1 00:00:00,000 --> 00:00:03,820 All right, good morning. 2 00:00:04,240 --> 00:00:05,760 This is good morning. 3 00:00:05,920 --> 00:00:06,280 Sorry. 4 00:00:07,440 --> 00:00:12,500 How dare you say good morning back to me when I'm not finished introducing this podcast. 5 00:00:13,800 --> 00:00:17,340 We've been, were you like on Noster all morning and you're just good morning. 6 00:00:17,460 --> 00:00:17,840 Good morning. 7 00:00:17,880 --> 00:00:19,280 Yeah, I'm just, I'm locked in. 8 00:00:19,520 --> 00:00:20,500 I'm locked in for my morning. 9 00:00:20,560 --> 00:00:20,860 Good morning. 10 00:00:21,900 --> 00:00:24,840 This is the magic internet math podcast. 11 00:00:24,940 --> 00:00:27,760 Episode three title unknown. 12 00:00:27,760 --> 00:00:37,020 um what's up man how you been doing well how are you i'm great dude i'm excited like every time i 13 00:00:37,020 --> 00:00:41,980 get to do this i'm excited really like i'm excited for what we're gonna do today i feel like we're 14 00:00:41,980 --> 00:00:47,720 you know we spent the last two episodes setting up you and i kind of just shooting the shit 15 00:00:47,720 --> 00:00:53,360 right it's been good yeah and i think now we're gonna get into a little bit of meat 16 00:00:53,360 --> 00:00:57,060 We've lulled the subscriber base 17 00:00:57,060 --> 00:00:58,620 Into a full sense of security 18 00:00:58,620 --> 00:01:00,780 And now we're going to bring them into the actual math stuff 19 00:01:00,780 --> 00:01:03,560 This is why I brought you on, man 20 00:01:03,560 --> 00:01:08,420 To explain to me what the hell we have been doing 21 00:01:08,420 --> 00:01:08,920 Thank you 22 00:01:08,920 --> 00:01:11,500 That is exactly what we've done 23 00:01:11,500 --> 00:01:15,960 Do you think it's okay 24 00:01:15,960 --> 00:01:20,740 To motivate why we're about to have this discussion today? 25 00:01:21,620 --> 00:01:22,020 Yeah 26 00:01:22,020 --> 00:01:33,440 Um, so I think today what we're going to start talking about is how Bitcoin actually secures money, right? 27 00:01:33,660 --> 00:01:47,360 There's a lot of very helpful abstractions we give to people so that the first time they hear about Bitcoin, they're not learning about a bunch of finite field math and a bunch of electric curves and all this stuff. 28 00:01:47,360 --> 00:01:51,080 We say, hey, you have a secret. 29 00:01:51,340 --> 00:01:52,500 Here are your secret words. 30 00:01:52,700 --> 00:01:54,020 You do not share these with anyone. 31 00:01:54,780 --> 00:01:58,700 And that is an abstraction on top of an abstraction on top of an abstraction. 32 00:01:58,880 --> 00:01:59,700 What do I mean by that? 33 00:01:59,700 --> 00:02:03,360 Your 12 or 24 seed words is from BIP39. 34 00:02:04,360 --> 00:02:10,240 And it's a way of generating a BIP32 extended private key. 35 00:02:10,240 --> 00:02:18,340 And that extended private key is basically your map to the elliptic curve on how Bitcoin operates. 36 00:02:20,300 --> 00:02:24,560 At the most foundational level, you just need entropy. 37 00:02:24,960 --> 00:02:26,680 You need a random thing. 38 00:02:27,320 --> 00:02:35,500 Those 12 and 24 words, you can reasonably discern if you generated, like if you didn't just, you know, pick them yourself. 39 00:02:35,500 --> 00:02:41,700 or if you didn't, you know, if you had a good trusted setup in how to generate that. 40 00:02:41,880 --> 00:02:46,400 It's the first time those 12 or 24 English words have ever been assembled in that order. 41 00:02:47,460 --> 00:02:47,900 Yeah. 42 00:02:47,980 --> 00:02:48,900 So there's, yeah. 43 00:02:49,000 --> 00:02:53,700 When you get a key, unless it's like in alphabetical order, it's going to look pretty random to you. 44 00:02:53,700 --> 00:02:53,920 Right. 45 00:02:54,120 --> 00:02:57,520 Or unless they all start with the same letter or something like that. 46 00:02:57,640 --> 00:03:01,780 It's going to, the thing I was like, when you first, the second you started talking, 47 00:03:01,780 --> 00:03:05,540 The image that came to my mind with people. 48 00:03:06,180 --> 00:03:12,080 Have you ever seen the picture of, I don't know if it's a frog or a beaver, but it's drinking out of a fire hose? 49 00:03:13,420 --> 00:03:14,740 I'm not sure if I've seen that one. 50 00:03:15,820 --> 00:03:22,840 So this used to, in my last company, I had a boss who had this picture right outside his office. 51 00:03:23,420 --> 00:03:25,820 And it was like a frog drinking out of a fire hose. 52 00:03:25,960 --> 00:03:31,600 And that's basically because that's kind of like what we are all doing when we get into Bitcoin, especially when it comes to the math. 53 00:03:31,600 --> 00:03:32,720 and we don't even really know it. 54 00:03:33,060 --> 00:03:35,380 At some point, you don't even realize you just opened wide, 55 00:03:35,920 --> 00:03:38,400 jammed a fire plug, and turned it on. 56 00:03:39,200 --> 00:03:42,100 And I think that's why a lot of people just, 57 00:03:43,000 --> 00:03:45,840 like I think it's like a reflex reaction to be like, 58 00:03:45,840 --> 00:03:47,940 all right, dude, like what? 59 00:03:49,360 --> 00:03:51,180 Everything over 21 million, okay? 60 00:03:51,220 --> 00:03:53,020 That's the math, okay? 61 00:03:53,300 --> 00:03:56,780 And there's just so much, like everything you just said, 62 00:03:57,140 --> 00:03:58,100 and it wasn't that much, 63 00:03:58,100 --> 00:04:05,240 but it's like it implies so much uh math behind it yes and some of it's actually i think it's like 64 00:04:05,240 --> 00:04:13,380 you know you get a 12 word key from a wallet that you make and trust or you make it yourself and you 65 00:04:13,380 --> 00:04:18,940 tell me if i'm wrong when i say everyone has probably asked themselves the question how do 66 00:04:18,940 --> 00:04:25,560 i know this is this key is like safe and no one can yeah no one can act even accidentally collide 67 00:04:25,560 --> 00:04:30,200 with it or intentionally like people are worried about back doors and wallet providers rightfully 68 00:04:30,200 --> 00:04:35,100 so because there's no way like i said so when you visually inspect your key right unless it's like 69 00:04:35,100 --> 00:04:42,160 unless it's absolutely ordered for human sight you're not going to have too many clues that it 70 00:04:42,160 --> 00:04:49,000 is either random or not random or you know so you have to kind of like this is one of those exercises 71 00:04:49,000 --> 00:04:55,140 that it would be nice if you can just if we can do it yourself you know i always love the dice 72 00:04:55,140 --> 00:05:05,420 role thing. Because otherwise, there's really no way for you to just trust God so much that that 73 00:05:05,420 --> 00:05:12,520 key is that no one can recreate it. Nobody could accidentally stumble on it. Those kinds of 74 00:05:12,520 --> 00:05:16,980 questions. I feel like no matter whether you care about math or not, every Bitcoiner is asked that 75 00:05:16,980 --> 00:05:21,060 question when they made a key. Right. Because it's the math that you have to fundamentally, 76 00:05:21,060 --> 00:05:23,300 it's one part of the map that's in your control. 77 00:05:23,780 --> 00:05:25,380 Everything else just works as software 78 00:05:25,380 --> 00:05:26,720 within the Bitcoin protocol. 79 00:05:27,200 --> 00:05:28,260 But like it start, 80 00:05:28,420 --> 00:05:30,920 there's a genesis somewhere of something you did, 81 00:05:31,060 --> 00:05:32,260 which is getting those keys. 82 00:05:32,260 --> 00:05:35,260 And from those words, 83 00:05:35,360 --> 00:05:36,420 you generate your addresses 84 00:05:36,420 --> 00:05:38,900 and your ability to sign your signatures 85 00:05:38,900 --> 00:05:39,760 and everything else, right? 86 00:05:39,840 --> 00:05:42,000 So it is incredibly foundational. 87 00:05:42,600 --> 00:05:44,100 Now, when you're, 88 00:05:45,340 --> 00:05:46,780 you mentioned dice rolls. 89 00:05:47,480 --> 00:05:48,980 Humans are really bad at perceiving 90 00:05:48,980 --> 00:05:50,200 if things are random or not. 91 00:05:50,200 --> 00:06:01,300 So even if like, like I wouldn't even trust an eyeball heuristic of a something random or not, because you could easily have like the number one, 100 hashed and turned into a C phrase. 92 00:06:01,840 --> 00:06:02,320 Right. 93 00:06:02,660 --> 00:06:02,860 Sure. 94 00:06:03,480 --> 00:06:09,440 So like you, you actually, there is no human heuristic eyeballing that can go about it. 95 00:06:09,460 --> 00:06:10,360 But that's my point, right? 96 00:06:10,380 --> 00:06:15,240 It's like, unless you get 12 of the same word, your brain's not going to say something's wrong here. 97 00:06:15,800 --> 00:06:16,880 And this is a funny thing too. 98 00:06:16,880 --> 00:06:21,900 Like, so in the BIP39 spec, you're allowed to repeat words. 99 00:06:22,440 --> 00:06:23,740 It can happen. 100 00:06:24,040 --> 00:06:25,980 And as someone who has generated hundreds. 101 00:06:25,980 --> 00:06:31,060 And that's a feature of pseudo-randomness, right? 102 00:06:31,200 --> 00:06:34,760 Not in a certain way, right? 103 00:06:34,940 --> 00:06:35,440 Well, right. 104 00:06:35,880 --> 00:06:37,860 Oh, you would perceive that like, oh, right. 105 00:06:38,080 --> 00:06:39,440 That you shouldn't get repeat words. 106 00:06:39,620 --> 00:06:40,340 You could repeat it. 107 00:06:40,440 --> 00:06:42,760 Well, but you can like repeat instances or maybe you don't. 108 00:06:43,400 --> 00:06:46,100 This is like the classic, like, is it a shuffle? 109 00:06:46,100 --> 00:06:48,920 is like your iPad shuffle, a random number. 110 00:06:49,340 --> 00:06:49,600 Right. 111 00:06:49,640 --> 00:06:52,400 And it's not totally random because you, you know, 112 00:06:52,780 --> 00:06:54,500 if it were random, truly random, 113 00:06:54,580 --> 00:06:55,600 you could get six in a row. 114 00:06:56,080 --> 00:06:56,480 Exactly. 115 00:06:56,680 --> 00:06:56,880 Right. 116 00:06:57,100 --> 00:06:57,320 Yeah. 117 00:06:57,800 --> 00:06:58,220 Exactly. 118 00:06:58,320 --> 00:06:58,500 Right. 119 00:06:58,580 --> 00:07:01,660 And so you have this element where I've, 120 00:07:01,660 --> 00:07:04,580 I've generated hundreds of seed phrases with testing, 121 00:07:04,700 --> 00:07:06,200 spinning up wallets, looking at stuff. 122 00:07:06,200 --> 00:07:08,600 And one time I was walking someone through a wallet setup, 123 00:07:08,680 --> 00:07:11,040 like for a test account, just to like, see how it works. 124 00:07:11,060 --> 00:07:12,960 And they're like, wait, I think something's broken. 125 00:07:13,060 --> 00:07:14,540 I just got the same word twice in a row. 126 00:07:14,680 --> 00:07:15,900 And I was like, that could happen. 127 00:07:16,100 --> 00:07:22,620 So there's 2,048 words in the bit 39 words, and they each correspond to a portion of bits. 128 00:07:22,940 --> 00:07:29,580 And when you take 12 or 24 of them together, when you take 12 of them together, you get 2 to the 128, which is a pretty large number. 129 00:07:29,660 --> 00:07:31,880 And if you do 24, you get 2 to the 256. 130 00:07:31,880 --> 00:07:46,340 And just before we even start to talk about like the expanded possible universe, 2 to the 256 is the total amount of valid numbers that fit on what we're going to talk about today, this, you know, elliptical, elliptic curve. 131 00:07:46,340 --> 00:07:58,340 2 to the 256, there are more possible Bitcoin private keys that exist than atoms in the observable universe. 132 00:07:58,780 --> 00:08:06,280 Just to talk about, because another thing humans are bad at, not just like detecting randomness, but being able to truly appreciate the size and scale of numbers. 133 00:08:06,440 --> 00:08:16,120 2 to the 256 is incredibly, incredibly, incredibly massive in the scale that is beyond things on even like a universe. 134 00:08:16,340 --> 00:08:21,620 level of observing. If every single atom in the observable universe was a Bitcoin private key, 135 00:08:22,000 --> 00:08:24,440 there would be plenty more Bitcoin private keys that were available. 136 00:08:25,080 --> 00:08:31,520 Right? Yeah. So real quick, I'm going to recommend a book. People should read this book. 137 00:08:31,840 --> 00:08:36,760 Okay. It's actually incredible and really important. It was written by my probability 138 00:08:36,760 --> 00:08:42,380 professor in college. His name is John Alan Paulos. I will probably bring his name up a lot. 139 00:08:42,380 --> 00:08:45,280 and I did it a lot and motivate the math. 140 00:08:45,400 --> 00:08:48,940 And this guy was one of the most important people I ever encountered in my life. 141 00:08:49,240 --> 00:08:51,500 It turned out he was a bestselling author of books. 142 00:08:52,140 --> 00:08:56,940 He was like on David Letterman talking about a book he wrote called Math and Humor. 143 00:08:58,260 --> 00:09:02,260 But the real bestseller that he wrote was called Innumeracy, 144 00:09:03,140 --> 00:09:06,440 subtitled Mathematical Illiteracy and Its Consequences. 145 00:09:06,440 --> 00:09:17,180 And in the prologue of the book, he really spends four or five pages trying to get you to understand how do you know how big something actually is? 146 00:09:18,060 --> 00:09:19,820 And like, how do you even imagine? 147 00:09:20,240 --> 00:09:23,720 How do you just imagine magnitudes of size? 148 00:09:24,420 --> 00:09:26,580 You know, I don't think it's not cryptography based. 149 00:09:26,620 --> 00:09:27,920 This book was written in like 1992. 150 00:09:28,540 --> 00:09:31,460 But like, which doesn't mean it could be. 151 00:09:31,460 --> 00:09:37,140 But basically it's like – just imagine like a million grains of sand. 152 00:09:37,440 --> 00:09:43,940 What happens in your mind when you even try to visualize or imagine something so unimaginable? 153 00:09:44,500 --> 00:09:52,700 And I think this is why like all the cheesy interview questions were like, tell me how you would count all the manhole covers in New York City or things like that. 154 00:09:52,820 --> 00:09:59,100 They're all really just getting at this question of how do you think about things that are sort of unthinkable? 155 00:09:59,100 --> 00:10:17,800 And when, you know, knowing the size of things, I mean, it's true, even to me, two to the 128th versus two to the 256. Like, there's clearly a universe of difference between those two numbers. But in my mind, it's hard to really discern between those two, right? 156 00:10:17,800 --> 00:10:38,500 Absolutely. Yeah. And so basically, as we're starting this off and kind of hitting at the touchpoint where most Bitcoiners interact with this, your C phrase, which maps to an extended private key, which we don't have to get exactly into, it's BIP32 of basically your big, big keychain. 157 00:10:38,500 --> 00:10:46,160 it is the genesis point of how you pick random numbers to be securing your money. 158 00:10:46,720 --> 00:10:52,420 And this is important because while your seed phrase, your words are the gateway to your money, 159 00:10:52,840 --> 00:11:00,180 it's not just one number. You have one genesis number, which then generates children numbers. 160 00:11:00,500 --> 00:11:04,180 And the reason is, is because every time you use a Bitcoin wallet, if you give me a new address, 161 00:11:04,180 --> 00:11:18,240 That's a new number. And basically your seed phrase acts as a deterministic treasure map. If you start with this, you can generate many children for any other address that you need that your wallet can control. 162 00:11:18,240 --> 00:11:48,220 Now, to tie this – 163 00:11:48,240 --> 00:11:57,240 to be on the curve. And so when you multiply the generator, you multiply that private key. 164 00:11:57,400 --> 00:12:01,740 Private key is a point on the curve. Nobody knows what it is. And then you multiply it by some 165 00:12:01,740 --> 00:12:07,840 number. That's going to be on the curve. That's really important. I have to stop using the word 166 00:12:07,840 --> 00:12:15,840 key to note importance. But that is the translation in mathematical structure. And what we'll be 167 00:12:15,840 --> 00:12:21,220 talking about today will be sort of how to understand, how do we build towards understanding 168 00:12:21,220 --> 00:12:27,060 that mathematical structure? Absolutely. Right. Yep. Absolutely. That's a good thing. Moving away 169 00:12:27,060 --> 00:12:31,380 from the concept of a key and turning this into a mathematical language of this is a point on a 170 00:12:31,380 --> 00:12:36,660 curve and all of the transformations you do on the curve, any of the, like you said, the field 171 00:12:36,660 --> 00:12:41,340 that addition is contained within the set of the data points that exist on the curve. 172 00:12:41,340 --> 00:12:46,400 for our ultra premium subscribers at home who have the video feed. 173 00:12:46,500 --> 00:12:49,520 You can see I'm wearing my LibSecP shirt today. 174 00:12:49,800 --> 00:12:52,880 You joke, but we are going to have it. 175 00:12:55,160 --> 00:12:55,640 Yeah. 176 00:12:56,440 --> 00:12:59,680 The curve exists. 177 00:13:01,060 --> 00:13:03,980 It's something that you probably would have seen in like 10th, 11th grade math. 178 00:13:04,620 --> 00:13:05,900 It's not super complicated. 179 00:13:05,900 --> 00:13:07,800 but 180 00:13:07,800 --> 00:13:10,700 this jump off point 181 00:13:10,700 --> 00:13:12,380 the last thing just to say on entropy 182 00:13:12,380 --> 00:13:14,460 is just the reason why 183 00:13:14,460 --> 00:13:16,720 you need to keep that secret because if someone else 184 00:13:16,720 --> 00:13:18,780 has that same exact starting point you have 185 00:13:18,780 --> 00:13:20,360 they can trivially 186 00:13:20,360 --> 00:13:22,740 figure out everything else which maybe goes into 187 00:13:22,740 --> 00:13:24,680 just as an initial point of 188 00:13:24,680 --> 00:13:26,580 why is this principle important 189 00:13:26,580 --> 00:13:28,740 is there is an asymmetry 190 00:13:28,740 --> 00:13:29,940 between 191 00:13:29,940 --> 00:13:32,800 knowing a private key and proving you 192 00:13:32,800 --> 00:13:34,820 own it and someone looking at that proof 193 00:13:34,820 --> 00:13:38,520 and being able to understand where your private key came from. 194 00:13:38,940 --> 00:13:41,880 So that asymmetry is critically important 195 00:13:41,880 --> 00:13:47,620 when it comes to the function of how this works, 196 00:13:47,620 --> 00:13:52,780 because you're able to essentially have the ability 197 00:13:52,780 --> 00:13:54,160 to prove that you own something 198 00:13:54,160 --> 00:13:56,160 without revealing what it actually is. 199 00:13:57,040 --> 00:14:01,600 And that is the entire basis of how Bitcoin works. 200 00:14:01,600 --> 00:14:07,880 the rest of the network sees the end result of this mathematical transformation, which is the 201 00:14:07,880 --> 00:14:14,900 point on the curve, which is mapped then to a public key. But only you have the requisite ability 202 00:14:14,900 --> 00:14:20,860 to prove that you have the private key tied to that public key. Very last point is I used to 203 00:14:20,860 --> 00:14:26,440 kind of make this metaphor, explaining to non-technical people, going to Lloyd's of London 204 00:14:26,440 --> 00:14:30,240 and explaining the concept of a public and a private key. And I would say you would walk into 205 00:14:30,240 --> 00:14:36,260 a post office and you have a wall of plexi class boxes, like your PO boxes, but instead 206 00:14:36,260 --> 00:14:37,860 of metal, they're like pure plastic. 207 00:14:38,340 --> 00:14:39,280 Like so you can, they're transparent. 208 00:14:39,400 --> 00:14:40,160 You can see through them. 209 00:14:40,480 --> 00:14:40,580 Yeah. 210 00:14:40,700 --> 00:14:46,000 And basically that is the Bitcoin blockchain, the entire UTXO set of all the addresses. 211 00:14:46,000 --> 00:14:48,120 And you can count how many envelopes are in each one. 212 00:14:48,240 --> 00:14:53,360 And anyone can look at any time at those public keys, but to necessarily move them, you have 213 00:14:53,360 --> 00:14:57,620 to publish a proof, which is a Bitcoin transaction that you control the underlying private key. 214 00:14:57,680 --> 00:14:58,880 And that's what your mailbox key is. 215 00:14:58,880 --> 00:15:05,360 That allows you to open up the box, take the envelopes out, and you can move the envelope somewhere else by putting it back in the mail sheet. 216 00:15:06,840 --> 00:15:15,340 So I think we've done a good amount of high-level easing into the water so we can kind of just jump right in. 217 00:15:15,340 --> 00:15:26,080 And I think the most important place to start, if we're going to talk about the first mathematical concept and how this field addition works, is modulo arithmetic. 218 00:15:26,600 --> 00:15:26,880 Mod. 219 00:15:27,440 --> 00:15:27,760 Yep. 220 00:15:28,240 --> 00:15:28,520 Right. 221 00:15:28,880 --> 00:15:40,460 So let's quickly – okay, if you're like brand new here, this is going to sound like – this is going to sound weird and strange. 222 00:15:41,220 --> 00:15:52,980 But if you've even like looked at this, if you're like intelligent enough to have found the podcast and hit play, this is something you'll realize you probably should have learned in third grade. 223 00:15:52,980 --> 00:16:00,520 and um maybe you even did but you didn't you know let's you know look these were around this 224 00:16:00,520 --> 00:16:06,380 modulo concept was around for a really long time it was gauss who just basically put it all into 225 00:16:06,380 --> 00:16:14,620 this type of framework and made it easy for everybody to grok it's right and it's modulo 226 00:16:14,620 --> 00:16:19,260 means remainder and i don't know about you but like i've been around math my whole life and when 227 00:16:19,260 --> 00:16:25,040 I first heard this concept, I was like, oh, that is remainders suck. I hate remainders. I like when 228 00:16:25,040 --> 00:16:29,980 there's no remainder. I remember, I would even push back to say that I think everyone has learned 229 00:16:29,980 --> 00:16:33,680 the concept of modulo, even if they didn't realize it, because the first thing you do when you learn 230 00:16:33,680 --> 00:16:38,560 long division is learn about what the heck a remainder is. That's right. And it's like the 231 00:16:38,560 --> 00:16:44,220 most disappointing and painful thing to deal with. It's like, oh, what? Why can't it just divide 232 00:16:44,220 --> 00:16:48,300 evenly. What the heck? I hate the number seven. That doesn't divide anything. 233 00:16:48,820 --> 00:16:54,900 And let's start with the easiest example, right? So three divided by two doesn't go into it evenly. 234 00:16:55,040 --> 00:17:00,300 If it was two divided by two, it'd be one. If it was two divided by four, it'd be two. So if you do 235 00:17:00,300 --> 00:17:09,080 three divided by two, your remainder is one because two goes into three one time. It can't do it twice. 236 00:17:09,080 --> 00:17:16,080 it's too many then so it three divided by two is one remainder one so there's one left over and 237 00:17:16,080 --> 00:17:21,360 that would be like the simplest initial place to start is you're and you could take any number 238 00:17:21,360 --> 00:17:27,800 and you were able to derive divided by two you can get some number in there the you know it's 239 00:17:27,800 --> 00:17:32,580 either one or zero um i'm assuming using whole integers you're not using fractions and stuff 240 00:17:32,580 --> 00:17:35,420 right but like if you're using whole numbers you're either going to have a remainder of zero 241 00:17:35,420 --> 00:17:36,760 or you have a remainder of one. 242 00:17:37,080 --> 00:17:37,940 It's going to be a remainder of zero 243 00:17:37,940 --> 00:17:39,260 for every single even number 244 00:17:39,260 --> 00:17:40,840 because it goes in evenly and perfect. 245 00:17:41,060 --> 00:17:43,300 And you're going to have a remainder of one for odd 246 00:17:43,300 --> 00:17:44,640 because it's always going to be one away 247 00:17:44,640 --> 00:17:45,380 from an even number. 248 00:17:45,580 --> 00:17:47,220 That's the simplest place to start. 249 00:17:47,560 --> 00:17:47,740 Right. 250 00:17:47,820 --> 00:17:49,820 And so the key point here is that 251 00:17:49,820 --> 00:17:53,360 we are really, you know, 252 00:17:53,660 --> 00:17:55,000 in the world we came from, 253 00:17:55,540 --> 00:17:57,400 we basically divided things 254 00:17:57,400 --> 00:17:59,320 and we eliminated the remainder. 255 00:17:59,440 --> 00:18:00,340 We didn't care about the remainder. 256 00:18:00,440 --> 00:18:01,560 We only cared about how many times 257 00:18:01,560 --> 00:18:02,780 that, you know, things divide. 258 00:18:03,100 --> 00:18:04,100 In this world, 259 00:18:04,100 --> 00:18:08,220 we only care about the remainder and we toss everything else out the window. 260 00:18:08,560 --> 00:18:13,060 So in this world, any number that has a remainder of one, 261 00:18:13,400 --> 00:18:17,040 in other words, any operation that results in a remainder of one is the same thing. 262 00:18:17,140 --> 00:18:22,960 And like you can call, there's a name for that in what you just described called the odd numbers, right? 263 00:18:23,040 --> 00:18:23,860 We just name it. 264 00:18:24,360 --> 00:18:29,160 Or where you say there's this world where there's two types of numbers, right? 265 00:18:29,160 --> 00:18:33,400 There's this two types of numbers modulo two, right? 266 00:18:33,400 --> 00:18:41,040 Right. Which is those that have a remainder of zero, i.e. the even numbers, or those that have the remainder of one, i.e. the odd numbers. 267 00:18:41,120 --> 00:18:43,260 But what we're abstracting is off the remainder. 268 00:18:44,720 --> 00:18:50,500 And, you know, like Bitcoin, the modulo, we're not divided by two or divided by two to the 256. 269 00:18:51,900 --> 00:18:52,340 Right. 270 00:18:52,340 --> 00:18:55,940 In certain ways, like in a hash function, that's what we're dividing by. 271 00:18:56,120 --> 00:18:57,520 That's the mod, right? 272 00:18:57,520 --> 00:19:08,440 But basically, the key is all of those remainders now, anything with the remainder of one or two is going to be the same. 273 00:19:08,580 --> 00:19:16,500 So in other words, if you're dividing by three, then the number four has a remainder of one. 274 00:19:16,800 --> 00:19:18,360 Number seven has the remainder of one. 275 00:19:18,400 --> 00:19:19,240 Number 10, right? 276 00:19:19,280 --> 00:19:22,660 So all those numbers are basically the same in this construct. 277 00:19:22,660 --> 00:19:29,020 All numbers that have the same remainder now are considered the same. 278 00:19:29,820 --> 00:19:32,100 And when dividing by three, there's three types of numbers. 279 00:19:32,240 --> 00:19:35,820 Those with the remainder of zero, remainder of one, and those with the remainder of two. 280 00:19:36,920 --> 00:19:39,740 And this is how we kind of build what is called the finite field. 281 00:19:39,920 --> 00:19:44,620 But this text we're going through starts with – they call it clock math. 282 00:19:45,340 --> 00:19:46,280 And then we build. 283 00:19:46,940 --> 00:19:50,940 And we're actually going to build – so when I asked you about motivating this thing, right? 284 00:19:50,940 --> 00:19:54,640 It was more of like, well, what are we actually, are we building to? 285 00:19:54,720 --> 00:19:57,580 We're building to potentially a conversation with a particular person. 286 00:19:58,080 --> 00:20:09,060 And that is like where we want to build from the most simple building block to LibSec, LibSec 256. 287 00:20:09,400 --> 00:20:12,380 And I think we've created a document that can do that. 288 00:20:12,480 --> 00:20:13,620 And that will link that. 289 00:20:13,720 --> 00:20:13,940 Yeah. 290 00:20:13,940 --> 00:20:17,020 Link that to the website, magicinternetmath.com. 291 00:20:17,020 --> 00:20:26,260 um so is that like i guess we've we've motivated it enough yeah so yeah i think we've motivated 292 00:20:26,260 --> 00:20:31,760 enough one last very simple example because we talked about clock arithmetic so we have divided 293 00:20:31,760 --> 00:20:36,580 by like the two one divisor where the remainder zero or one is like the simplest abstraction you 294 00:20:36,580 --> 00:20:43,600 can go to one that people use all of the time is that a clock you basically do modulo arithmetic 295 00:20:43,600 --> 00:21:04,520 You divide it by 12. So if you're not using military time, I'm going to put that aside for a second. If it's 1 a.m. and if it's 1 o'clock and 1 a.m., 1 o'clock in the morning and you say 15 hours from now, it's not 16 o'clock. 296 00:21:04,520 --> 00:21:09,200 it's 4 o'clock, sorry, it's 5 p.m. 297 00:21:09,520 --> 00:21:09,760 Right? 298 00:21:09,840 --> 00:21:13,220 So you're doing a modulo 12, a.m. and p.m., a.m. and p.m. 299 00:21:13,220 --> 00:21:15,880 Every 12 hours, you could take whatever number 300 00:21:15,880 --> 00:21:18,320 and you just flip it from a.m. to p.m. 301 00:21:18,340 --> 00:21:18,600 Right? 302 00:21:18,700 --> 00:21:20,800 And you're basically looking at it that way 303 00:21:20,800 --> 00:21:21,720 as like a modulo 12. 304 00:21:22,140 --> 00:21:25,240 Now, what we actually do in Bitcoin, 305 00:21:25,580 --> 00:21:28,400 which you mentioned, is we take a prime number, 306 00:21:28,500 --> 00:21:30,160 which is one of the other things that mathematic, 307 00:21:30,160 --> 00:21:33,360 like things that mathematicians are most obsessed about 308 00:21:33,360 --> 00:21:34,200 is prime numbers. 309 00:21:34,520 --> 00:21:38,140 Um, the actual, yes. 310 00:21:38,280 --> 00:21:50,100 And the actual point that we're going to do all of our modulo arithmetic from is two to the 256 minus two to the 232 minus 977. 311 00:21:51,600 --> 00:21:52,200 Yeah. 312 00:21:52,340 --> 00:22:01,280 That's probably worth like just memorizing that, that, that those three numbers, two to the 256 minus two to the 32nd power minus 977. 313 00:22:01,800 --> 00:22:02,280 Yeah. 314 00:22:02,280 --> 00:22:06,460 and you can actually expand factor that out and it becomes two to the 256 315 00:22:06,460 --> 00:22:11,460 minus two to the 232 minus two to the nine minus two to the eight minus two to 316 00:22:11,460 --> 00:22:14,360 the seven minus two to the six minus two to the four minus one 317 00:22:14,360 --> 00:22:18,420 and there's a binary representation of this too and that you know like there's 318 00:22:18,420 --> 00:22:22,600 a there's actually a reason um you know it'll be fun when we get there but 319 00:22:22,600 --> 00:22:27,360 that's a reason why that is the space that's the number right 320 00:22:27,360 --> 00:22:28,840 yeah 321 00:22:28,840 --> 00:22:33,660 there's a special 322 00:22:33,660 --> 00:22:38,320 name for these kind of prime numbers 323 00:22:38,320 --> 00:22:40,420 where you basically take 2 to the n 324 00:22:40,420 --> 00:22:41,400 of some number 325 00:22:41,400 --> 00:22:44,020 and then child factorizations of those 326 00:22:44,020 --> 00:22:44,700 minus 1 327 00:22:44,700 --> 00:22:46,500 it's actually a very common heuristic 328 00:22:46,500 --> 00:22:47,340 of what you're able to do 329 00:22:47,340 --> 00:22:48,720 it's called a Mersenne prime 330 00:22:48,720 --> 00:22:49,780 right 331 00:22:49,780 --> 00:22:53,220 so this is something that has been proven 332 00:22:53,220 --> 00:22:54,260 to be a prime number 333 00:22:54,260 --> 00:22:57,660 and an important thing to ask is 334 00:22:57,660 --> 00:23:04,380 why modulo a prime number with elliptic curve cryptography, right? 335 00:23:04,380 --> 00:23:05,380 You could pick any number. 336 00:23:05,520 --> 00:23:06,400 You're doing this curve. 337 00:23:06,820 --> 00:23:11,540 Why does it matter that you're doing modulo arithmetic with a prime number? 338 00:23:12,200 --> 00:23:12,320 Yeah. 339 00:23:12,480 --> 00:23:19,260 And before you answer, we just want to remember the fact that, you know, primes can't be divided. 340 00:23:20,160 --> 00:23:24,680 They don't have, like, primes are unable to be divided by anything other than itself in one, right? 341 00:23:25,300 --> 00:23:25,480 Yeah. 342 00:23:25,480 --> 00:23:39,240 But this is actually going to tee up into our next concept, though, is that the reason why you pick a prime number and do modular arithmetic, it proves that every non-zero number you put into this modular arithmetic. 343 00:23:39,240 --> 00:23:48,840 Now, again, remember, you could take any number and throw it into this operation, and you will get some modular remainder. 344 00:23:48,840 --> 00:23:59,820 And what's really important is when you have a prime number as the unit in which you do modulo arithmetic, you will always have a multiplicative inverse. 345 00:24:00,760 --> 00:24:04,000 You always will have a multiplicative inverse, which is very important. 346 00:24:04,000 --> 00:24:16,640 A translation for the non-technicals, because this is multiplicative inverse is a terminology that probably you learn somewhere in high school or college, right? 347 00:24:16,640 --> 00:24:21,400 But all it means is that you can divide it by something other than zero. 348 00:24:21,620 --> 00:24:24,640 You can understand that you're never allowed to divide by zero. 349 00:24:25,760 --> 00:24:32,500 So if a number has an inverse, it means that it can be divided validly. 350 00:24:33,360 --> 00:24:33,460 Yeah. 351 00:24:35,940 --> 00:24:39,260 So we just need to know. 352 00:24:39,420 --> 00:24:42,600 When we're dealing with massive numbers that we can't see and verify, 353 00:24:42,940 --> 00:24:46,080 we just need a way to know that it's all legit. 354 00:24:46,640 --> 00:24:57,340 Yes. And that's the point is that you're not going to have a number that you generate a point on the curve that's going to break. 355 00:24:58,340 --> 00:25:04,880 The example of not using a prime number, by the way, is say like if you're doing modulo four, right? 356 00:25:05,220 --> 00:25:05,460 Yep. 357 00:25:05,460 --> 00:25:12,800 Two times two is zero. So two doesn't have an inverse if you're using mod four. 358 00:25:12,800 --> 00:25:22,700 To the number two, there's nothing you can multiply it by to actually give it a modulo, to give it a remainder of one. 359 00:25:23,120 --> 00:25:23,680 Right. 360 00:25:23,920 --> 00:25:33,500 And since the remainder is what ultimately matters for this ability to find points on the curve, you need to have a non-zero number. 361 00:25:33,760 --> 00:25:40,260 Because if it's zero, then you don't have enough requisite information to do all of the field addition that we're talking about. 362 00:25:40,260 --> 00:25:58,480 And like you said, with two, like even if we go back to the clock example, why don't we just do modulo 12? Remember, we said that like the remainder is the thing we care about, which means you need to have a robust, like you need to be able to take many, many different numbers and ultimately make sure that you don't get a remainder of zero. 363 00:25:58,480 --> 00:26:02,580 And three times four on that is 12. 364 00:26:02,780 --> 00:26:04,480 And 12 modulo 12 is zero. 365 00:26:04,800 --> 00:26:12,080 And now you're back at the start where you have a zero, but you can't actually derive any information to be able to do that field addition. 366 00:26:12,540 --> 00:26:16,660 So just know zero is an unacceptable result for us. 367 00:26:16,660 --> 00:26:28,480 And, you know, like you could imagine building a system of money without actually knowing that every potential number on this curve can be transformed into another number on the curve. 368 00:26:28,600 --> 00:26:38,700 If you don't know that, the only way to know that is to actually, well, right now for humans on Earth right now, the only way we know that is that every number has an inverse. 369 00:26:38,700 --> 00:26:40,540 In other words, every number has a number. 370 00:26:40,760 --> 00:26:44,340 It could be multiplied to equal the number one. 371 00:26:44,560 --> 00:26:46,340 And that's what we say is an inverse. 372 00:26:46,660 --> 00:26:54,020 In the real numbers, we say 5, the inverse of 5 is 1 fifth because 5 times 1 fifth equals 1. 373 00:26:54,640 --> 00:27:01,120 But in the number system of what we call a finite field, which is like we described before, 374 00:27:01,220 --> 00:27:05,260 the field of remainders modulo some number prime, right? 375 00:27:06,480 --> 00:27:11,420 The way we divide is by multiplying by the inverse, but we don't have fractions. 376 00:27:11,680 --> 00:27:13,900 We just have other numbers in the system, right? 377 00:27:13,900 --> 00:27:22,060 And so we just need to make sure, but we still need to make sure we can take any two numbers and get the number one modulo, the prime. 378 00:27:22,920 --> 00:27:23,060 Yeah. 379 00:27:23,260 --> 00:27:33,920 And so I think as the point to tie this together, to explain why this matters, this field addition that we do is the mapping from the private key to the public key. 380 00:27:34,140 --> 00:27:35,840 That is ultimately what we're doing. 381 00:27:35,840 --> 00:27:38,040 and we need to be able to take, 382 00:27:38,320 --> 00:27:40,120 and this is also just an important concept of 383 00:27:40,120 --> 00:27:42,040 someone did not go through 384 00:27:42,040 --> 00:27:44,780 and look at all numbers between 0 and 2 to the 256 385 00:27:44,780 --> 00:27:49,700 and figure out, okay, like, does this number work? 386 00:27:49,800 --> 00:27:50,480 Does this number work? 387 00:27:50,540 --> 00:27:51,200 Does this number work? 388 00:27:51,400 --> 00:27:54,180 This is proven on a higher mathematical abstraction 389 00:27:54,180 --> 00:27:57,260 that you will be able to find this inverse. 390 00:27:57,680 --> 00:28:00,420 And the reason why the numbers are between 0 and 2 to the 256, 391 00:28:01,240 --> 00:28:04,200 you can pick a number bigger than 2 to the 256 392 00:28:04,200 --> 00:28:06,400 when you do this operation. 393 00:28:06,760 --> 00:28:07,860 But if you remember, 394 00:28:08,680 --> 00:28:11,200 the field in which we're doing this modular arithmetic 395 00:28:11,200 --> 00:28:15,020 is two to the 256 minus two to the 232. 396 00:28:15,400 --> 00:28:17,380 So if you take a number even bigger 397 00:28:17,380 --> 00:28:19,880 than two to the 256, it will work. 398 00:28:20,160 --> 00:28:22,280 Like it's not like you're gonna break Bitcoin 399 00:28:22,280 --> 00:28:24,240 if you find a bigger number to put into this thing. 400 00:28:24,380 --> 00:28:26,580 It is just going to get compressed down 401 00:28:26,580 --> 00:28:28,700 into the field of remainders 402 00:28:28,700 --> 00:28:31,080 where the largest number is two to the 256. 403 00:28:31,440 --> 00:28:33,000 It's like asking for 50 o'clock. 404 00:28:33,000 --> 00:28:34,700 It's like you're looping around. 405 00:28:34,980 --> 00:28:35,100 Exactly. 406 00:28:35,100 --> 00:28:36,100 That's two hours. 407 00:28:36,220 --> 00:28:37,320 That's two hours from now. 408 00:28:37,760 --> 00:28:37,960 Right. 409 00:28:38,160 --> 00:28:38,520 Exactly. 410 00:28:39,080 --> 00:28:39,480 Right. 411 00:28:39,660 --> 00:28:42,120 And so that's exactly right. 412 00:28:42,920 --> 00:29:00,837 This all comes down to the basically the really remarkable elegant simple proofs that Gauss did that showed that all of the math we know works in this space like you don really have to think that much about it but we go through the dot like 413 00:29:00,837 --> 00:29:07,437 it just works adding works in this space multiplying works in this space um adding 414 00:29:07,437 --> 00:29:13,057 multiplying are basically the operations of rings and fields so adding and multiplying is what you 415 00:29:13,057 --> 00:29:18,177 need to worry about. And that's why when we don't divide, we multiply by an inverse to divide. 416 00:29:18,177 --> 00:29:26,537 And that's like a big concept. So, yeah. So basically what we're talking about now 417 00:29:26,537 --> 00:29:36,137 is the concept of congruence. Okay. Right. So like we, we talked, we're talking about congruence 418 00:29:36,137 --> 00:29:42,337 modulo a number, which is like in, in the world we came from, we talked about the two things, 419 00:29:42,337 --> 00:29:46,077 two numbers being equal to each other, five equaling five. 420 00:29:46,197 --> 00:29:51,397 But now in the world of congruence, we're just saying that actually five could be equal 421 00:29:51,397 --> 00:29:58,157 to an infinite amount of numbers that when divided by your modulus, the remainder is 422 00:29:58,157 --> 00:29:59,677 five, right? 423 00:29:59,817 --> 00:29:59,977 Right. 424 00:29:59,977 --> 00:30:06,657 When we talked about the number one in a mod three concept, we said one, four, seven, 425 00:30:07,217 --> 00:30:10,737 10, et cetera, are all congruent. 426 00:30:10,977 --> 00:30:11,917 They're not equal. 427 00:30:12,337 --> 00:30:13,377 They're congruent. 428 00:30:13,797 --> 00:30:14,237 Right. 429 00:30:15,337 --> 00:30:17,477 Because as that final emphasis, 430 00:30:17,637 --> 00:30:18,937 all we care about is the remainder. 431 00:30:19,457 --> 00:30:20,557 That's all we care about. 432 00:30:20,957 --> 00:30:22,457 So that's why if you pick a number bigger, 433 00:30:22,917 --> 00:30:23,737 you can loop around. 434 00:30:23,877 --> 00:30:24,337 You're just going to, 435 00:30:24,717 --> 00:30:26,077 what you're going to do is 436 00:30:26,077 --> 00:30:27,857 if you pick a number larger than 2 to 256, 437 00:30:28,397 --> 00:30:29,937 you're just going to get a number 438 00:30:29,937 --> 00:30:31,997 that is going to map to another number 439 00:30:31,997 --> 00:30:34,557 within this modulo operation. 440 00:30:34,757 --> 00:30:37,537 Just like two o'clock and, you know, 441 00:30:37,997 --> 00:30:39,677 if you're doing modulo 12, 442 00:30:39,817 --> 00:30:42,237 2 a.m. and 2 p.m. are the same remainder. 443 00:30:42,337 --> 00:30:47,757 so like you're gonna get to the same thing yeah so real quick i want to read out of the document 444 00:30:47,757 --> 00:30:55,197 um please a snippet um and it's another thinker i think you're gonna hear a lot from from me is 445 00:30:55,197 --> 00:31:02,597 rudolf steiner who's the uh um renaissance man from the late 18th sorry the late 19th century 446 00:31:02,597 --> 00:31:07,897 early 20th century who created the waldorf schools where my children went were educated 447 00:31:07,897 --> 00:31:14,797 but really had a lot to say about thinking knowledge and really lines up with, it's probably 448 00:31:14,797 --> 00:31:18,537 the reason I think this way is because I've studied his work also for the last 15 years. 449 00:31:20,097 --> 00:31:27,177 So anyway, these documents include his thinking. And I just want to read this real quick. It says, 450 00:31:27,177 --> 00:31:33,197 what is the number three? Not three apples, not three tally marks, not the symbol three, 451 00:31:33,197 --> 00:31:39,957 The number itself, you cannot see it, hear it, or touch it. Yet, you can think it with perfect 452 00:31:39,957 --> 00:31:44,117 clarity, and your thinking of it is identical to every other person's thinking of it. 453 00:31:44,957 --> 00:31:51,537 Steiner argues that mathematical objects are the paradigm of thought content realities that 454 00:31:51,537 --> 00:31:57,297 exist for thinking alone, independent of any sensory medium. The number three is the same, 455 00:31:57,397 --> 00:32:01,537 whether represented by Roman numerals, binary digits, or Babylonian wedge marks. 456 00:32:01,537 --> 00:32:03,757 The representations change 457 00:32:03,757 --> 00:32:05,857 The thought content does not 458 00:32:05,857 --> 00:32:09,557 The modular arithmetic makes this vivid 459 00:32:09,557 --> 00:32:12,937 So in Z7 460 00:32:12,937 --> 00:32:16,777 Z7 means like that's when the modulus is 7 461 00:32:16,777 --> 00:32:18,057 We're dividing everything by 7 462 00:32:18,057 --> 00:32:20,717 So in Z7 the number 10 is 3 463 00:32:20,717 --> 00:32:22,257 It doesn't represent 3 464 00:32:22,257 --> 00:32:23,877 It's not equivalent to 3 465 00:32:23,877 --> 00:32:24,857 But it is 3 466 00:32:24,857 --> 00:32:27,137 What we call the residue class 467 00:32:27,137 --> 00:32:30,397 Which would be 3, 10, 17, 24, etc 468 00:32:30,937 --> 00:32:35,757 That's a single mathematical object perceived by thinking as a unity, 469 00:32:36,097 --> 00:32:38,317 despite having infinitely many representatives. 470 00:32:39,037 --> 00:32:44,217 So when you compute 5 plus 6, and remember in this mod 7, that equals 4. 471 00:32:44,837 --> 00:32:46,937 So 5 plus 6 equals 4 mod 7. 472 00:32:47,397 --> 00:32:48,997 You're not manipulating symbols. 473 00:32:49,557 --> 00:32:52,857 You are perceiving a relationship among thought contents, 474 00:32:52,857 --> 00:32:57,077 a relationship that holds necessarily, universally, and eternally. 475 00:32:57,077 --> 00:33:04,877 and as one last um extended line out for people who may be lost the reason why six plus five 476 00:33:04,877 --> 00:33:12,957 equals three in this context is six plus five equals eleven sorry equals four because six plus 477 00:33:12,957 --> 00:33:17,097 five equals eleven you're killing these guys i'm killing it i'm killing it i'm killing them 478 00:33:17,097 --> 00:33:22,437 i'm still waking up here so six plus five equals eleven and when you divide eleven by seven 479 00:33:22,437 --> 00:33:24,177 it goes into it once 480 00:33:24,177 --> 00:33:25,557 and you have a remainder of four. 481 00:33:25,937 --> 00:33:27,017 So that's why in this context, 482 00:33:27,137 --> 00:33:28,077 six plus five, 483 00:33:28,857 --> 00:33:30,637 modulo seven equals four. 484 00:33:31,077 --> 00:33:32,397 And now we're going to... 485 00:33:32,397 --> 00:33:33,857 Yeah, we may be taking for granted 486 00:33:33,857 --> 00:33:36,157 our own speed of like those types 487 00:33:36,157 --> 00:33:37,437 of addition and subtraction. 488 00:33:37,737 --> 00:33:38,557 So if you guys are like, 489 00:33:38,977 --> 00:33:40,577 if you need to pause and just be like, 490 00:33:40,637 --> 00:33:43,117 all right, do I need to pull a pen and paper out? 491 00:33:43,177 --> 00:33:43,957 Don't be ashamed. 492 00:33:44,097 --> 00:33:44,477 It's okay. 493 00:33:44,917 --> 00:33:46,677 I think this point right here 494 00:33:46,677 --> 00:33:49,957 is a good checkpoint of if you're, 495 00:33:50,297 --> 00:33:52,257 if what I just explained does not make sense... 496 00:33:52,437 --> 00:33:56,057 And you want to learn, rewind and give it a listen the second time. 497 00:33:56,497 --> 00:34:05,817 And from here now, we're going to take a step forward and talk about in the, like, the domain is this very large prime number and all of its remainders. 498 00:34:06,057 --> 00:34:12,277 And they map onto an elliptic curve, which is kind of the next point. 499 00:34:12,377 --> 00:34:12,957 So we have this. 500 00:34:13,157 --> 00:34:14,117 Oh, sorry, real quick. 501 00:34:14,457 --> 00:34:15,997 I want to just interject one thing. 502 00:34:18,657 --> 00:34:22,417 We're not going to get that deeply into it, but I have covered it on prior podcasts. 503 00:34:22,437 --> 00:34:32,677 that you can go look up. The way that we can know that what we're doing in our minds around 504 00:34:32,677 --> 00:34:39,717 numbers we understand, like 10 and 11 and 7, the way we know that all that math applies in the 2 505 00:34:39,717 --> 00:34:48,717 to the 256 realm, in a realm we can't possibly visualize or understand, is the way we know is 506 00:34:48,717 --> 00:34:52,297 through something. Usually it's through something called mathematical induction, but there are many 507 00:34:52,297 --> 00:34:55,957 There are many ways that we prove things. 508 00:34:56,257 --> 00:35:01,037 That is going to be a topic that we do get into, which is like, how do we really know? 509 00:35:01,277 --> 00:35:03,477 That's always the big thing I talk about. 510 00:35:03,497 --> 00:35:04,377 How do you really know? 511 00:35:05,037 --> 00:35:11,837 And so usually the way we extrapolate knowledge from the sort of knowable, observable world 512 00:35:11,837 --> 00:35:19,657 we live in to the unobservable, almost infinite, but we say it's not, is this concept of mathematical 513 00:35:19,657 --> 00:35:26,917 induction, meaning if you can prove it at a very basic level, and then you can prove that every 514 00:35:26,917 --> 00:35:34,157 increment, every next increment is true, then eventually you can just extrapolate mentally. 515 00:35:34,337 --> 00:35:38,117 And there is a rigorous construct for that that we're not going to get into. But I just want to 516 00:35:38,117 --> 00:35:45,497 build that bridge that there needs to be that bridge that we know that one plus one equals two. 517 00:35:45,497 --> 00:35:50,577 We can sort of extrapolate these operations into numbers we can't understand. 518 00:35:51,137 --> 00:35:51,217 Yeah. 519 00:35:51,257 --> 00:35:54,157 And I think there's some interesting visual points. 520 00:35:54,377 --> 00:35:59,277 I know this is primarily an audio podcast, but if you're sitting here, if you're listening 521 00:35:59,277 --> 00:36:04,957 to this, what we're about to start talking about is this curve, the LibSecP256K1 curve. 522 00:36:05,037 --> 00:36:06,537 We'll get into exactly what that means. 523 00:36:06,877 --> 00:36:14,397 But if you type in LibSecP256K1, enter, and Google images, you'll see it. 524 00:36:14,397 --> 00:36:22,537 And it's a graph, it's a curve that you would have easily seen some point in your high school math education, for sure. 525 00:36:22,797 --> 00:36:24,337 You wouldn't have realized it was that important. 526 00:36:24,857 --> 00:36:26,377 But the elliptic curve... 527 00:36:26,377 --> 00:36:27,997 I've seen it in Bitcoin a lot. 528 00:36:28,297 --> 00:36:30,517 I mean, you see it in Rob's shirt right now. 529 00:36:30,757 --> 00:36:33,997 Yeah, the shirt I'm wearing, it gets thrown around here and there. 530 00:36:34,897 --> 00:36:37,657 It's almost the logo of a magic internet math, but it's not. 531 00:36:37,737 --> 00:36:41,397 I kind of like transformed it into an infinity kind of. 532 00:36:41,397 --> 00:36:42,117 Yeah, yeah. 533 00:36:42,217 --> 00:36:43,437 More of an alpha symbol. 534 00:36:43,677 --> 00:36:44,117 Yeah. 535 00:36:44,397 --> 00:36:53,897 But it's basically, and I'll do one quick, it's basically a curve that loops on itself across the X and Y axis. 536 00:36:54,097 --> 00:37:02,137 So across the X axis, any point on the X axis, there's actually two points on the Y axis that you can go to. 537 00:37:03,397 --> 00:37:05,657 Let's say the bell curve flipped on it, turned it on the side. 538 00:37:05,877 --> 00:37:06,217 Oh, yeah. 539 00:37:06,257 --> 00:37:10,337 So if you took a bell curve and you've rotated it 90 degrees, if you're a shape rotator. 540 00:37:10,717 --> 00:37:11,017 It just looks like that. 541 00:37:11,017 --> 00:37:11,657 It looks like that. 542 00:37:11,657 --> 00:37:13,657 It's not that, but it looks like that. 543 00:37:13,657 --> 00:37:16,537 No, like we're not saying it has the same tails. 544 00:37:16,797 --> 00:37:20,117 We're just saying visually it kind of looks like a bell curve. 545 00:37:20,237 --> 00:37:20,597 Absolutely. 546 00:37:20,597 --> 00:37:22,437 90 degree rotation. 547 00:37:23,297 --> 00:37:26,537 And so I'm going to explain what the equation is. 548 00:37:26,577 --> 00:37:28,497 We're going to talk about why this is helpful. 549 00:37:28,677 --> 00:37:29,677 Like we're going to build on this. 550 00:37:29,677 --> 00:37:39,137 But I'm just going to make the jump and say the curve that Bitcoin specifically uses is Y squared equals X cubed plus seven. 551 00:37:40,757 --> 00:37:42,697 And we're going to talk about why that is. 552 00:37:42,697 --> 00:37:46,157 And if you can see on my shirt or if you look up online, it's slightly pushed up a little bit. 553 00:37:46,217 --> 00:37:47,377 And that's when that plus seven comes in. 554 00:37:48,357 --> 00:37:49,477 Why the hell does this matter? 555 00:37:49,937 --> 00:37:59,457 If you take any two points on the curve and you drew a straight line so that they touched, it's always going to hit one additional point. 556 00:38:01,477 --> 00:38:05,137 And that one additional point is because it's a cubic operation, X cube. 557 00:38:05,377 --> 00:38:07,897 So you're always going to have a given point. 558 00:38:07,957 --> 00:38:09,037 You're going to have the three intersections. 559 00:38:09,037 --> 00:38:15,397 and if you reflect that x point across if you reflect that that third point across the x-axe 560 00:38:15,397 --> 00:38:21,957 that's the sum of the two original points and this is kind of like the whole magic of how this works 561 00:38:21,957 --> 00:38:27,857 and this works for any curve that follows the general y squared equals x cubed plus ax plus b 562 00:38:27,857 --> 00:38:33,637 like the general function of these libraries and we're going to get into like why that if you take 563 00:38:33,637 --> 00:38:38,037 two points you connect them you can take the third and flip it over the x-axe and you get the sum of 564 00:38:38,037 --> 00:38:47,157 the two, like why that's really important. But to start, like even the Y squared equals X cubed 565 00:38:47,157 --> 00:38:59,257 plus seven was a choice. Why that? And that is the libsec P256k1 curve. Um, SEC, the SEC, 566 00:38:59,397 --> 00:39:03,977 standards for efficient cryptography, P, it's because it's using a prime field. We already 567 00:39:03,977 --> 00:39:06,857 talked about the prime field, right? You already, you already understand why there's a prime field 568 00:39:06,857 --> 00:39:07,777 in any of this at all. 569 00:39:08,397 --> 00:39:08,997 The 256, 570 00:39:09,477 --> 00:39:11,137 is it because it's 256 bit prime? 571 00:39:11,597 --> 00:39:11,757 All right. 572 00:39:11,797 --> 00:39:12,777 So that seems like we're, 573 00:39:13,217 --> 00:39:14,257 we've already done a lot 574 00:39:14,257 --> 00:39:16,977 to demystify what libsecp256k1 means. 575 00:39:17,737 --> 00:39:18,337 What's lib? 576 00:39:18,657 --> 00:39:20,177 Sorry, is lib for, 577 00:39:20,677 --> 00:39:22,857 is this a political statement? 578 00:39:22,857 --> 00:39:23,777 Is this a political statement? 579 00:39:23,777 --> 00:39:24,277 Is this a library you import? 580 00:39:24,597 --> 00:39:25,177 Yeah, yeah, yeah. 581 00:39:25,257 --> 00:39:26,397 I don't want to get you going, 582 00:39:26,517 --> 00:39:27,357 but a lot of people think 583 00:39:27,357 --> 00:39:28,697 that there's political statements. 584 00:39:28,697 --> 00:39:29,797 Yeah, it's all these libs, 585 00:39:29,997 --> 00:39:31,097 all these damn libs. 586 00:39:31,297 --> 00:39:33,437 No, lib is the library, right? 587 00:39:33,477 --> 00:39:34,997 Because you're pulling from this library 588 00:39:34,997 --> 00:39:46,757 of sec p256k1 uh so we got through sec p256k is um a koblet uh a koblet's curve um yeah 589 00:39:46,757 --> 00:39:52,577 and we've talked i've talked about those in the past um and i have there's a course on magic 590 00:39:52,577 --> 00:39:59,137 internet math.com on koblet's book number theory and cryptography and then one is that it's the 591 00:39:59,137 --> 00:40:04,197 first and only such of its curve now the koblet's part is actually really important and i actually 592 00:40:04,197 --> 00:40:08,837 tweeted this out last night um probably two days ago by the time this gets out the door for everyone 593 00:40:08,837 --> 00:40:17,697 to listen to how finney in 2011 opens a thread on bitcoin talk and says like why this curve right 594 00:40:17,697 --> 00:40:23,597 and like a bunch of like greg maxwell christian decker uh gavin andreason mike hearn like all of 595 00:40:23,597 --> 00:40:31,157 the original like big bitcoin developers time yeah of course of course that's there yeah um 596 00:40:31,157 --> 00:40:34,377 The curve was actually invented on Little St. James, for sure. 597 00:40:35,657 --> 00:40:44,777 And so the ultimate point that gets talked about and somewhat inferred is that this curve doesn't have anything weird going on about it. 598 00:40:44,857 --> 00:40:46,597 You could be like, oh, why is it plus seven? 599 00:40:46,777 --> 00:40:52,677 But that's not meaningfully a big transformation in the context of what we're about to talk about, 600 00:40:52,977 --> 00:40:57,237 is that there's no weird constant that just doesn't make any sense whatsoever. 601 00:40:57,997 --> 00:41:01,377 I would more ask why the middle coefficient is zero. 602 00:41:01,657 --> 00:41:02,597 Why do you go right? 603 00:41:03,257 --> 00:41:03,997 That's a good point. 604 00:41:04,177 --> 00:41:05,937 That's like the one of the things I've always wondered. 605 00:41:06,377 --> 00:41:06,657 Yeah. 606 00:41:06,777 --> 00:41:11,837 Well, if you actually make the A zero, it allows you to do simpler mathematical transformations 607 00:41:11,837 --> 00:41:14,777 and it makes it 30% faster than other standard NIST curves. 608 00:41:15,877 --> 00:41:19,657 Because you're just taking something to zero that's less transformation and less computational 609 00:41:19,657 --> 00:41:20,057 overhead. 610 00:41:20,197 --> 00:41:21,737 So it actually makes the curve more efficient. 611 00:41:21,737 --> 00:41:24,137 and further talking about... 612 00:41:24,137 --> 00:41:27,377 Can you circle roughly when in history 613 00:41:27,377 --> 00:41:28,617 was this being determined? 614 00:41:30,217 --> 00:41:33,637 Not for Bitcoin, but when was this curve? 615 00:41:33,757 --> 00:41:37,037 When was SecP 256K1 created? 616 00:41:37,037 --> 00:41:40,457 I don't want to get into the whole history right now, 617 00:41:40,677 --> 00:41:41,877 but you know what I mean? 618 00:41:41,997 --> 00:41:44,037 Just so people don't realize, 619 00:41:44,197 --> 00:41:45,617 Satoshi didn't invent this. 620 00:41:46,297 --> 00:41:48,757 It wasn't part of... 621 00:41:48,757 --> 00:41:52,157 It was invented prior to 2008. 622 00:41:53,157 --> 00:41:57,597 Well, so it was invited prior to the cobblitz curve. 623 00:41:57,997 --> 00:41:59,097 The cobblitz curve itself. 624 00:41:59,217 --> 00:41:59,417 Yeah. 625 00:41:59,417 --> 00:42:02,237 In other words, this X cubed plus seven was sorry. 626 00:42:02,657 --> 00:42:05,517 This is Y squared equals X cubed plus seven. 627 00:42:06,237 --> 00:42:06,797 Yeah. 628 00:42:06,917 --> 00:42:14,537 Y squared equals X cubed plus seven was a known curve that was used for things. 629 00:42:15,177 --> 00:42:15,497 Potentially. 630 00:42:15,657 --> 00:42:15,937 Yes. 631 00:42:16,137 --> 00:42:16,637 That was a no. 632 00:42:16,637 --> 00:42:20,157 It wasn't like Satoshi said, I understand this library. 633 00:42:20,877 --> 00:42:24,537 I am going to just conjure. 634 00:42:25,317 --> 00:42:26,937 It wasn't like conjured. 635 00:42:27,017 --> 00:42:29,517 It was like selected from things that had been played around with. 636 00:42:30,077 --> 00:42:30,297 Correct? 637 00:42:30,917 --> 00:42:31,337 Correct. 638 00:42:31,677 --> 00:42:32,057 Yes. 639 00:42:32,717 --> 00:42:34,977 And I'm pulling up the exact year right now. 640 00:42:35,197 --> 00:42:35,557 So I'm trying to- 641 00:42:35,557 --> 00:42:36,557 It had some known properties. 642 00:42:37,557 --> 00:42:37,897 Yes. 643 00:42:38,097 --> 00:42:39,117 It had some known properties. 644 00:42:39,537 --> 00:42:43,417 It wasn't really used at any large scale anywhere outside. 645 00:42:43,417 --> 00:42:47,417 like there wasn't like a bunch of applications that were running this curve specifically 646 00:42:47,417 --> 00:42:55,177 um but you locked in and said that's a candidate yes and i'm what i'm doing right now is i'm trying 647 00:42:55,177 --> 00:43:00,757 to find i was actually looking into this last night and i'm trying to find my original uh 648 00:43:00,757 --> 00:43:07,657 conversation that i was having with this um if you give me a moment it would be pre-deeded 2008 649 00:43:07,657 --> 00:43:21,137 And I think as I'm pulling this up, just the thing to sprinkle through, what we're going to be mainly talking about today is ECDSA, elliptive curve, digital signing algorithm, which is what Satoshi originally started with. 650 00:43:21,517 --> 00:43:24,537 This did not use Schnorr signing algorithm. 651 00:43:24,997 --> 00:43:28,557 That was something that was actually patented through 2008. 652 00:43:28,677 --> 00:43:32,457 So when Satoshi originally came out with this, he couldn't use Schnorr, which was known to be more efficient. 653 00:43:32,457 --> 00:43:39,457 um the um what was i going to say the uh 654 00:43:41,077 --> 00:43:48,277 schnorr's slightly different group structure characteristics and they're more designed we've 655 00:43:48,277 --> 00:43:53,937 talked about it a little bit when in the i did this with gary in one of those episodes i'll try 656 00:43:53,937 --> 00:43:57,917 to remember it and link it but like we talked a little bit about there it has slightly different 657 00:43:57,917 --> 00:44:03,797 group characteristics, which allows, there's like additional closure that allows you to 658 00:44:03,797 --> 00:44:06,677 abstract maybe more of the information. 659 00:44:06,677 --> 00:44:14,237 So it's not all, you know, you can kind of abstract a couple of the variables into single 660 00:44:14,237 --> 00:44:17,997 objects so that you're showing less. 661 00:44:18,217 --> 00:44:21,297 And like the thing with Schnorr was like, you can, everything looks like one address. 662 00:44:21,557 --> 00:44:26,137 So you don't, you can't easily diagnose a two of two multi-sig and say, oh, that's 663 00:44:26,137 --> 00:44:27,357 clearly a two of two multi-sig. 664 00:44:27,357 --> 00:44:28,177 That's a lightning channel. 665 00:44:28,657 --> 00:44:29,017 Absolutely. 666 00:44:29,337 --> 00:44:29,577 Yeah. 667 00:44:29,797 --> 00:44:37,577 And so basically the biggest upside you get with Schnorr is that you're able to effectively add keys together in a very efficient way. 668 00:44:37,797 --> 00:44:44,917 That allows you to, as a result, since you can add the keys together, you can take individual shards and you can aggregate the signature. 669 00:44:45,117 --> 00:44:45,697 So you can have a two of two. 670 00:44:45,697 --> 00:44:48,537 And that's a result of the group structure. 671 00:44:49,017 --> 00:44:49,557 That's correct. 672 00:44:49,817 --> 00:44:50,037 Of Schnorr. 673 00:44:50,337 --> 00:44:50,457 Yeah. 674 00:44:50,617 --> 00:44:52,497 I just need to emphasize that here, right? 675 00:44:52,497 --> 00:44:55,977 Because that's really what we're talking about and why we learn about the structures. 676 00:44:55,977 --> 00:45:15,957 Yeah, so the curve SecP predated Bitcoin roughly the year 2000 was when it was invented. So it had been around for almost a decade when Satoshi picked it. And the point I'm getting to is why that matters is because the curve you pick is kind of like, this is the entire field in which you're doing all of your public private key mapping. 677 00:45:15,957 --> 00:45:23,837 and going taking it back to this Hal Finney post um he basically everyone starts inferring that 678 00:45:23,837 --> 00:45:30,017 it's the one curve in that general family and library that doesn't have any really weird traits 679 00:45:30,017 --> 00:45:36,037 about it and you would be like well Rob you know like this all of this stuff is weird like what do 680 00:45:36,037 --> 00:45:42,917 you what like this is all weird like why why does that matter um basically what's a weird what's an 681 00:45:42,917 --> 00:45:49,137 example than in this world of something weird that they declined they rejected yeah so other curves 682 00:45:49,137 --> 00:45:56,677 hold constants within the curve that don't immediately make sense and it's very popular 683 00:45:56,677 --> 00:46:03,117 um in what does that mean real quick what does that mean so what that means is that 684 00:46:03,117 --> 00:46:08,637 when you are setting up this equation they'll tack something onto the end 685 00:46:08,637 --> 00:46:14,757 like some extra little thing and typically like a constant number you meaning so in other words 686 00:46:14,757 --> 00:46:22,837 yeah or it's an object a constant object or like so for example okay slightly you have to know 687 00:46:22,837 --> 00:46:28,677 calculus to answer this question but like when you integrate a number of sorry you integrate a 688 00:46:28,677 --> 00:46:36,217 function like x and you get one half x squared you have to say plus c because you don't really know 689 00:46:36,217 --> 00:46:40,397 So unless you define the limits of the integration, I'm sorry if I just derailed. 690 00:46:40,457 --> 00:46:42,397 No, no, no, no, no, no, no, no. 691 00:46:42,397 --> 00:46:52,817 So like there's another, there's a NIST, you know, and NIST, NIST is like the National Institute for Standards and Technology. 692 00:46:53,217 --> 00:46:54,137 It's a government. 693 00:46:54,317 --> 00:46:55,237 I should put that. 694 00:46:55,257 --> 00:46:56,457 I should put those on my website. 695 00:46:56,597 --> 00:46:57,177 I got the BIPS. 696 00:46:57,377 --> 00:46:58,237 I got the BOLTs. 697 00:46:58,377 --> 00:46:58,777 I got the NIST. 698 00:46:58,777 --> 00:47:01,077 I should get the NIST standards in there. 699 00:47:01,077 --> 00:47:09,657 Here's the thing. Unlike BIPs, the NIST comes from the government, which means even the mathematicians in Bitcoin don't trust the government. 700 00:47:10,317 --> 00:47:15,357 And the reason why this matters is that there was another curve. There was a NIST P256 curve that could have been used. 701 00:47:16,677 --> 00:47:23,777 It has a coefficient from a mysterious SHA-1 hash that no one really knows where it came from. 702 00:47:23,777 --> 00:47:29,237 and basically there was a scandal in 2013 703 00:47:29,237 --> 00:47:32,197 where the NSA was caught trying to backdoor 704 00:47:32,197 --> 00:47:33,297 elliptic curve standards 705 00:47:33,297 --> 00:47:38,217 and this is why Satoshi 706 00:47:38,217 --> 00:47:41,217 picked the curve he did is it didn't have a mysterious NSA backdoor 707 00:47:41,217 --> 00:47:44,117 whereas if he picked if he was like 708 00:47:44,117 --> 00:47:47,257 well I want to be taken seriously so I'm going to use the credential 709 00:47:47,257 --> 00:47:50,057 the elliptic curve library to make sure that like other cryptographers 710 00:47:50,057 --> 00:47:53,117 it's like instantly the domain in which we're operating in 711 00:47:53,117 --> 00:47:57,137 is not an academic one where we're trying to get peer review and get accolades and kind of like 712 00:47:57,137 --> 00:48:02,637 work our way up through a corporate structure or political pseudo corporate political structure 713 00:48:02,637 --> 00:48:09,277 like a university. Yeah. We are trying to make unfuckable money, which means that you have to 714 00:48:09,277 --> 00:48:14,477 really go foundational level primitives to understand why things work. And if Satoshi 715 00:48:14,477 --> 00:48:18,657 had picked the accredited curve, Bitcoin would have been dead by now. Absolutely. 716 00:48:18,657 --> 00:48:22,357 It would have been entirely backdoored and destroyed. Maybe they'd still be waiting. 717 00:48:23,117 --> 00:48:44,517 Maybe. Well, that's true. They could just be waiting for something to happen, right? And so Satoshi picking this curve that was invented in 2000 that was seldomly used was actually very intelligent because it was the curve that fit all the properties we've talked to up to this point that would be good for elliptic curve cryptography to secure Bitcoin and secure money in a trustless way that didn't have these back doors, right? 718 00:48:44,517 --> 00:48:47,977 And so I think that kind of just lays out the highest level. 719 00:48:48,077 --> 00:48:51,477 Now, now we're going to take two things and we're going to combine them together. 720 00:48:51,617 --> 00:48:54,477 We have this curve, this curvy object on a graph. 721 00:48:54,757 --> 00:48:56,957 And we have this field of finite points. 722 00:48:57,337 --> 00:48:58,137 Sideways bell curve. 723 00:48:58,777 --> 00:49:00,897 We have the sideways bell curve graph. 724 00:49:01,137 --> 00:49:01,577 It's sleeping. 725 00:49:01,577 --> 00:49:04,817 And we have this modulo arithmetic, right? 726 00:49:04,837 --> 00:49:05,937 We have all of these little dots. 727 00:49:05,937 --> 00:49:12,417 So what you do to casually draw it is you draw a series of connected numbers. 728 00:49:12,417 --> 00:49:18,937 like one continuous line for this entire sideways bell curve in reality if you interrupt you real 729 00:49:18,937 --> 00:49:23,357 quick like just as an example for lay people imagine drawing you would draw a circle with 730 00:49:23,357 --> 00:49:28,497 a radius of one you would take this function called x squared plus y squared equals one 731 00:49:28,497 --> 00:49:34,317 and then you would start taking combinations every combination of x and y you can basically 732 00:49:34,317 --> 00:49:42,317 imagine and that that make that equation work and plot right you'd plot every one of those 733 00:49:42,317 --> 00:49:45,797 X, Y's and Cartesian, you know, and Cartesian coordinates. 734 00:49:46,077 --> 00:49:50,277 And what you would, if you had, if you asked Python to do it, you would see a circle getting 735 00:49:50,277 --> 00:49:50,997 drawn very quickly. 736 00:49:52,177 --> 00:49:52,777 That's right. 737 00:49:53,237 --> 00:49:57,177 And so that's, that's essentially like, so it's just like what we're natively used to 738 00:49:57,177 --> 00:50:00,317 doing is the number, like the real number system that we grew up with. 739 00:50:00,757 --> 00:50:07,237 Whereas you're doing the same thing in something called an elliptic curve, but your plot, the 740 00:50:07,237 --> 00:50:09,997 equation is now the, is a remainder. 741 00:50:10,657 --> 00:50:10,897 Yeah. 742 00:50:10,897 --> 00:50:18,837 Yeah, and so rather than drawing, and the reason like this Cartesian plot with x squared plus y squared equals one to draw a circle with a radius one, right? 743 00:50:19,177 --> 00:50:28,657 You're taking, when you're drawing a continuous line, you're basically, in shorthand, you're taking all possible x values and filling them in for all possible y values, and it's continuous. 744 00:50:28,657 --> 00:50:30,637 Like, there is no break in the curve. 745 00:50:31,137 --> 00:50:40,457 For this elliptic field, to combine these two concepts of the sideways bell curve, this elliptic curve, and this field of finite numbers, super zoomed out, it looks like it's all connected. 746 00:50:40,457 --> 00:50:45,357 like one continuous line but if you zoom in and you zoom in and you zoom in it's actually a series 747 00:50:45,357 --> 00:50:50,837 of dots so there's not actually really a continuous line it's a bunch of little points 748 00:50:50,837 --> 00:50:59,377 that map out all of the remainders as it relates to this very large mersane prime of two to the 256 749 00:50:59,377 --> 00:51:05,717 minus two to the 232 you know well but we what you're trying to say is it's discrete too right 750 00:51:05,717 --> 00:51:12,157 Yes, that too. And so we now at this point have been able to stumble. 751 00:51:12,497 --> 00:51:24,317 Sorry, the book Mastering Bitcoin, the Antonopoulos book, has a very, I think, a good illustration of this where he just shows it at a larger and larger moduli drawing this curve. 752 00:51:24,497 --> 00:51:31,117 If you recall, I think, chapter four. So if you have that book, it's a good visual cue for this right now. 753 00:51:31,117 --> 00:51:37,957 yeah mastering bitcoin by intelophilus and also programming bitcoin by jimmy's song we're 754 00:51:37,957 --> 00:51:41,837 basically we're going through the initial introductory chapters of how this all works 755 00:51:41,837 --> 00:51:49,517 um and so we now have the foundation to actually talk about how we use this stuff so we have this 756 00:51:49,517 --> 00:51:53,037 sideways bell curve that's what we're just going to call the lipsec p curve because that's what it 757 00:51:53,037 --> 00:51:59,057 visually looks like so you have this curve you take all of the modulo possible remainders from 758 00:51:59,057 --> 00:52:04,217 this very large prime number and you connect them into this function and you're able to get 759 00:52:04,217 --> 00:52:11,157 this curve that gets drawn out and you're able to see all these little dots so from here 760 00:52:11,157 --> 00:52:19,417 we are now at the point where we're actually going to do some actual math equations what we've done 761 00:52:19,417 --> 00:52:23,937 like visualized like some basic math equations but now we're going to start smashing things 762 00:52:23,937 --> 00:52:26,137 together. We have this field of 763 00:52:26,137 --> 00:52:27,597 modulo prime 764 00:52:27,597 --> 00:52:29,277 numbers, 765 00:52:29,817 --> 00:52:31,837 so it's not continuous, but you have this 766 00:52:31,837 --> 00:52:33,477 curve that the math gets transformed on. 767 00:52:33,977 --> 00:52:35,617 And we're going to start talking about now 768 00:52:35,617 --> 00:52:37,917 what the hell this has to do with Bitcoin. 769 00:52:42,697 --> 00:52:44,077 So your starting 770 00:52:44,077 --> 00:52:44,597 place 771 00:52:44,597 --> 00:52:47,477 is this 772 00:52:47,477 --> 00:52:48,617 random number. 773 00:52:49,637 --> 00:52:51,777 Now, whether that random number is 774 00:52:51,777 --> 00:52:58,157 literally your seed phrase encoded into a number or like in your own abstraction. 775 00:52:58,377 --> 00:53:03,017 The way it actually works though, as I mentioned earlier, is you have your master extended private 776 00:53:03,017 --> 00:53:05,977 key and that to generate child keys. 777 00:53:06,057 --> 00:53:11,837 And those child keys are just numbers between zero and two to the 256 that then get placed 778 00:53:11,837 --> 00:53:12,557 on this curve. 779 00:53:12,917 --> 00:53:14,437 You take that private key. 780 00:53:14,437 --> 00:53:14,677 Yeah. 781 00:53:16,257 --> 00:53:21,997 And if we start just, if we just start in a small place, right. 782 00:53:21,997 --> 00:53:27,917 And we just say, what's the, if we look at a finite field modulo five. 783 00:53:28,857 --> 00:53:29,297 Okay. 784 00:53:29,717 --> 00:53:31,477 And you start with this number two. 785 00:53:31,857 --> 00:53:33,017 I did this last week. 786 00:53:33,097 --> 00:53:34,097 So do it again. 787 00:53:34,177 --> 00:53:34,437 Right. 788 00:53:34,677 --> 00:53:36,237 Let's start with, start with the number two. 789 00:53:36,597 --> 00:53:40,577 You can generate every point on the curve with this number. 790 00:53:40,797 --> 00:53:43,397 So when you double it, you get four. 791 00:53:44,017 --> 00:53:44,417 Right. 792 00:53:44,437 --> 00:53:50,677 So like in other words, in modulo 5, we're looking for the points 0, 1, 2, 3, 4, right? 793 00:53:50,797 --> 00:53:54,077 And we can do this with the number 2 because 2 times 2 is 4. 794 00:53:54,897 --> 00:54:00,517 And then you multiply by 2 again, and you get 8, but mod 5 is 3. 795 00:54:00,617 --> 00:54:03,397 So you go 2, 4, 3, right? 796 00:54:03,537 --> 00:54:04,757 Because 4 times 2 is 3. 797 00:54:05,237 --> 00:54:08,337 3 times 2 is 1, right? 798 00:54:08,857 --> 00:54:11,717 So now you've got, what would we say? 799 00:54:11,777 --> 00:54:13,057 2, 4, 3, 1. 800 00:54:13,057 --> 00:54:16,997 and then multiply that by two again. 801 00:54:17,297 --> 00:54:18,657 Basically, you've done it, right? 802 00:54:19,657 --> 00:54:21,157 You've completed the loop. 803 00:54:21,337 --> 00:54:22,297 You've completed the loop. 804 00:54:22,377 --> 00:54:26,897 You've generated every point with this operation of addition. 805 00:54:27,617 --> 00:54:30,017 Multiplying by two is basically adding a number to itself. 806 00:54:30,997 --> 00:54:31,217 Yeah. 807 00:54:33,117 --> 00:54:36,177 So you've generated every point. 808 00:54:36,337 --> 00:54:39,857 So I'm just trying to get a tangible thing you can do. 809 00:54:39,857 --> 00:54:52,597 And then now we're going to move to the tableau of this curve that is based on things we can't as easily determine, but we can abstract the concept and the functionality. 810 00:54:54,357 --> 00:54:54,957 Yeah. 811 00:54:55,397 --> 00:54:55,657 Right? 812 00:54:56,517 --> 00:55:01,177 You can generate every point in that curve with this massive prime number. 813 00:55:02,317 --> 00:55:04,937 You're able to generate every single point in that curve. 814 00:55:05,437 --> 00:55:06,137 That's right. 815 00:55:06,897 --> 00:55:11,277 And that's why the, and again, just to really hammer it home, that's why we pick a very large 816 00:55:11,277 --> 00:55:16,277 modulo base is that you're not going to really be able to get that closure where you can quickly 817 00:55:16,277 --> 00:55:21,317 loop through and get all possible options. The space in which you're doing this module 818 00:55:21,317 --> 00:55:27,037 arithmetic on is so large, you're not going to be able to trivially close that loop and get back to 819 00:55:27,037 --> 00:55:31,457 where you started. And you can't check it with pen and paper. And knowing it's a group, part of 820 00:55:31,457 --> 00:55:34,157 is also how you know it preserves these operations. 821 00:55:35,197 --> 00:55:36,397 It's almost all you know. 822 00:55:36,917 --> 00:55:36,977 Yeah. 823 00:55:37,257 --> 00:55:39,857 All you really know and all we care about. 824 00:55:39,957 --> 00:55:41,777 That's why I love groups. 825 00:55:41,837 --> 00:55:45,597 I love structures because all we really care about in this instance 826 00:55:45,597 --> 00:55:49,997 is that we have the closure and the operations are preserved. 827 00:55:50,397 --> 00:55:51,977 That's literally all we care about. 828 00:55:51,977 --> 00:55:56,817 That's why the mathematicians invented this thing called group. 829 00:55:57,417 --> 00:55:57,717 Yeah. 830 00:55:57,717 --> 00:56:03,017 is so that we know this and we can move into this space of maybe not being able to check with a pen 831 00:56:03,017 --> 00:56:08,917 and paper. Yes. But we know, we know for a fact, and you can, you know, you can study it and go 832 00:56:08,917 --> 00:56:13,417 through the proofs and know for a fact that these operations are preserved and you maintain closure. 833 00:56:14,197 --> 00:56:21,117 Yep, exactly. And so from, from this context, we're going to get into the next like thing that 834 00:56:21,117 --> 00:56:24,657 we may take a second to pause just to fully connect it together is you take this private 835 00:56:24,657 --> 00:56:29,177 number that only no one else knows. This is your private key. This is not your seed phrase. This is 836 00:56:29,177 --> 00:56:34,277 your seed phrase is literally the seed in which all of your child private keys can derive from. 837 00:56:34,577 --> 00:56:37,977 So you're taking your first child private key, which is just a number between zero and two to 838 00:56:37,977 --> 00:56:44,097 the 256. That's the starting point. You put it on the curve. Your private key is the grain of sand 839 00:56:44,097 --> 00:56:49,177 on that curve that you just happen to know that's the point and no one else does. No one else knows 840 00:56:49,177 --> 00:56:53,637 that point. And the ability, the asymmetry is because there's so many possible points on the 841 00:56:53,637 --> 00:56:58,557 curve, the only way someone would be able to reverse engineer that is if they guessed 842 00:56:58,557 --> 00:57:01,877 all of the possible grains of sand combinations to see if they could find your key. 843 00:57:02,057 --> 00:57:02,317 That's right. 844 00:57:02,357 --> 00:57:05,957 Which, from a game theory of Bitcoin, which is actually just interesting in general, you're 845 00:57:05,957 --> 00:57:11,037 economically more incentivized to just, if you have spare compute cycles, to just try 846 00:57:11,037 --> 00:57:11,937 and find a block. 847 00:57:12,537 --> 00:57:12,777 Yes. 848 00:57:12,777 --> 00:57:13,257 It is. 849 00:57:13,637 --> 00:57:19,377 You have, as infinitesimally unlikely it is that your computer would be able to solo mine 850 00:57:19,377 --> 00:57:20,997 a Bitcoin block. 851 00:57:20,997 --> 00:57:29,057 it is still infinitely more likely that you will find a block mining on your computer with like 852 00:57:29,057 --> 00:57:35,697 half a giga hash of hash rate yeah then it would be for you to randomly stumble upon someone else's 853 00:57:35,697 --> 00:57:40,017 private key and that's like the really important thing to go into here is that like even like 854 00:57:40,017 --> 00:57:54,194 outside of the math for a second just thinking about from a game theory perspective if you have spare compute cycles like i think many people when they first get into Bitcoin is like I just going to build a script It just going to guess all of the numbers If you have spare compute cycles you are infinitely better off just trying to mine a block 855 00:57:54,834 --> 00:58:06,314 Even though it's like a little bit more heavy of an operation, it's greatly offset by the possibility and probabilistic likelihood that you're going to find a block could technically happen before the heat death of the universe. 856 00:58:06,314 --> 00:58:13,734 Whereas you're waiting for the heat death of the universe to go through the entire index of all two to the 256 numbers to try and get a reverse engineer of a key at random chance. 857 00:58:14,254 --> 00:58:14,374 Yes. 858 00:58:14,434 --> 00:58:14,994 I want to ask. 859 00:58:15,114 --> 00:58:15,794 So we have this. 860 00:58:16,054 --> 00:58:18,874 I want to ask a quick question just because it's the elephant in the room. 861 00:58:18,914 --> 00:58:23,174 And I want to know if we're capable of handling it in 60 seconds or less. 862 00:58:23,174 --> 00:58:23,894 But like. 863 00:58:24,214 --> 00:58:24,414 Yes. 864 00:58:25,254 --> 00:58:28,054 What about what about when we have quantum computers? 865 00:58:29,514 --> 00:58:29,754 Yeah. 866 00:58:30,954 --> 00:58:32,834 So a quantum computer. 867 00:58:33,034 --> 00:58:33,434 Yeah. 868 00:58:33,594 --> 00:58:35,514 So I think this was going to be a legit question. 869 00:58:35,514 --> 00:58:40,574 It's just, yeah, this was going to be like the culminating thing we're going to end on is like the discrete log problem. 870 00:58:41,674 --> 00:58:54,694 So a quantum computer essentially breaks down the space in which the computer necessarily has to compute to be able to get an answer. 871 00:58:54,914 --> 00:58:56,614 It's like, how does it affect the game theory? 872 00:58:56,754 --> 00:58:57,394 I guess you're right. 873 00:58:57,474 --> 00:59:00,494 How does, without having to explain what it is, right? 874 00:59:00,494 --> 00:59:08,334 It greatly reduces the doors in which you need to randomly guess through to be able to get to an answer. 875 00:59:08,554 --> 00:59:15,354 It's an efficiency, an ability to find the inverse with a public key, the private key. 876 00:59:15,754 --> 00:59:20,834 We're talking about how you have this private key, you do some mathematical transformations, you get a public key. 877 00:59:21,254 --> 00:59:26,754 And the asymmetry is such that to be able to find that public key, your best option is to randomly guess everything. 878 00:59:26,854 --> 00:59:30,254 A quantum computer breaks this heuristic, so it's no longer a random guess. 879 00:59:30,494 --> 00:59:35,334 and you are essentially able to use that generator point 880 00:59:35,334 --> 00:59:36,554 that we're about to talk about 881 00:59:36,554 --> 00:59:38,554 and very quickly find the... 882 00:59:38,554 --> 00:59:41,934 Very quickly in a timescale and sense 883 00:59:41,934 --> 00:59:43,974 compared to what we currently have available 884 00:59:43,974 --> 00:59:44,894 of guessing everything. 885 00:59:45,334 --> 00:59:48,134 It could still take like a day, a week, right? 886 00:59:48,214 --> 00:59:50,174 But like it is no longer talking about 887 00:59:50,174 --> 00:59:50,894 heat death of the universe. 888 00:59:50,894 --> 00:59:52,634 You're talking about in some measurable, 889 00:59:53,154 --> 00:59:54,314 realistic human timeframe. 890 00:59:55,094 --> 00:59:57,714 If you had a cryptographically relevant quantum computer, 891 00:59:57,934 --> 01:00:00,314 you could take a public key and find the private key. 892 01:00:00,494 --> 01:00:04,154 It becomes a pretty good idea for some time. 893 01:00:04,374 --> 01:00:06,634 It becomes a good idea to try to find Satoshi's coins. 894 01:00:07,754 --> 01:00:08,034 Right? 895 01:00:08,454 --> 01:00:11,854 But then the question is, in the game theory, what's the response? 896 01:00:13,374 --> 01:00:17,834 Is there a fairly easy response in the game theory? 897 01:00:17,834 --> 01:00:17,894 Yeah. 898 01:00:19,514 --> 01:00:21,034 We're not going to sit there and be like, 899 01:00:21,134 --> 01:00:23,014 we're not going to sit and watch it eat all the Bitcoin. 900 01:00:23,294 --> 01:00:23,634 Right. 901 01:00:23,814 --> 01:00:25,254 And so this is funny. 902 01:00:25,354 --> 01:00:28,934 As someone who loves deep Bitcoin nuance and lore, 903 01:00:28,934 --> 01:00:32,314 this was one of my favorite nuggets of things like four years ago. 904 01:00:32,314 --> 01:00:34,374 And now it's like the most common talking point, 905 01:00:34,474 --> 01:00:36,174 which is fine because it's a real point. 906 01:00:36,174 --> 01:00:37,094 Like it's a legitimate thing. 907 01:00:37,094 --> 01:00:37,434 It's just, 908 01:00:37,834 --> 01:00:40,234 it's funny because like I've been thinking of this lens for years. 909 01:00:40,794 --> 01:00:43,014 When Bitcoin was first originally created, 910 01:00:43,254 --> 01:00:47,854 there was not like the main default way that you would receive funds was 911 01:00:47,854 --> 01:00:49,934 through a public key, 912 01:00:50,094 --> 01:00:53,054 pay to public key where you just put the raw public key on the Bitcoin 913 01:00:53,054 --> 01:00:53,454 blockchain. 914 01:00:54,014 --> 01:00:56,714 So Satoshi's coin specifically use this very, 915 01:00:56,794 --> 01:00:58,194 very old legacy address. 916 01:00:58,194 --> 01:01:04,154 and those are prime uh those are for the picking basically when it comes to a quantum computer 917 01:01:04,154 --> 01:01:08,734 because those public keys have been publicly available for anyone to look at since 2009 918 01:01:08,734 --> 01:01:14,594 when the genesis which really goes to show you how secure that is right now right right millions 919 01:01:14,594 --> 01:01:20,234 of coins right and and to get into the bitcoin level a little bit the thing is is that it's not 920 01:01:20,234 --> 01:01:26,894 like if i get one cracked i get a million bitcoin all of satoshi's bitcoin each address that satoshi 921 01:01:26,894 --> 01:01:28,594 has has a different public key. 922 01:01:29,114 --> 01:01:37,554 So you have 200,050 Bitcoin lotto tickets that a, in theory, a quantum computer could 923 01:01:37,554 --> 01:01:38,194 go try and attack. 924 01:01:38,594 --> 01:01:41,954 Now, this is definitely outside the scope of the conversation today. 925 01:01:42,034 --> 01:01:46,294 But just to put a small point on this, a quantum computer's ability to reverse engineer a public 926 01:01:46,294 --> 01:01:49,574 key to a private key is different than being able to undo a one-way hash function. 927 01:01:50,434 --> 01:01:51,794 And why does that matter? 928 01:01:51,794 --> 01:01:54,754 is that very early in Bitcoin, 929 01:01:54,974 --> 01:01:55,914 like by 20, 930 01:01:57,234 --> 01:01:58,614 even like actually, 931 01:01:58,734 --> 01:02:00,294 even in the first couple thousand blocks, 932 01:02:00,374 --> 01:02:01,074 there were a couple of these, 933 01:02:01,194 --> 01:02:04,414 but you can hash your public key 934 01:02:04,414 --> 01:02:06,354 and put the hash on chain, 935 01:02:06,534 --> 01:02:08,754 which gives you a certain level of protection 936 01:02:08,754 --> 01:02:10,494 because to be able to reverse engineer 937 01:02:10,494 --> 01:02:11,494 the hashing function 938 01:02:11,494 --> 01:02:13,774 uses its Grover's algorithm 939 01:02:13,774 --> 01:02:16,834 versus reversing a public private key 940 01:02:16,834 --> 01:02:17,954 is Shor's algorithm. 941 01:02:18,594 --> 01:02:19,794 And quantum computers handle this 942 01:02:19,794 --> 01:02:21,014 with different levels of efficiency. 943 01:02:21,014 --> 01:02:31,674 There are efficiencies, but it's not the complete catastrophic breakdown of the ability to find the inverse or find the pre-image as it relates to hashes. 944 01:02:32,954 --> 01:02:39,474 So that's kind of what we're talking about now is definitely entering that realm of when people start talking about quantum computers. 945 01:02:39,754 --> 01:02:42,314 Like this is the foundational math we're talking about that would be broken apart. 946 01:02:42,314 --> 01:02:56,754 And what I really want people to just be able to do, and you're not going to do it in this conversation, but I think as we go on the podcast, I want us to be able to say, okay, if there's a risk, let's say it's quantum computers or whatever it is, there's a risk. 947 01:02:56,854 --> 01:02:59,214 It's not like a all or nothing risk. 948 01:02:59,494 --> 01:03:01,674 It's like certain things are exposed. 949 01:03:02,574 --> 01:03:03,294 Certain things are not. 950 01:03:03,554 --> 01:03:05,194 Certain things have easy answers. 951 01:03:05,354 --> 01:03:06,054 Certain things don't. 952 01:03:06,454 --> 01:03:07,594 And that's like the kind of thinking. 953 01:03:07,594 --> 01:03:26,954 And when we start bringing the experts on here to talk about these things, it's like this is what we are building right now is sort of the we're prying apart the nylon threading of the all piece, the all or nothing piece, prying apart a little bit, just then, you know, maybe mixing the glue, breaking up that glue so that we can start to see that there's more. 954 01:03:26,954 --> 01:03:30,634 it's more than all or nothing. And it takes some brainpower and thought and discussion 955 01:03:30,634 --> 01:03:36,034 and a little bit of rigor to pull these things apart so that we can, when we finally have 956 01:03:36,034 --> 01:03:39,494 like the real conversation about this stuff, it can really land. 957 01:03:39,794 --> 01:03:43,294 That's exactly right. We want, we want to be able to serve the audience in a way where 958 01:03:43,294 --> 01:03:49,154 if you listen to like the prerequisite material, which is the podcast, having it somewhat self 959 01:03:49,154 --> 01:03:54,514 contained that when we were, when we have guests on or we have subject matter experts on, um, 960 01:03:54,514 --> 01:04:00,614 you're not starting at a cold start you will have the foundational requisite pieces of the 961 01:04:00,614 --> 01:04:06,074 underlying math to where and to be clear we're also going to be struggling when we get deep into 962 01:04:06,074 --> 01:04:10,594 the technical nuances of the implementation of all this stuff but you'll at least have a life raft 963 01:04:10,594 --> 01:04:16,594 and like a a lifesaver get thrown out to you so that you can if you want to go through the journey 964 01:04:16,594 --> 01:04:24,334 with us you have the foundational pieces laid out um so we have this curve we have this field 965 01:04:24,334 --> 01:04:29,454 of finite math, the way this ultimately works as a starting point, you pick that private key. 966 01:04:30,654 --> 01:04:35,334 That private key is then computed to find the public key. And how do you do that? 967 01:04:35,854 --> 01:04:41,554 This is where we get something called a generator point. And this is kind of what you were just 968 01:04:41,554 --> 01:04:47,174 talking about as it related to finding and completing the loop of the circuit, right? 969 01:04:47,174 --> 01:04:53,614 You take this generator. Basically, if you take a number and throw it into this modular arithmetic, 970 01:04:53,614 --> 01:04:55,934 you can generate children 971 01:04:55,934 --> 01:04:58,014 like you get like a family 972 01:04:58,014 --> 01:05:00,134 of generations of like what you get 973 01:05:00,134 --> 01:05:01,974 and so 974 01:05:01,974 --> 01:05:03,534 you take your private number 975 01:05:03,534 --> 01:05:04,854 you throw it through this function 976 01:05:04,854 --> 01:05:07,934 and you get a new number when you get there 977 01:05:07,934 --> 01:05:09,294 when you put it through 978 01:05:09,294 --> 01:05:10,874 and putting it through there 979 01:05:10,874 --> 01:05:14,014 essentially gives you 980 01:05:14,014 --> 01:05:16,474 a public key that you can go talk about 981 01:05:16,474 --> 01:05:18,274 and I'm going to pause there for a second 982 01:05:18,274 --> 01:05:20,054 because I know in my own standards 983 01:05:20,054 --> 01:05:22,454 that that was not done as cleanly as possible 984 01:05:22,454 --> 01:05:26,234 if you want to take a throw at the generator point and how that works. 985 01:05:26,454 --> 01:05:30,394 I just think the grounding is we're just plotting points in a curve. 986 01:05:30,514 --> 01:05:33,714 We may not be doing it in Euclidean XY coordinates also. 987 01:05:33,994 --> 01:05:42,574 So it's just a – if I go back to the circle analogy, I mean I'm kind of deathly afraid to talk about something called polar coordinates. 988 01:05:42,574 --> 01:05:49,374 But like if you can draw a circle by plotting all the XY points, that gives you X squared plus Y squared equals one. 989 01:05:49,374 --> 01:05:55,354 But there's also another way to view it, which is you can say, I already know the radius is one, right? 990 01:05:55,374 --> 01:06:00,974 And I can pick any point and I can just keep rotating the angle on the x-axis. 991 01:06:00,974 --> 01:06:03,534 I can just rotate that angle, right? 992 01:06:04,154 --> 01:06:08,834 And eventually I'm going to rotate it 360 degrees and have my circle. 993 01:06:09,034 --> 01:06:13,674 I'm going to plot every point just by rotating the angle like a little bit until I have the whole circle. 994 01:06:13,674 --> 01:06:22,914 and then the reason why that is um like sort of relevant is that that gives you the repeatable 995 01:06:22,914 --> 01:06:27,854 that's like the clock math okay eventually you repeat and you just end up plotting the same 996 01:06:27,854 --> 01:06:35,634 points in the same curve and because an eletric curve you're not it's not xy it's not exactly xy 997 01:06:35,634 --> 01:06:41,074 well i guess it is right y cubed equals x yeah it's x squared plus seven so it is xy but but 998 01:06:41,074 --> 01:06:46,674 But the domain is a finite field so that it will keep eventually repeating. 999 01:06:47,874 --> 01:06:51,854 You'll keep cycling through not in order necessarily, right? 1000 01:06:52,034 --> 01:06:52,194 Yep. 1001 01:06:52,854 --> 01:06:55,674 So you have – the generator point is just a point on the curve. 1002 01:06:55,814 --> 01:06:56,234 It's a point. 1003 01:06:56,334 --> 01:06:58,594 It's literally some – we call it G. 1004 01:06:58,594 --> 01:07:00,054 So why is it confusing then? 1005 01:07:00,174 --> 01:07:02,194 This G is an X and a Y. 1006 01:07:02,534 --> 01:07:08,354 G is an XY point that makes Y squared equaled Y cubed plus 7. 1007 01:07:08,354 --> 01:07:13,934 So the G is just a name that contains the X and the Y, right? 1008 01:07:14,034 --> 01:07:22,994 And if you go on any of the Bitcoin GitHub, you can see those massive numbers, the X and Y that give you the public, this G, this big capital G, right? 1009 01:07:23,534 --> 01:07:23,934 That's right. 1010 01:07:24,354 --> 01:07:24,834 That's right. 1011 01:07:25,234 --> 01:07:28,214 And so it's a publicly known point that everyone agrees upon in the network. 1012 01:07:30,914 --> 01:07:32,274 Everything traces back to it. 1013 01:07:32,274 --> 01:07:41,274 If you have a private key, your public key is your private key and adding, taking the 1014 01:07:41,274 --> 01:07:46,274 generator point and adding it to itself, the number of times that number is that your private 1015 01:07:46,274 --> 01:07:46,514 key. 1016 01:07:47,274 --> 01:07:51,674 So just to make it simple, if your private key was one, which would not be secure because 1017 01:07:51,674 --> 01:07:54,634 it's something that is not random and someone would be able to reasonably guess, you take 1018 01:07:54,634 --> 01:07:59,054 the generator point against itself and you get a public key. 1019 01:07:59,054 --> 01:08:09,914 And when you sign and you produce that signature, what you're doing is you're taking the generator point and you're adding to it K times. 1020 01:08:10,174 --> 01:08:11,814 And we'll talk about this too. 1021 01:08:11,894 --> 01:08:14,934 I'm realizing that we may be getting a little bit into nonces. 1022 01:08:14,934 --> 01:08:22,374 I just had another kind of thought here on just what is the significance of a generator point? 1023 01:08:22,374 --> 01:08:31,855 And if you've studied number theory, you've suffered enough to know that not every number generates the whole curve. 1024 01:08:32,434 --> 01:08:32,634 Yes. 1025 01:08:32,734 --> 01:08:39,334 And it's actually – it's a lot of work sometimes to find – like I went through modulo 5. 1026 01:08:39,474 --> 01:08:41,895 I showed you that 2 does generate the whole curve. 1027 01:08:42,334 --> 01:08:44,534 It turns out 3 does too, but 4 doesn't. 1028 01:08:44,634 --> 01:08:49,454 So like if we just go through the exercise, 4 plus 4 is 3. 1029 01:08:50,214 --> 01:08:52,374 Well, maybe I might have just stepped into shit again. 1030 01:08:52,934 --> 01:08:53,474 Maybe it does. 1031 01:08:53,794 --> 01:08:55,355 Four plus four is three, right? 1032 01:08:55,434 --> 01:08:56,214 Three plus four. 1033 01:08:56,294 --> 01:08:56,895 I guess it does. 1034 01:08:57,074 --> 01:08:57,714 Not every number. 1035 01:08:57,934 --> 01:08:59,714 The point is not every number does. 1036 01:08:59,794 --> 01:09:01,654 And it's actually not that easy. 1037 01:09:01,874 --> 01:09:04,254 It's not that easy to find the generator point. 1038 01:09:04,355 --> 01:09:07,134 So it was really important that that's set for everybody. 1039 01:09:07,134 --> 01:09:07,454 Yeah. 1040 01:09:07,674 --> 01:09:11,494 And so the reason why the generator point that was selected is there, 1041 01:09:11,494 --> 01:09:19,534 It is, it was the smallest X coordinate that generates a group of the correct order prime 1042 01:09:19,534 --> 01:09:19,754 N. 1043 01:09:20,734 --> 01:09:26,154 And it's what we call in like the general form of cryptography, nothing up my sleeve numbs. 1044 01:09:26,514 --> 01:09:28,754 And it's deterministic and verifiable. 1045 01:09:29,134 --> 01:09:34,834 It was not cherry picked to hold a random value that was arbitrary that maybe inadvertently 1046 01:09:34,834 --> 01:09:35,754 has a backdoor somewhere. 1047 01:09:36,194 --> 01:09:36,395 Right. 1048 01:09:36,395 --> 01:09:40,614 this is compared to the 1049 01:09:40,614 --> 01:09:42,954 what we talked about earlier with the NIST-P curve 1050 01:09:42,954 --> 01:09:45,054 the generator was derived from an 1051 01:09:45,054 --> 01:09:47,054 unrevealed seed and 1052 01:09:47,054 --> 01:09:49,174 with the reason 1053 01:09:49,174 --> 01:09:51,174 why they picked that number was like hey if we pick this generator 1054 01:09:51,174 --> 01:09:53,074 number and you do this backdoor 1055 01:09:53,074 --> 01:09:55,034 operation you can actually reverse engineer every 1056 01:09:55,034 --> 01:09:57,154 public-private key pair through this generator point 1057 01:09:57,154 --> 01:09:59,114 so the picking and not just of the 1058 01:09:59,114 --> 01:09:59,974 curve and of 1059 01:09:59,974 --> 01:10:03,094 the finite field but the generator point you use 1060 01:10:03,094 --> 01:10:04,374 on the curve is also 1061 01:10:04,374 --> 01:10:07,914 foundational to the security of the entire operation. 1062 01:10:08,634 --> 01:10:13,714 And so what's important about this is that 1063 01:10:13,714 --> 01:10:16,234 with this generator point, 1064 01:10:16,954 --> 01:10:21,494 the entire group that generates it, 1065 01:10:21,614 --> 01:10:23,254 you can get every single point on the curve, 1066 01:10:23,254 --> 01:10:26,414 which means that the full field of all possible outcomes is available. 1067 01:10:27,574 --> 01:10:29,794 And when you keep adding the generator to itself, 1068 01:10:30,054 --> 01:10:33,634 you could just go out to infinity and you will get all of the points. 1069 01:10:34,374 --> 01:10:40,895 And it's important to know it's also like, and I guess everyone should know, I step in shit all the time because I'm not like a, I'm not the mathematician. 1070 01:10:40,895 --> 01:10:41,774 I just engage. 1071 01:10:41,954 --> 01:10:43,214 That's why we got Rob here. 1072 01:10:43,714 --> 01:10:55,094 But, you know, it's, it's important not just to know it generates the whole curve, but like, but you just said, I didn't realize that, that the generator point was the smallest X coordinate. 1073 01:10:55,614 --> 01:11:00,034 So that's like actually also pretty important thing as well. 1074 01:11:00,034 --> 01:11:11,954 And as you wade and slog a little bit more through number theory and abstract algebra, that will, I think, become pretty clear as to why it's important that you know the smallest point. 1075 01:11:12,114 --> 01:11:22,294 That's remarkable that that could be known that we can have a cryptographically secure system and we know the generator point, right? 1076 01:11:22,694 --> 01:11:24,154 We don't have to guess at that. 1077 01:11:24,154 --> 01:11:28,494 And the fact that it really is remarkable. 1078 01:11:28,634 --> 01:11:29,634 I'm sorry for this aside. 1079 01:11:29,634 --> 01:11:41,634 It's not mathematical, but it's remarkable to be able to abstract all of this for, you know, anybody in the Nigerian jungle can use this thing, you know, like it's also abstracted. 1080 01:11:41,694 --> 01:11:51,154 And I think that like we I almost think that human beings have figured out it's abstracted enough for human beings to use much faster than like the Internet was. 1081 01:11:51,254 --> 01:11:51,674 Yep. 1082 01:11:51,674 --> 01:11:58,114 which is partly why we're in this state of like so many people know how well it works and we're 1083 01:11:58,114 --> 01:12:03,134 like what the hell waiting for the world to figure it out right it's because of how freaking 1084 01:12:03,134 --> 01:12:10,855 daftly the math has been extracted for use yes incredibly uh as a force multiplier being able 1085 01:12:10,855 --> 01:12:14,634 to leverage this stuff without knowing all the nuance think about it like you get to have 1086 01:12:14,634 --> 01:12:19,514 ownership because you have something that no one else knows about like you could just literally 1087 01:12:19,514 --> 01:12:25,454 like people say, you could just know 12 words in your head and you have a unique ability to 1088 01:12:25,454 --> 01:12:28,395 leverage all of this cryptography in a way that allows you to touch money. 1089 01:12:30,234 --> 01:12:34,754 And so at the highest level, again, let's say you have a private key. 1090 01:12:35,754 --> 01:12:41,374 You then take the generator point and you add the generator to itself 1091 01:12:41,374 --> 01:12:46,634 the number of times the size of your private key. 1092 01:12:46,634 --> 01:12:53,094 yeah you just keep adding to it just keep adding and in the document there in the document there's a 1093 01:12:53,094 --> 01:12:58,094 there's a function so i think it's called square multiply but it's like there's a method out the 1094 01:12:58,094 --> 01:13:02,154 methodology you've had to do that for really big numbers as you know we've extracted a lot out of 1095 01:13:02,154 --> 01:13:06,254 the document but kind of i would say i would expect motivated people to really go through it and just 1096 01:13:06,254 --> 01:13:12,154 try to learn math and um the arithmetic and do the exercises and stuff absolutely uh for sure 1097 01:13:12,154 --> 01:13:16,514 I definitely recommend as a follow along for this podcast, 1098 01:13:16,614 --> 01:13:19,754 this is more of like a director's cut commentary of the study guide 1099 01:13:19,754 --> 01:13:21,134 is what we're talking about right now. 1100 01:13:22,534 --> 01:13:25,454 So you take this number, your private key, 1101 01:13:25,674 --> 01:13:27,794 you add the generator point to itself that many times. 1102 01:13:27,855 --> 01:13:29,254 The reason why the generator point matters again 1103 01:13:29,254 --> 01:13:32,054 is because it can generate all of the possible values on the curve. 1104 01:13:32,534 --> 01:13:34,594 And remember, the curve, the sideways bell curve, 1105 01:13:34,634 --> 01:13:37,834 is actually a series of points that are just dotted along, 1106 01:13:37,994 --> 01:13:39,054 mapping across this function. 1107 01:13:39,054 --> 01:13:43,895 and you are able to ultimately get a point, 1108 01:13:43,974 --> 01:13:44,934 another point on the curve. 1109 01:13:44,994 --> 01:13:48,134 And that point on the curve is your public key. 1110 01:13:48,254 --> 01:13:49,414 So you almost have this machine 1111 01:13:49,414 --> 01:13:50,794 where you put in a number, 1112 01:13:51,434 --> 01:13:53,174 you add the number to itself, 1113 01:13:53,594 --> 01:13:55,114 the generator point number to itself, 1114 01:13:55,294 --> 01:13:57,774 the number of times that is the number of your private key. 1115 01:13:57,954 --> 01:13:59,794 You get a new point on the curve 1116 01:13:59,794 --> 01:14:00,855 that is not deterministic 1117 01:14:00,855 --> 01:14:02,654 or it's not like the point next to it. 1118 01:14:02,654 --> 01:14:05,614 And you can't apply an easy mathematical concept 1119 01:14:05,614 --> 01:14:08,334 to be able to reverse engineer where that came from. 1120 01:14:08,334 --> 01:14:10,994 But you have a now point on the curve, which is the public key. 1121 01:14:12,034 --> 01:14:15,214 And that public key is where people can send you money, right? 1122 01:14:15,274 --> 01:14:18,714 That public key maps to a hash, which maps to an address. 1123 01:14:19,355 --> 01:14:25,274 Now, the beautiful thing now is if you send me money to this public key that I give you, 1124 01:14:25,334 --> 01:14:28,794 which gets abstracted into an address, how do I prove my ownership? 1125 01:14:29,874 --> 01:14:33,534 And you can do this without ever revealing your original private key. 1126 01:14:34,395 --> 01:14:37,014 You know a secret, which is your private key. 1127 01:14:37,014 --> 01:14:39,574 and you know where it lands on the curve. 1128 01:14:39,874 --> 01:14:41,474 And you need to convince everyone 1129 01:14:41,474 --> 01:14:43,395 that you know the secret without giving the secret. 1130 01:14:44,395 --> 01:14:45,855 And then this is what you do. 1131 01:14:46,514 --> 01:14:48,634 You provide a second secret. 1132 01:14:49,034 --> 01:14:54,414 This is called a nonce, number only used once, a nonce. 1133 01:14:54,935 --> 01:14:56,194 And with that nonce- 1134 01:14:56,194 --> 01:14:57,534 I like to think it's almost nonsense. 1135 01:14:58,214 --> 01:14:58,855 That's right. 1136 01:14:59,154 --> 01:15:00,794 But you have to pick an additional, 1137 01:15:01,034 --> 01:15:02,834 you bring a one-time secret. 1138 01:15:03,214 --> 01:15:05,594 A nonce is a only used once, it's a one-time secret. 1139 01:15:05,674 --> 01:15:06,594 So you have your permanent secret, 1140 01:15:06,594 --> 01:15:07,414 which is the private key. 1141 01:15:07,694 --> 01:15:09,094 And then you have this nonce. 1142 01:15:09,614 --> 01:15:11,514 And what you do is you pick a fresh nonce. 1143 01:15:11,554 --> 01:15:12,315 And I'll get to it in a second. 1144 01:15:12,374 --> 01:15:13,174 This is actually really important. 1145 01:15:13,935 --> 01:15:15,054 You pick a fresh nonce 1146 01:15:15,054 --> 01:15:21,114 and you bounce into the generator that many times. 1147 01:15:22,114 --> 01:15:22,474 Yeah. 1148 01:15:23,114 --> 01:15:24,594 It's like a test multiplier. 1149 01:15:24,895 --> 01:15:25,074 Yeah. 1150 01:15:25,834 --> 01:15:26,154 Yep. 1151 01:15:26,294 --> 01:15:27,234 And then what you do, 1152 01:15:27,514 --> 01:15:30,174 yeah, so you pick a random number as a one-time use. 1153 01:15:30,414 --> 01:15:32,634 And I'll get into how that gets actually picked in a second. 1154 01:15:32,694 --> 01:15:33,234 It's really important. 1155 01:15:33,234 --> 01:15:35,234 you then 1156 01:15:35,234 --> 01:15:37,574 you take this random number 1157 01:15:37,574 --> 01:15:38,514 this nonce 1158 01:15:38,514 --> 01:15:40,815 you put it to the generator point 1159 01:15:40,815 --> 01:15:43,634 and you create a challenge by hashing 1160 01:15:43,634 --> 01:15:45,494 together your 1161 01:15:45,494 --> 01:15:47,654 signature and the original public key 1162 01:15:47,654 --> 01:15:49,014 and the transaction message 1163 01:15:49,014 --> 01:15:51,594 and you can combine these 1164 01:15:51,594 --> 01:15:53,214 together and show that the secret 1165 01:15:53,214 --> 01:15:55,634 equals this 1166 01:15:55,634 --> 01:15:57,534 combination of the transaction 1167 01:15:57,534 --> 01:15:59,774 message and your public key and the nonce 1168 01:15:59,774 --> 01:16:01,654 now there are 1169 01:16:01,654 --> 01:16:09,574 like five things that I just want to very quickly explain here. One, the nonce, just like your 1170 01:16:09,574 --> 01:16:17,154 private key has to be random. Now, there is a beautiful deterministic way that is standard 1171 01:16:17,154 --> 01:16:23,554 for how you actually derive this deterministic nonce. You basically pick a number that is related 1172 01:16:23,554 --> 01:16:28,974 to the transaction message itself. And what do I mean by that? So now we're going to take a half 1173 01:16:28,974 --> 01:16:35,054 step away from math and just explain how Bitcoin works. When you provide a signature, what you're 1174 01:16:35,054 --> 01:16:43,594 doing is you're actually signing a hash. Now, what is that hash? What does that mean? What does that 1175 01:16:43,594 --> 01:16:50,855 mean, signing a hash? I actually really do feel like there are people that with this Nod's thing 1176 01:16:50,855 --> 01:16:56,574 are lost to see already. Let's start at the basic thing. I want to send you Bitcoin. 1177 01:16:56,574 --> 01:17:01,694 I have my transaction data for my UTXOs and I want to send a Bitcoin to you. 1178 01:17:02,734 --> 01:17:05,594 That is like, I view this as like you're writing a check. 1179 01:17:05,815 --> 01:17:12,774 I'm going to the bank of Bitcoin and I'm saying, hey, I want to send fundamentals, one Bitcoin to this address. 1180 01:17:14,474 --> 01:17:19,034 And now the question is, is what you can do is you can take that check that hasn't been signed yet. 1181 01:17:20,895 --> 01:17:24,674 All of the encoding transaction data and you can hash it. 1182 01:17:24,674 --> 01:17:31,094 so rather like you don't sign like you can hash anything you can literally hash anything you can 1183 01:17:31,094 --> 01:17:36,574 literally hash anything and you will always get some ramp pseudo right like you will get a random 1184 01:17:36,574 --> 01:17:40,895 what you'll get a random functions are called cryptographic one-way hash functions the reason 1185 01:17:40,895 --> 01:17:45,234 why they're one-way hash functions is i could take the word dog and it'll look like a bunch 1186 01:17:45,234 --> 01:17:49,954 of gobbledygook but anyone else in the world can take the word dog and get the same exact 1187 01:17:49,954 --> 01:17:56,194 gobbledygook. And from that gobbledygook output, you cannot infer what the original pre-image is 1188 01:17:56,194 --> 01:18:02,274 by just looking at it. The interjection here is that hashes are just as useful 1189 01:18:02,274 --> 01:18:09,514 just operationally as they are cryptographically. Because you can take literally anything in the 1190 01:18:09,514 --> 01:18:15,214 world, throw it into a hash function, and it'll look the same. It'll look like the same object. 1191 01:18:15,214 --> 01:18:23,514 And so that's extremely useful for indexing if you think about databases and we get into that. 1192 01:18:23,714 --> 01:18:38,674 So like just hash as a tool is as much for obfuscation as it is for staging the next operation because you're getting a very standard input into the next thing. 1193 01:18:39,294 --> 01:18:39,654 Absolutely. 1194 01:18:40,315 --> 01:18:40,594 Right. 1195 01:18:40,674 --> 01:18:45,114 And so, and just one quick example of why hashes are useful is if you're, they're often 1196 01:18:45,114 --> 01:18:47,054 used in the background, you don't even realize it for security. 1197 01:18:47,054 --> 01:18:52,234 If I'm writing software, I write my software and I say, hit compile, and then I can take 1198 01:18:52,234 --> 01:18:54,494 the binary of my code and I can hash it. 1199 01:18:54,734 --> 01:18:57,974 And then I can say like, Hey, this is the official hash for my software. 1200 01:18:58,114 --> 01:19:02,054 So if you download my software and it doesn't match this hash, someone messed with your 1201 01:19:02,054 --> 01:19:02,794 system, right? 1202 01:19:02,794 --> 01:19:05,174 Like that's a very simple example because it's a hash. 1203 01:19:05,274 --> 01:19:06,554 I also look at it as like a fingerprint. 1204 01:19:06,554 --> 01:19:12,794 it is a unique fingerprint for some bit of data so i like to think of it as a you're holding the 1205 01:19:12,794 --> 01:19:20,194 needle in the haystack yeah yeah now you're like this specific hash means something to me and you 1206 01:19:20,194 --> 01:19:24,654 could prove by revealing the pre-image which is what you put into the hash function is a pre-image 1207 01:19:24,654 --> 01:19:29,974 before you do the hash that um what that data is so i have this transit bitcoin transaction 1208 01:19:29,974 --> 01:19:34,834 think of it like a check i rob in sending one bitcoin from this utxo to fundamentals 1209 01:19:34,834 --> 01:19:36,914 and I haven't signed it yet, 1210 01:19:36,974 --> 01:19:38,494 but I now have this data. 1211 01:19:38,494 --> 01:19:39,214 Go ahead and sign it, please. 1212 01:19:39,315 --> 01:19:39,654 Thank you. 1213 01:19:40,034 --> 01:19:41,094 And then when I sign it, 1214 01:19:41,435 --> 01:19:44,094 what I do is I don't sign that big blob of data. 1215 01:19:44,694 --> 01:19:47,274 I take the entire check of the metadata 1216 01:19:47,274 --> 01:19:51,094 of the transaction and I hash it. 1217 01:19:52,094 --> 01:19:52,574 So now I'm, 1218 01:19:52,754 --> 01:19:55,395 and rather than signing a very large bit of data 1219 01:19:55,395 --> 01:19:56,774 that could be really, really big, 1220 01:19:56,974 --> 01:19:58,754 like Bitcoin transaction could be up to four megabytes, 1221 01:19:58,834 --> 01:20:00,494 rather than doing a signing operation 1222 01:20:00,494 --> 01:20:01,494 across four megabytes, 1223 01:20:02,134 --> 01:20:02,935 I do a hash 1224 01:20:02,935 --> 01:20:05,054 and now it's a 256 bit number. 1225 01:20:06,454 --> 01:20:07,074 SHA-256. 1226 01:20:07,234 --> 01:20:08,194 Which now is small. 1227 01:20:08,315 --> 01:20:09,534 Which now is a small number. 1228 01:20:09,774 --> 01:20:10,634 Which is a small number 1229 01:20:10,634 --> 01:20:13,294 in the context of doing this multiplication 1230 01:20:13,294 --> 01:20:16,154 because that's ultimately what a signature is. 1231 01:20:16,194 --> 01:20:17,435 It's a multiplication operation 1232 01:20:17,435 --> 01:20:19,714 of adding itself to the field generator 1233 01:20:19,714 --> 01:20:21,014 because if you... 1234 01:20:21,014 --> 01:20:22,435 And again, we're talking about addition. 1235 01:20:22,554 --> 01:20:23,194 What do you mean multiplication? 1236 01:20:23,474 --> 01:20:24,435 Well, if you're taking a number 1237 01:20:24,435 --> 01:20:26,654 and then you're multiplying it, 1238 01:20:27,574 --> 01:20:29,774 you're adding to itself a certain amount of times. 1239 01:20:30,454 --> 01:20:31,694 Like if my generator point is five, 1240 01:20:31,694 --> 01:20:34,794 if G plus G plus G plus G plus G five times, 1241 01:20:34,874 --> 01:20:36,954 that's just G times five, right? 1242 01:20:36,954 --> 01:20:38,254 So that's what we're talking about here 1243 01:20:38,254 --> 01:20:38,935 with multiplication. 1244 01:20:39,494 --> 01:20:40,355 This is the beauty. 1245 01:20:40,574 --> 01:20:42,435 If I know a number, right? 1246 01:20:42,994 --> 01:20:43,895 That's my private key. 1247 01:20:44,214 --> 01:20:45,395 I map it to this public key 1248 01:20:45,395 --> 01:20:46,594 by going through the generator point. 1249 01:20:47,194 --> 01:20:48,234 I now have a Bitcoin address. 1250 01:20:48,374 --> 01:20:49,734 You send me Bitcoin to that address. 1251 01:20:49,935 --> 01:20:52,014 It's now time for me to prove that I own it. 1252 01:20:52,395 --> 01:20:54,214 What I do is I write a Bitcoin transaction 1253 01:20:54,214 --> 01:20:56,614 with all of the requisite metadata 1254 01:20:56,614 --> 01:20:57,855 making sure it informs consensus. 1255 01:20:58,355 --> 01:20:59,274 I then hash it. 1256 01:20:59,574 --> 01:21:01,395 So I collapse all of that data into a number. 1257 01:21:01,694 --> 01:21:06,355 So now I have this message that I'm signing, which is the Bitcoin transaction. 1258 01:21:06,994 --> 01:21:27,674 You then take a new random number, and I'm about to get right to, and then what you do is you throw that through the generator point, and you can take an output, and you can show that, hey, this signature, which is the multiplication through the generator point with my nonce, maps to my signed message to this public key. 1259 01:21:27,674 --> 01:21:35,954 and how the hell do you even pick what your nonce is because you could pick the number three but 1260 01:21:35,954 --> 01:21:40,994 then if someone's able to kind of if you you have problems if someone can actually find out what your 1261 01:21:40,994 --> 01:21:51,694 nonce is and ultimately this is where it gets into deterministic nonces uh but like you know 1262 01:21:51,694 --> 01:21:53,094 just to land the plane though, 1263 01:21:53,714 --> 01:21:58,395 it's that one multiple of your private key 1264 01:21:58,395 --> 01:22:01,074 and another multiple of your private key 1265 01:22:01,074 --> 01:22:04,355 are going to be able to sort of reconcile. 1266 01:22:04,994 --> 01:22:05,474 Yes. 1267 01:22:05,474 --> 01:22:05,634 Right. 1268 01:22:06,054 --> 01:22:07,014 To the public key. 1269 01:22:07,395 --> 01:22:07,974 You're able to do a little... 1270 01:22:07,974 --> 01:22:09,034 For the public key, right. 1271 01:22:09,514 --> 01:22:12,014 You're able to do a bunch of private key operations 1272 01:22:12,014 --> 01:22:14,514 and show that they relate to the public key 1273 01:22:14,514 --> 01:22:16,034 without revealing the private key itself. 1274 01:22:16,435 --> 01:22:16,774 Yeah. 1275 01:22:16,834 --> 01:22:18,974 It's kind of like if you remember in seventh grade 1276 01:22:18,974 --> 01:22:20,834 when you learned Y equals MX plus B. 1277 01:22:20,834 --> 01:22:27,554 right you say oh if i know the slope and i know a point on the curve i can draw the whole line 1278 01:22:27,554 --> 01:22:33,174 or if i know two points in the curve i could draw the whole line and it's like um 1279 01:22:33,174 --> 01:22:39,714 that it's it feels to me like that type of that that just like that type of abstraction 1280 01:22:39,714 --> 01:22:46,414 yeah right where at least on the public line i can verify right i can sort of verify that i can 1281 01:22:46,414 --> 01:22:52,174 we can all generate, you know, we can generate the public line with this, with this information. 1282 01:22:52,435 --> 01:22:59,355 Yeah. So now for the nonce specifically, how do you pick one? There is a spec called RFC request 1283 01:22:59,355 --> 01:23:05,454 for comment 6979. And it's how you can deterministically, whenever you're doing 1284 01:23:05,454 --> 01:23:11,794 elliptic curve math operations, you can get a true, like basically a random nonce that an attacker 1285 01:23:11,794 --> 01:23:12,734 would not be able to derive. 1286 01:23:12,874 --> 01:23:14,194 And what it ultimately is, 1287 01:23:14,734 --> 01:23:18,334 your nonce is basically a hash 1288 01:23:18,334 --> 01:23:22,274 of your private key and the message. 1289 01:23:22,514 --> 01:23:24,435 So you're taking information no one else has. 1290 01:23:24,494 --> 01:23:25,815 You're the only one with the private key. 1291 01:23:26,454 --> 01:23:27,974 And you take that private key 1292 01:23:27,974 --> 01:23:30,094 and you smush it together with the message 1293 01:23:30,094 --> 01:23:31,714 that you're signing, the Bitcoin transaction. 1294 01:23:32,054 --> 01:23:34,474 You smash those together and then you hash it. 1295 01:23:35,774 --> 01:23:36,734 And that gives you a number. 1296 01:23:37,634 --> 01:23:38,594 It's a hash and a hash. 1297 01:23:38,674 --> 01:23:39,594 And the reason why this is important 1298 01:23:39,594 --> 01:23:41,634 is because since no one else knows your private key, 1299 01:23:41,794 --> 01:23:45,435 they aren't able to be able to reasonably reverse engineer what your private key is. 1300 01:23:45,435 --> 01:23:51,315 And also, if you use the same Bitcoin public address, if you reuse your address, 1301 01:23:51,395 --> 01:23:52,754 you have to reuse your private key. 1302 01:23:53,034 --> 01:23:54,654 You do not want to reuse your nonce. 1303 01:23:54,994 --> 01:23:57,654 And that's why you're deterministically linking your private key 1304 01:23:57,654 --> 01:24:02,395 with the specific metadata you're signing to make sure that no one is ever able to do that. 1305 01:24:02,794 --> 01:24:05,294 And when you throw into the hash function, you're going to get a unique value 1306 01:24:05,294 --> 01:24:08,834 that no one else is going to be able to start with, which is when you do a SHA-256 hash, 1307 01:24:08,834 --> 01:24:11,094 and say number between zero and two to the 256, 1308 01:24:11,414 --> 01:24:13,254 which again, all ties together 1309 01:24:13,254 --> 01:24:14,454 why we use that number for the curve. 1310 01:24:15,355 --> 01:24:17,815 I think we might've missed a little bit of context 1311 01:24:17,815 --> 01:24:21,654 slightly in so far as I think we spent a lot of time 1312 01:24:21,654 --> 01:24:24,014 on why the private key works 1313 01:24:24,014 --> 01:24:25,154 and generates the whole curve. 1314 01:24:26,174 --> 01:24:27,534 The context we might've missed is 1315 01:24:27,534 --> 01:24:29,574 once we go into the public space, 1316 01:24:29,734 --> 01:24:32,014 which Bitcoin requires you to do, 1317 01:24:32,234 --> 01:24:33,574 and it's the why Bitcoin works, 1318 01:24:33,574 --> 01:24:35,315 that you start moving out of your, 1319 01:24:35,315 --> 01:24:40,294 you move into a, into the public square, right? 1320 01:24:40,614 --> 01:24:41,355 The Bitcoin box. 1321 01:24:41,454 --> 01:24:44,114 And now you're moving, you know, in order to operate, right? 1322 01:24:44,114 --> 01:24:50,435 Because you can send, you can send money to yourself all you want without really, you 1323 01:24:50,435 --> 01:24:54,315 know, you can send, you know, in order to change is when you're in public though. 1324 01:24:54,395 --> 01:24:58,014 In order to move Bitcoin, you have to now go to this public square called the Bitcoin 1325 01:24:58,014 --> 01:25:02,734 blockchain, this public place that like the PO box that everyone can see through. 1326 01:25:02,734 --> 01:25:05,435 You have to actually go there and interact. 1327 01:25:06,294 --> 01:25:10,134 And like in the Y equals MX plus B example, right? 1328 01:25:11,114 --> 01:25:17,134 What you want to do is you want to give that second point and draw the line without revealing what your first point is. 1329 01:25:17,355 --> 01:25:18,054 That's like the key. 1330 01:25:18,174 --> 01:25:26,794 Now what you're really worried about is giving any information that reveals what your private key is, what your private number is. 1331 01:25:27,214 --> 01:25:31,935 You don't want to reveal any of that with anything you expose. 1332 01:25:31,935 --> 01:25:33,554 And that's what Rob is talking about. 1333 01:25:33,674 --> 01:25:35,994 That's what the nonce does. 1334 01:25:36,334 --> 01:25:38,374 In other words, you have to provide something. 1335 01:25:38,954 --> 01:25:42,895 You can actually provide your own private key to make the whole thing work. 1336 01:25:43,274 --> 01:25:44,474 You don't want to do that. 1337 01:25:44,954 --> 01:25:45,554 Technically, you could. 1338 01:25:45,754 --> 01:25:47,154 Your nonce could be your private key. 1339 01:25:48,114 --> 01:25:50,654 Technically, you could. 1340 01:25:50,994 --> 01:25:52,174 You don't want to do that. 1341 01:25:52,614 --> 01:25:57,054 But when you're talking about entering the public square, you have to enter the game theory of hostile actors. 1342 01:25:57,054 --> 01:26:04,554 And you need to understand that within a contained system, talking to yourself, you can have certain trust assumptions, but you have to be trustless when you enter the public square. 1343 01:26:04,895 --> 01:26:05,014 That's right. 1344 01:26:05,074 --> 01:26:14,974 And that's why all of these requisite little pieces are designed in such a way with the assumption of if you can keep your private key private, you can prove ownership without compromising the secret. 1345 01:26:15,534 --> 01:26:16,754 And that's how this all works, right? 1346 01:26:17,154 --> 01:26:21,714 That's why I just want to address why are we talking – what the hell – all of a sudden you introduced this thing called a nonce. 1347 01:26:21,815 --> 01:26:23,974 And like why is that – why are we doing that? 1348 01:26:23,974 --> 01:26:32,774 The reason why is you need to provide subsequent data to the Bitcoin blockchain, proving you know what that private key is without revealing it. 1349 01:26:33,114 --> 01:26:44,731 So in theory if someone just sent me Bitcoin and I never spend it I just gave them a public key and I never spent it then nothing really matters then because I never at any point in the future come back to prove ownership of that information 1350 01:26:45,492 --> 01:26:52,032 But basically, spending Bitcoin is proving that you know a private key, that you know a number. 1351 01:26:52,571 --> 01:26:53,472 That's all it is. 1352 01:26:53,872 --> 01:26:56,811 All of the Bitcoin, everything is, I know a number. 1353 01:26:57,452 --> 01:26:57,591 That's right. 1354 01:26:57,591 --> 01:26:58,472 That's all. 1355 01:26:58,771 --> 01:27:05,552 So the reason why you need a nonce is when you go to the network, you went to it the first time when you gave it the public key. 1356 01:27:05,631 --> 01:27:07,512 You did your transformation from your private key to a public key. 1357 01:27:07,731 --> 01:27:11,591 That was your first time you revealed information to the network saying you can send me money here. 1358 01:27:11,952 --> 01:27:22,771 Now, when it's time for you to prove that you own it, you need to do an additional operation that shows that you own, that you know the number that belong, that private key. 1359 01:27:23,252 --> 01:27:24,972 But you don't want to reveal the private key. 1360 01:27:24,972 --> 01:27:30,111 So you need to do a new mathematical proof, basically, of I understand this information. 1361 01:27:30,231 --> 01:27:36,552 And you don't want to – it's like you just don't want to unintentionally reveal the private – did you ever watch The Wire? 1362 01:27:37,271 --> 01:27:37,532 Yes. 1363 01:27:37,932 --> 01:27:38,211 Okay. 1364 01:27:38,352 --> 01:27:53,912 So I'm thinking – I want to say that season four opens with this scene where Prez Beluski is leading the class and he's asking – this class is so disengaged and he's doing some basic math problem. 1365 01:27:53,912 --> 01:28:04,532 It's almost like he's being – I don't know what the word is, but like really kind of pathetically trying to relate to these kids. 1366 01:28:04,752 --> 01:28:12,432 So he's like, oh, let me put it in terms you understand and like this drug dealer does this – he collects this much money. 1367 01:28:12,651 --> 01:28:16,872 And he's like trying to really reach these kids really hard and no one's listening. 1368 01:28:17,872 --> 01:28:23,792 And he has these four answers on the board and he's asking the question like what's the answer? 1369 01:28:23,912 --> 01:28:29,992 And one of the kids with that almost like Gauss surprising the teacher, like doesn't do any work and just answers the question. 1370 01:28:30,292 --> 01:28:31,711 And he's like, how did you know? 1371 01:28:31,711 --> 01:28:36,392 And he had all these chalk marks because he kept pointing to the right answer as he was asking the question. 1372 01:28:36,711 --> 01:28:38,412 And the kid's just like the dinks. 1373 01:28:38,591 --> 01:28:39,972 That answer has all the dinks. 1374 01:28:41,231 --> 01:28:51,052 And it's like he like he's unintentionally revealing the answer by trying to get the job that he's trying to get done. 1375 01:28:51,052 --> 01:28:53,872 And he's unintentionally revealing the actual answer. 1376 01:28:53,912 --> 01:29:16,052 And that's what we're trying to – that's why we use annonce to avoid – you're showing a point on that elliptic curve and you want to make sure your eyes are not on your private key and anyone can figure out what your private key is when you decide to show a point on that curve in public. 1377 01:29:16,651 --> 01:29:17,091 Right. 1378 01:29:17,091 --> 01:29:19,552 Because the signature, you have to present publicly. 1379 01:29:19,552 --> 01:29:23,591 So the integrity, and since it's public, anyone can look at it. 1380 01:29:23,671 --> 01:29:28,691 So you need to have a secure way in revealing that public message that doesn't compromise your private key. 1381 01:29:29,372 --> 01:29:29,792 And so- 1382 01:29:29,792 --> 01:29:30,552 You don't want to show the dinks. 1383 01:29:31,332 --> 01:29:31,532 Right. 1384 01:29:31,691 --> 01:29:32,372 Yeah, exactly. 1385 01:29:32,771 --> 01:29:34,972 And so you have this signature. 1386 01:29:35,832 --> 01:29:48,611 And what you're able to do mathematically is you could look at the signature and you can do a little bit of algebra, which we can get into, but you could do a little bit of algebra and say, with this signature, it's related to this public key. 1387 01:29:49,552 --> 01:29:57,332 and you're able to prove the signature is linked to the public key in which the money was sent to 1388 01:29:57,332 --> 01:30:07,171 and i mean it's somewhat elegant insofar as like how it all works um like a sniper 1389 01:30:07,171 --> 01:30:10,972 it's very hard for a sniper to get a shot off without revealing its position 1390 01:30:13,071 --> 01:30:16,271 yes right so like they're very judicious because they know they're going to reveal 1391 01:30:16,271 --> 01:30:21,992 their position and you know that's the thing about bitcoin is like you want to be able to spend 1392 01:30:21,992 --> 01:30:28,771 to move at utxo without revealing the secret that that gave it to you that's the whole point of 1393 01:30:28,771 --> 01:30:33,691 public key cryptography here right but but this is in the operation so like this isn't the thing 1394 01:30:33,691 --> 01:30:38,512 you're going to find in a math book what you're this is the thing that actually is going to um 1395 01:30:38,512 --> 01:30:44,131 i think jimmy song did a really good job on this one thing of showing the math as to why if you do 1396 01:30:44,131 --> 01:30:53,111 actually give away this nonce you're screwed like it's it's actually trivially easy and it is a and 1397 01:30:53,111 --> 01:30:59,792 it is a y equals mx plus b it is that simple to just now find your find your private key if you 1398 01:30:59,792 --> 01:31:04,852 do so if you do this so it's an important it's an important pile of shit not to step into 1399 01:31:04,852 --> 01:31:10,651 absolutely yeah and so like working through the chain i'm going to go through it at a high level 1400 01:31:10,651 --> 01:31:15,832 here, you have this Bitcoin transaction because you want to spend your Bitcoin. That's basically 1401 01:31:15,832 --> 01:31:23,211 a message that you broadcast to the network. You hash that. You now have this hash of a message. 1402 01:31:23,631 --> 01:31:28,532 And what you do is you take that hash of a message and combine it with your private key, 1403 01:31:28,952 --> 01:31:33,231 because no one else knows what your private key is, and you hash it. So now you have like a, 1404 01:31:33,651 --> 01:31:38,972 you now have a number that exists on the curve that no one else knows what it is. 1405 01:31:38,972 --> 01:31:48,651 Because to be able to get to that point without randomly guessing all possible numbers, you would need that private – that your private key. 1406 01:31:49,372 --> 01:31:53,832 Now, that then gives you your deterministic nonce. 1407 01:31:54,252 --> 01:32:08,512 And you would say that the nonce point that you're starting with is the generator that you're putting numbers in through the equation plus your nonce, your number only using once, which is this combined number of your private key in the message. 1408 01:32:08,512 --> 01:32:15,372 Yeah. And so now you now have a challenge that's called in cryptography. 1409 01:32:15,372 --> 01:32:19,231 The challenge is proving that, Hey, can you prove to me you own this? 1410 01:32:19,492 --> 01:32:21,972 Like, you know, the private key corresponding to this public key. 1411 01:32:22,191 --> 01:32:26,071 And that ultimately is a hash of all of this together. 1412 01:32:26,552 --> 01:32:33,472 The nonce point, the message and your original, you know, 1413 01:32:33,472 --> 01:32:39,372 it's the combination of both the hash of your nonce point this random number you're only using 1414 01:32:39,372 --> 01:32:45,512 once the hash is like making soup right what does it takes any data and it collapses it to the field 1415 01:32:45,512 --> 01:32:49,372 of the prime numbers that the curve operates on there's a reason because remember we this goes 1416 01:32:49,372 --> 01:32:53,332 back all the way to the beginning we're talking about like modular arithmetic it's this two to 1417 01:32:53,332 --> 01:33:01,352 the 256 minus two to the 232 minus 977 is a prime number which encompasses all that that when you 1418 01:33:01,352 --> 01:33:04,832 apply it onto a field, you will always get something within there. 1419 01:33:04,952 --> 01:33:06,631 But you can't guess the recipe of the soup. 1420 01:33:07,151 --> 01:33:07,372 No. 1421 01:33:07,512 --> 01:33:08,332 You can only know. 1422 01:33:09,111 --> 01:33:10,992 And that is really where you're getting it now. 1423 01:33:11,191 --> 01:33:14,731 So hashing is like, okay, we're going to make soup with the knots. 1424 01:33:15,532 --> 01:33:15,771 Yep. 1425 01:33:15,952 --> 01:33:18,452 You're collapsing it into the field of the curve. 1426 01:33:19,111 --> 01:33:25,052 Because SHA-256, what you're hashing this with is two to the 256 possible opportunities, 1427 01:33:25,171 --> 01:33:26,571 which is the opportunity size of the curve. 1428 01:33:26,631 --> 01:33:30,912 So you're collapsing any data whatsoever to be able to be mapped onto this field. 1429 01:33:31,352 --> 01:33:34,352 The sideways bell curve with a bunch of little points for all of the pieces. 1430 01:33:34,611 --> 01:33:34,731 Yeah. 1431 01:33:35,151 --> 01:33:37,392 Now you have your hash message, 1432 01:33:37,472 --> 01:33:38,332 which is the transaction. 1433 01:33:38,332 --> 01:33:41,671 You get your deterministic nonce by smashing it together with your public key. 1434 01:33:42,032 --> 01:33:42,811 And then when you hash it, 1435 01:33:42,872 --> 01:33:44,512 you just roll it to a random, 1436 01:33:44,671 --> 01:33:45,932 like a number on the curve that only, 1437 01:33:46,052 --> 01:33:46,332 you know, 1438 01:33:46,591 --> 01:33:47,912 so you now have two numbers that only, 1439 01:33:48,032 --> 01:33:48,271 you know, 1440 01:33:48,532 --> 01:33:49,191 the nonce, 1441 01:33:49,512 --> 01:33:54,271 which is derived in part from your private key and your private key. 1442 01:33:54,631 --> 01:33:56,372 You then have this challenge statement. 1443 01:33:56,792 --> 01:33:59,332 And what you're able to do is combine a signature where you combine the 1444 01:33:59,332 --> 01:34:04,752 the challenge statement plus your nonce times your private key that many generation points 1445 01:34:04,752 --> 01:34:05,012 through. 1446 01:34:05,392 --> 01:34:07,191 And you now have a signature. 1447 01:34:07,651 --> 01:34:14,252 And that signature has two points, R and S, basically, because at any point on the curve, 1448 01:34:14,332 --> 01:34:15,711 there's going to be like the two points. 1449 01:34:16,832 --> 01:34:22,292 And this signature, what you can do with it for verification, this is what's so beautiful, 1450 01:34:22,671 --> 01:34:28,211 is you can take this signature and you're able to basically take the R and the S values 1451 01:34:28,211 --> 01:34:28,771 in the signature. 1452 01:34:30,792 --> 01:34:32,492 For a second, let's just say like... 1453 01:34:32,492 --> 01:34:33,392 So we're off the curve. 1454 01:34:33,591 --> 01:34:35,752 I want to do this a little slower here, I think. 1455 01:34:35,972 --> 01:34:37,091 We're off the curve now. 1456 01:34:37,432 --> 01:34:41,191 Once you hash, once you do the hash... 1457 01:34:41,191 --> 01:34:41,892 You're on the curve. 1458 01:34:42,311 --> 01:34:42,792 You're on, yeah. 1459 01:34:42,932 --> 01:34:45,211 Because even a hash of... 1460 01:34:47,071 --> 01:34:49,552 So you're saying the hash function still guesses, 1461 01:34:49,872 --> 01:34:51,952 still puts, the result of the hash function 1462 01:34:51,952 --> 01:34:52,972 is still a point on the curve. 1463 01:34:53,472 --> 01:34:53,811 Yes. 1464 01:34:54,032 --> 01:34:56,111 So the curve is closed under hashing. 1465 01:34:56,111 --> 01:35:00,052 any data that you hash with SHA-256 will live on the curve. 1466 01:35:00,372 --> 01:35:01,432 And that's why you hash things. 1467 01:35:01,492 --> 01:35:02,111 So then- 1468 01:35:02,111 --> 01:35:03,571 To be able to make the mathematical transformation. 1469 01:35:03,952 --> 01:35:05,912 And so you still, so when you hash something, 1470 01:35:05,912 --> 01:35:12,992 you still have an XY coordinate that lives on the curve. 1471 01:35:14,671 --> 01:35:15,151 Yes. 1472 01:35:15,271 --> 01:35:15,452 Right? 1473 01:35:16,071 --> 01:35:18,031 So what is all, you just then said, 1474 01:35:18,252 --> 01:35:19,292 but then you have all, 1475 01:35:19,671 --> 01:35:22,131 this is why I was maybe just introducing 1476 01:35:22,131 --> 01:35:24,912 the idea of Apollo coordinates showing the same thing. 1477 01:35:24,912 --> 01:35:29,952 thing is this what is like is that is that what's happening now whereas we actually know 1478 01:35:29,952 --> 01:35:35,071 we have different dimension of what makes the curve we're not looking at an xy anymore 1479 01:35:35,071 --> 01:35:40,892 now we're looking at two different components that essentially build the same thing yep 1480 01:35:40,892 --> 01:35:46,271 yes personally this is where i found it super confusing it's like what's r and s now 1481 01:35:46,271 --> 01:35:50,691 no so this is interesting right so r being the actual like signed output proving the message 1482 01:35:50,691 --> 01:35:56,131 S is actually a point on the curve that's kind of hiding your private key. 1483 01:35:56,792 --> 01:36:00,372 And the reason why it's hiding it is because you use a deterministic non so people can't 1484 01:36:00,372 --> 01:36:00,872 reverse engineer. 1485 01:36:01,252 --> 01:36:05,332 If you wrote, if you rolled your own cryptography by hand and you're like, I'm just going to 1486 01:36:05,332 --> 01:36:08,052 always multiply by 12, right? 1487 01:36:08,052 --> 01:36:11,852 And then someone could start looking at your S values and start just walking through random 1488 01:36:11,852 --> 01:36:14,171 field operations and be like, oh, I found the private key. 1489 01:36:14,571 --> 01:36:19,031 And that's why you need a random number for this one time use to sign the data. 1490 01:36:19,031 --> 01:36:21,932 and that random number is tied to the message you're signing 1491 01:36:21,932 --> 01:36:25,512 because the R is the signature. 1492 01:36:26,052 --> 01:36:28,171 S is the point on the curve 1493 01:36:28,171 --> 01:36:29,912 that's kind of hiding your private number, 1494 01:36:30,472 --> 01:36:32,332 your private key within the transformation. 1495 01:36:33,111 --> 01:36:35,972 So these objects are also... 1496 01:36:35,972 --> 01:36:39,792 So in other words, you can plot XY, right? 1497 01:36:40,372 --> 01:36:43,731 You can also use the fact that a hash is on the curve 1498 01:36:43,731 --> 01:36:47,332 and a hash can be decomposed into something called R and S. 1499 01:36:48,512 --> 01:36:48,651 Yeah. 1500 01:36:49,031 --> 01:36:54,872 that have a little more meaning now in how Bitcoin works. 1501 01:36:56,531 --> 01:36:58,191 The R and S are what have meaning. 1502 01:36:58,392 --> 01:37:00,012 The X and Y, not necessarily. 1503 01:37:00,651 --> 01:37:02,651 It's now the R and the S that have meaning. 1504 01:37:03,311 --> 01:37:05,311 It's kind of like how when we drew the circle, 1505 01:37:05,432 --> 01:37:10,512 the angle and the radius had meaning that maybe the points didn't have. 1506 01:37:11,131 --> 01:37:11,292 Yeah. 1507 01:37:12,731 --> 01:37:15,432 And so basically you can verify, 1508 01:37:15,432 --> 01:37:18,932 to tie this all together. 1509 01:37:19,031 --> 01:37:22,792 If you have the signature values of R and S, 1510 01:37:23,492 --> 01:37:25,392 you have your public key. 1511 01:37:25,872 --> 01:37:27,811 What you're able to do is you're able to take R 1512 01:37:27,811 --> 01:37:32,531 plus your public key 1513 01:37:32,531 --> 01:37:35,372 times your hashed message. 1514 01:37:36,372 --> 01:37:39,292 So there's a very simple multiplication 1515 01:37:39,292 --> 01:37:42,191 and it's multiplication over the field of the 1516 01:37:42,191 --> 01:37:47,392 and plus R equals the signed message. 1517 01:37:47,671 --> 01:37:49,531 And what that allows you to do algebraically 1518 01:37:49,531 --> 01:37:51,752 is you can actually break things out 1519 01:37:51,752 --> 01:37:53,231 and show that in three line, 1520 01:37:53,392 --> 01:37:55,252 like this is where I wish we just had a whiteboard 1521 01:37:55,252 --> 01:37:55,952 so I could just literally, 1522 01:37:56,271 --> 01:37:57,031 I'm realizing that like, 1523 01:37:57,071 --> 01:37:57,972 this is like one of those moments 1524 01:37:57,972 --> 01:37:59,711 that a whiteboard would be really, really important. 1525 01:38:00,631 --> 01:38:02,932 That you're basically able to do substitution 1526 01:38:02,932 --> 01:38:04,952 and you can verify that this signature 1527 01:38:04,952 --> 01:38:07,012 is tied to this public key. 1528 01:38:07,392 --> 01:38:10,131 I'm thinking of making a video, not myself, 1529 01:38:10,271 --> 01:38:11,912 but now that I have my AI tools, 1530 01:38:11,912 --> 01:38:14,131 I'm thinking of making a video that does just this. 1531 01:38:14,211 --> 01:38:15,052 That's what I just wrote down. 1532 01:38:15,731 --> 01:38:15,892 Yeah. 1533 01:38:16,012 --> 01:38:17,271 Like literally just this. 1534 01:38:17,512 --> 01:38:26,571 Like, because this is like the culminating point I think we would probably want to get to today is going from like what is Bitcoin crypto? 1535 01:38:26,771 --> 01:38:27,832 Like what is this thing? 1536 01:38:27,892 --> 01:38:41,191 And getting all the way to now we've gotten all the way through the high level mathematical concepts between, you know, coherence and set theory and like finite fields and Mersane primes and the generator point. 1537 01:38:41,191 --> 01:38:46,912 we've all got and why this curve, we've all got to the point of the magic is that I'm able to do 1538 01:38:46,912 --> 01:38:55,012 with some pretty trivial algebra, a proof to you that I have the private key material related to 1539 01:38:55,012 --> 01:38:59,992 the public key that I gave you. And the rest of the network can all independently verify that 1540 01:38:59,992 --> 01:39:03,771 within fractions of a second. We're talking on the scale of microseconds. 1541 01:39:03,992 --> 01:39:06,071 The proof doesn't reveal the key. 1542 01:39:06,492 --> 01:39:07,832 And the proof does not reveal the key. 1543 01:39:07,912 --> 01:39:10,352 Ever. Yeah, that's the net, right? 1544 01:39:10,352 --> 01:39:14,912 It's so remarkable, but that's a really important piece. 1545 01:39:15,952 --> 01:39:17,052 Yes, exactly. 1546 01:39:18,151 --> 01:39:22,932 Who needs a quantum computer when you can just wait for somebody to reuse their knots? 1547 01:39:23,752 --> 01:39:26,912 Well, so it's not really even hypothetical or abstract. 1548 01:39:27,412 --> 01:39:30,631 This was a very common thing that wrecked people in early days of Bitcoin. 1549 01:39:30,631 --> 01:39:30,892 Totally. 1550 01:39:30,892 --> 01:39:37,872 Someone would roll their own cryptography library and oopsie doopsie, I was doing something. 1551 01:39:37,872 --> 01:39:43,031 and there's like multiple there's like there's many layers here that can break if you're talking 1552 01:39:43,031 --> 01:39:46,671 about in the real world of like not abstract whiteboarding on how this works but like how 1553 01:39:46,671 --> 01:39:52,352 you actually write this in software there's called um timing timing side channel attacks where you do 1554 01:39:52,352 --> 01:39:56,992 timing analysis and you can actually infer based on the cpu cycles to do each of these individual 1555 01:39:56,992 --> 01:40:01,092 pieces that someone in theory could actually reverse engineer your private key because if 1556 01:40:01,092 --> 01:40:05,552 you're not doing all operations in constant time this is in the document by the way i'm pretty sure 1557 01:40:05,552 --> 01:40:13,731 this because this is um um jonas's partner on libsec there's tim ruffing yes tim ruffing sorry 1558 01:40:13,731 --> 01:40:20,912 there is a um there's actually and i was wondering what this meant now that you're talking about it 1559 01:40:20,912 --> 01:40:26,611 this is actually also in the document um yeah about how libsec was actually created for something 1560 01:40:26,611 --> 01:40:31,631 called tls and i don't know what that stands for but it was not ssl ls which is like https 1561 01:40:31,631 --> 01:40:33,271 like your open SSL library, 1562 01:40:33,412 --> 01:40:34,531 like how you do encryption on the web. 1563 01:40:35,231 --> 01:40:35,352 Yeah. 1564 01:40:35,452 --> 01:40:36,412 And so that was not, 1565 01:40:36,571 --> 01:40:38,311 they needed to actually make it more, 1566 01:40:38,311 --> 01:40:40,012 more time. 1567 01:40:40,191 --> 01:40:40,592 Yes. 1568 01:40:40,611 --> 01:40:42,131 More time based for, 1569 01:40:42,452 --> 01:40:43,332 you know, 1570 01:40:43,432 --> 01:40:43,771 for this. 1571 01:40:43,872 --> 01:40:44,892 Everything needs to be constant. 1572 01:40:45,231 --> 01:40:48,052 Everything needs to be a constant time operation to prevent side channel 1573 01:40:48,052 --> 01:40:48,372 attacks. 1574 01:40:48,432 --> 01:40:52,231 So they literally took this initial code base and this as a way to kind of 1575 01:40:52,231 --> 01:40:53,231 like full circles, 1576 01:40:53,352 --> 01:40:54,512 begin closing out the episode. 1577 01:40:54,792 --> 01:40:57,472 This is the difference between sec P two 56 K one, 1578 01:40:57,552 --> 01:41:01,052 the curve and lib sec P two 56 K one. 1579 01:41:01,052 --> 01:41:03,651 And we were joking before about like, oh, what's the lib about? 1580 01:41:03,752 --> 01:41:16,811 The lib is the actual Bitcoin implementation library that takes these abstract mathematical concepts and codifies them into a battled hardened cryptography library that is properly done. 1581 01:41:17,571 --> 01:41:24,631 And when Satoshi originally just kind of pulled it in, it wasn't entirely, it wasn't homegrown. 1582 01:41:24,872 --> 01:41:26,972 It wasn't a perfect puzzle piece at all. 1583 01:41:27,092 --> 01:41:27,552 It wasn't. 1584 01:41:27,892 --> 01:41:28,892 It technically worked. 1585 01:41:28,892 --> 01:41:31,752 There were a lot of compromises that he could see. 1586 01:41:32,211 --> 01:41:32,432 Right. 1587 01:41:32,432 --> 01:41:43,292 It was prescient that the people that followed were able to mold it into Bitcoin before it ever showed any of the vulnerabilities that would have had the thing break. 1588 01:41:44,071 --> 01:41:44,552 Exactly. 1589 01:41:44,872 --> 01:41:46,131 That's how these things work. 1590 01:41:46,651 --> 01:41:54,832 I just want to say this is why – one of the things I really focus on a lot at the Magic Internet Math Academy is math history. 1591 01:41:55,571 --> 01:41:57,811 I've done a lot already to put on – 1592 01:41:57,811 --> 01:42:05,912 And it's because if you understand, like, this is a real aside, but like the history of math, it's not the history of mathematics. 1593 01:42:05,912 --> 01:42:07,872 It's the history of mathematicians. 1594 01:42:09,031 --> 01:42:12,412 And it's important to understand their lives. 1595 01:42:12,631 --> 01:42:15,711 One is like, you know, you have to figure out where you fit in the world. 1596 01:42:16,211 --> 01:42:16,651 Sure. 1597 01:42:16,731 --> 01:42:22,092 As, you know, whether you like it or not, if you're using Bitcoin, you're now a mathematician. 1598 01:42:22,932 --> 01:42:23,191 Yeah. 1599 01:42:23,492 --> 01:42:23,912 Sorry. 1600 01:42:23,912 --> 01:42:34,372 It's just like you are either someone who's going to YOLO the number 12, like Rob said, or you may ignore all of it and you take your risks. 1601 01:42:34,972 --> 01:42:36,372 But you are a mathematician. 1602 01:42:37,111 --> 01:42:37,292 Yep. 1603 01:42:37,571 --> 01:42:43,392 And you are either a first, second, third, fourth, fifth, or a billionth class citizen in this world. 1604 01:42:43,872 --> 01:42:49,191 You don't gain power in this world by doing favors for other politicians. 1605 01:42:49,191 --> 01:42:53,191 You gain power in this – and you don't gain power really by running a note a little bit. 1606 01:42:53,191 --> 01:42:57,972 But you gain power by knowing this, by understanding this. 1607 01:42:59,151 --> 01:43:05,731 And, you know, mathematicians, it's never clean, right? 1608 01:43:05,872 --> 01:43:08,731 Nobody – they never know the answer really. 1609 01:43:09,211 --> 01:43:12,571 Only some really special ones knew certain things. 1610 01:43:12,771 --> 01:43:19,332 But like, you know, you take – Satoshi had a number of like balls of clay that he could have picked for this. 1611 01:43:19,332 --> 01:43:25,292 And he picked the one that he had probabilistically thought had the best likelihood of succeeding. 1612 01:43:25,651 --> 01:43:31,832 And it really was up to guys like Jonas Nick and Tim Ruffing to mold that clay. 1613 01:43:33,151 --> 01:43:34,171 Yeah, no, that's exactly right. 1614 01:43:34,252 --> 01:43:35,752 And you have to think about it from Satoshi's perspective. 1615 01:43:35,872 --> 01:43:42,731 He was already designing a new computer science paradigm of data structure, of the blockchain, and all of these different moving pieces. 1616 01:43:42,731 --> 01:43:47,832 for him he just took what was available from when he desuces a reasonable curve and took the 1617 01:43:47,832 --> 01:43:53,191 available code from the open ssl tls library and threw it in there and that works as a proof of 1618 01:43:53,191 --> 01:44:00,131 concept the math is correct but there are a lot when you go from the abstract here's the whiteboard 1619 01:44:00,131 --> 01:44:05,691 explanation to this is the zeros and ones that run on your machine to do the operations and you're 1620 01:44:05,691 --> 01:44:11,131 dealing with a world where the mathematical computation is money like you're just like the 1621 01:44:11,131 --> 01:44:17,631 the number is money and the transformations to go from number to signature to public key private 1622 01:44:17,631 --> 01:44:22,452 like all these things are our money and any brittleness in any of that could result in 1623 01:44:22,452 --> 01:44:29,031 um things that you were making assumptions for no longer being true and that's where we went from 1624 01:44:29,031 --> 01:44:35,012 where satoshi originally the the libsec p part of the code base was like 500 lines of code and today 1625 01:44:35,012 --> 01:44:40,131 it's 50 000 and there's a reason why is because there was a continual let's go one step deeper 1626 01:44:40,412 --> 01:44:41,332 Let's go one step deeper. 1627 01:44:41,651 --> 01:44:43,611 We have dependencies on things we don't like. 1628 01:44:43,691 --> 01:44:45,191 We need to rewrite those from scratch. 1629 01:44:45,412 --> 01:44:49,691 We need to make sure that all of the foundational building blocks for each point that we're building on from scratch 1630 01:44:49,691 --> 01:44:55,111 have sound, not just mathematical abstract ideas, but how it actually gets implemented 1631 01:44:55,111 --> 01:44:57,631 and having operations run in constant time. 1632 01:44:58,211 --> 01:45:00,771 So that if there's a malicious process sitting on your computer, 1633 01:45:01,151 --> 01:45:03,752 that's like looking at the spikes of your CPU, 1634 01:45:03,752 --> 01:45:12,031 they can't see the variance of the computation time and basically find your private key by looking 1635 01:45:12,031 --> 01:45:15,432 at the variances because each number would have a unique signature as it goes through these 1636 01:45:15,432 --> 01:45:20,151 computer operations so that is like the levels upon levels of not just like the mathematical 1637 01:45:20,151 --> 01:45:24,892 high level but then getting to the silicon level and the code level and the assuming a hostile 1638 01:45:24,892 --> 01:45:30,592 environment level how many levels down you need to go to be able to do that and it's not trivial 1639 01:45:30,592 --> 01:45:40,872 And every step you go deeper down the rabbit hole, you have a whole new world of assumptions that you need to be understanding and kind of locking in place and kind of proving mathematically are true. 1640 01:45:41,151 --> 01:45:47,611 And those are all of the transformations and optimizations and security improvements the LibSec P library has had since its original genesis. 1641 01:45:47,872 --> 01:45:56,071 Yeah, there's probably no cryptography, at least that'll be under attack at scale like this because it's money. 1642 01:45:56,071 --> 01:46:03,992 Now, like, yeah, I would go back in time and say, yeah, like, you know, the launch codes, you know, things like – 1643 01:46:03,992 --> 01:46:04,512 Enigma machine. 1644 01:46:05,071 --> 01:46:11,691 Things of those nature I think clearly are going to try to be – things that attack power are going to be under attack. 1645 01:46:11,852 --> 01:46:21,592 But something that is so – you know, like this perfect money also is so – when I say the reward, the reward isn't just like I get to buy more things. 1646 01:46:21,592 --> 01:46:27,472 So you get money that is easily transferred anywhere. 1647 01:46:27,611 --> 01:46:30,932 I mean, the attack surface of this is enormous. 1648 01:46:31,432 --> 01:46:35,992 And it's why it's also anti-fragile. 1649 01:46:36,412 --> 01:46:41,771 It becomes anti-fragile because there's so many attacks happening in real time from its 1650 01:46:41,771 --> 01:46:43,731 infancy that is being adjusted. 1651 01:46:43,932 --> 01:46:48,372 And that's what the 50,000 lines of code is right now. 1652 01:46:48,372 --> 01:46:54,531 and it's you know i think that's i saw those 50 000 lines of code and it was it also wasn't like 1653 01:46:54,531 --> 01:47:02,671 letters it was a lot of it was not legible to a human being really and that's like if your goal 1654 01:47:02,671 --> 01:47:08,452 is to validate you know if you leave a lot of skin in bitcoin you want to validate it you really do 1655 01:47:08,452 --> 01:47:14,552 have to grapple with this at some point i don't see any way around it yeah no entirely and i'm 1656 01:47:14,552 --> 01:47:17,932 actually very proud of what we're able to get through today looking through the study guide 1657 01:47:17,932 --> 01:47:21,832 I know we may have at a point here and there kept it at a higher level. 1658 01:47:22,151 --> 01:47:28,952 And I think certain things like doing little follow up videos, really driving home these specific points of like the nonce with a signature. 1659 01:47:29,111 --> 01:47:34,452 Like there's a couple of real pieces to kind of like like hammer on to really drive the point home. 1660 01:47:34,452 --> 01:47:42,311 but looking through all of this we've been able to at the highest level at least introduce the 1661 01:47:42,311 --> 01:47:48,711 ability for you to at least start to begin to reason and understand where if you had a beer 1662 01:47:48,711 --> 01:47:55,031 if you're at pub key you're having a beer and you want to talk about this stuff you may not be able 1663 01:47:55,031 --> 01:48:00,111 to do the full mathematical proof of every line but at least you understand in aggregate the moving 1664 01:48:00,111 --> 01:48:04,811 pieces and what's important and why things are important to be able to explain how this thing 1665 01:48:04,811 --> 01:48:09,512 works and i think that's the best we can do on the podcast is an opening introductory door 1666 01:48:09,512 --> 01:48:14,151 to bring you in and kind of point your paths go deeper down the rabbit hole where they're 1667 01:48:14,151 --> 01:48:20,892 watching the follow-up videos or do the study guide and like i think this is i think like i 1668 01:48:20,892 --> 01:48:26,972 think every bitcorner should have at least this level of understanding of understanding how the 1669 01:48:26,972 --> 01:48:27,432 I agree. 1670 01:48:28,012 --> 01:48:28,452 And I'm like, 1671 01:48:28,512 --> 01:48:30,571 like you don't have to do the full mathematical everything, 1672 01:48:30,571 --> 01:48:31,031 but like, 1673 01:48:31,392 --> 01:48:35,872 like I'm going to tell you 99 out of a hundred people who hold Bitcoin can't 1674 01:48:35,872 --> 01:48:37,472 explain what we just went through. 1675 01:48:38,151 --> 01:48:38,552 Yeah. 1676 01:48:38,611 --> 01:48:41,151 I think probably 999 out of a thousand. 1677 01:48:41,171 --> 01:48:41,852 You're underestimating, 1678 01:48:41,952 --> 01:48:42,211 but like, 1679 01:48:42,211 --> 01:48:42,432 yeah. 1680 01:48:43,252 --> 01:48:44,131 So the first thing, 1681 01:48:44,131 --> 01:48:46,271 I guess I'm really trying to, 1682 01:48:46,711 --> 01:48:50,531 part of this evolution is me discovering the division of labor between the 1683 01:48:50,531 --> 01:48:51,671 podcast and the other tools. 1684 01:48:51,872 --> 01:48:52,171 And it's like, 1685 01:48:52,252 --> 01:48:53,191 what's we had, 1686 01:48:53,271 --> 01:48:54,412 this was painful conversation, 1687 01:48:54,611 --> 01:48:54,992 but like, 1688 01:48:55,052 --> 01:48:55,352 you know, 1689 01:48:55,352 --> 01:48:57,052 probably for a little bit, 1690 01:48:57,171 --> 01:48:59,111 but not as bad as it could have been. 1691 01:48:59,171 --> 01:49:01,031 Cause I know like the division of labor is, 1692 01:49:01,131 --> 01:49:03,671 I'm pretty sure now I have these other tools that are going to be pretty 1693 01:49:03,671 --> 01:49:04,031 effective. 1694 01:49:04,392 --> 01:49:08,972 The other thing is we got to talk to Thomas about getting whiteboards at 1695 01:49:08,972 --> 01:49:09,352 Pokey. 1696 01:49:10,031 --> 01:49:10,392 Oh, 1697 01:49:10,432 --> 01:49:10,932 that'd be great. 1698 01:49:11,171 --> 01:49:11,412 Right. 1699 01:49:11,432 --> 01:49:13,992 There's no reason not to have whiteboards on the wall. 1700 01:49:13,992 --> 01:49:14,111 Yeah. 1701 01:49:14,932 --> 01:49:15,252 Well, 1702 01:49:15,412 --> 01:49:16,552 my joke is I, 1703 01:49:16,552 --> 01:49:16,832 I, 1704 01:49:16,832 --> 01:49:18,492 I always show up whenever I'm in New York state, 1705 01:49:18,512 --> 01:49:21,512 I show up at pub key at open and I treat it like a coworking space. 1706 01:49:21,852 --> 01:49:22,252 You know, 1707 01:49:22,252 --> 01:49:23,111 you show up totally. 1708 01:49:23,731 --> 01:49:24,271 You show up at one, 1709 01:49:24,271 --> 01:49:26,592 I show up like one, two o'clock whenever they open in the afternoon. 1710 01:49:26,691 --> 01:49:27,052 Three o'clock. 1711 01:49:27,071 --> 01:49:27,872 In the whole back area. 1712 01:49:28,191 --> 01:49:28,912 Sorry, I've been three. 1713 01:49:29,052 --> 01:49:31,731 But we show up earlier because we believe we're special. 1714 01:49:32,252 --> 01:49:32,852 That's true. 1715 01:49:33,111 --> 01:49:36,252 But like the whole back area, like there's some natural light that comes in. 1716 01:49:36,452 --> 01:49:37,171 It's nice. 1717 01:49:37,552 --> 01:49:42,271 I just hang out, grab a beer, grab some tallow fries or something, and I just work. 1718 01:49:42,992 --> 01:49:44,372 And it's awesome. 1719 01:49:44,892 --> 01:49:45,171 Totally. 1720 01:49:45,571 --> 01:49:46,811 I've gotten plenty of work done there. 1721 01:49:46,852 --> 01:49:47,472 It is a workspace. 1722 01:49:47,472 --> 01:49:54,611 I mean, you know, Evan Kalupas built my ZeusPay site sitting at the end of the bar. 1723 01:49:55,111 --> 01:49:57,252 He built it in an hour for my book. 1724 01:49:57,752 --> 01:49:58,571 You know, it's amazing. 1725 01:49:59,292 --> 01:49:59,392 Yeah. 1726 01:50:00,852 --> 01:50:05,432 Yeah, so I really hope people made, you know, God bless you guys. 1727 01:50:05,512 --> 01:50:06,252 You made it this far. 1728 01:50:06,972 --> 01:50:08,711 I'm pretty proud of this conversation. 1729 01:50:08,872 --> 01:50:14,292 I'm really looking forward to getting it up and talking about it and getting some of the support, 1730 01:50:14,292 --> 01:50:21,472 trying to create some supporting uh tools also this is great this is you know very good we are 1731 01:50:21,472 --> 01:50:27,651 leading that's okay so if you got this far maybe it's okay to reveal we are leading to getting um 1732 01:50:27,651 --> 01:50:33,292 some guests on here to actually you know we we're building for ourselves so we don't sound like 1733 01:50:33,292 --> 01:50:38,311 idiots that's right when we're talking to the real the real folks right what we're saying is 1734 01:50:38,311 --> 01:50:41,832 we're basically near the end of our rope of being able to explain these things so at least you're at 1735 01:50:41,832 --> 01:50:45,472 our level now when we have people on. We've gotten some confirmations, people who want to come on, 1736 01:50:45,492 --> 01:50:50,071 we just have to set up time and schedule. I think a lot of people that work on this stuff are excited 1737 01:50:50,071 --> 01:50:55,752 to just be able to explain what they do, because most of the time, they either have no exposure 1738 01:50:55,752 --> 01:51:00,392 to talk about their work, or it's always in the context of, here's my latest paper doing this 1739 01:51:00,392 --> 01:51:05,792 latest thing. But like a lot of their foundational work is just doing very boring, very important, 1740 01:51:06,012 --> 01:51:11,372 critically, like life support, critical importance to the Bitcoin protocol. But it's not sexy or 1741 01:51:11,372 --> 01:51:13,912 glamorous or it's not a new shiny object. So it kind of gets looked over. 1742 01:51:14,691 --> 01:51:19,832 Yeah. And it's not like, I think one of the things we are really doing here is we'll close 1743 01:51:19,832 --> 01:51:25,531 it maybe on this. It's just the like, especially in the world we live in now. And again, I'm going 1744 01:51:25,531 --> 01:51:28,611 to say this to the end so we don't get into a rabbit hole on it. But like, I feel like the 1745 01:51:28,611 --> 01:51:33,792 average Bitcoin only thinks Bitcoin, like Bitcoin horror or that that's the software and they don't 1746 01:51:33,792 --> 01:51:41,912 see this that like i validated like bitcoin in like a day like that was nothing and then trying 1747 01:51:41,912 --> 01:51:46,311 to validate then getting to this live you know getting to this step was like opened up an entire 1748 01:51:46,311 --> 01:51:51,651 crisis that this whole now apparatus this whole magic internet math apparatus exists to address 1749 01:51:51,651 --> 01:51:59,412 this crisis and you know yeah no i would say out of like to your point like out of 10 000 people 1750 01:51:59,412 --> 01:52:00,292 who hold Bitcoin, 1751 01:52:01,492 --> 01:52:02,872 one out of 10,000 1752 01:52:02,872 --> 01:52:04,792 is probably the people 1753 01:52:04,792 --> 01:52:05,171 that are like, 1754 01:52:05,252 --> 01:52:06,012 oh, and the elliptic curve 1755 01:52:06,012 --> 01:52:06,412 and the generator. 1756 01:52:06,531 --> 01:52:06,912 Yeah, yeah, yeah. 1757 01:52:06,952 --> 01:52:07,372 Cool. Got it. 1758 01:52:07,372 --> 01:52:08,472 Yeah, I understand that next. 1759 01:52:08,972 --> 01:52:09,531 Whereas for your point, 1760 01:52:09,592 --> 01:52:10,452 you're like validating Bitcoin 1761 01:52:10,452 --> 01:52:10,992 in a day. 1762 01:52:11,252 --> 01:52:12,631 You had to hold constant 1763 01:52:12,631 --> 01:52:13,552 an assumption of 1764 01:52:13,552 --> 01:52:15,131 this thing must be true. 1765 01:52:15,792 --> 01:52:17,071 And then everything else works. 1766 01:52:17,352 --> 01:52:17,472 Right. 1767 01:52:17,472 --> 01:52:18,292 But then you realize like, 1768 01:52:18,332 --> 01:52:19,332 OK, I need to evaluate 1769 01:52:19,332 --> 01:52:19,932 my assumptions 1770 01:52:19,932 --> 01:52:20,472 and my understands 1771 01:52:20,472 --> 01:52:21,092 how this works. 1772 01:52:21,631 --> 01:52:22,711 And even if like 1773 01:52:22,711 --> 01:52:23,852 you can understand 1774 01:52:23,852 --> 01:52:24,771 why Bitcoin works 1775 01:52:24,771 --> 01:52:26,332 if you kind of hand wave 1776 01:52:26,332 --> 01:52:27,731 elliptic curve cryptography, 1777 01:52:27,992 --> 01:52:28,952 assume this works, 1778 01:52:28,952 --> 01:52:33,012 everything else clicks into place but to actually do the requisite level of understanding of why 1779 01:52:33,012 --> 01:52:38,012 does the elliptic curve cryptography work even if you're a math person like you have to walk through 1780 01:52:38,012 --> 01:52:43,952 all of these pieces like we discussed easily uh a half dozen different like mathematical concepts 1781 01:52:43,952 --> 01:52:47,352 today alone that probably have their own introductions if you're not familiar if you 1782 01:52:47,352 --> 01:52:52,771 don't think in modulo math finite fields um elliptic curve transformations like the generator 1783 01:52:52,771 --> 01:52:57,412 point and being able to do multiplication by adding a number to itself a certain number of times 1784 01:52:57,412 --> 01:53:03,271 And like all of that requires time to kind of break down and decompress so you can understand how it works. 1785 01:53:03,811 --> 01:53:12,671 And I think we did a really good high level conversation going through the next level of removing the abstractions and having tangible pieces to wrestle with. 1786 01:53:12,992 --> 01:53:13,332 That's right. 1787 01:53:13,492 --> 01:53:14,972 We're mixing the glue. 1788 01:53:15,352 --> 01:53:16,352 It takes – it's a slog. 1789 01:53:16,872 --> 01:53:19,352 And I just want to make it possible and make it easier. 1790 01:53:19,852 --> 01:53:20,332 Yes. 1791 01:53:20,332 --> 01:53:28,832 And, you know, hopefully those who are, who have some motivation to really want to learn it won't just get destroyed. 1792 01:53:29,211 --> 01:53:29,651 Right. 1793 01:53:29,771 --> 01:53:31,311 Like we now have a bridge. 1794 01:53:31,392 --> 01:53:33,592 We like, we are building a little bit of a bridge. 1795 01:53:33,592 --> 01:53:37,972 It might, it might be a bridge where you risk, you know, you're jumping. 1796 01:53:38,191 --> 01:53:42,611 It's a bridge of stones perhaps in a, in a, you know, in a tidal wave, but right. 1797 01:53:42,671 --> 01:53:45,131 But that's where we got to start somewhere and that's where we are. 1798 01:53:45,191 --> 01:53:46,512 And I'm pretty happy with this. 1799 01:53:46,731 --> 01:53:47,131 Yeah. 1800 01:53:47,292 --> 01:53:47,952 This is part of the word. 1801 01:53:48,671 --> 01:53:48,992 Parting word. 1802 01:53:48,992 --> 01:53:59,211 Only parting word is that my parting word would be we've done a lot to kind of demystify the one layer down of abstraction of elliptic curve cryptography. 1803 01:53:59,832 --> 01:54:04,611 Each of the points we talked about today are things that you could further drill into and understand more. 1804 01:54:04,872 --> 01:54:11,332 I would recommend the study guide that we're referencing that we kind of loosely based our conversation off of as the starting place. 1805 01:54:11,892 --> 01:54:12,031 Yes. 1806 01:54:12,031 --> 01:54:12,711 You start there. 1807 01:54:13,531 --> 01:54:15,071 That'll prompt it. 1808 01:54:15,071 --> 01:54:21,651 and this is an infinitely recursive rabbit hole you can go down. There's always another layer. 1809 01:54:22,372 --> 01:54:26,171 I think getting to this layer is a huge step in each person's individual understanding 1810 01:54:26,171 --> 01:54:31,711 and just be curious and interested and ask questions and use the study guide. Maybe listen 1811 01:54:31,711 --> 01:54:35,392 to this episode a second time if you really want to, once you get to the end in the aha moment, 1812 01:54:35,691 --> 01:54:40,651 go through one more time to kind of get through the whole process and just keep grinding at it. 1813 01:54:40,651 --> 01:54:59,611 You know, it takes time. This is not stuff that I knew about how it worked in Bitcoin. Genuinely, until like I started Anchor Watch, like where I went, I had to go deep, deep down because I needed to really understand each piece. These are things that I at a high level abstractly understood and maybe a little bit here and there. I understood like a generator point maybe, but I never went into the depth of why the generator point is what it is. 1814 01:54:59,611 --> 01:55:06,092 like just let your follow your curiosity and through it all you're going to get a well-rounded 1815 01:55:06,092 --> 01:55:11,131 appreciation bitcoin but also just kind of understanding and analyzing large complex 1816 01:55:11,131 --> 01:55:14,392 systems and kind of going through there i think it's a good generalized skill to have 1817 01:55:14,392 --> 01:55:20,711 yeah and then um at pub key we don't we can maybe just have placemats that are pages of 1818 01:55:20,711 --> 01:55:24,711 the study guide that'd be kind of cool that's right that'd be fun yeah all right very good 1819 01:55:24,711 --> 01:55:27,111 episode three in the books peace 1820 01:55:27,111 --> 01:55:31,292 that was fucking