 Zoltan asks, what are bullet proofs? A team of researchers has published a paper entitled bullet proofs, short proofs of confidential transactions, and more. It describes bullet proofs as a new, non-interactive, zero-knowledge proof protocol with very short proofs without a trusted setup. What does it mean? How does it work? What will be the practical benefits? A highly technical question. Thank you for asking, Zoltan. Let me try to explain this as best I can. Confidential transactions is an invention that was published three years ago that allows you to encrypt the amount in a Bitcoin transaction. By encrypting the amount, you can break a very important source of information leakage, where analytics companies can track amounts. In an answer to a previous question, I mentioned CoinJoin, where lots of people participate together in a transaction. One of the disadvantages of that is, unless you are all trading approximately the same amount, it's very easy to track which input belongs to which output because of the amounts involved. Confidential transactions is meant to be used together with coin mixing strategies to create very anonymous and private Bitcoin transactions, whereby no one can track who is paying what to whom. Confidential transactions encrypts the value. By encrypting the value, you can't see how much is being transacted. If you use that together with mixing, you can't really tell which output corresponds to which input. It makes it much more robust privacy. You might be thinking, if the amount is encrypted, how do we know they didn't spend money they didn't have? How do we know they didn't create new money from nothing? The technique used in confidential transactions is called a zero-knowledge proof. A zero-knowledge proof is where you prove something is true without knowing some underlying information. In the case of confidential transactions, you can use a special type of math in the zero-knowledge proof, which allows you to add the inputs and outputs and show that they add up to zero. Basically, show that the amount of the inputs and outputs are equal and add up to zero without knowing what these amounts are. This seems impossible. Trust me, the math doesn't make it seem any more possible. It is quite confusing and very difficult to understand, and I don't really understand it. But what I do understand is that if you encrypt values A in the inputs and B in the outputs, you can then apply a proof that says A and B cancel out each other, and the sum of them is zero, so that you know that there is an equal amount of inputs and outputs, no new money has been created. The specific zero-knowledge proof that is used in confidential transactions is called a range proof. You can prove that a number is within a certain range without knowing what the number is. Bullet proofs are at development, because one of the problems with non-interactive zero-knowledge proofs is that they tend to be very large. They use a large amount of data. If a transaction with confidential transactions that contains these non-interactive zero-knowledge proofs could be 20 kilobytes, compared to a normal transaction with, say, 200 bytes, that is not a very good trade-off. You have a lot of privacy, but in return the capacity of your blockchain just decreased tremendously, because the transaction just became a hundred times larger. What the authors of that paper achieved, and it is an interesting read, although you might find it challenging, is that they achieved a much shorter proof, so that you can prove that the numbers in the inputs and outputs are within a range without using as much data, without making a very large transaction that then reduces the capacity of your blockchain. It's a very incredible development in cryptography. It's once again a demonstration that Bitcoin and the crypto ecosystem in general, and the research that's going on, is pushing the boundaries of cryptography, it's generating new cryptographic knowledge and discoveries in science every single day. The practical benefits, as you asked, is that we can get confidential transactions with much shorter proofs, which allow us to encrypt the value of a transaction, so that we can gain greater anonymity without that transaction being enormous in size.