1 00:00:00,000 --> 00:00:06,780 All right. All right. We are here. Back. Back with the duo. What's up, Rob? 2 00:00:07,260 --> 00:00:07,940 Hello, hello. 3 00:00:08,660 --> 00:00:13,240 Welcome back. Magic Internet Math. We are going to, I think this is in episode six. 4 00:00:13,740 --> 00:00:14,040 Yes. 5 00:00:14,440 --> 00:00:16,680 We're counting my solo episode, I guess. 6 00:00:17,160 --> 00:00:20,240 We can count the solo. I think the solo episode is part of the official production. 7 00:00:21,280 --> 00:00:26,240 Yeah, dude, this isn't like, this isn't pickleball where like if one person can't come, like no one can play. 8 00:00:26,240 --> 00:00:30,840 You know, the show must go on. We got to keep this going. 9 00:00:34,260 --> 00:00:49,640 Well, you know, it's really great to be back here with you because now you, you know, right now where we are in the moment, the moment of the show is we have been slogging through the study guide that. 10 00:00:49,640 --> 00:01:00,660 And, you know, I love, dude, I love going through a math book for me is like every single one I've ever done has a story to it. 11 00:01:00,740 --> 00:01:07,300 And it's like it's almost like smoking a cigar where like you have the first third, the second third and the last third. 12 00:01:07,300 --> 00:01:09,420 And each one of them is almost like a different cigar. 13 00:01:09,760 --> 00:01:11,780 Yes. Yes, very much so. 14 00:01:12,200 --> 00:01:17,640 If you get through the first third of the math book, the second third is the journey of itself. 15 00:01:17,640 --> 00:01:22,720 and then if you get really get through that at some point in time in that second third you start 16 00:01:22,720 --> 00:01:26,780 to say shit i'm actually going to get to the end of this book i'm pretty sure regardless of how hard 17 00:01:26,780 --> 00:01:31,780 or how much i don't know what i'm even doing i'm just going to get to the end just to just to do it 18 00:01:31,780 --> 00:01:38,240 right or there's no other way out of this maze you know you hit the point of no return and you 19 00:01:38,240 --> 00:01:42,640 have to just keep going and that's we're almost at the end of this we're at the end of this 20 00:01:42,640 --> 00:01:49,280 pretty much i think of the like the arithmetic journey towards starting to kind of now talk 21 00:01:49,280 --> 00:01:53,660 about the elliptic curve like we've been setting things up i feel like we really did a good job 22 00:01:53,660 --> 00:02:02,000 with modular arithmetic and inverses it that opened up a lot for me in terms of even just 23 00:02:02,000 --> 00:02:09,280 explaining my conviction and just so okay this is how we know we know we have this glob thing 24 00:02:09,280 --> 00:02:13,820 out there called an elliptic curve and i know my private key sits on there and i know i share 25 00:02:13,820 --> 00:02:20,540 another point out there and i know i need to you know play around with those things publicly to be 26 00:02:20,540 --> 00:02:27,620 able to sign transactions so but we're like super super zooming in um like that's that's all going 27 00:02:27,620 --> 00:02:32,860 on on the moon but we're doing things on this earth to try to just to explain why why are we 28 00:02:32,860 --> 00:02:42,400 looking up there right and so you know modular arithmetic inverse in groups we you know we did 29 00:02:42,400 --> 00:02:48,740 a good job we can't over repeat groups because that's where you get identities and inverses and 30 00:02:48,740 --> 00:02:54,280 closure and those things really all base unit that all this stuff built on top of that's right 31 00:02:54,280 --> 00:03:02,140 and the answer to every question of how do i know like when i manipulate my point on the on the curve 32 00:03:02,140 --> 00:03:03,680 How do I know I'm still good? 33 00:03:04,040 --> 00:03:04,220 Right. 34 00:03:04,660 --> 00:03:07,100 It all comes down to understanding the structure. 35 00:03:07,820 --> 00:03:07,920 Absolutely. 36 00:03:08,640 --> 00:03:09,680 You can't calculate it. 37 00:03:09,780 --> 00:03:11,320 You can't do it on a pen and paper. 38 00:03:11,620 --> 00:03:13,920 You can't do it with every calculator, every computer on earth. 39 00:03:14,240 --> 00:03:14,480 Right. 40 00:03:14,580 --> 00:03:14,900 You need it. 41 00:03:14,940 --> 00:03:20,180 That's why you need to keep it in an abstract form because you're just talking about the general principle of numbers along this elliptic curve. 42 00:03:20,480 --> 00:03:25,260 And you can't, to your point, brute force every permutation and give a conclusive proof of all answers. 43 00:03:25,820 --> 00:03:26,060 Right. 44 00:03:26,140 --> 00:03:27,140 It's like it's impossible. 45 00:03:27,140 --> 00:03:34,140 but um and i think it's also important to know the stuff because i do think there are people 46 00:03:34,140 --> 00:03:42,500 who will manipulate our our lack of willingness to go here it's an easy attack um this is really 47 00:03:42,500 --> 00:03:47,620 why we do this right now right um so we got through those primitives and i think that we're 48 00:03:47,620 --> 00:03:53,180 at the we're at this sort of key point here i think it's the big boss of arithmetic it's the 49 00:03:53,180 --> 00:03:59,660 reason we do all the arithmetic, which is now the discrete log problem, if you think 50 00:03:59,660 --> 00:04:00,640 we're ready to do that. 51 00:04:03,340 --> 00:04:04,000 Discrete log? 52 00:04:04,140 --> 00:04:04,820 We'll go right into that? 53 00:04:06,120 --> 00:04:07,940 Yeah, I think we're ready to hit discrete. 54 00:04:08,060 --> 00:04:11,420 I don't think we need to do more on groups. 55 00:04:11,480 --> 00:04:16,020 I think anything that happens with groups will just continue to come up in repeatable 56 00:04:16,020 --> 00:04:16,480 fashion. 57 00:04:17,340 --> 00:04:23,060 I think we're ready to talk about, really, this is the coup de grace right here. 58 00:04:23,180 --> 00:04:24,520 This is the reason it all works. 59 00:04:24,520 --> 00:04:25,180 This is the big idea. 60 00:04:25,700 --> 00:04:37,100 The big idea and this is the thing that people also – it's the topic du jour of the quantums. 61 00:04:37,640 --> 00:04:41,940 If like, oh, well, if it's discrete logarithm problem, then we're all cooked and all that stuff. 62 00:04:42,040 --> 00:04:43,180 So we should know what this is. 63 00:04:43,520 --> 00:04:44,580 This is the key to everything. 64 00:04:45,100 --> 00:04:48,540 It's more like, OK, if this ever fails, we have to figure out a new one. 65 00:04:48,540 --> 00:04:52,600 It's one of those – this is the thing that binds – this is the force. 66 00:04:52,600 --> 00:04:54,040 finds everything together. 67 00:04:54,260 --> 00:04:56,760 I would say the discrete log problem 68 00:04:56,760 --> 00:04:58,680 plus proof of work 69 00:04:58,680 --> 00:05:00,540 are the two 70 00:05:00,540 --> 00:05:02,080 things that hold Bitcoin together. 71 00:05:02,540 --> 00:05:02,760 Yeah. 72 00:05:03,860 --> 00:05:06,700 And the proof of work one is pretty straightforward, 73 00:05:06,900 --> 00:05:08,040 but I'm going to start there 74 00:05:08,040 --> 00:05:10,840 because it's an easy principle to understand 75 00:05:10,840 --> 00:05:11,680 what we're getting at here. 76 00:05:12,340 --> 00:05:12,820 When 77 00:05:12,820 --> 00:05:16,320 a Bitcoin miner, 78 00:05:16,720 --> 00:05:18,440 when they mine for a block 79 00:05:18,440 --> 00:05:20,160 and they find a block, 80 00:05:20,160 --> 00:05:22,940 they present the full block saying 81 00:05:22,940 --> 00:05:24,220 I have solved the puzzle 82 00:05:24,220 --> 00:05:27,180 and it is very trivial 83 00:05:27,180 --> 00:05:29,040 for you 84 00:05:29,040 --> 00:05:31,120 as a node who did not mine the block 85 00:05:31,120 --> 00:05:32,920 to verify it's correct 86 00:05:32,920 --> 00:05:37,260 but the amount 87 00:05:37,260 --> 00:05:38,460 of work to get that answer 88 00:05:38,460 --> 00:05:41,060 has so much asymmetry on the other side 89 00:05:41,060 --> 00:05:42,600 where you have to actually just blindly guess 90 00:05:42,600 --> 00:05:44,340 and 91 00:05:44,340 --> 00:05:47,340 that's kind of the same idea of the discrete log problem 92 00:05:47,340 --> 00:05:48,940 where with this public-private-keep 93 00:05:48,940 --> 00:05:55,680 relationship. It's very trivial if you have the private key to find the public key, but from a 94 00:05:55,680 --> 00:06:01,020 public key, you cannot trivially reverse engineer and find the private key. That's like the idea. 95 00:06:02,140 --> 00:06:11,020 Yes. It's this, you know, what you're describing is this two-way pathway where it's very easy to 96 00:06:11,020 --> 00:06:15,720 walk one, you know, it's very easy to walk one way and it's like impossible to go backwards and 97 00:06:15,720 --> 00:06:21,580 traverse back to the point you were at it's not possible with it's not that it's not possible it's 98 00:06:21,580 --> 00:06:30,680 that you know this our civilization hasn't figured out how to create enough power to do it that's 99 00:06:30,680 --> 00:06:35,140 real and that's so in this regard right what one thing i don't think we've discussed yet here 100 00:06:35,140 --> 00:06:44,060 is um it's really important in the this whole side of cryptography really works because in a 101 00:06:44,060 --> 00:06:52,140 sense it's digital physics in a sense it's it's asking this question how much force is required 102 00:06:52,140 --> 00:07:00,920 to open a door and is it possible with all of the resources that to create force on this earth 103 00:07:00,920 --> 00:07:08,160 is it actually possible to open a door in order you know how much force is required to do that 104 00:07:08,160 --> 00:07:12,500 And so that it's the other side of this. 105 00:07:12,820 --> 00:07:19,180 You know, if you really open to me, it's the very tedious part, but it's also the most important part of these cryptography textbooks. 106 00:07:19,500 --> 00:07:30,280 Have you like big O notation where we say, OK, this can be solved in the level of N or this can be solved at the level of the square root of N. 107 00:07:30,280 --> 00:07:41,500 What does that mean? That just means that like, okay, there's like a linear, you know, there's a linear cost or there's a less, like there's a less than linear cost or like there's a more than linear cost. 108 00:07:41,500 --> 00:07:50,340 I think the simplest way to put it is the computational cost is important to measure. 109 00:07:51,160 --> 00:08:04,560 And the discrete log problem, in order to solve it, there are ways to solve it that are actually – so the brute force way to solve it takes a certain amount of energy. 110 00:08:04,800 --> 00:08:05,540 Like 2 to the 128. 111 00:08:05,540 --> 00:08:08,380 Well, the brute force would be 2 to the 256. 112 00:08:08,920 --> 00:08:17,120 But because – then there's a couple of – there's been a couple of algorithms like Shanks and the one that – Pollard. 113 00:08:17,320 --> 00:08:18,140 Pollard's row. 114 00:08:19,280 --> 00:08:25,660 And by the way, if anybody is looking for a – if anybody is really engaged here and wants a reference, one little book to reference this. 115 00:08:25,760 --> 00:08:30,340 Neil Koblitz's book called – I think it's called There's Number Theory and Cryptography. 116 00:08:30,340 --> 00:08:34,340 And that's the Koblitz that's the SEC P256K1. 117 00:08:34,340 --> 00:08:34,660 It is. 118 00:08:34,660 --> 00:08:39,020 The K in SECP 256K1 is cobblets. 119 00:08:39,560 --> 00:08:44,360 Well, yes, but I need to – I've been corrected on this. 120 00:08:44,860 --> 00:08:47,800 So I'm not ready to publish an errata because I don't know that it's wrong. 121 00:08:47,800 --> 00:08:53,940 I'm just saying that people have – some people have pointed out that that's not why it's K or that's – 122 00:08:53,940 --> 00:08:54,320 No, I'm kidding. 123 00:08:54,600 --> 00:08:59,520 It's a very fun – it's a very actually distinction, but I'm not putting it down because I appreciate the feedback. 124 00:09:00,100 --> 00:09:00,380 Got it. 125 00:09:00,380 --> 00:09:04,840 You know, but it is that Koblitz. 126 00:09:05,260 --> 00:09:06,720 Yes, it's that Neil Koblitz. 127 00:09:07,460 --> 00:09:17,340 And, you know, as an aside, as an aside, I've talked about this on Motivate the Math because when I started Motivate the Math, I was using his book. 128 00:09:17,440 --> 00:09:20,880 That was like the book that I decided is his number theory book. 129 00:09:21,260 --> 00:09:22,320 And it's so good. 130 00:09:22,440 --> 00:09:23,540 I really recommend it. 131 00:09:23,540 --> 00:09:24,280 It's small. 132 00:09:24,580 --> 00:09:27,960 It goes through everything we've been talking about at a pretty good level. 133 00:09:27,960 --> 00:09:36,960 um but i i had i was sort of so disappointed to hear i saw him on a podcast and you know he does 134 00:09:36,960 --> 00:09:43,800 work for the ethereum foundation now and he was like this is a guy that invented all this stuff 135 00:09:43,800 --> 00:09:50,820 and he's going he's on this podcast talking about how privileged he is to be solving like the energy 136 00:09:50,820 --> 00:09:57,820 problem of the world by supporting a proof of stake um token you know what i mean and it was 137 00:09:57,820 --> 00:10:00,100 How the mighty fall. 138 00:10:00,300 --> 00:10:01,960 You see this with mathematicians. 139 00:10:02,080 --> 00:10:11,640 My like my most kind of the person, the mathematician that's most important to me, my my professor from who opened up everything for me. 140 00:10:11,640 --> 00:10:14,840 His name is John Alan Paulos, author of the book Enumeracy. 141 00:10:16,620 --> 00:10:21,700 You know, I follow him on Twitter and I kind of, you know, I know him. 142 00:10:21,760 --> 00:10:22,520 He used to live. 143 00:10:22,660 --> 00:10:24,760 He used to literally live in my neighborhood when I grew up. 144 00:10:24,760 --> 00:10:46,540 It's like I see him on Twitter and he's basically very Kablitzian in his ability to disappoint me and to make me just wonder what – it's a side quest I have, which is – obviously I am of the view of studying math hard is a pathway to personal power. 145 00:10:46,540 --> 00:10:52,700 But where is the cautionary tale – where does that cautionary tale detour happen also? 146 00:10:52,700 --> 00:10:56,360 So obviously it's necessary but not sufficient I would say. 147 00:10:56,800 --> 00:11:05,300 But this is something that I'm thinking – we're talking to people who sort of are already strong people but need this one discipline and would benefit from this one. 148 00:11:05,740 --> 00:11:12,160 But understand this isn't the answer because you can lose your mind all the time at some point, especially if you're being paid. 149 00:11:13,060 --> 00:11:14,320 I think you can lose your mind. 150 00:11:14,500 --> 00:11:15,360 You can lose your way. 151 00:11:15,920 --> 00:11:17,920 And we see it all the time, the Bitcoin space. 152 00:11:17,920 --> 00:11:21,060 We're seeing it especially right now in Maxi Madness, not to get too into it. 153 00:11:21,060 --> 00:11:23,540 Just, you know, seeing the crash outs. 154 00:11:24,020 --> 00:11:34,620 Anyway, that is all to say Koblitz is alive on this planet and his work, his textbook is excellent. 155 00:11:35,180 --> 00:11:36,320 Highly recommend it. 156 00:11:37,440 --> 00:11:44,540 There is a course version on my site based on that book and that's a nice way to access the book too. 157 00:11:44,600 --> 00:11:47,940 But the book is perfectly accessible and I actually recommend it. 158 00:11:47,940 --> 00:11:49,500 I like using books if I can. 159 00:11:50,040 --> 00:11:50,120 Yeah. 160 00:11:50,120 --> 00:11:53,060 But it really – I feel like it taps me into the thinking. 161 00:11:53,360 --> 00:11:56,600 It taps me into where they were when they were writing it and I like books. 162 00:11:56,720 --> 00:12:01,440 So anyway, back to the discrete logarithm problem. 163 00:12:01,700 --> 00:12:09,120 So we brought up Koblitz because actually he does a really good job of pointing out these costs, the costs of solving these problems. 164 00:12:09,560 --> 00:12:09,700 Yeah. 165 00:12:09,700 --> 00:12:14,920 And so it's O to the square root of N is really what the – it's called – there's a giant step. 166 00:12:15,780 --> 00:12:18,880 There's a baby step, giant step algorithm and then there's Pollard-Rowe. 167 00:12:18,880 --> 00:12:24,820 And they basically – these are – they elegantly reduce the solving of the discrete log to the square root of N. 168 00:12:24,900 --> 00:12:27,680 And that's where now it's 2 to the 128 bits. 169 00:12:27,900 --> 00:12:31,400 But that's still very, very, very, very, very large, right? 170 00:12:34,980 --> 00:12:37,740 So I think we covered – so we covered the cost. 171 00:12:37,800 --> 00:12:40,620 The cost is really important even though like – right? 172 00:12:41,000 --> 00:12:45,980 It's like that is really – because it answers the question, is this safe? 173 00:12:45,980 --> 00:12:48,100 Can I trust my savings behind this, right? 174 00:12:48,100 --> 00:12:54,280 right okay uh would you agree we covered that okay i think we covered that as a good 175 00:12:54,280 --> 00:13:02,460 at a high level um just to maybe uh as a brain exercise for everyone right let's just take a 176 00:13:02,460 --> 00:13:08,280 small group of like uh mod sets right and let's say three is the generator 177 00:13:08,280 --> 00:13:16,400 just to keep it in a small space world here um three to the one is three mod seven is just three 178 00:13:16,400 --> 00:13:19,500 3 squared is 9 179 00:13:19,500 --> 00:13:21,720 mod 7 is 2 180 00:13:21,720 --> 00:13:22,780 right 9 181 00:13:22,780 --> 00:13:25,600 remainder is 2 182 00:13:25,600 --> 00:13:27,920 mod 2 then you do 3 cubed 183 00:13:27,920 --> 00:13:30,260 which is 27 mod 7 is 6 184 00:13:30,260 --> 00:13:32,180 3 to the 185 00:13:32,180 --> 00:13:33,920 4th is 81 mod 186 00:13:33,920 --> 00:13:36,080 7 is 4 you can just take my word for this 187 00:13:36,080 --> 00:13:38,060 or you can do the arithmetic yourself if you want to verify 188 00:13:38,060 --> 00:13:39,860 3 2 6 4 it's also in the study 189 00:13:39,860 --> 00:13:41,500 3 2 6 4 and then 190 00:13:41,500 --> 00:13:43,860 3 to the 5th equals 5 191 00:13:43,860 --> 00:13:46,080 which is 243 192 00:13:46,080 --> 00:13:50,580 them on seven and then three to the six goes back to one it wraps back to the start right so we have 193 00:13:50,580 --> 00:13:57,260 a nice little closed group now if i told you the number was the answer to the question was five 194 00:13:57,260 --> 00:14:01,920 how many times did i go through the generator you could look at it pretty easily and say you know 195 00:14:01,920 --> 00:14:06,080 what it's actually five the fifth element of the group is what going through the generators which 196 00:14:06,080 --> 00:14:08,260 get 2.5. That's a lazy trick. 197 00:14:10,600 --> 00:14:12,400 Now, this is 198 00:14:12,400 --> 00:14:14,320 a scaled down example. 199 00:14:14,480 --> 00:14:16,160 We don't use that as our 200 00:14:16,160 --> 00:14:17,880 base, but what if the 201 00:14:17,880 --> 00:14:20,160 list of the group entries is 2 to the 256? 202 00:14:20,720 --> 00:14:22,120 It was the entire elliptic curve. 203 00:14:23,100 --> 00:14:24,640 You now have this 204 00:14:24,640 --> 00:14:26,700 asymmetry 205 00:14:26,700 --> 00:14:28,300 where 206 00:14:28,300 --> 00:14:30,140 it's way too large to 207 00:14:30,140 --> 00:14:31,880 trivially compute all of the answers 208 00:14:31,880 --> 00:14:33,200 and 209 00:14:33,200 --> 00:14:35,980 you can have a number 210 00:14:35,980 --> 00:14:38,560 you start with, which is your private key and put it through the generator. 211 00:14:38,940 --> 00:14:40,880 And that output gives you the public key. 212 00:14:41,640 --> 00:14:45,440 But if I just give you that public key, you're not going to be able to do the reverse math 213 00:14:45,440 --> 00:14:48,160 enough times to be able to find out where that actually belongs. 214 00:14:48,760 --> 00:14:53,860 So that's like the discrete log problem at a very high level in the application of how 215 00:14:53,860 --> 00:14:55,160 we use it for public private keys. 216 00:14:55,920 --> 00:14:56,280 Yes. 217 00:14:56,280 --> 00:15:02,540 And if you really doubt what Rob's, by the way, everyone listening to this podcast, everyone, 218 00:15:02,540 --> 00:15:15,060 I know there's a wide range of people listening, but everybody should really go and sit with a pen and paper and do that math and do it also with mod 11, 13 and 17. 219 00:15:15,440 --> 00:15:24,320 It's not like that hard to do, but you'll start to see how hairy this gets very fast at low numbers. 220 00:15:24,520 --> 00:15:28,020 And I have a game on the website, magicinternetmath.com. 221 00:15:28,060 --> 00:15:29,180 I have a game called Mod. 222 00:15:29,280 --> 00:15:30,300 It's called Mod Racing. 223 00:15:30,300 --> 00:15:36,280 and it's like you're just trying it's like actually just fast doing module arithmetic in 224 00:15:36,280 --> 00:15:43,320 your head but this you start to see how hairy this gets pretty quickly and what so what i'm 225 00:15:43,320 --> 00:15:49,060 going to grab onto with what rob just said the the name of the game here is guessing the power 226 00:15:49,060 --> 00:15:57,040 right you're given a base we know so we know a base to a power and we know the answer 227 00:15:57,040 --> 00:16:06,400 right the discrete law we know that we we we know the answer the answer is um the public key which 228 00:16:06,400 --> 00:16:13,200 is your you know your private key times a generator which means it's a generate you you've taken the 229 00:16:13,200 --> 00:16:19,820 generator point that everybody knows and we've added it to itself a number of times right so it's 230 00:16:19,820 --> 00:16:28,100 that number of times is we call it scalar k times g sorry um your public you're sorry your private 231 00:16:28,100 --> 00:16:32,020 key times the generator is the amount of times we've added it to each other and we tell the world 232 00:16:32,020 --> 00:16:38,120 this number and we're so confident and brazen that we're saying guess what we can tell you this total 233 00:16:38,120 --> 00:16:44,520 number you'll never know you'll never be able to know how many times i i added my public key together 234 00:16:44,520 --> 00:16:51,060 Sorry, I added – you'll never know how many times I added the generator together to exponentiate into the – 235 00:16:51,060 --> 00:16:54,340 And that number of times, that scalar is your private key. 236 00:16:54,780 --> 00:16:55,840 Yep, and that's right. 237 00:16:56,020 --> 00:16:56,960 So come and get it. 238 00:16:57,180 --> 00:17:01,420 You're basically – the discrete logarithm problem says come and fucking take it, right? 239 00:17:01,600 --> 00:17:01,780 Yeah. 240 00:17:01,980 --> 00:17:06,500 I'm giving you all of the pieces and I'm so confident in this math. 241 00:17:06,500 --> 00:17:10,100 I'm confident in the number of computing, 242 00:17:10,580 --> 00:17:13,660 the amount of computing resources that exists today 243 00:17:13,660 --> 00:17:15,540 and reasonably into the future 244 00:17:15,540 --> 00:17:18,160 that I'm telling you to come and take it. 245 00:17:18,780 --> 00:17:21,560 Now, I'm going to repeat myself a few times 246 00:17:21,560 --> 00:17:24,740 because I'm trying to zero in on the factors 247 00:17:24,740 --> 00:17:29,160 because I think it's important first 248 00:17:29,160 --> 00:17:32,540 to explain what a logarithm is to a lot of people. 249 00:17:34,000 --> 00:17:35,620 I don't know about you, Rob, 250 00:17:35,620 --> 00:17:41,840 But when I was in high school, which I barely I really barely went to my second and third year, I kind of stopped going. 251 00:17:41,920 --> 00:17:44,140 But I was still into math and I was studying it by myself. 252 00:17:44,500 --> 00:17:47,700 But when I hit this thing called logarithm, my brain broke. 253 00:17:49,760 --> 00:17:52,180 And I actually gave up. 254 00:17:52,220 --> 00:17:52,840 I said, you know what? 255 00:17:52,840 --> 00:17:54,820 I guess I'm never going to understand what a logarithm is. 256 00:17:54,840 --> 00:17:58,440 And then in college, I learned calculus and it all made sense. 257 00:17:58,440 --> 00:17:59,820 And I was like, oh, my God. 258 00:18:00,740 --> 00:18:03,000 That was like one of the first moments I got angry. 259 00:18:03,100 --> 00:18:04,800 I'm like, why don't they teach calculus first? 260 00:18:04,800 --> 00:18:05,820 Why are they doing this? 261 00:18:05,880 --> 00:18:07,040 Why do they do it like this? 262 00:18:07,320 --> 00:18:13,140 You know, this is absurd because I remembered all of the pain I went through in high school 263 00:18:13,140 --> 00:18:16,040 trying to because I'm like, I've never had this problem before. 264 00:18:16,100 --> 00:18:16,900 I've never had anything. 265 00:18:17,000 --> 00:18:18,080 I just like had to accept. 266 00:18:18,360 --> 00:18:19,460 I wasn't going to get. 267 00:18:20,120 --> 00:18:22,740 But why did this word is weird? 268 00:18:23,640 --> 00:18:25,060 Logarithm, it's a weird word. 269 00:18:25,060 --> 00:18:30,460 And it didn't for some reason, my brain, it just could not it just could not work. 270 00:18:30,460 --> 00:18:35,920 and no matter how many times I sat there and did problems about it. 271 00:18:36,080 --> 00:18:38,660 So let me – I just got done explaining this to my daughter 272 00:18:38,660 --> 00:18:40,940 and I feel – I'm feeling like I'm on a heat check. 273 00:18:41,340 --> 00:18:41,880 Go for it. 274 00:18:42,120 --> 00:18:44,580 I'm going to talk about what a logarithm is, OK? 275 00:18:45,440 --> 00:18:47,500 Because I don't want people to get tripped up by this 276 00:18:47,500 --> 00:18:50,060 and you can't know what a discrete logarithm is 277 00:18:50,060 --> 00:18:51,740 if you don't know what a logarithm is, OK? 278 00:18:53,080 --> 00:18:57,000 So all the logarithm is is a power, OK? 279 00:18:57,000 --> 00:19:05,720 I mean, that's the first thing that I know this seems this is going to seem stupid to a few people here, but like all logarithm is is a power. 280 00:19:05,880 --> 00:19:14,940 So in other words, if I want to find a logarithm of we talk in shorthand, this is part of the problem because there's sort of an infinite amount of ways to express a logarithm. 281 00:19:15,320 --> 00:19:20,220 But, you know, one of the shorthand ways we like is base 10 because that's how we think. 282 00:19:20,220 --> 00:19:28,080 Right. So if the base 10 logarithm is the 10 to the X equals some number. 283 00:19:28,200 --> 00:19:30,480 Right. We want to know what X is. 284 00:19:30,780 --> 00:19:32,880 Now, a lot of these we can do in our head. 285 00:19:33,280 --> 00:19:36,500 Like the base 10 logarithm of 10 is one. 286 00:19:36,500 --> 00:19:39,120 The base 10 logarithm of 100 is two. 287 00:19:39,600 --> 00:19:41,360 Right. 10 times 10 is 100. 288 00:19:41,840 --> 00:19:44,720 You just count. That's right. You just count the zeros. 289 00:19:45,300 --> 00:19:47,340 You count the zeros, buddy, and you are done. 290 00:19:47,340 --> 00:19:55,140 right base 10 logarithm of 10 to the x 10 to the c or 10 to any number right is that number 291 00:19:55,140 --> 00:20:03,080 right um i don't think i've gotten into toilet seat math yet on this podcast not yet that's like 292 00:20:03,080 --> 00:20:08,800 one of my big secrets of how i taught my oldest daughter yes toilet seat math i was good and it 293 00:20:08,800 --> 00:20:15,060 really out it was out of like absolute frustration of trying to explain like how do you not know that 294 00:20:15,060 --> 00:20:22,640 Like I was trying to explain like terms to my oldest daughter who's now like a math major and has exceeded me. 295 00:20:23,360 --> 00:20:25,020 You'll hear her on this podcast eventually. 296 00:20:25,440 --> 00:20:42,713 But I was like OK if I have 2x plus 9x how much do I have And she like I don know I don know what that means I like well if you have two I got so frustrated I like all right if you have two toilet seats and you add nine toilet seats to that what do you have And she like oh well I got 11 toilet seats I like okay 297 00:20:42,773 --> 00:20:47,933 well, you know, what if toilet seat was just an avatar for anything, right? Is your variable. 298 00:20:48,453 --> 00:20:53,253 And so I was able to use, I like my standard notation for variables for teaching things like 299 00:20:53,253 --> 00:21:00,173 that is toilet seats, doodos, and like things that are clearly no one would ever use that 300 00:21:00,173 --> 00:21:03,433 are absurd enough that a child actually kind of knows now. 301 00:21:03,513 --> 00:21:04,533 Oh, it could be anything. 302 00:21:05,593 --> 00:21:07,833 It could be anything, right? 303 00:21:08,093 --> 00:21:08,753 Yes, right. 304 00:21:09,373 --> 00:21:15,493 And so I was teaching the thing that resonated with my younger daughter who kind of really 305 00:21:15,493 --> 00:21:20,113 she struggles to get like she struggles to get good grades in math, even though she kind 306 00:21:20,113 --> 00:21:21,013 of gets it. 307 00:21:21,013 --> 00:21:23,013 So she's a lot like me that way. 308 00:21:23,253 --> 00:21:30,173 I was so we got to the point where we said the base is the toilet the base toilet seat 309 00:21:30,173 --> 00:21:42,293 log right of I should say the base 10 log of 10 to the toilet seat is the toilet seat I can't 310 00:21:42,293 --> 00:21:48,513 believe I'm doing this on this podcast right now but like you know and if you don't like x this is 311 00:21:48,513 --> 00:21:51,073 I guess because, you know, that wasn't for me, it wasn't enough. 312 00:21:51,413 --> 00:22:00,453 X wasn't enough to, you know, for some people are mature enough that they can use X, Y and Z and do learn algebra. 313 00:22:00,633 --> 00:22:01,853 For me, that was never the case. 314 00:22:01,913 --> 00:22:02,793 I needed to go further. 315 00:22:02,913 --> 00:22:05,233 I need a more absurd example. 316 00:22:05,913 --> 00:22:11,773 So but this is all to say that this notion of a logarithm is nothing more than a power. 317 00:22:11,773 --> 00:22:20,833 And so I think maybe it's useful really quick to take one more step down and to say, do we know what PEMDAS is? 318 00:22:21,093 --> 00:22:22,653 Do we understand PEMDAS? 319 00:22:23,293 --> 00:22:24,553 Please excuse my dear Aunt Sally. 320 00:22:25,033 --> 00:22:25,653 Please, yes. 321 00:22:25,733 --> 00:22:31,733 For our generation, and you're 50 years younger than me, but still for our generation. 322 00:22:32,293 --> 00:22:33,233 There's a generation. 323 00:22:33,533 --> 00:22:37,493 I think if you study, there's a generation that got, please excuse my dear Aunt Sally. 324 00:22:37,493 --> 00:22:42,213 but that became way too long for the gen alphas. 325 00:22:43,173 --> 00:22:45,213 So now they have PEMDAS. 326 00:22:45,453 --> 00:22:48,433 It's the same acronym, P-E-M-D-A-S, 327 00:22:48,633 --> 00:22:49,393 and it's just an order. 328 00:22:49,653 --> 00:22:52,713 This gives you the order of operations 329 00:22:52,713 --> 00:22:54,373 of what you do first in algebra. 330 00:22:54,993 --> 00:22:58,613 Starts with parentheses, then exponents, right? 331 00:22:58,973 --> 00:23:01,573 Your brain should be going off right now for saying, 332 00:23:01,673 --> 00:23:04,153 oh yeah, he's talking about something about exponents 333 00:23:04,153 --> 00:23:07,713 because that's what we're talking about with logarithms. 334 00:23:07,793 --> 00:23:09,453 So we've got parentheses, exponents, 335 00:23:10,053 --> 00:23:11,733 and we've got multiplication and division, 336 00:23:11,733 --> 00:23:12,873 which sit on their own, 337 00:23:13,393 --> 00:23:15,433 like those sit on their own level, right? 338 00:23:15,813 --> 00:23:16,573 Multiplication and division, 339 00:23:16,673 --> 00:23:17,893 it doesn't matter which one you do first. 340 00:23:18,053 --> 00:23:19,013 It just matters that... 341 00:23:19,013 --> 00:23:19,793 Effectively the same thing. 342 00:23:20,193 --> 00:23:21,153 Effectively the same thing. 343 00:23:21,213 --> 00:23:23,613 And then you have addition and subtraction, 344 00:23:23,673 --> 00:23:24,433 the A and the S, 345 00:23:24,493 --> 00:23:26,253 that's also effectively the same thing. 346 00:23:26,313 --> 00:23:28,233 As long as you know that multiplication and division 347 00:23:28,233 --> 00:23:31,473 is before addition and subtraction, you're good. 348 00:23:31,573 --> 00:23:33,113 As long as you know that exponentiation 349 00:23:33,113 --> 00:23:38,353 is before multiplication slash division, you're good. 350 00:23:38,353 --> 00:23:45,193 But unfortunately, the acronym and the fun saying 351 00:23:45,193 --> 00:23:52,833 doesn't pair exponentiation with its partner called the logarithm. 352 00:23:53,793 --> 00:23:54,093 That's right. 353 00:23:54,593 --> 00:24:00,113 And so if we just kind of go back and help help that, 354 00:24:00,233 --> 00:24:02,133 it's just not it's not great. 355 00:24:02,133 --> 00:24:08,853 please excuse, you know, lovely, there's no good, there was, I'm pretty sure people tried to do this 356 00:24:08,853 --> 00:24:14,313 and it never worked out. So we just have to fill this gap in right now and say, if you go and think 357 00:24:14,313 --> 00:24:19,653 of PEMDAS and if you think of associate, if you think of addition and subtraction as similar, 358 00:24:20,153 --> 00:24:26,653 right, as buddies, twins, little twinsies, right. And then you think of multiplication division as 359 00:24:26,653 --> 00:24:32,393 older twins, right? Imagine the horrors of this parent just continuing to have twins, 360 00:24:32,393 --> 00:24:37,013 but like, and then you go back and then you go up the level, the big brother, the big sister, 361 00:24:37,013 --> 00:24:44,813 you have exponentiation and logarithms. Okay. So they're, they're twins, you know, and you know 362 00:24:44,813 --> 00:24:49,793 what's great about twins? They undo each other. They love to undermine each other, right? So 363 00:24:49,793 --> 00:24:51,993 So subtraction undermines addition. 364 00:24:52,553 --> 00:24:54,293 Division undermines multiplication. 365 00:24:55,253 --> 00:24:59,673 And logarithms undermine exponentiation. 366 00:25:00,113 --> 00:25:01,273 They undo it. 367 00:25:03,093 --> 00:25:06,833 I'm hoping this enriches this discussion. 368 00:25:07,553 --> 00:25:08,633 So what is a logarithm? 369 00:25:08,753 --> 00:25:11,953 So every next step, by the way, 370 00:25:12,473 --> 00:25:17,813 multiplication is nothing more than repeated addition, right? 371 00:25:18,513 --> 00:25:18,693 Yeah. 372 00:25:18,693 --> 00:25:21,853 So multiplication is – let's repeat that. 373 00:25:22,533 --> 00:25:23,953 Multiplication is repeated addition. 374 00:25:24,093 --> 00:25:31,193 You take addition, you multiply it by a scalar, and that's just how you repeat addition, just like we just said happens on an elliptic curve. 375 00:25:31,513 --> 00:25:43,513 You take your generator point, and you – we haven't gotten here yet, but spoiler alert, you're going to do an operation called addition repeatedly, right? 376 00:25:43,713 --> 00:25:44,833 How many times? 377 00:25:45,413 --> 00:25:47,873 Well, I know, but you don't, right? 378 00:25:48,693 --> 00:25:49,913 Certain amount of times. 379 00:25:50,413 --> 00:25:56,493 And I'm actually, you know, I'm so confident that you can't even guess how many times because it's hard to do. 380 00:25:56,813 --> 00:25:57,373 It's just hard. 381 00:25:57,873 --> 00:25:58,113 Okay. 382 00:25:58,633 --> 00:26:01,673 So multiplication is repeated addition. 383 00:26:02,873 --> 00:26:05,713 Exponentiation is repeated multiplication. 384 00:26:06,493 --> 00:26:07,153 Okay, right? 385 00:26:07,213 --> 00:26:08,733 So I'm really just drawing this line. 386 00:26:08,833 --> 00:26:12,613 And so there's no special magic or sorcery here. 387 00:26:12,613 --> 00:26:19,833 This is just another logical step in how we do arithmetic, right? 388 00:26:20,913 --> 00:26:23,493 Now, what's repeated exponentiation? 389 00:26:23,813 --> 00:26:32,253 I don't want to introduce that because it's not relevant and we need to just stick to what – we need to just try to rock this here, right? 390 00:26:32,813 --> 00:26:40,833 So we have, once again, very, very base substrate addition that gets undermined by subtraction, okay? 391 00:26:40,833 --> 00:26:46,573 Then we have repeated addition called multiplication, which can get undone by division. 392 00:26:46,853 --> 00:26:48,073 I think we all get this, right? 393 00:26:48,453 --> 00:26:53,853 And so it's one little extra step to say, well, repeated multiplication is exponentiation. 394 00:26:54,973 --> 00:26:56,553 And that gets undone. 395 00:26:57,713 --> 00:27:04,173 And when I say undone, remember the conversation about groups where we said every group has an identity element? 396 00:27:05,173 --> 00:27:07,693 By undone, it means we do the operation. 397 00:27:07,693 --> 00:27:12,293 it's the thing we do to get the identity as the answer. 398 00:27:13,993 --> 00:27:14,673 Right? 399 00:27:15,413 --> 00:27:19,253 So, and addition has the identity of zero. 400 00:27:20,733 --> 00:27:23,173 Multiplication has an identity of one. 401 00:27:24,213 --> 00:27:26,973 The question now is what's the identity, 402 00:27:27,473 --> 00:27:30,233 and boy, this is now tightrope walk 403 00:27:30,233 --> 00:27:32,013 because I have not thought through this at all. 404 00:27:32,333 --> 00:27:36,013 But is there an identity element for exponentiation? 405 00:27:36,473 --> 00:27:37,513 I think there is. 406 00:27:37,693 --> 00:27:38,913 I think there is too. 407 00:27:39,633 --> 00:27:44,993 And I think it's the base that you're raising to a power. 408 00:27:48,833 --> 00:27:49,313 Right? 409 00:27:51,493 --> 00:27:56,713 So in other words, if I said, what's the, what's the, that, that, and that's why the base matters, right? 410 00:27:56,713 --> 00:28:02,313 If I said, what's the base 10 log of a thousand, right? 411 00:28:02,313 --> 00:28:10,033 Then it's the question is what – the logarithm is the thing that would get me back to 10, right? 412 00:28:10,333 --> 00:28:14,933 So if I take 1,000 and it's the somethingth root, right? 413 00:28:14,993 --> 00:28:17,293 It's the opposite of exponentiation. 414 00:28:17,613 --> 00:28:21,533 The opposite of exponentiation is the root, right? 415 00:28:22,053 --> 00:28:23,253 We know square roots. 416 00:28:23,553 --> 00:28:25,233 Those are nice, right? 417 00:28:25,573 --> 00:28:31,573 If you want to take a perfect square and undo it into its root, say, oh, it's 49. 418 00:28:31,573 --> 00:28:32,993 Well, there's two answers. 419 00:28:33,133 --> 00:28:35,013 It's plus or minus seven, right? 420 00:28:36,053 --> 00:28:37,713 Any one of those two things. 421 00:28:38,093 --> 00:28:44,413 But if I'm really trying to get to the base, so base 10, the answer's of 1,000, the answer's three. 422 00:28:44,673 --> 00:28:49,973 If I want to get the base two logarithm of the number eight, the answer's three. 423 00:28:50,713 --> 00:28:53,953 I'm hoping that was pretty, I'm hoping that caught, right? 424 00:28:54,433 --> 00:28:57,313 Because two to the third is eight, right? 425 00:28:57,553 --> 00:29:00,573 So I'm asking the question, what's the power? 426 00:29:00,573 --> 00:29:08,613 right what's the power that does this that does it and that and the reason we asked that question 427 00:29:08,613 --> 00:29:16,873 right is because that is a very hard thing to do hard enough to protect 428 00:29:16,873 --> 00:29:24,453 as much wealth as i'm willing to protect underneath it for we'll just say 429 00:29:24,453 --> 00:29:28,313 for a reasonable time on earth. 430 00:29:28,673 --> 00:29:29,133 That's right. 431 00:29:32,193 --> 00:29:33,573 I'll stop there. 432 00:29:34,793 --> 00:29:37,313 No, I think it's a good pause point. 433 00:29:40,713 --> 00:29:42,153 Maybe to even tie back now, 434 00:29:42,193 --> 00:29:43,093 we're talking about logs, 435 00:29:44,233 --> 00:29:45,493 kind of the asymmetry of them, 436 00:29:45,853 --> 00:29:49,573 specifically the discrete log problem 437 00:29:49,573 --> 00:29:53,313 and what would be the... 438 00:29:54,453 --> 00:30:09,713 Did I actually meet myself? 439 00:30:10,033 --> 00:30:10,473 You did. 440 00:30:13,473 --> 00:30:17,693 You said back to the discrete log problem and then we lost you. 441 00:30:22,233 --> 00:30:23,193 All that wisdom. 442 00:30:23,193 --> 00:30:29,853 all that wisdom is gone forever now yeah that's correct so going through logarithms going through 443 00:30:29,853 --> 00:30:36,193 kind of like the asymmetry this really large search space of two to the 256 like what makes it 444 00:30:36,193 --> 00:30:41,373 the word discrete log problem we're talking about logarithms in general and how that's the opposite 445 00:30:41,373 --> 00:30:50,773 almost the inverse of expense expansion expensation you got it and so this is one of my favorite 446 00:30:50,773 --> 00:30:55,373 topics ever, by the way, is the fact that it's called a discrete log problem because 447 00:30:55,373 --> 00:30:56,953 it has double meaning. 448 00:30:58,493 --> 00:30:59,013 Yes. 449 00:31:00,733 --> 00:31:10,173 And so for a discrete log, I guess what you have to do, you're not able to reasonably 450 00:31:10,173 --> 00:31:13,413 ascertain at any point if you're closer or not to the final answer. 451 00:31:13,953 --> 00:31:15,433 It's like a continuous function. 452 00:31:15,433 --> 00:31:23,913 So it's kind of like a total random space where you're – and this is actually just as a very brief aside and interesting. 453 00:31:24,573 --> 00:31:31,553 I mentioned earlier Bitcoin mining and like proof of work and this asymmetry that's trivial to verify. 454 00:31:31,873 --> 00:31:42,053 The difference between proof of work, though, and a public-private key pair is that there's only one real answer for the private key lookup. 455 00:31:42,053 --> 00:31:50,613 Whereas in Bitcoin mining, there's a difficulty target where there's actually many possible solutions to the next valid Bitcoin block. 456 00:31:51,313 --> 00:31:54,633 For public-private key, there's only an answer. 457 00:31:55,253 --> 00:32:02,333 And so with Bitcoin mining, when you're randomly hashing, you're kind of going along, you are just pulling lotto tickets to find the one with the most leading zeros. 458 00:32:02,733 --> 00:32:07,253 But it's not like the search spaces, there's only one number that satisfies that. 459 00:32:07,253 --> 00:32:13,213 And that's also part of the unpredictable nature of how often in frequency blocks come in. 460 00:32:13,253 --> 00:32:14,533 They come in at a Poisson distribution. 461 00:32:14,673 --> 00:32:15,913 Maybe we should talk about that another time. 462 00:32:17,373 --> 00:32:29,533 But the idea here, though, is that from each incremental step of trying to undo the public-private key pair, since the function is continuous, there isn't really marginal more information that you're gathering along the way. 463 00:32:32,173 --> 00:32:35,033 Yeah, I mean this is a rich topic in and of itself. 464 00:32:35,033 --> 00:32:42,153 But like I think I've talked to you a little bit about this just on the side, trying to really grok it. 465 00:32:42,293 --> 00:32:50,913 But something that I think is important that needs to just – we need to just kind of sit with in our journey here. 466 00:32:51,593 --> 00:32:56,533 One of the big distinctions in math is whether something is continuous or whether it's discrete. 467 00:32:56,533 --> 00:33:11,853 Right. When I say something, I should probably be specific, whether like a sequence of events or whether a set, right, a set of, you know, a set of possible numbers. 468 00:33:12,853 --> 00:33:18,513 Whether a set of possible numbers is continuous or discrete and to try to really kind of drive it home. 469 00:33:18,513 --> 00:33:33,553 Just imagine like a circle, right? A circle is clearly a continuous, you know, it's a continuous object, meaning you can draw it without lifting your pencil, right? 470 00:33:33,753 --> 00:33:41,633 But it's more than a, it's actually more than a continuous object. It's a very specific type of continuous object. 471 00:33:41,633 --> 00:33:48,293 like a square is a continuous object except we have we know how many sides are on a square right 472 00:33:48,293 --> 00:33:53,693 we know we can see the four sides of a square right right we can see the five sides of a pentagon 473 00:33:53,693 --> 00:34:00,493 we can see the 10 sides of a decagon right a circle is when the number of sides 474 00:34:00,493 --> 00:34:09,473 tends to infinity and you can't and then the number of then the number you the zero it's like 475 00:34:09,473 --> 00:34:11,753 There are no sides, right? 476 00:34:11,933 --> 00:34:22,933 So it's like a special type of continuous where it's actually convergent, sort of converging on infinite, right? 477 00:34:23,233 --> 00:34:29,213 And that's when, you know, if we think about time and how we observe trials in time, right? 478 00:34:29,233 --> 00:34:31,413 We observe them discreetly, right? 479 00:34:31,493 --> 00:34:32,833 Then we can see the points. 480 00:34:33,993 --> 00:34:35,893 Market data is like that, right? 481 00:34:35,893 --> 00:34:37,313 You can see every tick. 482 00:34:39,473 --> 00:34:43,453 Or you can say, hey, every millisecond, show me the price of something every millisecond. 483 00:34:43,453 --> 00:34:53,253 But you can't say, show me the price of something continuously, even though we all know that time is continuous. 484 00:34:53,593 --> 00:34:55,133 We all know that it's all happening. 485 00:34:55,133 --> 00:35:00,553 It happens continuously, but it can only be observed discreetly. 486 00:35:01,913 --> 00:35:06,553 Okay, so this is like the just want to kind of like, this is a dichotomy that's really important. 487 00:35:06,553 --> 00:35:13,373 and it happens to be important when we talk about the elliptic curve of bitcoin this is so this is 488 00:35:13,373 --> 00:35:19,693 why we're spending time on it because it happens to be an important thing um directionality is an 489 00:35:19,693 --> 00:35:25,953 important thing as well and when you know i was trained in probability that the object of the game 490 00:35:25,953 --> 00:35:31,013 was to take these discrete trials and to be able to view them continuously and so everyone knows 491 00:35:31,013 --> 00:35:36,693 what the law of large numbers is. That's the thing that says, you know, your discrete distribution, 492 00:35:36,693 --> 00:35:41,493 if you do it long enough, you can just assume it's continuous. And then you can, then what you 493 00:35:41,493 --> 00:35:47,913 can do is the math gets more elegant. That's, I guess it gets more elegant and easy. And when you 494 00:35:47,913 --> 00:35:52,553 are a human being doing math, that's what you want. But when you're trying to protect, 495 00:35:52,553 --> 00:35:59,373 when you're trying to protect mathematical objects, right, 496 00:35:59,693 --> 00:36:01,393 behind that work, you want the opposite. 497 00:36:01,753 --> 00:36:03,573 So you want to take something that's continuous 498 00:36:03,573 --> 00:36:05,633 and if you can, express it discreetly 499 00:36:05,633 --> 00:36:07,973 because then you're going to make it very ugly 500 00:36:07,973 --> 00:36:10,233 and certainly a human being can't do it 501 00:36:10,233 --> 00:36:14,413 and it turns out you want to make it so hard that computers can't do it. 502 00:36:14,413 --> 00:36:16,833 This goes to the entire field of cryptography 503 00:36:16,833 --> 00:36:21,613 is trying to at every point basically shake the Etch-A-Sketch board, 504 00:36:21,613 --> 00:36:27,333 make it a discrete problem not a continuous one if it were a continuous problem you'd be able to 505 00:36:27,333 --> 00:36:33,393 reasonably discern oh am i closer not to guessing the private key right i'd be like oh maybe i just 506 00:36:33,393 --> 00:36:38,133 need to increase the number by one or two right like you would know you would have like a general 507 00:36:38,133 --> 00:36:45,493 like algorithm that you could recursively run to quickly get to the answer and this goes back to 508 00:36:45,493 --> 00:36:58,153 It's just the, while we have this curve of the elliptic curve, you don't just go, it's not like the private key is going to be next to the public key for every single point. 509 00:36:58,153 --> 00:37:01,213 It's randomly somewhere across that entire curve. 510 00:37:02,573 --> 00:37:12,113 And because like each number is like a dot, as opposed, instead of viewing it as the continuous graph view, each number is a point along that curve. 511 00:37:12,113 --> 00:37:15,873 and each incremental step through the generator point 512 00:37:15,873 --> 00:37:18,353 throws you out somewhere entirely random. 513 00:37:19,413 --> 00:37:22,113 And that happens again and again and again 514 00:37:22,113 --> 00:37:26,593 for the amount of times you pick a point. 515 00:37:28,033 --> 00:37:30,013 It'll be constantly randomly shuffling around 516 00:37:30,013 --> 00:37:32,473 until you get to the final number of points in your generator, 517 00:37:33,073 --> 00:37:34,513 which is your private key. 518 00:37:37,513 --> 00:37:41,113 Yeah, and it's meant to be hard and ugly 519 00:37:41,113 --> 00:37:50,253 and um on purpose and it and every like trial that you try doesn't give you any additional 520 00:37:50,253 --> 00:38:01,073 information about where you are in this process right yeah yeah so um it turns out and so here's 521 00:38:01,073 --> 00:38:08,213 the other thing if you guys if you ever really sat and spent time doing arithmetic right um and 522 00:38:08,213 --> 00:38:13,293 you worked with powers, you would, even with calculators, you kind of like, oh my God, why 523 00:38:13,293 --> 00:38:17,173 is my cat? Well, I have, I have a lot of function to my calculator and they work instantly except 524 00:38:17,173 --> 00:38:22,533 for one, which is like solve the power. And it's not like a lot, like, you know, your power, 525 00:38:22,633 --> 00:38:26,213 your calculator probably is a base 10 log and a natural log that does that very fast. 526 00:38:26,773 --> 00:38:32,693 But my calculator, my HP 12 C is a financial calculator. And a lot of times you want to know, 527 00:38:32,693 --> 00:38:36,873 like you have the, you have a compound interest rate, like one plus I to a certain power. And 528 00:38:36,873 --> 00:38:40,393 You want to solve for the power that gives you like you have an annuity. 529 00:38:40,513 --> 00:38:42,693 You have a stream of payments for the next 50 years. 530 00:38:42,693 --> 00:38:50,593 And you say, well, find me the N that is actually, you know, that solves the problem. 531 00:38:50,593 --> 00:38:53,033 And you notice the calculator takes a long time. 532 00:38:53,933 --> 00:38:57,813 So this is something that happened at a fairly young age for me, right? 533 00:38:57,853 --> 00:39:06,733 It's like, oh, it takes quite a long time to calculate a power, even a calculator that does everything else at just absolute rocket speeds, right? 534 00:39:06,873 --> 00:39:14,453 so we start to ask these questions like what is it that makes this problem hard right solving 535 00:39:14,453 --> 00:39:21,753 finding an exponent and discreteness right discreteness is actually part of what makes it hard 536 00:39:21,753 --> 00:39:26,973 um i want to try to like really nail like land this point i don't feel like i have but like 537 00:39:26,973 --> 00:39:32,053 what we call analytical functions you know so like if you had a circle x squared plus y squared 538 00:39:32,053 --> 00:39:41,513 equals one and you were given like um some you were given something some some answer that tells 539 00:39:41,513 --> 00:39:47,053 you something about the points on that curve like it probably wouldn't be hard to just solve for 540 00:39:47,053 --> 00:39:52,133 you can solve the equation literally solve the equation for what x and y are without having to 541 00:39:52,133 --> 00:39:58,713 brute force and you know what discreetness does is it makes you have it make it turns it into a 542 00:39:58,713 --> 00:39:59,673 trial and error problem. 543 00:40:01,293 --> 00:40:02,733 It's a problem you can't 544 00:40:02,733 --> 00:40:04,613 solve algebraically and you have to do 545 00:40:04,613 --> 00:40:06,213 trial and error. 546 00:40:06,933 --> 00:40:07,153 And so 547 00:40:07,153 --> 00:40:10,453 removing the continuity 548 00:40:10,453 --> 00:40:12,333 and reducing it to discreteness is 549 00:40:12,333 --> 00:40:14,653 really one of the things that 550 00:40:14,653 --> 00:40:16,033 actually does make it hard. 551 00:40:17,573 --> 00:40:18,713 You're still on mute 552 00:40:18,713 --> 00:40:19,293 again. 553 00:40:20,213 --> 00:40:22,653 Sorry, I'm trying to be a good 554 00:40:22,653 --> 00:40:24,433 audio engineer. I need a hand signal. 555 00:40:24,613 --> 00:40:25,173 I need a hand signal. 556 00:40:26,253 --> 00:40:28,513 This is an interesting thing too in that 557 00:40:28,513 --> 00:40:34,453 the battle-testedness of Bitcoin's discrete log problem 558 00:40:34,453 --> 00:40:36,153 is something that is inferred. 559 00:40:36,413 --> 00:40:38,913 No one's written a mathematical proof 560 00:40:38,913 --> 00:40:44,473 of being able to show that it's P equal NP hard. 561 00:40:48,133 --> 00:40:51,653 And it's just something that very publicly in the open for decades 562 00:40:51,653 --> 00:40:53,933 people have tried to break this and no one's been able to. 563 00:40:54,533 --> 00:40:55,733 Proof by come and take it. 564 00:40:56,673 --> 00:40:56,913 Yeah. 565 00:40:56,913 --> 00:40:59,553 it's pure applied 566 00:40:59,553 --> 00:41:00,713 pragmatic 567 00:41:00,713 --> 00:41:22,506 we now have a multi dollar asset running this let alone decades before that people were using this cryptography So the ultimate what been able to see at this point is that the best people have been able to do is the square root of N as we talked about earlier which is not cutting it in half 568 00:41:22,506 --> 00:41:23,986 It's taking the square root, right? 569 00:41:23,986 --> 00:41:43,446 So it's, you know, if you're talking about expensiation and, you know, taking the square root as a form of an exponent, in a way, to the one-half power, it still is nowhere near good enough to be able to make something that's practically insolvable or reversible in our lifetimes. 570 00:41:43,446 --> 00:41:47,646 This as a – we don't have to go deep into it, but just a little sprinkle. 571 00:41:48,226 --> 00:41:59,846 This is where the quantum stuff starts breaking assumptions is the idea that you could actually begin to infer information rather than having no information at each incremental stuff. 572 00:42:01,426 --> 00:42:09,246 Let me give a quick example of why the square root thing actually halves the solution space. 573 00:42:09,246 --> 00:42:17,226 you know um just if you wanted to know what the square root of 100 is and you you know you're five 574 00:42:17,226 --> 00:42:22,106 years old you haven't been taught the square root of 100 is 10 so you start plugging numbers in on 575 00:42:22,106 --> 00:42:26,086 your calculator what's the square root of 100 you might you know you might to yourself think man i 576 00:42:26,086 --> 00:42:31,646 have to take i have to try every number right i'm going to do one squared two squared three squared 577 00:42:31,646 --> 00:42:37,126 four squared it's just that the thing is after you hit 10 and you start going above 100 578 00:42:37,126 --> 00:42:45,266 you start knowing, okay, well, okay, clearly, okay, I have to go up to 10. 579 00:42:45,266 --> 00:42:49,646 Then you might, there's a property where you might, where you realize, okay, 580 00:42:49,866 --> 00:42:53,926 I might've stepped in shit here because I'm not ready to land this plane. 581 00:42:55,746 --> 00:42:57,266 Just go for it. 582 00:43:00,786 --> 00:43:05,706 At some point, I actually, I'm kind of stuck. 583 00:43:07,126 --> 00:43:08,266 I really screwed up. 584 00:43:08,326 --> 00:43:09,046 I didn't think this through. 585 00:43:13,306 --> 00:43:15,386 I'm thinking of the sieve of Aristocanese, 586 00:43:15,946 --> 00:43:19,406 if you're familiar with that in terms of how to, like, 587 00:43:20,366 --> 00:43:21,906 say, find all the prime numbers. 588 00:43:22,846 --> 00:43:27,146 Say you want to find all the prime numbers between 0 and 100, right? 589 00:43:28,566 --> 00:43:33,426 You really, you know, I think I'm just making it worse. 590 00:43:33,426 --> 00:43:39,626 i really want i'm going to pull the ripcord here and tap out i'm sorry this is going to happen 591 00:43:39,626 --> 00:43:43,386 episode six this is like the first time it happens 592 00:43:43,386 --> 00:43:51,866 you're on you're on mute god damn it i need you here man i'm listening i'm listening um 593 00:43:51,866 --> 00:43:56,646 the steve arisosthenes is you know way of being able to find prime numbers by going through all 594 00:43:56,646 --> 00:44:01,746 the competent metrics uh up to a given limit it's like a process of elimination way of being 595 00:44:01,746 --> 00:44:08,026 able to do primes and what i would say is essentially what the idea of what a quantum 596 00:44:08,026 --> 00:44:18,706 computer could do is that because it's basically further able to the idea at the highest level i'm 597 00:44:18,706 --> 00:44:25,166 not a quantum expert but it's the idea that it actually can parallelize and actually further 598 00:44:25,166 --> 00:44:26,946 recursively undo 599 00:44:26,946 --> 00:44:28,646 the 600 00:44:28,646 --> 00:44:31,246 expense dentiation you do by using 601 00:44:31,246 --> 00:44:33,326 the generator point in a way 602 00:44:33,326 --> 00:44:35,326 that it's not going to 603 00:44:35,326 --> 00:44:37,186 linearly, internally 604 00:44:37,186 --> 00:44:39,326 in binary space, like, check all 605 00:44:39,326 --> 00:44:41,286 the guesses and be able to further get to 606 00:44:41,286 --> 00:44:42,046 the final answer. 607 00:44:45,566 --> 00:44:46,666 It's something that 608 00:44:46,666 --> 00:44:49,126 in the quantum space at a high level, 609 00:44:50,126 --> 00:44:51,006 I mean, 610 00:44:51,166 --> 00:44:53,186 when it comes up in Bitcoin, I actually sit 611 00:44:53,186 --> 00:44:55,146 in a space where I think that there should be time and effort 612 00:44:55,146 --> 00:44:57,266 put into this stuff and thinking about what this looks like. 613 00:44:57,286 --> 00:45:00,946 If this is an intergenerational project and in the next 10 years, 614 00:45:00,946 --> 00:45:02,126 there's meaningful breakthroughs, 615 00:45:02,126 --> 00:45:04,406 I think it's important for Bitcoin to be well ahead of that. 616 00:45:06,126 --> 00:45:08,986 But you have to figure out a new way of doing a signing algorithm because you 617 00:45:08,986 --> 00:45:11,806 basically have to throw out all of the elliptic curve cryptography into the 618 00:45:11,806 --> 00:45:12,186 garbage. 619 00:45:12,926 --> 00:45:16,046 And this goes into something we mentioned previously that quantum computers are 620 00:45:16,046 --> 00:45:20,986 inherently better at attacking public private key cryptography than they are, 621 00:45:21,086 --> 00:45:22,606 say, dealing with a hash function. 622 00:45:22,606 --> 00:45:25,746 it's a totally different algorithm 623 00:45:25,746 --> 00:45:27,626 which I'll just call it 624 00:45:27,626 --> 00:45:29,726 Shor's algorithm is the ability 625 00:45:29,726 --> 00:45:31,746 to kind of like accelerate 626 00:45:31,746 --> 00:45:33,546 the computation for public private key pairs 627 00:45:33,546 --> 00:45:34,566 hypothetically 628 00:45:34,566 --> 00:45:37,666 on computer and Grover's algorithm 629 00:45:37,666 --> 00:45:39,366 is being able to reverse engineer 630 00:45:39,366 --> 00:45:40,566 a hash and a pre-image 631 00:45:40,566 --> 00:45:43,366 and because 632 00:45:43,366 --> 00:45:45,006 they have different fundamental properties 633 00:45:45,006 --> 00:45:47,026 the idea is that 634 00:45:47,026 --> 00:45:49,286 one way is by going to a hash based algorithm 635 00:45:49,286 --> 00:45:50,886 you'd be able to stay quantum proof 636 00:45:50,886 --> 00:45:58,746 this is also why in bitcoin today if you deposit bitcoin to an address and it's not taproot and 637 00:45:58,746 --> 00:46:01,946 it's not the original paid a public key any of the other ones that have hashed addresses 638 00:46:01,946 --> 00:46:07,986 the actual data that sits on the blockchain is a hash of a public key or a hash of a script and 639 00:46:07,986 --> 00:46:12,206 because it's just a hash it's not something that a quantum computer would be able to reverse 640 00:46:12,206 --> 00:46:16,446 engineer and this goes into one last point about this which between a long range and a short range 641 00:46:16,446 --> 00:46:21,086 quantum attack. A long range quantum attack is I have years or I have lots of heads up time to be 642 00:46:21,086 --> 00:46:27,246 able to look at a public key and grind away and find the private key. A short range attack is 643 00:46:27,246 --> 00:46:31,946 I have a very small window to be able to reverse engineer the public private key. And the way this 644 00:46:31,946 --> 00:46:36,726 intersects with Bitcoin is that if you have an address that you haven't spent from before, 645 00:46:36,806 --> 00:46:40,926 you've never exposed the public key to the blockchain, broadcast and send, there's roughly 646 00:46:40,926 --> 00:46:46,126 like a 10-ish minute window where someone could in theory take a quantum computer, attack your 647 00:46:46,126 --> 00:46:49,446 public key, find your private key and try and double spend you. 648 00:46:50,066 --> 00:46:53,886 That's a way harder problem because it takes something that's in the domain of 649 00:46:53,886 --> 00:46:56,026 five years to try and guess it because it's sitting there. 650 00:46:59,146 --> 00:47:01,926 And while I think that it's an important 651 00:47:01,926 --> 00:47:05,786 thing that Bitcoin development should be able to do, a quantum computer hasn't been able to factor 652 00:47:05,786 --> 00:47:09,146 the number 21 on its own yet without a lot of accelerated help 653 00:47:09,146 --> 00:47:13,186 embedded learnings in the programs themselves that are kind of baking in the answer. 654 00:47:13,186 --> 00:47:22,986 So I kind of duly caution that I think this is important existential for Bitcoin to be resolved in a timely manner over the next five years to have a plan. 655 00:47:23,506 --> 00:47:26,566 But it's not something that I think tomorrow is going to bring Bitcoin. 656 00:47:27,566 --> 00:47:29,306 And I totally agree. 657 00:47:29,606 --> 00:47:30,966 I totally agree with that. 658 00:47:30,966 --> 00:47:42,846 I am personally going to – I'm going to unfortunately for myself, but I am going to ramp up my ability to understand and explain this. 659 00:47:43,186 --> 00:47:53,286 I, I, it's very hard to explain why you're not worried about it without really, really being, um, strong in the details. 660 00:47:53,466 --> 00:48:13,086 So if you, it's the, the price of being able to explain it is the time spent understanding it, even though you kind of think it's a waste of time because it's not a real threat, but it's just more of, um, I have created a textbook where, um, and this came at, I feel like I had the idea for this after our first episode, but I finally just did it. 661 00:48:13,186 --> 00:48:20,306 And it basically said, take me from the basic arithmetic to understanding Shor's algorithm and Grover's algorithm. 662 00:48:21,766 --> 00:48:27,426 And what it ended up doing was it didn't just create, you know, it didn't just take me through the math. 663 00:48:27,526 --> 00:48:34,466 It actually sort of understood the various, everything you just said and what that means for Bitcoin. 664 00:48:34,686 --> 00:48:37,186 And so it's not a yes or no. 665 00:48:37,226 --> 00:48:38,086 It's quantum dangerous. 666 00:48:38,086 --> 00:48:44,826 It's like there's a stack of low-hanging fruit that goes up to high-hanging fruit. 667 00:48:45,486 --> 00:48:49,006 And it's probably worthwhile to understand that stack, right? 668 00:48:49,366 --> 00:49:02,546 It's probably worthwhile to understand what makes Satoshi's coins vulnerable in a way that what makes, you know, if you're behind Taproot and you've never exposed your public key. 669 00:49:02,906 --> 00:49:04,706 Like it's good to understand these things. 670 00:49:04,706 --> 00:49:13,206 and um so i plan to go on this journey with this textbook i created and um be able to hopefully 671 00:49:13,206 --> 00:49:22,046 explain at least you know some in some fashion try to get us through the way i was um the way i 672 00:49:22,046 --> 00:49:27,626 explained this to somebody they were asking me like i was asked to be on a panel about quantum 673 00:49:27,626 --> 00:49:32,646 and then they were like can you actually do that and i said to be honest i'm a three out of ten on 674 00:49:32,646 --> 00:49:37,926 this. Okay. But the people who are talking about quantum are like a five out of 10 and the ones 675 00:49:37,926 --> 00:49:44,966 think they're tens. And I can take the ones, I can tell, I can show the ones what a five is. 676 00:49:46,186 --> 00:49:50,826 And then the guy was like, you can't explain anything, can you? You're really bad at this. 677 00:49:52,646 --> 00:49:56,806 But I mean, I thought that was a pretty solid explanation for what the, for, you know, what 678 00:49:56,806 --> 00:50:04,286 the space is here right no for sure and so but all this i i'm it's fine talking about this here 679 00:50:04,286 --> 00:50:09,606 because it you know at some point we're doing you know we're hurting our brains to try to understand 680 00:50:09,606 --> 00:50:14,226 something it's good to be able to say well why the hell am i doing this it's good to you know 681 00:50:14,226 --> 00:50:21,926 as much as i will generally shit on that notion i mean i think in general we should be willing to 682 00:50:21,926 --> 00:50:26,226 learn without always having to be like well why am i learning this why am i learning this is the 683 00:50:26,226 --> 00:50:34,246 reason why math is censored it's censored in our own minds in our own sense of time but to the 684 00:50:34,246 --> 00:50:40,106 extent you can motivate it we should and that's why i think it's it's okay when we talk about 685 00:50:40,106 --> 00:50:43,986 discrete logarithm problem and you know there's people that are just going to be like well why 686 00:50:43,986 --> 00:50:48,786 would i bother learning this if it's going to be essentially by the time i'm done learning it by 687 00:50:48,786 --> 00:50:53,446 the time my brain understands it it's going to be destroyed by a quantum computer right and i would 688 00:50:53,446 --> 00:50:57,546 just say and then oh so what i'm gonna and then once i get to that point i'm gonna have to now 689 00:50:57,546 --> 00:51:03,146 learn what a quantum computer does and doesn't do um and i'd say you know yeah it's all this is if 690 00:51:03,146 --> 00:51:12,086 if you're all in like uh rob and i are yeah you better kind of better do it you know if you're a 691 00:51:12,086 --> 00:51:17,746 tourist you're fully in it if you're fully in it man there's really no other way i threw it 692 00:51:17,746 --> 00:51:23,286 i mean the one thing i'll say about coblets he's all in and his thing he's all in with whatever 693 00:51:23,286 --> 00:51:28,166 he's doing and he's going to pursue that rob and i are all in here on bitcoin and we're gonna 694 00:51:28,166 --> 00:51:35,506 we're gonna tell you guys we're gonna hopefully pave the path for those who really feel like they 695 00:51:35,506 --> 00:51:42,826 have to understand this at a basic level and um you know do you have to no but you probably we 696 00:51:42,826 --> 00:51:47,486 probably should and i think it's again gonna continue we're gonna continue to do this so now 697 00:51:47,486 --> 00:51:54,906 my, my, what's the second meaning? I love the discrete log name because discrete, we talked 698 00:51:54,906 --> 00:52:00,646 about discrete meaning like fixed in time, not continuous. And then I love that discrete also 699 00:52:00,646 --> 00:52:10,166 means secret, you know, like that to me, the, that's, that's, that's of the God world right 700 00:52:10,166 --> 00:52:14,706 there of giving us this thing that means both of those things, you know, and it's the discreteness 701 00:52:14,706 --> 00:52:15,666 that makes it a secret. 702 00:52:17,046 --> 00:52:17,526 Right. 703 00:52:18,226 --> 00:52:18,686 Right. 704 00:52:19,446 --> 00:52:19,806 The, 705 00:52:19,946 --> 00:52:21,526 I'm looking, 706 00:52:22,026 --> 00:52:23,606 I'm looking through this. 707 00:52:23,746 --> 00:52:26,226 We're at a dangerous time of the episode. 708 00:52:26,606 --> 00:52:27,006 Yeah. 709 00:52:27,186 --> 00:52:29,386 I don't want to overshoot into a clearing 710 00:52:29,386 --> 00:52:31,726 and then leave everyone to go figure it out. 711 00:52:32,746 --> 00:52:33,266 For, 712 00:52:33,866 --> 00:52:36,366 I'm flipping through the study guide right now. 713 00:52:36,846 --> 00:52:38,426 I might cut five minutes out of 714 00:52:38,426 --> 00:52:39,466 where I stepped in shit. 715 00:52:40,406 --> 00:52:41,126 What was that? 716 00:52:41,566 --> 00:52:43,306 I might cut the five minutes out 717 00:52:43,306 --> 00:52:44,146 where I stepped in shit. 718 00:52:44,146 --> 00:52:46,966 It wasn't that bad. 719 00:52:48,966 --> 00:52:54,246 Looking through the study guide here, the curve over the reels, the signature. 720 00:52:56,386 --> 00:52:59,406 I know you did a little bit of work, too, on Bitcoin transactions in general. 721 00:52:59,586 --> 00:53:05,626 Is there something you want to take a little detour on as it relates to Bitcoin transactions themselves? 722 00:53:06,746 --> 00:53:12,266 We could always go back to our buddy, the nonces, the generating of a signature. 723 00:53:12,266 --> 00:53:16,946 We've gone over and creating a private key. 724 00:53:16,946 --> 00:53:19,346 We've done the public key multiple previously. 725 00:53:19,346 --> 00:53:21,346 We can do that again for emphasis. 726 00:53:21,346 --> 00:53:23,646 I think let's save those. 727 00:53:23,646 --> 00:53:29,026 So I feel like when – what we've been doing in arithmetic, we mention these things that 728 00:53:29,026 --> 00:53:33,626 are at the end because – to motivate us to say this is the line we're – this is 729 00:53:33,626 --> 00:53:36,666 the point we're walking to on this line. 730 00:53:36,666 --> 00:53:40,826 I don't know if I want to get too deep into the protocol stuff. 731 00:53:40,826 --> 00:53:45,706 I think we call it out so that we say this is why we're learning what a logarithm is. 732 00:53:45,926 --> 00:53:46,226 Right. 733 00:53:46,646 --> 00:53:46,886 Right. 734 00:53:47,486 --> 00:53:54,446 So maybe if we're getting gun shy about sort of what we think is the last arithmetic. 735 00:53:56,326 --> 00:53:56,946 I don't know. 736 00:53:57,026 --> 00:53:57,766 I think we could do it. 737 00:53:57,786 --> 00:53:58,366 I think we could do it. 738 00:53:58,486 --> 00:53:59,186 I think we should do it. 739 00:53:59,906 --> 00:54:00,266 Okay. 740 00:54:00,946 --> 00:54:07,886 So there's the last – I feel like the last piece of arithmetic that we need here is – 741 00:54:07,886 --> 00:54:13,766 unfortunately it's a little it's a little you know it's a little it's a little hairy but it's 742 00:54:13,766 --> 00:54:19,046 not that hairy but it's something so in mod you know we talked let's go back to modular 743 00:54:19,046 --> 00:54:28,566 modular arithmetic okay something i don't think we really discussed that deeply is that um the 744 00:54:28,566 --> 00:54:35,386 properties of modular arithmetic meaning so like if i have nine mod seven then that equals two 745 00:54:35,386 --> 00:54:45,486 right and if i have um 10 mod 7 and that equals 3 that 9 plus 10 is always going to equal 746 00:54:45,486 --> 00:54:50,466 2 plus 3 i hate that i had to say this so i'm going to try to really draw this line 747 00:54:50,466 --> 00:54:58,866 9 plus 10 9 being 2 right in mod 7 10 being 3 mod 7 that sum is always going to be 748 00:54:58,866 --> 00:55:03,426 5 so in other words 9 plus 10 is always going to be interchangeable with 2 plus 3 749 00:55:03,426 --> 00:55:08,306 always, always, always, always. Right. And I can say, I know 19 mod seven, 750 00:55:08,726 --> 00:55:10,806 God, please God tell me it's five. Right. 751 00:55:12,946 --> 00:55:15,566 It is so like under addition, 752 00:55:15,966 --> 00:55:20,426 it's like what we're trying to say here is this is back to like the abstractness 753 00:55:20,426 --> 00:55:24,006 and the groups and the structure, but like the operation is always preserved. 754 00:55:24,546 --> 00:55:29,326 No matter what, no matter which version I'm doing. Right. 755 00:55:29,326 --> 00:55:33,146 If I'm doing the regular arithmetic or if I'm doing, you know, 756 00:55:33,146 --> 00:55:36,846 But no matter what order I'm doing it in, if I take the mod first or if I wait till the 757 00:55:36,846 --> 00:55:42,166 end to take the modulus, it's always going to get to the same answer. 758 00:55:42,166 --> 00:55:43,166 And that's true of addition. 759 00:55:43,166 --> 00:55:45,006 It's true of subtraction. 760 00:55:45,006 --> 00:55:47,706 It's true of multiplication. 761 00:55:47,706 --> 00:55:53,466 So this is something that I've spent probably months in abstract algebra textbooks and number 762 00:55:53,466 --> 00:55:54,926 theory textbooks proving. 763 00:55:54,926 --> 00:55:58,766 But it's all very – it's just good to – you want to know that these things are 764 00:55:58,766 --> 00:56:02,886 all true in modular arithmetic. 765 00:56:02,886 --> 00:56:08,646 might seem like an unnecessary thing to say, but you can always count on the properties. 766 00:56:09,146 --> 00:56:17,106 This operation, this idea of using a modulus is going to work. It's going to work no matter 767 00:56:17,106 --> 00:56:24,166 what we're doing. Okay. And so things get a little more advanced when we're talking about 768 00:56:24,166 --> 00:56:26,286 squares. 769 00:56:27,266 --> 00:56:29,266 So the first question is 770 00:56:29,266 --> 00:56:31,566 why do we care 771 00:56:31,566 --> 00:56:33,946 if something is a square or not? 772 00:56:33,986 --> 00:56:35,286 And I should say this statement, 773 00:56:35,526 --> 00:56:38,246 we now also care 774 00:56:38,246 --> 00:56:39,706 that a number is a square. Why? 775 00:56:40,606 --> 00:56:41,646 And that is because 776 00:56:41,646 --> 00:56:43,966 of what the Bitcoin elliptic curve 777 00:56:43,966 --> 00:56:45,006 equation is. 778 00:56:45,426 --> 00:56:47,206 It says y squared equals something. 779 00:56:48,566 --> 00:56:49,086 Right? 780 00:56:49,766 --> 00:56:52,166 It equals x cubed plus 7 781 00:56:52,166 --> 00:56:53,626 but it really is just a matter of this. 782 00:56:53,626 --> 00:57:03,086 y squared equals something. So that thing, that point on your curve is a square. Okay. 783 00:57:03,346 --> 00:57:10,026 That's just really, by definition, it is a square. Okay. Now, why does that matter? Okay. Now it's 784 00:57:10,026 --> 00:57:19,226 not a, it's not a geometric square. It's a number that can be, that can be gotten by taking a number 785 00:57:19,226 --> 00:57:26,286 multiplied by itself in the in the modulus in the modular space modulo um in bitcoin's case 786 00:57:26,286 --> 00:57:37,306 modulo two to the 256 minus two to the 32 minus 977 right so the point the answer is is a square 787 00:57:37,306 --> 00:57:41,906 that that so that's a little this is why we were a little gun shy of jumping right into this because 788 00:57:41,906 --> 00:57:46,946 it's like that you know i don't feel great about how this is coming we're about to do an ensemble 789 00:57:46,946 --> 00:57:52,186 of combining a bunch of concepts we've gone up to up to this point from modular arithmetic world 790 00:57:52,186 --> 00:57:58,666 from groups from the equation of y squared equals x cubed plus seven which is the elliptic curve 791 00:57:58,666 --> 00:58:04,566 function we're about to smash all of those together and i think the first thing to start 792 00:58:04,566 --> 00:58:10,286 with with your point about y squares are important is that very specifically by definition of the way 793 00:58:10,286 --> 00:58:15,946 the elliptic curve algorithm is is y squared equals x cubed plus seven so that means that 794 00:58:15,946 --> 00:58:18,766 it will must necessarily always be a square 795 00:58:18,766 --> 00:58:20,946 for it to satisfy the elliptic curve function. 796 00:58:21,706 --> 00:58:25,206 Now, this is where we're dancing around 797 00:58:25,206 --> 00:58:27,406 the last leap here of a concept. 798 00:58:30,226 --> 00:58:31,726 Is it important, by the way, 799 00:58:31,826 --> 00:58:34,786 is it helpful for us to just know it's a square 800 00:58:34,786 --> 00:58:38,206 versus having to know how to... 801 00:58:38,206 --> 00:58:40,006 I don't think we're ever really asked 802 00:58:40,006 --> 00:58:41,086 to take the square root of anything. 803 00:58:41,206 --> 00:58:42,646 We just have to know how to know 804 00:58:42,646 --> 00:58:44,586 a number is a perfect square and on our curve. 805 00:58:45,946 --> 00:58:47,466 That distinction. 806 00:58:48,326 --> 00:58:58,826 So that's part of why it's helpful and it's part of why – that's part of the power of elliptic curve ECDSA. 807 00:58:59,386 --> 00:58:59,906 Yes. 808 00:59:00,526 --> 00:59:03,666 Right? Or sorry, ECDLP I should say. 809 00:59:03,966 --> 00:59:04,326 Yes. 810 00:59:05,866 --> 00:59:07,386 DLP meaning discrete log problem. 811 00:59:07,606 --> 00:59:10,726 So what we're solving is the elliptic curve discrete log problem for Bitcoin. 812 00:59:10,726 --> 00:59:15,146 Right. And what we need to know, the ultimate point of this is if the point is on the curve or not. 813 00:59:15,146 --> 00:59:19,846 If the number is a square on the curve, if not, then it's not on the curve. 814 00:59:20,306 --> 00:59:26,786 So like what I want to just illustrate real quick is definitely got to make a video for this. 815 00:59:27,006 --> 00:59:34,766 What I want to illustrate is just how, okay, on our number system that we love using, like the reels or the, you know, really we'll call it the integers, right? 816 00:59:35,486 --> 00:59:40,946 We have a pretty good idea for, we know that not all numbers are perfect squares, right? 817 00:59:40,966 --> 00:59:42,246 I'm going to say a bunch of obvious things. 818 00:59:42,246 --> 00:59:50,426 We know what they are, 1, 4, 9, 16, 25, 36, 49, et cetera, right? 819 00:59:50,446 --> 00:59:53,866 We know that not all numbers are perfect squares. 820 00:59:54,126 --> 00:59:57,966 Only a certain subset of our numbers are perfect squares, right? 821 00:59:59,246 --> 01:00:05,226 And so now I'm going to go back and bring to bear something we talked about in the past, 822 01:00:05,246 --> 01:00:11,086 which is the fact that a finite field modulo P is a different number system, okay? 823 01:00:11,086 --> 01:00:17,306 remember that two numbers can multiply to each other to equal one we don't do division 824 01:00:17,306 --> 01:00:23,886 to to get one or to do inverses we do multiplications to get inverses right so 825 01:00:23,886 --> 01:00:32,046 and remember like if if um if the mod is five right two is the inverse of three because two 826 01:00:32,046 --> 01:00:40,146 times three is equals six i e one mod five right so like in the so now we're in this number system 827 01:00:40,146 --> 01:00:44,666 that's akin to the integers, but it's called the finite field modulo p. 828 01:00:45,726 --> 01:00:46,266 Okay, right? 829 01:00:47,546 --> 01:00:49,806 And in this number system, 830 01:00:51,306 --> 01:00:57,746 it's finding a square is, you would say, is probably similar, right? 831 01:00:57,866 --> 01:01:01,346 Not all your numbers are perfect squares. 832 01:01:02,006 --> 01:01:05,226 And just so by way of an example, mod 7, right? 833 01:01:06,326 --> 01:01:10,126 This I did do this morning, so I'm ready to hit you with it. 834 01:01:10,146 --> 01:01:14,366 it, but you may want to like, you may want to pause at this point, get a pen and paper and do 835 01:01:14,366 --> 01:01:21,866 this with me. It's not hard. One squared equals one, two squared equals four. So those so far 836 01:01:21,866 --> 01:01:26,026 are the easy ones because mod seven, you don't have to, we haven't exceeded the modulus yet, 837 01:01:26,246 --> 01:01:32,746 right? Three squared equals nine, which mod seven is two. Okay. So now I have, I have one, 838 01:01:32,746 --> 01:01:50,759 4 and 2 is perfect squares in mod 7 space So now I going to move on I have three more to do Four squared which is 16 That two also So now I just okay so two is a perfect that no new information I already knew 839 01:01:50,839 --> 01:01:56,899 I already knew two was a perfect square, but you know what? I actually, you know, in the, in the 840 01:01:56,899 --> 01:02:04,859 reels, perfect square has two solutions, right? Well, this finite field also has two solutions, 841 01:02:04,859 --> 01:02:11,259 right so to the square root of two in the finite field modulo seven it's going to be 842 01:02:11,259 --> 01:02:19,119 three and four both of those numbers when squared give you the answer to okay um moving on to five 843 01:02:19,119 --> 01:02:28,059 five squared equals four so which was two squared also so now two and five are the numbers in the 844 01:02:28,059 --> 01:02:34,139 finite field that give you four when you square them and finally six squared equals one and so 845 01:02:34,139 --> 01:02:40,339 one and six are now the two answers say what what two numbers so instead we're not doing plus or 846 01:02:40,339 --> 01:02:46,579 minus anymore like we did in the real space right we're doing the two numbers that multiply to each 847 01:02:46,579 --> 01:02:53,499 you know there are two distinct numbers that do this there's still two answers right which is cool 848 01:02:53,499 --> 01:02:59,679 right it's like oh algebra still says the same stuff right there's still two answers to a square 849 01:02:59,679 --> 01:03:08,539 root. So just again, one, two, and four are now the perfect squares in this system, which 850 01:03:08,539 --> 01:03:15,059 sorry as an aside, if this can confuse anybody, but it's too cool not to mention that they 851 01:03:15,059 --> 01:03:21,459 add up to seven. You won't see this again. You won't see it with another modulus. It's 852 01:03:21,459 --> 01:03:25,259 just, okay, so one, two, but it's a good way to remember one, two, and four are your perfect 853 01:03:25,259 --> 01:03:27,599 squares in modulo 7. 854 01:03:30,039 --> 01:03:31,279 So if the 855 01:03:31,279 --> 01:03:33,299 Bitcoin elliptic curve 856 01:03:33,299 --> 01:03:34,979 was modulo 7, right, 857 01:03:35,219 --> 01:03:37,359 you would want to make sure 858 01:03:37,359 --> 01:03:39,099 that 1, 2, and 4 859 01:03:39,099 --> 01:03:41,159 were the numbers on your, were the points on your 860 01:03:41,159 --> 01:03:41,979 curve and not 861 01:03:41,979 --> 01:03:44,379 2, 5, and 6. 862 01:03:45,919 --> 01:03:47,219 Right? Because you 863 01:03:47,219 --> 01:03:49,079 got fake, you got something fake. 864 01:03:49,899 --> 01:03:50,859 Yeah, not on the curve. 865 01:03:51,259 --> 01:03:53,079 And it's roughly half when you go 866 01:03:53,079 --> 01:03:54,619 across the full actual Bitcoin. 867 01:03:55,259 --> 01:03:59,579 curve, roughly half the points along the curve have perfect squares, no other half. 868 01:04:00,619 --> 01:04:05,179 Well, actually, it's not that I'm going to correct you. I'm going to enhance your answer. 869 01:04:05,419 --> 01:04:11,579 It's whatever your prime is. So if you remember, a finite field modulo P has P minus, well, 870 01:04:11,579 --> 01:04:20,519 has P minus one elements, right? So modulo seven has six elements. So it is half of six. 871 01:04:20,519 --> 01:04:23,639 So it's P minus 1 over – it is half of P minus 1. 872 01:04:23,839 --> 01:04:25,699 It's exactly – it's always the answer. 873 01:04:27,399 --> 01:04:33,599 And P in this case is the 2 to the 256 minus 2 to the 232 minus 2 to the 16 minus 977. 874 01:04:34,179 --> 01:04:36,419 So basically a massive number. 875 01:04:36,859 --> 01:04:40,079 And by the way, it has to be half because of what I just said. 876 01:04:40,519 --> 01:04:44,319 Because two numbers always map into one square. 877 01:04:44,759 --> 01:04:45,479 Right, right. 878 01:04:45,839 --> 01:04:47,059 So it's got to be half. 879 01:04:47,059 --> 01:04:49,939 And you can just even look at the curve and just think about that too. 880 01:04:49,939 --> 01:04:56,279 that every x point along the curve has a lower half and an upper half above and below the number one. 881 01:04:56,579 --> 01:04:57,519 We call that subjective. 882 01:04:57,999 --> 01:05:00,699 We call it, you know, the one also called subjective in algebra, 883 01:05:00,919 --> 01:05:03,759 which some people listening may appreciate that I said that. 884 01:05:04,159 --> 01:05:04,759 Most people didn't. 885 01:05:05,279 --> 01:05:08,599 And so if you think about this too, right, a point on a curve, 886 01:05:08,699 --> 01:05:10,199 you have an x and a y coordinate, right? 887 01:05:10,459 --> 01:05:12,499 Just as one thing, just to kind of call out. 888 01:05:13,079 --> 01:05:14,839 Rob is drawing that with his hands, by the way. 889 01:05:15,019 --> 01:05:15,519 Yes, I am. 890 01:05:15,599 --> 01:05:16,639 I'm drawing the axi, right? 891 01:05:16,639 --> 01:05:18,759 So you have a grid of, you know, 892 01:05:18,759 --> 01:05:22,439 just think about if you've ever been in like a math class with like an xy axis in the grid 893 01:05:22,439 --> 01:05:32,119 this curve along any given x point will be two y points which actually you're actually able to 894 01:05:32,119 --> 01:05:38,559 infer basically a you're able to compress the actual public key at any point if i just give you 895 01:05:38,559 --> 01:05:46,159 x and then i give you one extra byte for whether it's the positive or the negative side of the top 896 01:05:46,159 --> 01:05:50,239 or the bottom part of the graph of the electric curve. 897 01:05:51,319 --> 01:05:52,819 With the exception of Taproot, 898 01:05:54,899 --> 01:05:58,099 Taproot, this is called remove the parity bit. 899 01:05:58,519 --> 01:06:01,859 You're able to, in pre-Taproot, it's a 33-byte key, 900 01:06:01,959 --> 01:06:03,419 32 bytes for your X-coordinate, 901 01:06:03,979 --> 01:06:05,799 and then one byte for positive or negative. 902 01:06:07,079 --> 01:06:12,319 The way it works in Taproot is you just have the 32 bytes, 903 01:06:12,319 --> 01:06:14,079 and then there's an assumption that's made. 904 01:06:14,079 --> 01:06:18,359 and it always chooses an even value for one. 905 01:06:19,719 --> 01:06:20,239 Interesting. 906 01:06:20,799 --> 01:06:21,319 Yes. 907 01:06:21,859 --> 01:06:23,459 Taproot really screwed some things up. 908 01:06:23,559 --> 01:06:24,779 That's why everybody hates it, right? 909 01:06:25,279 --> 01:06:30,559 Well, it's funny because as an aside for Bitcoin protocol development, 910 01:06:30,859 --> 01:06:33,899 this was like a version of byte pinching where we said, 911 01:06:33,899 --> 01:06:38,659 oh, we can save one byte across all Taproot transactions for better scaling 912 01:06:38,659 --> 01:06:42,459 because we can just infer that. 913 01:06:42,459 --> 01:06:47,739 And it turns out for designing more advanced covenant-like applications, 914 01:06:47,899 --> 01:06:52,779 sometimes you want the other point of the key to do stuff for like unordered exits. 915 01:06:53,139 --> 01:06:54,819 And we should have reared it on at some point. 916 01:06:54,879 --> 01:06:55,799 You can go deeper into this. 917 01:06:56,379 --> 01:06:59,559 One of the things where we wanted to save a byte because that would help with scaling. 918 01:06:59,779 --> 01:07:00,399 It's less data. 919 01:07:00,819 --> 01:07:03,199 But it ended up having way worse trade-offs. 920 01:07:05,199 --> 01:07:08,939 I went into a very immature space when you said byte-pinching. 921 01:07:09,059 --> 01:07:09,399 I'm sorry. 922 01:07:12,459 --> 01:07:13,619 I thought about Marv Albert. 923 01:07:17,939 --> 01:07:22,559 Anyhow, you know, this is like my defense mechanism 924 01:07:22,559 --> 01:07:26,099 because this is how I feel like to anesthetize you guys a little bit 925 01:07:26,099 --> 01:07:28,759 this very difficult conversation. 926 01:07:29,859 --> 01:07:35,819 But the ability to know if something is a square is actually, 927 01:07:36,059 --> 01:07:41,499 if you do enough math, if you tackle it hard enough, okay, 928 01:07:41,499 --> 01:08:02,339 And it's very tackleable. But if you do it, there's a very then there becomes Euler basically, like as Euler and Gauss gave very elegant ways to, you know, for computers that didn't exist yet to determine whether or not something is a is a perfect square or not. 929 01:08:02,339 --> 01:08:10,479 And, you know, Koblis' book is pretty good, but I think you want to go to elementary number theory textbooks. 930 01:08:11,379 --> 01:08:17,319 This is like the final boss of the easy parts of a number theory textbook. 931 01:08:17,819 --> 01:08:21,139 And it's also the final boss of the easy parts of our explanation. 932 01:08:22,999 --> 01:08:26,639 But if you really want to grok this, you're going to have to do some problems. 933 01:08:26,779 --> 01:08:27,519 You're going to have to sit there. 934 01:08:27,519 --> 01:08:33,799 And the nice thing is you can sit and do what I just did, mod 7, do it mod 11. 935 01:08:34,619 --> 01:08:38,859 It ends up that, like, I just found out this fun fact today, 936 01:08:39,259 --> 01:08:42,719 but it ends up in determining a quadratic residue. 937 01:08:43,319 --> 01:08:48,699 The algorithm needs to know if your prime is either 1 mod 4 or 3 mod 4. 938 01:08:48,939 --> 01:08:50,579 So what does that mean? 939 01:08:51,539 --> 01:08:53,019 5 is 1 mod 4. 940 01:08:53,199 --> 01:08:56,099 Every prime number is either 1 mod 4 or 3 mod 4. 941 01:08:56,099 --> 01:08:58,319 Every odd number is 1 mod 4, right? 942 01:08:58,399 --> 01:09:02,239 Every odd number when divided by 4 is going to be either 1 or 3, okay? 943 01:09:02,319 --> 01:09:02,499 Right? 944 01:09:02,579 --> 01:09:05,079 So just slow that down. 945 01:09:05,519 --> 01:09:11,919 So, you know, 5, 13, 17, those are 1 mod 4. 946 01:09:13,779 --> 01:09:19,179 3, obviously, 7, 11, these are 3 mod 4s. 947 01:09:19,199 --> 01:09:20,859 And they behave differently in this algorithm. 948 01:09:20,859 --> 01:09:28,199 And it just, it turns out that the numbers used in Bitcoin are all three mod four. 949 01:09:28,319 --> 01:09:29,119 I found this out today. 950 01:09:29,199 --> 01:09:31,219 That is, and that blew my mind. 951 01:09:31,459 --> 01:09:34,919 And I think it's another property that makes, yeah, 952 01:09:35,019 --> 01:09:40,299 just probably either makes the computation work faster in the way we want. 953 01:09:40,759 --> 01:09:42,099 That you're on mute. 954 01:09:42,239 --> 01:09:44,039 God, how long, how long have you been talking, dude? 955 01:09:44,379 --> 01:09:45,799 No, no, I just, I literally just started. 956 01:09:45,799 --> 01:09:52,659 I mean, dude, God exists to give me a podcast partners that just talk on mute so that I can just talk forever. 957 01:09:52,939 --> 01:09:53,619 That's right. 958 01:09:54,019 --> 01:09:54,339 That's right. 959 01:09:54,539 --> 01:09:55,199 No, we need you, man. 960 01:09:55,839 --> 01:09:56,179 No, no. 961 01:09:56,259 --> 01:09:56,899 This is what I was going to say. 962 01:09:57,139 --> 01:10:12,679 Like to this point specifically, like it's – the shortcut that's allowed here is that you're able to do a square root in just one single exponentiation, right? 963 01:10:12,679 --> 01:10:15,659 You're just able to quickly – and you can think about it that way. 964 01:10:15,799 --> 01:10:18,359 like the square root of something is taking it to the one half power. 965 01:10:18,839 --> 01:10:24,499 This makes it really short and straightforward to be able to do this like 966 01:10:24,499 --> 01:10:25,519 arithmetic. Right. 967 01:10:28,039 --> 01:10:32,419 The, as a, as a recap, like, like, cause you, 968 01:10:32,479 --> 01:10:34,819 you said the term, but we didn't talk about it more, 969 01:10:34,879 --> 01:10:36,179 but like a quadratic residue, 970 01:10:36,179 --> 01:10:40,899 which is kind of like the last thing that we're putting forward in this 971 01:10:40,899 --> 01:10:45,379 episode to kind of close out this section is that, you know, 972 01:10:45,799 --> 01:10:50,019 This inversion we're talking about that I mentioned earlier, 973 01:10:50,519 --> 01:10:51,819 like if it's on the point or not, 974 01:10:51,899 --> 01:10:53,239 requires it being a quadratic radius. 975 01:10:53,439 --> 01:10:54,839 It requires it being a perfect square. 976 01:10:55,579 --> 01:11:01,019 And being able to reduce that into a quick one-step calculation 977 01:11:01,019 --> 01:11:05,239 is really important for being able to... 978 01:11:05,239 --> 01:11:07,179 You just square and multiply the number, 979 01:11:07,499 --> 01:11:10,279 and we can do that pretty quickly from the math that we've already done. 980 01:11:11,899 --> 01:11:14,879 I'm now starting to crash and burn a little bit here from where I was going to go. 981 01:11:14,879 --> 01:11:19,339 So in number theory, there's something called the Legendre symbol. 982 01:11:20,299 --> 01:11:23,179 And it's just you got to give it to Gauss again. 983 01:11:23,299 --> 01:11:29,139 This guy is just all over everything we're able to do here. 984 01:11:29,139 --> 01:11:44,499 But he's able to abstract all of essentially what we just talked about and all of that pain and trying to figure out what number multiplies itself to get us another number into a symbol with a bunch of rules. 985 01:11:44,879 --> 01:11:52,199 that and an algorithm so i'm not sure where you were going there but like this notion of a quad we 986 01:11:52,199 --> 01:11:57,259 called it a sorry we called it a quadratic residue and i don't want jargon to get confusing quadratic 987 01:11:57,259 --> 01:12:02,799 is always like a square quadratic equation is something that x squared plus ax squared plus bx 988 01:12:02,799 --> 01:12:09,719 plus c that's quadratic equation so when we talk about quadratics we're talking about square roots 989 01:12:09,719 --> 01:12:14,719 The word residue is always from modular arithmetic, the remainder. 990 01:12:15,799 --> 01:12:26,279 So when we talk about quadratic residues, we're talking about square roots specifically in modular arithmetic that turn out to always be whole numbers, which is awesome. 991 01:12:28,739 --> 01:12:31,719 And that is, it's not like super necessary. 992 01:12:32,759 --> 01:12:34,179 It's not super necessary. 993 01:12:34,179 --> 01:12:42,659 But I think in order to have a rich conversation here, it's important not to leave out that the point on the elliptic curve is a square by definition. 994 01:12:43,219 --> 01:12:50,259 And we do need to – there's richness here in studying it. 995 01:12:50,499 --> 01:12:53,859 So if you've gotten this far, good on you. 996 01:12:55,439 --> 01:12:56,039 Yeah. 997 01:12:56,039 --> 01:13:06,779 um i'm thinking through the on where to take it from here but this whole quadratic residue concept 998 01:13:06,779 --> 01:13:12,979 um quick heuristic of making sure your point's on the curve like i mentioned earlier when you're 999 01:13:12,979 --> 01:13:17,999 putting your compressed public key being able to quickly just get the exact point because you need 1000 01:13:17,999 --> 01:13:24,339 the exact point if you're going to verify the public key against a signature so this is just 1001 01:13:24,339 --> 01:13:29,939 another like mathematical shortcut and computational shortcut that allows the whole engine to run 1002 01:13:29,939 --> 01:13:36,279 smoothly. Yeah. And I think, I think what we're trying to do is create a little list in our heads 1003 01:13:36,279 --> 01:13:42,439 of which I've mentioned this before, but I love this construct. What should we have asked the 1004 01:13:42,439 --> 01:13:49,079 manager about when we were at the Bitcoin store buying our Bitcoin? You know, we definitely should 1005 01:13:49,079 --> 01:13:54,979 have asked about inverses and we definitely should have asked is about is it a square does it exist 1006 01:13:54,979 --> 01:14:00,039 on my curve yeah oh this is this is really important too because everyone is using this 1007 01:14:00,039 --> 01:14:04,119 if you've ever spent to receive bitcoin you're running software that's doing this stuff that 1008 01:14:04,119 --> 01:14:09,839 we're talking about and if you've ever if you have bitcoin on the network and you just see an address 1009 01:14:09,839 --> 01:14:11,959 how do you know that address belongs to you 1010 01:14:11,959 --> 01:14:20,459 right what you can do is you could take your secret you could take your secret key you could 1011 01:14:20,459 --> 01:14:24,119 map that to a public key you could then look at that public key and then you could look and say 1012 01:14:24,119 --> 01:14:28,859 okay is this tapper is this seglet whatever and you could say okay well here's my key let me 1013 01:14:28,859 --> 01:14:34,239 compress it and then let me hash it and then do the base 58 encoding and that matchy matches my 1014 01:14:34,239 --> 01:14:38,739 address right and if you've held bitcoin for a long time you've never thought through like those 1015 01:14:38,739 --> 01:14:44,619 steps that's something that like you said when when you say go to the bitcoin store 1016 01:14:44,619 --> 01:14:50,859 anytime you go to the bitcoin blockchain and you receive money or send money you're going to the 1017 01:14:50,859 --> 01:14:55,239 bitcoin store you're doing this stuff so like you want to find out before you deposit money 1018 01:14:55,239 --> 01:15:00,219 that my point is actually on the curve you don't want to find out after the fact because there's 1019 01:15:00,219 --> 01:15:05,219 no do-overs no reviews right well that's the whole thing and so this is i've been locked in 1020 01:15:05,219 --> 01:15:06,579 on this very subject. 1021 01:15:06,699 --> 01:15:07,759 This may be what we close on, 1022 01:15:07,879 --> 01:15:11,219 but I've been locked in on... 1023 01:15:12,959 --> 01:15:14,559 Maybe it's a little provocative 1024 01:15:14,559 --> 01:15:18,119 and maybe I'm being a little overbearing about it, 1025 01:15:18,219 --> 01:15:20,539 but I don't know if there's a person 1026 01:15:20,539 --> 01:15:22,179 who's ever gone to an exchange 1027 01:15:22,179 --> 01:15:23,859 and knew they were getting real Bitcoin 1028 01:15:23,859 --> 01:15:27,559 until after the fact it hit their address. 1029 01:15:29,239 --> 01:15:30,539 Would I be wrong about that? 1030 01:15:31,199 --> 01:15:32,499 I don't think people do now 1031 01:15:32,499 --> 01:15:34,699 because it's not real until it's in your address. 1032 01:15:35,219 --> 01:15:43,079 And with that, I started thinking, you know what, if there was an exchange that did this proof and charged me, I would pay. 1033 01:15:43,079 --> 01:15:54,959 I would pay a little more clearly if exchange did this proof for me and put it on my basically essentially put it on my put it on my address before releasing it or some. 1034 01:15:55,499 --> 01:15:59,639 You know, I'm talking to the man probably who can actually figure this out. 1035 01:15:59,699 --> 01:16:00,999 I actually had to do this easy. 1036 01:16:01,179 --> 01:16:03,339 You mean one step beyond like proof of reserves. 1037 01:16:03,339 --> 01:16:09,759 You're talking about the transaction in flight showing you that they have the Bitcoin and that they're going to send it to you. 1038 01:16:09,759 --> 01:16:12,019 And it's real that it's actually like that. 1039 01:16:12,119 --> 01:16:13,699 I don't have to Karen, the manager. 1040 01:16:14,019 --> 01:16:18,119 It's right about all of the things we've been talking about in the math podcast. 1041 01:16:18,119 --> 01:16:32,479 But what I'm trying to really point out and illustrate is that people have like these deep sovereignty stacks where they have their nodes and their AirGraph wallets and they have their practices and their OPSEC. 1042 01:16:32,959 --> 01:16:41,319 And all of these things are super important, yet to me it breaks down at the point of sale completely. 1043 01:16:41,879 --> 01:16:44,819 And there's a big missing – there's just a big missing there. 1044 01:16:45,299 --> 01:16:46,359 There's a lot of trust. 1045 01:16:46,359 --> 01:16:50,459 Like all, it's almost like all of our trust is going to the exchange when we buy, when 1046 01:16:50,459 --> 01:16:52,859 you buy the Bitcoin and there's almost no exceptions to this. 1047 01:16:54,399 --> 01:16:57,419 You know, I think peer to peer probably lends itself a little bit more. 1048 01:16:57,519 --> 01:16:59,299 Well, it makes more sense to trust a peer. 1049 01:16:59,499 --> 01:17:03,539 We'll just put it that way because you, you have some accountability and you, you know, 1050 01:17:03,539 --> 01:17:07,799 it makes a little more sense to place trust in somebody, you know, but also a peer can, 1051 01:17:08,279 --> 01:17:10,019 you know, there's the hodl hodl type stuff. 1052 01:17:10,119 --> 01:17:12,099 There's the multi-sig escrow stuff you could do. 1053 01:17:12,099 --> 01:17:19,979 So but when you – you know how many people go to an exchange and say like I want to – I'm ready to put $2 million into Bitcoin. 1054 01:17:20,199 --> 01:17:20,799 Let's do this. 1055 01:17:20,919 --> 01:17:25,119 And then just by the stroke of luck, it hits their address. 1056 01:17:25,599 --> 01:17:27,919 They didn't think about that gap, right? 1057 01:17:27,959 --> 01:17:36,699 They should have had a briefcase with a handcuff on it tied to their wrist before they handed money over, right? 1058 01:17:36,819 --> 01:17:37,299 Right, right. 1059 01:17:37,919 --> 01:17:40,219 So like to me, this is like a massive thing. 1060 01:17:40,219 --> 01:17:43,339 I'm actually going to be basing certain presentations around this concept. 1061 01:17:43,819 --> 01:17:45,419 And I think I'm going to get a lot of hate for it. 1062 01:17:45,699 --> 01:17:47,859 But I think it's super important to point this out. 1063 01:17:49,339 --> 01:17:54,679 Yeah, I think the way I would think about it, the leader in this would be River with their proof of reserves. 1064 01:17:56,039 --> 01:18:00,119 They publicly say we hold 10,000 Bitcoin in custody of customers. 1065 01:18:00,119 --> 01:18:07,699 And they actually do this really cool Merkle tree proof that shows that for every liability on their books, there is Bitcoin in an address. 1066 01:18:08,259 --> 01:18:09,979 We need to do an episode on this. 1067 01:18:09,979 --> 01:18:21,019 And I think it's important because it's, again, on general proof of reserves and also like what River does and where – again, so they close maybe a portion of the gap. 1068 01:18:21,479 --> 01:18:24,939 So where does it end and where do we – where does the trust happen? 1069 01:18:25,479 --> 01:18:25,999 Yeah, we can do that. 1070 01:18:26,359 --> 01:18:29,739 River also fully open-sourced the code that does their proof of reserves. 1071 01:18:29,959 --> 01:18:31,959 They forked another open-source code base. 1072 01:18:31,959 --> 01:18:38,319 And that's kind of the point Alex always makes is that if you're in exchange, this isn't rocket science. 1073 01:18:38,439 --> 01:18:39,399 It's not super complicated. 1074 01:18:39,979 --> 01:18:45,979 You just need to have a map of your liabilities and tie it to a Bitcoin address or addresses to show that it's all matched. 1075 01:18:47,199 --> 01:18:51,439 So pre-images are a great solution to the problem. 1076 01:18:51,539 --> 01:18:57,459 And like I said, as a buyer, I would easily pay a little bit more to know, right? 1077 01:18:57,539 --> 01:19:01,039 Especially if the standard is good luck, buddy. 1078 01:19:01,799 --> 01:19:02,059 Right. 1079 01:19:03,199 --> 01:19:04,019 Very much. 1080 01:19:04,279 --> 01:19:05,059 Very, very much. 1081 01:19:05,499 --> 01:19:05,639 Yeah. 1082 01:19:06,099 --> 01:19:08,039 I think we easily could do that. 1083 01:19:08,039 --> 01:19:14,519 on uh we also do a little bit of merkle trees just sneak sit in there although it's not super 1084 01:19:14,519 --> 01:19:21,219 math heavy more just comp side but no i love i i have a i have at least one full discussion on 1085 01:19:21,219 --> 01:19:29,319 merkle trees in me excellent i think we can do that at least one all right cool anything else 1086 01:19:29,319 --> 01:19:34,279 you want to close it out i think we've closed it out for the day we we got through the residuals 1087 01:19:34,279 --> 01:19:36,279 and proving that something's a perfect square. 1088 01:19:37,839 --> 01:19:45,419 I think we've done a really good job on squeezing this lemon through this section. 1089 01:19:45,519 --> 01:19:48,919 I'm not sure what more we have, but you and I can take it offline 1090 01:19:48,919 --> 01:19:50,459 and figure out where to go next from here. 1091 01:19:51,119 --> 01:19:53,119 Yeah, it's a good analogy, squeezing a lemon. 1092 01:19:53,419 --> 01:19:56,139 Yeah, you got any cuts on your hands, it's going to hurt. 1093 01:19:56,599 --> 01:19:59,499 But then you're going to take a little ice, a little sugar, make some lemonade. 1094 01:19:59,659 --> 01:20:00,359 It's all going to be better. 1095 01:20:00,359 --> 01:20:08,019 So the next phase of I think what we'll be doing is it looks like we get three types of podcast episodes. 1096 01:20:08,139 --> 01:20:10,399 We got the ones that I just kind of do myself. 1097 01:20:11,099 --> 01:20:11,199 Yeah. 1098 01:20:11,379 --> 01:20:19,479 And we got the ones then the two types that you and I will be doing is one will be just be continuing on here. 1099 01:20:19,619 --> 01:20:23,319 But more now in the more focused on Bitcoin. 1100 01:20:24,199 --> 01:20:24,679 Right. 1101 01:20:24,799 --> 01:20:25,919 More focused on now. 1102 01:20:25,919 --> 01:20:26,339 what do we, 1103 01:20:26,779 --> 01:20:27,419 we're going to, 1104 01:20:27,459 --> 01:20:32,919 we're going to assume now you guys have beefed up on all this arithmetic and 1105 01:20:32,919 --> 01:20:34,579 you know why we did it. 1106 01:20:34,619 --> 01:20:36,979 Now we're going to talk kind of about signatures, 1107 01:20:38,319 --> 01:20:39,579 elliptical transactions, 1108 01:20:40,659 --> 01:20:41,239 stuff like that. 1109 01:20:41,719 --> 01:20:42,699 And then the other one is, 1110 01:20:42,819 --> 01:20:43,099 you know, 1111 01:20:43,179 --> 01:20:47,539 we do intend to have some friends join us. 1112 01:20:47,959 --> 01:20:48,219 Yes. 1113 01:20:48,819 --> 01:20:52,459 As soon as maybe even end of next week, 1114 01:20:53,199 --> 01:20:54,919 we'll see if we can get some people. 1115 01:20:55,919 --> 01:20:59,879 And then also through April, I think we're going to get ourselves busy. 1116 01:21:00,559 --> 01:21:06,599 I think in April, I have three straight scheduled weeks where I'm going to be in the same room with you. 1117 01:21:08,579 --> 01:21:09,019 Interesting. 1118 01:21:09,259 --> 01:21:09,779 You're right. 1119 01:21:10,239 --> 01:21:12,879 First week, second week, and then the third week, oh, Vegas? 1120 01:21:13,639 --> 01:21:13,899 Yeah. 1121 01:21:14,459 --> 01:21:15,739 Man, it could be wild. 1122 01:21:16,299 --> 01:21:16,919 It could be wild. 1123 01:21:16,919 --> 01:21:22,459 So I got my roadcaster ready to hit the road, ready to do rips. 1124 01:21:22,999 --> 01:21:23,759 Let's do it. 1125 01:21:23,759 --> 01:21:26,339 And then, you know, we're going to be in the same room. 1126 01:21:27,139 --> 01:21:33,439 Now, you know, we're going to be in the vicinity of, I think, some people that could really be good now. 1127 01:21:33,499 --> 01:21:36,659 I think Opinx is going to be a great one for us to do some breakout sessions. 1128 01:21:37,239 --> 01:21:37,439 Yep. 1129 01:21:37,459 --> 01:21:41,559 And I already put the application in with Charlie. 1130 01:21:42,019 --> 01:21:44,779 So, look, we'll be good to go there. 1131 01:21:45,199 --> 01:21:48,079 You know, the fact that we do audio only makes it very easy. 1132 01:21:48,199 --> 01:21:48,939 Very straightforward. 1133 01:21:49,319 --> 01:21:49,399 Yeah. 1134 01:21:49,599 --> 01:21:49,799 Yep. 1135 01:21:50,519 --> 01:21:50,839 All right. 1136 01:21:51,299 --> 01:21:51,619 Awesome. 1137 01:21:51,619 --> 01:21:51,759 Awesome. 1138 01:21:52,279 --> 01:21:52,699 Sounds good. 1139 01:21:52,699 --> 01:21:54,219 Guys, take your pencils out. 1140 01:21:54,459 --> 01:21:56,779 I'm looking for catchphrases until close to subject. 1141 01:21:58,179 --> 01:22:00,179 Like Tom Malongo, keep your stick on the ice. 1142 01:22:00,999 --> 01:22:02,779 Take your pencils out. 1143 01:22:05,419 --> 01:22:09,819 Beef up because we're about to level up here. 1144 01:22:10,159 --> 01:22:10,479 Okay, guys? 1145 01:22:10,599 --> 01:22:10,779 That's right. 1146 01:22:11,299 --> 01:22:11,619 All right. 1147 01:22:11,659 --> 01:22:11,919 Awesome. 1148 01:22:12,099 --> 01:22:12,339 See you. 1149 01:22:12,659 --> 01:22:12,959 See you.