 It's wonderful to be here with all of you at another DEF CON again, and this time I'm delighted to be able to speak, and I thought I would take you back to Berkeley, 1982, when I was a graduate student there reading Science Magazine, and it said that the director of the United States National Security Agency had, it was revealed, written letters to the heads of IEEE and ACM and so on, threatening them with draconian, the full force of the federal government if they were to even have a session on cryptography, let alone a whole conference on it. So what do you think I did? Yeah, organize a conference on cryptography, and invited everyone I did a sort of covertly and then I was on stage, welcoming everyone as the general chairman of the event, and the front row was occupied by people who refused to give their organizational affiliation, but all mysteriously happened to live in Laurel, Maryland. And so when I announced that as an extra benefit of having paid their hundred dollars to attend, they were now members of a new thing, the International Association for Cryptologic Research, and it was a great pleasure to see them all turn green, because everyone knew that it was over. The UN protects international scientific associations, and so IACR has had several conferences every year now, it's just three per year plus a bunch of workshops and publishes a journal with Springer Verlag, so it was over. Cryptography was set free, however, we are now at a very different and more fundamental critical juncture. It's less reversible and much more important, and that is evidenced by the fact that most of the public is starting to become aware of metadata and the dangers of metadata and how it's being used to steal our meta-liberty from us, which includes then all the subsidiary liberties, right? It's the big one, lose that and it's game over. So it turns out in Berkeley in 82, I was actually working on cryptography for the purpose of finding metadata shredding techniques. So the first thing I did was create like a toy example where some privacy would be needed so I used voting. Let me just try to explain roughly how this works, just to give you a sense that let's say there's a hundred voters, each would take their ballot and multiply encrypt it and publish it, let's say associated with their IP address, okay? And then they would, all those encrypted ballots would be sent to the first node which would have the unique ability through its private key to decrypt the outer layer on all those ballots and then it would shuffle them secretly in a random order that only it knew and send them onto the next node and that node would do the same thing, decrypt the layer that only it could decrypt, randomly permute and send on. And so the final batch that comes out and is published includes all the clear text ballots but I say that we have vertical metadata protection because no one knows which IP address is associated with which ballot unless they can compromise all of the nodes because each node uses a totally independent uniform randomly chosen permutation. So this became known as mixing and there's thousands of papers about it and it's generally thought of as being used to send messages. It distreads the social graph, the who talks to who and when. That's what we used to call traffic analysis, now it's been rebranded as metadata. So then I thought well we need some kind of way to pay and stuff like that and if I look at regular like the kind of say account based payments we have like on blockchain today from wallet ID to wallet ID to wallet ID, what that does is it publishes and proves the whole meta, the whole graph, right, it reveals and proves all the metadata. So that's not a suitable type of payment technology. It turns out that what I proposed is actually good enough, not perfect but it can be perfected. So essentially it's a simple notion that instead of accounts use digital bear instruments that are let's say binary denominated, so 1 cent, 2 cent, 4 cent, 8 cent, 16 and so on. So each denomination has its own corresponding signature that validates it. And that way as these digital tokens migrate through different transactions they're regrouped and the metadata kind of fades away. Now we can perfect this by actually washing a whole bunch like all the 1 cent coins through a special mix that then makes every 1 cent coin unlinkable to the ones that existed previously. So we can do that overnight for all coins and then perfect privacy because we have the vertical unlinking but through the mixing of the say IP Mac or your location or whatever to the transactions or the messages that being delivered and then we have the horizontal unlinkability or metadata shredding between the say the transactions themselves. So the payment system actually was built and that you've probably heard of it famously in the mid 90s and I airdropped to anyone who wanted a, who would open up a digital shop on the web and receive payments, a 100 cyber box and you can see the whole, the museum of this up on my website chom.com, bunch of the shops and so forth and then later some banks wanted to issue e-cash so we let Deutsche Bank do it and some other banks in other countries so we had the Deutsche Marks, the Australian dollars, US dollars and so on and here in Japan, Nomura Research recently was revealed secretly, they licensed e-cash from us but they wouldn't tell us what they were doing with it. All their employees were allowed to use it and access their bank accounts and buy like Nomura swag and get reimbursed for travel and all this stuff so it was actually used here in Japan but secretly and so that was pretty neat but now we are in a world where everyone has smartphones and the killer app, it's kind of a sick joke but it's like is we chat, right? So, anyone see the humor in that? No? Okay, some people get it. Anyways, I have to live there to really appreciate it so this is sort of indisputable because all the major social media messaging systems are moving towards payments integrated with messaging because that's what consumers want. They want those two in the same namespace and then they want some mini apps or dApps in that same namespace, the popular ones. This is proven to be what billions of people actually want so what we need to do here is to get rid of this giant metadata capture engine is create a replacement product, something that people can, ordinary users can easily just switch to that does the same stuff for them on their phone as say a WeChat or another messaging platform with payments integrated and apps but that is based on the metadata shredding technology so it'll be just as easy to use and work in a similar way but the metadata will never even be constituted, it will be shredded in real time in its distributed form before it's actually able to be abused in any way. However, the technologies that I showed you that I developed the 80s and we implemented the 90s aren't really suitable for like smartphone to smartphone transactions. There's their performance and other issues and especially when it's used in a mass scale and because of the kind of speed of transaction latencies that consumers are familiar with in messaging today some real breakthroughs are needed and so I was not really working on this stuff when the Snowden revelations came out and then I was so shocked and I went back to those crypto conferences that I founded and talked to a lot of people there and I was really quite became quite concerned because it was surprising that they were much more interested in their jobs and in publications and all this and even though they said they were there to protect you know people from whatever abuse through photography they it no one was really that influenced by the Snowden revelations and up but I was and so I took it upon myself to speed up the mixing because it's pretty cumbersome and slow and I found a way to speed it up by over by a factor of a thousand took some real work and no one since I published it in 79 is a technical port of a CACM 82 no one actually ever found a way to speed it up even though there's thousands of references and bunches of there's a conference every year that's mainly used to be mainly about it and so the only speed up that occurred was when someone substituted El Gamal for which came out four years after I published it for the RSA kind of crypto but I had defined it in a way that the RSA was just an example so anyway so let me show you some of these breakthroughs now that are enabling us to do exactly what I'm saying if we pull together as a community we can create a replacement product for all of these messaging and combine with payment systems so we actually I have to say some of you may have heard of elixir that's the are the high speed mixing technology which is is actually running in in open alpha and we'll see something about that shortly and then we have praxis which is our new very different quantum resistant consensus and payments technology and these are sister companies and when you combine them you get this kind of app that I'm talking about so let me just now show you a little bit about the the new approach in a in a simplified kind of amusing matter suppose Alice wants to send a message to Bob but she doesn't want anyone to know that the two of them are communicating message content can easily be protected by so-called end-to-end encryption but this does not protect the information about who's talking to whom and when the metadata which is increasingly recognized as far more revealing and more challenging to protect each member of a team of nodes in order to protect the metadata successively shuffles the batch of encrypted messages using its container of secretly arranged tubes and sending the messages without delay through to the next team member even just a single node can keep senders from being linked to recipients Alice also gets a receipt informing her confidentially that her message was provided to Bob team members that destroy their secret pattern of tubes making way for a new team ready for a new batch earlier each node is chosen independently as a kind of random secret key which input to to connect to which output to elixirs breakthrough over the type of messaging I open sourced in the 80s is a way that enables almost all the work to be done well in advance yielding the only known way to provide real-time metadata protection smartphone to smartphone lead can also pay you meet by sending what appears to be an ordinary message but that actually contains numbers that serve like metal coins and paper money a called such denominated unforgeable numbers digital cash first issued by digit cash in the 90s elixirs breakthrough improvement on the original digital cash now makes it fully distributed and quantum resistant elixir thus is able to uniquely provide a new ultimate metadata level protection of confidentiality in all your online communications and payments for the first time giving you a protected sphere protecting your digital world today and your digital future thanks so let me just give you an update we announced our little effort like a year ago in Singapore and it's been kind of a wild ride since then been traveling all over and you know connecting with the community learning what people want learning how to understand all the issues and how people think about them and we built up actually several really great teams and that's why they're two different entities we have a R&D lab in the Cayman Islands and no one else seems to have that but we can bring people from anywhere in the world there as long as they're not like they don't have lung disease or something and so we were building out the consensus and the payment work there with our plan to release the white paper this year and I assure you that when you see it it will be unlike anything you've seen before and I hope you'll be as enthusiastic about it as we are we have received a ton of support from the broader community we've got over like 680 node operators that have participated in our open selection process now what do I mean by that we had a survey first to find out what people wanted from the process then we built the process according to what the community wanted we ran the process then we had a dispute resolution procedure and everything in it and at the end we got 680 nodes people that want to support us by running nodes for free in our beta system and we have divided them into three teams so we can phase them in so that's really great and they're well distributed around the planet everything that was one of the criteria we have also been building out our community so we've got several thousand I don't know what the number is exactly now people who have signed up have received our app downloaded our app on Android and iOS which is kind of like a waiting list to be the first user to the messaging system and to be able to participate in other ways so I would urge you to get it as soon as you can if you have the opportunity to do that which I will give you and we are also live in the public alpha as I mentioned and when you download the app you can see the dashboard of the alpha network and watch it all the performance and stuff so the main purpose of the alpha is really to perfect the performance but we've exposed the APIs and the libraries to our our LSDK partners because we're on the bandwidth to support the whole community yet so we're kind of rolling that out and trying to get everything really nice and neat before we enlarge the the sphere of people of access to it so I've been traveling around Asia and this last few weeks announcing mostly at meetups and at conferences not no conferences as big as this one that our Cayman lab has come out of stealth and that we will have the white paper and that the payment system it has is quantum resistant and it will be able to do the kind of when you mix that when you combine that with the elixir you'll have I hate to say it but the world's best money no question hands down so that's kind of what we've been up to over the last year and here's a sort of preview of the app there's a lot of things in it and if you look at those scroll the menu bar horizontally you'll see I can keep track of all things we're doing and there's going to be a lot more interesting stuff there so I let me put up this bar code or qr code if you will and I urge you to all test do you think that will that qr code will work why don't you see if your qr code reader is capable of reading that code and then decide if you want to download the the app of your choice and then you'll have a position in line and be able to see what we're doing and watch the dashboard and join our community so thank you very very much for your attention it was a pleasure and I'll be around so look forward to having a chance to chat with you and thanks again