 Who generates the nonce if my pool is the one to generate the random number? How is it protected from us to know it? What makes the net random number itself tamper proof? Is the whole network contributing to the random number? All right, so the nonce the random number is Calculated independently billions and billions and billions of times per second by each Mining hardware system, so when a miner is Mining what they're doing essentially is coordinating over a network a very large number of mining computers and these mining computers are calculating billions of nonces per second and There's nothing manual about this by the way this when we say a miner is mining a Announce is being calculated. There's no one sitting there doing a calculation or validating transactions or clicking approve These are completely Automated unattended operations that happen where computers calculate Billions of nonces per second so what is the purpose of the nonce the nonce is simply a random number and It's a very large random number The space for an ounce is 32 bits, which gives 4 billion possible combinations But there's also some extra space in the block Which is called extra nonce and extra nonce really allows you to expand that To much more than 32 bits so you can try Many many many many billions upon billions of combinations You're gonna hear me say billions and billions again and again in this talk because These numbers are truly very very large So the purpose of the nonce is to plug it in to the block header in the specific location in the block header that is for the nonce and then calculate a new block header hash and When you put the header information plus the nonce Into the hashing algorithm you'll get a hash a number will pop out. It's a 256 bit number Now that number has to start with a lot of zeros if it doesn't you try again with another nonce So the only part of the header you can change is the nonce So when the miner is mining what they're doing is they're constructing a block They're putting all of the transactions and the other information into the header the timestamp Etc. Etc. And then once they've got that header they plug in a nonce any nonce. Let's say the number one and Then they calculate the header hash and they look to see if it matches this Special pattern which is that it starts with a lot of zeros and the chances of it starting with a zero Well, they get lower the more zeros you expect to find at the beginning of the number But in the in the beginning Let's say you're looking just for one bit to be zero then about half the hashes you produce We'll have a zero bit in the beginning and half the hashes will have a one If you want two zeros in the beginning that it's a one in four chance if you want Three zeros in the beginning then it's a one in eight chance if you want four zero bits in the beginning then it's a one in sixteen chance and by the time you get to the numbers we see with blocks today, we're looking about one in five Septillion chance of you having that many zeros at the beginning of the block and how do you find a one in several Septillion chances well you try a septillion times per second And you do that by trying as many possible different announces with the header you've constructed One of the miners is going to be lucky in one of those attempts. They will find Nonsense that when fitted into the block that they've Constructed as a candidate will produce a header that has this many Bits of zeros in the beginning that matches the pattern matches the difficulty Required by the network and that is a winning block that is a valid Block and as soon as they found that they can then Announce this random number so the random number isn't tamper proof. It's not secret And the mining pool doesn't pick this random number every mining machine out there is trying Billions of these random numbers every second And they discard all of the results until they find one random number that produces a hash that has this particular Property it starts with a lot of zeros Osita asks is it possible to develop an algorithm for guessing Announce which will fast-track solving the Bitcoin challenge by a miner could that be related to the recent shattering of Shaw one Yes, that's an excellent question. Oh, Sita in fact Yes, there is the possibility of creating a shortcut that allows you to predict the Value that is required and announce in order to produce proof of work of a specific target That would involve breaking Shattering if you'd like shot to 56 Shaw one was recently shattered as the popular expression goes meaning that the Shaw one Cryptographic algorithm cryptographic hashing algorithm. Sorry Has been compromised in such a way that you can you can create a collision that means that you can produce a specific pre-image to the cryptographic hash algorithm which will result in a desired Hash as its output that ability to produce a desired hash from a pre-image That is identical perhaps to another To the fingerprint of another pre-image a collision as it's called Is a fatal flaw and if you discover a fatal flaw in an algorithm as has been discovered in Shaw one Then that algorithm is no longer suitable as a cryptographic hash algorithm You cannot use it for the purpose of fingerprinting documents. You cannot use it for the purpose of for example fingerprinting digital keys certificates SSL cryptographic keys and The integrity of messages that are validated through cryptographic hash algorithms and Shaw one can no longer be used for those purposes Because it has been fatally compromised However, Bitcoin mining uses shot to 56 shot to 56 is enormously more complicated to compromise so Every cryptographic algorithm has a certain shelf life On average 20 to 25 years before a cryptographic Algorithm can no longer be considered secure depending on the cryptographic algorithm The shelf life if you like for that algorithm may be greater or lesser some have Weaknesses that are discovered which shorten the shelf life Make it easier to find a shortcut to compromise most cryptographic algorithms are based on some kind of trapdoor function a mathematical function that has no shortcut where The amount of computation required to go one way through the algorithm versus to go the opposite way is immense and As long as you can find a shortcut that algorithm is secure to a certain amount of computation If there is no shortcut shot to 56 will continue to be secure For decades and decades longer if a compromise is found or some kind of shortcut that doesn't mean it's fatal It doesn't necessarily immediately invalidate the algorithm It may weaken it by a certain percentage so it may make it twice as hard Sorry twice as easy to find a suitable hash Or maybe four times as easy to find this suitable hash and that was certainly By weakening the algorithm shorten itself life because as computing power continues to develop That means that at some point it would be viable To break the algorithm essentially Now so far there is no shortcut that has been discovered for shot to 56 and One of the reasons we know that is because Bitcoin represents effectively a giant global piñata stuffed with 15 billion dollars that if you bash with the right shortcut for shot 256 you can break it open and collect 15 billion dollars or You can collect some percentage of that before the value collapses catastrophically By breaking the piñata Essentially, it's a honeypot Bitcoin represents a global test that tells us that shot to 56 is secure How do you know shot to 56 is secure Bitcoin is worth 15 billion and no one's cracked it yet Now at some point it may become obvious that shot to 56 is no longer secure or it's reaching the end of its life or We find new vectors that perhaps in a decade or a longer period of time may make it insecure at that point The Bitcoin developers in collaboration with the rest of the community would have to work to modify the proof-of-work algorithm And replace it with a more modern Algorithm and certainly that would be a very big undertaking So that's how we know that there is no shortcut to shot to 56 and if Bitcoin was using sha one Then Some minor out there today Would have been able to break it and very quickly every minor out there would have been able to break it at which point It's no longer useful as a mining algorithm is Bitcoin an incentive for the development of the quantum computer I mean being a possible threat to the network security doesn't this accelerate the race towards it Do you think miners think about this at all great question? I'm Bitcoin is a honeypot effectively It provides a bounty for anyone who produces any type of technology whether it's a shot to 56 collision that we were talking about before Whether it's a quantum computing shortcut to shot or to elliptic curve digital signature algorithms That may result in in Being able to compromise some or part of Bitcoin or being able to weaken Bitcoin Certainly that provides an incentive so you can think of Bitcoin as a test Bitcoin tells us shot to 56 is secure ECDSA is secure today From any and all threats and how do we know that it's because it continues to maintain security over 15 billion dollars Therefore we can assume that these technologies have not been compromised yet Does it accelerate the development of these things probably although I think Most of the really interesting developments in quantum computing can deliver a far far greater reward for those who Develop these technologies then simply the 15 billion dollars. That's tied up in In in bitcoins because quantum computing has very broad applications furthermore The application of quantum computing to Bitcoin is marginal at best. First of all Shot to 56 and cryptographic hash algorithms like Shaw are not particularly easy to optimize using quantum algorithms Elliptic curve digital signature algorithm and elliptic curve cryptography can be massively optimized with quantum Computing and quantum algorithms for doing elliptic curve factoring in fact do exist and they Will allow someone to break elliptic curve cryptography eventually in factor large elliptic Prime fields elliptic curve fields For now the elliptic curves that we use are far greater In the field that's used for the elliptic curve is far greater than any quantum computer can Factor so that's not a risk at some point. It would become a risk And at that point you have very very powerful quantum computers that can do that And then the security of elliptic curve cryptography is no longer good But elliptic curve cryptography can be replaced in Bitcoin by other algorithms and because of the mechanism by which Public keys are not Demonstrated to the network until an amount is spent if you follow the best practice of only using an address once For each transaction then the only time your public key is demonstrated to the network shown to the network is When you've spent the amount of Bitcoin that was in that address And therefore even if you were able to break public keys As used in elliptic curve cryptography you wouldn't have any Bitcoin to get behind it because it was only ever used once Bitcoin addresses of course are secured through two applications of hashing algorithms SHA-256 and RIPE MD-160 and Those are far less susceptible those two algorithms as well as the mining algorithm on SHA-256 as well are far less susceptible To quantum algorithm optimizations as far as we know And therefore it may be a very long time until quantum cryptography has any impact on Bitcoin and of course the other thing to consider is it also depends on how broadly quantum cryptography is available if Sorry quantum computing is available if quantum computing is broadly available Then just as much as you can make better algorithms for cracking keys. You can also make better algorithms for making keys You can make quantum Mining algorithms you can make quantum cryptography algorithms So if quantum cryptography is sorry quantum computing is broadly available then I can use quantum computing to do encryption and digital signatures and mining and Then the fact that others have quantum computing doesn't make any difference because my cryptography my digital signatures and my mining Algorithm is just a secure So really it's about the unequal availability of quantum cryptography, which is a whole other topic perhaps for another session You