 I was gonna ask you about privacy in general with the with the blockchain and I know we have our own zcoin or zcash And there's Monero and all this do you see a second layer protocol for Bitcoin to render those not needed? I guess in essence or do you see do you have a one of those protocols that you see be in the most promising to? Actually be able to obfuscate the keys and keep your your transactions private That's a great question. I think privacy is probably one of the most fundamental things that needs to be done And it needs to be done in the base protocol of Bitcoin and it is on the roadmap honestly I've made some controversial statements before and I'll make a controversial statement now, which is privacy before scaling and The reason privacy before scaling is because you can do scaling in layer 2 and you can't do privacy in layer 2 if layer 1 isn't private and We learned that lesson the hard way with the internet and it has been a disaster from that perspective IPv4 did not incorporate privacy features And as a result the correct economic incentives were there to turn the entire internet into a giant surveillance machine now There are parts of it that are encrypted, but most of us don't use those parts And so as a result we all suffer Privacy is so important. It has to be done first. Fortunately. There's a lot of research being done in bitcoin to do that And bitcoin can also benefit from some of the research that's happening in other systems That's the beauty of a big open source ecosystem Is that we can all dip in the ideas of other teams and learn from what others are doing If we're not too caught up in the screaming tribalism Of of the cryptocurrency tribes, which is one of the risks but There's also second layer privacy technology lightning network significantly improves the privacy profile of bitcoin use And it's also getting better. So the combination of those two technologies I think will give us better privacy and furthermore I expect we will see the second layer networks eventually become Multicurrency routing networks meaning that all of the blockchains will be connected in a higher layer So that you can move between currencies in milliseconds transparently for almost no fees or no fees at all And at that point the privacy currency is one swap away from the one you're using now Um, and it becomes very easy to be fungible I would prefer to see privacy in every currency. In fact, I think currency without privacy is a bug And it's a dangerous bug, which if not fixed will have consequences Frank asks about schnore signatures after a quick reminder of what doors schnore signatures will open for bitcoin And why could there be any reason not to want them implemented into bitcoin? Can you also tell us how you think this would be rolled out in bitcoin soft fork a hard fork? Is there any possible timeline for these changes? If you're really interested in the technical information around this I would strongly suggest that you watch a video produced by peter wool For the san francisco bitcoin developers beat up, which I was the founder of a long time ago I'm no longer involved in that but they seem to be doing a pretty good job Getting some very high-level technical high quality technical Seminars on that. So peter wool talked about schnore signatures Signature aggregation as well as upcoming changes to the sick hash mechanism within bitcoin. It's a fascinating presentation It's very technical, but you will still learn a lot about schnore signatures So what are schnore signatures schnore signatures are actually a predecessor to ecdsa the elliptic curve digital signature algorithm in fact dsa was invented as as peter wool talked about in his presentation in order to overcome some of the patent encumbrances of schnore signatures, but Snore signatures fell out of patents Um Maybe a few years ago. I think it was 2010 or somewhere around that and since then people can use schnore signatures and they have some Significant advantages On a security level schnore signatures are equivalent to the security of ecdsa They use the same fundamental security assumption, which is the difficulty of solving the discrete log The discrete logarithm problem um over a a prime order field With a very large prime number and basically that discrete logarithm problem is the basis of The digital signature algorithm and elliptic curve cryptography because what it what it means is that you can do multiplication, but you can't do division for example Because that's the discrete logarithm problem and that is a hard problem Hard meaning that it can it cannot be solved in polynomial time So schnore signatures and elliptic curve digital signature algorithm have the same basic security They depend on the same basic security assumption and so they have equivalent security However schnore signatures have some very interesting properties one of the really interesting properties and i'm going to paraphrase this just to give you an idea is the the sum of A set of schnore signatures is equivalent to a signature on the sum of the messages Made with the sum of the public keys So you can do this thing called aggregation if you have a series of messages Let's call them transactions and you have a series of public keys to sign those transactions Instead of signing each message with each public key and having a series of signatures You can add all the public keys together add all the messages together And then sign the whole thing with the sum of the public key Signing the sum of the messages and this produces a sum signature Which is the same as the sum of all of the signatures if you had signed each message independently I'm using the word sum In a slightly broader term than than simple arithmetic addition, but Let's just assume that it's an equivalent arithmetic operation The bottom line is that you could do some interesting things for example If you have a transaction in bitcoin that has five inputs Instead of having five signatures, you could provide one aggregate signature That can be evaluated in a fraction of the time For all of the inputs theoretically you could take that one step further And if you have a thousand transactions in a block that are all based on schnore signatures And there's one signature per transaction aggregating all the inputs You could then aggregate all the signatures in the block and have one signature per block that is stored It also means that you can do aggregate verification. So You could basically take the sum of all Signatures and verify it once against the sum of all messages and the verification algorithm can either tell you Okay, they're all correct or one of them is wrong But I don't know which one at which point you could test each one of them independently This is useful because in bitcoin when you receive a block with all of its signatures in it The assumption is that it will be valid meaning that it's very rare that you reject a block because it has an invalid signature Because it's unlikely that block would reach you because the previous node has already done that validation Or hasn't forwarded the block if it fails. So if a block reaches your node 99.9999 percent of the time or some very high Probability that block will validate. So if you just validate the sum of all signatures and it says yes, they're all valid And you don't have to waste time checking each signature. So that's a very interesting Thing the other thing you can do with schnore signatures, which is even more interesting Is the aggregation of signatures across signers meaning that If we have a multi signature, which is a k of n structure or m of n structure where you say Three out of 15 people have to sign Then you can construct that with schnore signatures so that it looks like It's a single signature on a single public key That allows you to take multi sig and make it look like a single signature payment Which is really a great privacy improvement You could take all complex multi sigs and make them all look that they're simple Single signature payments from one person to another and they'd be indistinguishable The structure proposed for that is this ingenious mechanism that that was created by Greg Maxwell, uh, I believe peter wool andrew polster and a few others called tap root And uh, an additional aspect of that called graft root and these are some really fundamental Cryptography innovations that are very very exciting the combination of schnore signatures tap roots graft roots and signature aggregation with the multi sig Structure that was created called new sig for schnore signatures. This is a package of upgrades And it's likely that they're going to be done all in one go or at least as many of them as possible Peter wool explains the um The logic behind doing all of offering all of these upgrades is one and part of the reason is that you get the maximum privacy benefit If you can do one but not the other part of this, uh, then uh, you can start differentiating between those users Who are trying to do privacy because it's visible that they're trying to do privacy From those who are not and that puts a target on the back of people trying to do privacy Whereas if suddenly all of the transactions can do this and it looks indistinguishable from a single sign or public key Uh, that's a great, uh tool which gives you privacy without showing that you're trying to get privacy So This will be done by a soft fork. It doesn't require hard fork at all part of segwits script versioning Upgrade allows you to introduce completely new signature mechanisms and new sig hash types and All of these functions that I just talked about in a soft fork an opt-in soft fork Um, given the past history of soft forks. I'm going to go out on the limb and say that This will not be activated by minor voting um because of the disaster Of the uasf, uh, bip nine version Minor vote for segwit the first time I expect that this is going to be an opt-in change with a specific date meaning that um as of date x anybody who's operated to The latest version of the client who chooses to turn on that feature can use it Um, and that's it as simple as that so that will be a soft fork with a specific date As for the possible timeline The bits have been written the specifications are being finalized Peter wool and others have written Implementation code so the first The first prototype code has been written. I would expect we could see this as soon as Six months from now As an implemented feature and then we have to wait until wallets start supporting it Um, and it becomes broadly available very very similar to how segwit was rolled out All right. Next question comes from kino kino says Kino asks about privacy crypto in parallel to transparency crypto And he says if the people will have an untraceable and anonymous cryptocurrency with a high degree of privacy Don't we also need a traceable and transparent cryptocurrency for the state the NGOs the politicians And the political parties and could you do atomic swaps between them? That's a really interesting question. This is one of the big conundrums in this space Which is that people are afraid that if you have a private and anonymous currency People in power will abuse it in order to do money laundering and influence peddling and political corruption Um, of course, if you look more carefully at the history of our species in pretty much every country The powerful already have access to that Um, it's called banking And with the appropriate license you can do as much money laundering as you want And as long as the regulators are well coddled and paid off nobody goes to jail So political corruption happens today and it happens with our current fiat currencies very effectively So it doesn't take an anonymous cryptocurrency to introduce political corruption. Of course corrupt politicians will be able to use anonymous cryptocurrencies But so will everybody else so the masses gain a benefit of privacy that today They don't have there's a strange situation where The people in power who should be accountable have complete secrecy and regular people who are innocent of any charges have not been charged with anything And have no reason to be suspected of anything Are surveilled and have no secrecy or privacy at all in financial systems That is getting reversed with cryptocurrencies. We will live in a world where private individuals have privacy and hopefully those in power Don't have the ability to maintain secrecy as as much as they would. How do you do that? It doesn't take two currencies You don't have a privacy and a transparency cryptocurrency because really you can achieve transparency in a very private cryptocurrency what you have to do to achieve transparency is to Is to force those who are essentially Working for the state And therefore accountable for their actions to provide records of what transactions they've done and to reveal their transactions They're doing as part of their official business so you can force transparency in a private system quite easily What you can do is you can't add privacy onto a system that doesn't have it So a private system can be transparent But a transparent system can't be private Therefore if we do have a cryptocurrency that works for both situations It will be a private cryptocurrency one that has privacy and then you have to through Through legislation or through policy have or through perhaps even constitutional law You will have the obligation of those who have public accountability to be transparent in their transactions Now that doesn't mean they're not going to evade those rules and do private transactions for bribery and corruption And of course that would be violating the law and then you punish that accordingly You can't stop people from breaking the law with the law so The the problem is that even if you have a transparent cryptocurrency That's completely transparent People can choose not to use it and they can choose to use the private cryptocurrency instead So therefore you can't enforce That everybody only uses transparent cryptocurrency. In fact, that leads to a totalitarian surveillance system And effectively that's something that's going to be imposed onto those who are least powerful Rather than as accountability to the most powerful So I'm more interested in how do we gain privacy for the masses? And whether we have transparency for governments or not is a completely different problem And it's not a technical problem. It's a political problem and you can't solve it by adding a new technology