future version, it will be extended to be used for inter-demon connections as well. And yes, the encryption is being used for that communication, yeah. So the members of the Monero hardware team here, and I have a first generation and a second generation Monero hardware wallet to showcase. Howard, may I put them on the table for people to? So this is very interesting. Most of the currencies are supported by Ledger and Trezor hardware wallets. The Monero project has actually launched its own hardware wallet design. And the first prototypes are on display right here. So my question is regarding the proof of work algorithm. One of the good things about having a simple algorithm like Bitcoin dust is that the chips you have to create in order to mind, they are really simple, right? The ASICs and mostly all countries in the world, or some sort of advanced or whatever, they have access to create these chips. While if you create the proof of work algorithm that requires CPUs or GPUs, those are really advanced chips that only a few countries in the world are able to produce. Aren't you worried about this? Like what if, for example, NVIDIA pulls off a new GPU that is able to mine or to process this, I don't know, four, 10, 20 hundred times faster? How will the rest of the world compete with that? Thank you. From the very beginning, the Monero project has stated as one of its principles that decentralization is a goal and ASIC resistance is a goal, right? So if something shows up that is, orders of magnitude more efficient than what we have today, the proof of work algorithm will change. Now currently, you know, CPUs and GPUs are fairly comparable. If you look at the most efficient miners today, they're on AMD Ryzen CPUs and they're on AMD GPUs and their efficiency in terms of hashes per watt is fairly comparable to each other and their absolute performance is fairly comparable to each other. So I think at the moment, we're in a fairly balanced position. We're coming close to end of time, so. Last question for me. Can you please comment on whether there will be any features to have Monero blockchain being more programmable and able to run distributed apps and smart contracts? Sorry, so again, features of what? I'm interested in whether you can first see Monero running smart contracts and distributed applications and being more programmable than just the cryptocurrency. I don't see smart contracts in the roadmap any time soon. Thank you for your talk. I would like to know who gets the transaction fee. Who gets the transaction key? Yes. The sender always has the transaction key and you can give it to somebody if you want to. The fee. Fee, that goes into the block and the miner gets that as part of the block reward. Thank you for your talk. I wanted to ask if there is any check pointing in the Monero network like the Bitcoin network has? Say again, slower. Sorry, is there any check pointing in the Monero network? Check pointing, how? Well, as far as I'm aware, the Bitcoin network performs a checkpoint every two weeks or something to froze the transactions. Okay, there is a checkpoint system in the Monero as well. I don't believe it's on a regular schedule. We have a system called Monero Pulse which uses DNSSEC to publish checkpoints. All right, so as long as your DNS works, you can receive those updates. Hi, so I'm a little bit conflicted about the whole privacy coin idea because on the one hand I'm a privacy activist and have been for a long time. So I am really annoyed by the electronic payment taking over from cash because obviously, cash is good and privacy is good. However, I also work with investigative journalists who investigate corrupt politicians and money laundering, et cetera, et cetera. And it occurs to me that with cash, cash is really unwieldy in large quantities. And this is something, this is kind of a proof of work for cash that you're not doing too much bad things with it. And I think this is something, I feel this is missing from the privacy coin debate, right? What happens if some actually bad actor starts doing something bad with privacy coins? Maybe there is some way of implementing this kind of proof of work in Monero or similar coins. What do you think? Thanks. Extended proof of work. That's not something we've thought of before. That's an interesting point. The underlying question that you have there, you know, I have the standard answer to this. This is the same answer to the government wanting backdoors in encryption, all right? If your encryption system is not strong enough to protect the bad guys, it's not strong enough to protect the good guys either. Okay, so I don't like standard answers or a short follow up. Technology is neither good nor bad, nor is it neutral, right? And the way that this system is set up is it tips the balance from the general public using the cash towards the potential bad actors, right? So cash is an interesting thing because the balance is there. That's why I'm asking. One last? Yes? Hey, Howard, it's me, Walter. This is a question mainly coming from a friend that is watching you from Kiev in Ukraine using the live streaming. And I'm also chair the question. Our question mainly is if Monero have, and do you know if Monero have a strategy to become some moment the mainstream and it's like, it's really important apart from be a better technical solution to hand Bitcoin becomes because the mainstream option in the society using cryptocurrency. Yeah. Adoption is always an interesting issue with any technology. I would say Monero is still relatively immature because it's not very user friendly yet. But at the same time, there was a project just released a few months ago called Coral Reef where we signed up 50 rock stars musicians, well-known artists, and they all started accepting Monero on their artist websites. There are projects underway now to increase adoption, increase its use as an actual currency. So yeah, the drive towards mainstream is happening, but one, the technology, the software isn't quite polished yet, so it's still something for early adopters, people who are a little bit more technically savvy. But it will get there. Thank you. Thank you.