 Anonymous asks, what is your opinion on Mimble-Wimble? First, a quick explanation for those who don't know. Mimble-Wimble is a very interesting proposal that uses some mathematical and cryptographic quirks. To create a blockchain that massively reduces the size of the blockchain and transaction, by summarizing a lot of that information and only keeping the summaries in a way that you can still verify everything. Everything is validatable and verifiable independently, but you don't need to store everything. It also massively increases privacy at the same time. Mimble-Wimble is not something that you simply slap on top of Bitcoin, although there are proposals to adapt it somehow. At the moment, it is running as a testnet, so it is a blockchain of its own, with its own technology. I believe the currency they are using on that testnet is called a grin, but I am not sure. Lazar asks, could you explain and go deeper into digital signature aggregation via Schnorr signatures? To what extent would their application increase Bitcoin anonymity? I am going to try to explain this and a caveat here. This is a topic that I am not entirely versed on. I am going to try my best. Let's see how I can go. Digital signature aggregations and Schnorr signatures are two different things. Schnorr signatures are a particular type of signature, and the primary advantage they have over other forms of signatures is that they are shorter and smaller, compared to ECDSA, an elliptic-curved digital signature algorithm. The advantage of Schnorr signatures is that they are more compact, as far as I understand it. Digital signature aggregation, however, is another capability that Schnorr signatures can enable. They allow you to summarize the right word. Aggregate is the word you used. It is called digital signature aggregation, but you add all of the signatures together. I use add, not in the traditional one-plus-one equals two. We are talking about mathematical operations that are happening in a prime field on an elliptic-curve. Nevertheless, for simplistic purposes, you use a mathematical operation to aggregate all of the signatures in such a way that you can still validate that something has been signed, but you can't see the individual signature for that item. In the case of Bitcoin, what that does is two things. One, it saves a lot of space. Schnorr signatures are already more compact. Let's say you have a transaction that has five inputs and requires five signatures, each input needs to be signed. First, you sign in with Schnorr signatures. Great, now you have saved some space. Then you take the five signatures, you aggregate them, and you produce just one signature for all five inputs. That one signature is the same compact size as each of the five signatures. You have now decreased the space of the signatures by 80% by taking away four out of the five. You have those five signatures aggregated in the same space as one. Then imagine that those transactions belong to some kind of joint transaction, where the inputs come from many different individuals who are providing their own signatures. You have aggregated all of those, and that way you can't really tell... Although you can tell that the signature is valid for all of the inputs, and that it properly corresponds to the public keys of those inputs, you can't really tell who applied those signatures. As a result, it makes privacy in things like CoinJoin more secure. Again, I probably got some things wrong there. First of all, it is still in development. The only example of this in use today is in the element sidechain, which is a blockstream project. This is being developed actively by a whole bunch of people, including Greg Maxwell and Adam Back. I believe Andrew Poulstra, but I might be mistaken. This is still very early days, but it is the kind of thing that can be added to Bitcoin, thanks to Segwit and script versioning, and can be added by a soft fork. It will be a way to increase the capacity of the network by compressing the data, rather than increasing the space.