You know it was. Good to have you here he said to. You. And. Boy. And. Yeah I don't know about that last part but. So I put together a presentation. Last night and. It's not very polished but I think it will hit all the sort of things that are top of mind for me when it when it comes to you know because and security so I'm going to start out with a brief overview I'm going to soon that most people in this audience know a little bit about Bitcoin the block chain that I'm going to talk about some of the security aspects of because I know some of the super security attributes of big one. And then platform imperatives these are kind of things that I think of when I think of the platform that are what. Is there a. Is the might. There not for the audio and here. OK I'll try to yell. The third thing I'll talk about our platform imperatives these are things that I think of that are important for whatever platform you're running on top of for you to think about from a security perspective making sure private keys and the like are secure and then finally some sort of observations that I've made over the years about. Corn and its relevance to security. So a little bit about pay as when he mentioned I'm a co-founder and C.E.O. of BIT A We were founded in two thousand and eleven which makes a. One of the oldest and most experienced teams in the big space. We're headquartered here in Atlanta we have thirty seven employees. Our products are primary product is payment acceptance So these are merchants that want to accept that point as a form of payment but we also have billing tools this gets into the business to business transactions payroll and mass pay so people that need to pay a lot of employees or or whatever can use our platform for that pay tends to be more like think of your app stores where you need to pay lots of developers scattered all around the world. Then we also have a wallet it's called co-pay you can download it in any of the app stores it also runs on. Pretty much every platform that you can run on your mac or Windows machines. Or Linux. And then we have the big core platform which is your cloud infrastructure and it's the backend for co-pay so co-pay communicates and interfaces with the block chain through Bit core. Bit pay does approximately four thousand transactions per day. Payment transactions that works out to a little over one hundred thousand per month so just to give you an idea of how much activity we have on our platform. Yeah. Yeah I'll give you got a few slides on that. So you have four thousand networks that's about what I think that's roughly what visa does per second so just to give you an idea. So moving on to the sort of overview of declawing little bit of history I actually got into big coing. Because of some previous experience with the platform called digit cash and that was David challenge in going back into the early one nine hundred ninety S. I got very excited about. That platform it was a it was I think probably the world's what we could refer to as the world's first cryptographic payment system. The Did you cash never you know quite gain traction they went bankrupt and the payment system went along with it and so that got a lot of people thinking about how can we build a cryptographic payment system that didn't have this vulnerability of being dependent on one company and it staying in business and so sort of that background is what over the course of years me kind of searching going to lead me to bit coy and I was very fortunate that when I read this a Toshiba white paper that I had thought about this problem space beforehand and I kind of recognized the the magnitude of the problem that it had solved. So you know because it really is a computer science. Sort of breakthrough and it does something that a lot of people thought was impossible before because it existed. Just some other history here the code was written in two thousand and eight primarily we think. By an anonymous author called Nakamoto. The first Genesis block was created in two thousand and nine and it had a timestamp in it to it referred to a headline in a British newspaper. To sort of you know prove that the block wasn't created before January two thousand and nine. And then like I said there was a really a computer science breakthrough which was the use of proof of work consensus. To allow thousands of computers around the world to reach a consensus about history. So. This slide is talking a little bit about the protocol. I mentioned proof of work based consensus essentially you have rules that define what is a valid transaction with a valid block and you have all these independent computers that are applying these rules to the transactions that they hear about on the net. Work. You know it's a gossip based protocol so that can the mesh network is a gossip based use of the gossip based protocol to disseminate transactions nodes are validating those transactions some nodes are mining them and putting it them into a box and we'll talk about more of that in a little bit. So because in the asset there's a lot of over the course of the past year there's been a lot of hype around block change technology and a lot of people talk about separating because from block chain technology and this to me doesn't make a lot of sense. When you know the whole the whole point of a block is to create a chunk of data that you can compute proof of work over and the whole point of proof of work is is to achieve this consensus in the whole point of a token like decline is to create the incentive that people will actually want to compete you know apply the computing power to create a secure history and so if you take the coin and proof of work out of that you don't need blocks and you don't need a chain so why would you call it block chain technology. But. The asset you can think of it as. You know it's value is derived from its utility in the US and the utility is the bill the ability to exchange value so transfer ownership of value from one person to another one entity to another. And interestingly enough that's what gives all forms of money their value it's that ability to exchange value that utility that you get out of it so that's what gives because it's value a marketplace sets the price of the exact exchange rate of that coin to other assets so people are buying and selling that coins are trading on the market you can go look at the markets to find out the current exchange rate. The trade the actual trading the mechanics of it look very much like trading in a commodity so it's got a fixed or you know a fixed supply function that cannot be manipulated. And because of that fixed supply function it can be very volatile so it trades very similarly to other commodities and I do think of it like a commodity I think of it like a commodity that makes a payment system work. And then the the asset is what creates that incentive for miners to actually mind that coin and secure the block chain I mean if. You raise your hands if all of this is like brand new to you that you never thought about this or if this is all you know kind of you've studied all of this OK so most of you get the basics the basic mechanics of decline in the block chain All right. A few quick facts we get one block every ten minutes the difficulty rate of the mining algorithm or the difficulty of the mining problem adjusts every two thousand and sixteen Blocks which is roughly once every two weeks so depending on how fast you're finding blocks that difficulty rate goes up or it goes down so that on average you always get one block every tent every ten minutes and of course you can get a couple blocks in a in a span of a few minutes or you might wait forty minutes for a block but on average it's once every ten minutes that's just statistics. In January the. The network reached capacity of one X. a hash per second so. You know since two thousand and seven when I started we were measuring you know the network hash rate and get a hash is present in the mega had you know make a hash and get a hash is and pet a hash is and now we're up to one you know we surpassed one X. a hash in about a year ago somebody did an estimate and so this is when the hash rate was much lower somebody did an estimate of you know just overall computing power and how to think about it compared to other computing networks that we've seen and they they estimated that the they coined the computing power securing the big block chain was about one hundred times more powerful than all of Google. And now it's probably a mag order of magnitude higher than that. I'm sorry. I've got a slide on that. Show actually chart here in a minute. So currently the blocker award is twenty five declines you get rewarded with twenty five declines every time you find a block the next having is in July so every four years the block reward cuts in half so it started out at fifty. Few years ago it was cut in half to twenty five in July it will cut in half again to twelve and a half and eventually it ends unlike the year twenty one forty I think it is. When all twenty one million that coins have been brought into existence so far we've. Checked this yesterday or maybe the day before we've mined brought into existence a little over fifteen million declines so almost three quarters of all the big coins have been brought into existence now another way to think about is every. Every four years the rate cuts in half so that every four years your bringing into existence half of the remaining bit coins. Currently And currently the block size each block is limited to one megabyte in size so that limits the overall throughput to the theoretical limit of like seven transactions per second but I think the practical limit is more like three transactions per second in only enough I'm going this weekend to a conference to to discuss the topic of increasing that and raising that limit it's an artificial limit it was set to prevent people from denial of service. Launching a D.O.'s attack on the network by creating these really huge blocks that everybody has to verify. So it's kind of an artificial limit there's a lot of debate in the community about raising that and the timing of when to raise that limit and allow the network to scale even higher. So somebody was asking about the price this is a price chart. So you can see back in two thousand and nine it was worth very little and then we had a huge spike toward the end of two thousand and thirteen a big decline and then it's kind of started to rise again. The units so up here we're at. Peaked out at around twelve hundred. Dollars per bit going in right now we're at right around four twenty four twenty five I think was the exchange rate today. Now you know the value of. Is driven by or you know the exchange rate is driven by its utility it's purely buyers and sellers using it for something maybe they're speculating on the fewer future value of it they're hoarding the coins or maybe they need it for trade in exchange. And then that dries mining mining activity so the higher the price the more profit somebody can make by operating and securing the network. So the mining difficulty follows price not the other way around. I mean this is the price if nobody found any utility at all nobody would buy it nobody would use it the price would be nothing. This is the house right over time so you know it's pretty exponential this might be more useful to show in a logarithmic scale. So that's on a log log or rhythmic scale. And all the time going back to two thousand and nine so you can see when I first started in two thousand and eleven you used to be able to mind it coins on graphics cards at the very beginning you couldn't mine on you know a regular C.P.U. you could still mine on a C.P.U. or graphics cards today it's just that you will spend more money in electricity than you earn in that point. And so we went through generations of different technology we went from C.P. is to G.P. use G.P.S. to F.P.G.A. these F.P.G.A. is in the now a six and the latest generation a six that are coming onto the market or using sixteen and I mean our process so kind of catching up to Intel and the major chip manufacturers. This is the number of transactions per day on the network so you can see we're at all time highs right now. And we're just about we're bumping up against the capacity limits of the system I think just yesterday or day before there was a new record set for the one day number of transactions on the network so. It's getting up close to two hundred fifty thousand two hundred fifty thousand transactions per day. What's a typical transaction What do you mean by that. Like size like. The nature of the transaction you know people. Well through us we've got you know approximately four thousand transactions per day and on our you know they transactions are people buying stuff so I mean we sold everything from houses to cars to you know new egg is one of our customers they sell like Tronics. A lot of people a lot of our customers are like gift cards or ways that people can cash out their big corn and use it to you know now they've had these gains they cash it out and they want to buy something with it so gift cards people buy those with them. Services things like host cloud hosting providers domain name registrars things like that also or our customers and more and more gaming. You know kids under eighteen can't legally have a. Like a credit card or a checking account because they're not legally able to enter into a fact which is what you know holding a balance with a bank is. So kids under eighteen can use it like like you would if you gave them a twenty dollar bill like cash and my kids you know I give them declines they top up you know there are. There gaming accounts and whatnot so we're seeing more and more usage in the gaming space video gaming. All right. Actually I'll show you. Real quick. Here you can actually see. You know the network operating live so you can see transactions coming through so you can kind of get a sense of there's a lot of very tiny fractions of a big point transaction going on so the very small value transactions are probably more like people paying each other buying goods and services and one of the bigger transactions are to be maybe exchanges or doing doing settlement between different big businesses and things like that or people move you know that have saved a lot and are moving it between wallets stuff like that we can see the see them happening as they happen live up here we have blogs all the blocks these are the recent blocks so the last block came and nine minutes ago you can click on that and then see all of the transactions that are in that block. OK All right security attributes of Bitcoin So basically because. Yes that in the chain is a Public Ledger that anybody can read validate the other it has to be public the data in the block chain has to be made public so that. Nodes can validate it and the database can be constructed over time. Now they're soon anonymous addresses so you don't know you can look at a transaction say that was Stephen or John or Phil or whoever. You know you'd have to have some other mechanism to connect that transaction back to a real world activity in somebody's identity. So. A transaction is. Is. It consists of inputs and outputs so I'm spending what are known as unspent transaction outputs I'm creating a new transactions I feed inputs in and I have outputs out going out and so if my wallet was correct crafting a transaction I wanted to send one bitcoin to somebody I would give it an address of that person that I wanted to send it to and what it would do is it would go find and spent out puts in my wallet that I have the keys to sign and it would. You know find enough inputs to meet or exceed one Bitcoin So let's say I had inputs that added up to one point one declawing I'm sending one because then I'm going to send myself change of point one bit coins so that change will be a new unspent transaction I'll put that I could use in a future transaction that I need to send. And so transactions have you know basic rules like the sum of the inputs must be less than or equal to the sum of the outputs. If the sum of the inputs is less than the sum of the outputs the difference they're a minor can collect as a fee so that's how you can attach a fee to a transaction transactions have a scripting engine so there's a. Byte code language that allows you to. You know craft more complex transactions than just simply sending from one person to another the are the kind of things that capability allows us to do things like multi signature transactions transactions that can't be spent for a certain amount of time. And. Lots of other stuff. The one of the consensus rules is that whatever script is in the transaction must successfully or else it's not a valid transaction so one of the buy codes might be like check the signature on this you know spinning of this. Unspent output and it does a check of the cryptographic signature and if it fails then the script fails and the transaction is not valid. Addresses addresses are there's primarily two types of addresses in use today one is called paid a pub key hash so you take in a public key you're hashing it you're actually in a shop two fifty six in a right and one sixty hash of that to yield twenty bytes that are then encoded in base fifty eight and that is your big coin address and when you spin to one of those type you know a page or poky hash address what the subsequent transaction that spins it is doing is it's revealing the public key matches that hash is verifying that that public key matches the hash and it is using that public key to then verify the signature that's actually on the transaction. Paid a script hashes a little bit of a different form of address and you'll see these on the network is beginning with a three instead of a one page a script hashes actually hashing the whole script that's needed to redeem or spin the output and it's actually a more flexible way to construct addresses on the network made a script hash. Addresses are used for things like multi signature transactions so I can take a script that says check that I have a signature from this public key from that public key and that public he or I can do two out of three or four out of five. And that's what the script. Is and then you take that script and you hash that and that's how you derive the public a so when some I spent or how you derive the address so when you spin to that. Address. You're actually not revealing the script that actually is capable of redeeming it. That only gets revealed when you actually need to spend it. In elliptic curve elliptic curve cryptography is used for all the signing. This is just a diagram I mention that you've got inputs and outputs to a transaction. So if you look at this input it's got any one of these transactions it has some inputs and outputs. Again stop me if I'm moving too fast I'm trying to get to some of the more interesting security discussions. Blocks blocks are basically a collection of transactions that are put together. You take all of the transactions and you. You compute a hash is the hashes of those transactions and you put them into a tree and that's what's called a Merkel tree in the Merkel root is part of what we call the block header and you take the block header and that's what you're computing a double shot to fifty six hash of and you're trying to you're. A miner will put a nonce into that header and very that nonce repeatedly compute the hash and then if that hash is below a certain number which is the difficulty target then they found a solution and they can publish that that becomes in the network sees that they can and the rest of network can quickly validate that and then mine or start building on to the on to the next block after that so in the header what we have is the hash of the previous block so this is how you form a chain you have the Merkle root of all the transactions in that block you have this nonce that's the miners are varying and then you also have a timestamp. Version and then the difficulty target. The timestamp is interesting. Because it's the only X. only data that's external to the coin that is actually in the bought chain. And I'll talk a little bit more about why that's that's interesting in a bit toward the end of the presentation. So blocks computing a double shot to fifty six finally finding a solution that meets a difficulty target is extremely hard takes a lot of computing power in minors repeatedly. Apply the double shot to fifty six looking for a solution it's very hard to solve and very easy to verify which is basically proof of work it was a question of where. It's up to the minor The only rule is that they can't they can't be bigger than one megabyte. Right and you'll see blocks fairly often on the network and what's happening there is a minor is seeing a new block that's been announced on the network and there and it takes a non-zero amount of time to verify that transaction and so what they do is they go ahead and assume that that block or takes a non-zero amount of time to verify that block what they do is they go ahead assume that that block is valid and they create another bot that has no transactions because they don't know which transactions that are in their memory pool might have been included in that block so they go ahead create a new block that's an empty block no transactions that goes ahead and points to this block that they just heard about from the network and they start hashing on that so a lot of times I get lucky and they'll find a block or they'll find a solution before they fully validated that previous blocking constructed a new block and so they can get rewarded twenty five declines in that case and it's a way that they don't spin they don't waste a few seconds of their of mining time you know mining on their other choices they use the last known good block previous to the one they just heard about. But chances are the one they just heard about is actually valid and what everybody else is going to build upon so they so there they have a better chance of the new block there they find not being orphaned if they you know assume that the block they heard about is valid and mining and pointing to the previous block that they knew was valid if that makes sense so it's a fairly common occurrence that you'll see empty blocks appear and that's why. It. Has a whole lot been invalid. Well I mean minors can create invalid blocks all the time but when they send them to their peers on the peer to peer network there they validate them before they repeat them. And if they don't validate they won't they won't be repeated so you you don't usually hear about invalid blocks on the network. Yeah yeah that's called a reorganization and it happens very frequently. I don't know I don't know whether it happens like ten twenty times a day or what but. You can imagine that if you got all these miners trying to find a solution and find trying to find the next block that occasionally you'll get to that happen very close to the same time and they'll announce it so one of those blocks will be picked up by the network and built upon in a form the longer chain in the other one will be an orphan and miners referred to that is orphan rates and so if you're in the mining business one of your objectives is to do things that reduce the orphan rate because if you produce an orphan then you don't get there's no reward you know earn any money for that. So orphan rates are a big thing that the miners pay attention to. In in this whole proof of workplace consensus is really trying to solve the Byzantine generals problem. So there's a pick. Oriel illustration of the watch chain just walk pretty simple. So I mention that these are used for transaction signature I think you got another slide on this some more. Maybe not. So it's using E.C.C. that's why this is actually the curve the coin uses It's called fifty six K. one it's a couple it's curve so there's an easy see there's two different suites of curves I guess you could call them one is COBOL it's the other one is a set of curves based on a pseudo random sequence of numbers and there's some you know conspiracy theory that that the pseudo random curves might have been compromised by the N.S.A. in some way and so it's very interesting that one of the cocoa bits curves was chosen and this was not a very widely used curve in most where where cryptography was used this particular curve was almost never used so it's kind of kind of interesting that this was chosen. The There's some Like I said some conspiracy theory that maybe the particular pseudo random sequence of numbers wasn't quite so randomly chosen or the seeds for that sequence were quite so randomly chosen. Maybe some of you know more about that than I do not an expert in an ellipse elliptic curve cryptography but. One interesting aspect of it though is it's fast in space efficient so you've got a fairly small keys which is important if you're building a big database of transactions. The piece of P. network I mentioned before this it has a mesh structure it's a gossip protocol so when I create a transaction on my node what my no does is it contacts all the peers it's connected to and since the hash of it in what's called an I envy or an inventory message and if one of. Nodes that I'm connected to has not heard about that transaction before it will turn around and say get data and I get data for that hash and then I will send it the full body of the transaction and then now that that node now has the full body of the transaction that goes with that hash and this is out transactions and blocks spread across the network by repeating these shorter messages about what inventory they have and then then nodes fetching from each other inventory that they don't have and that they haven't fetched yet. So it's a gossip protocol. Only valid transactions and blocks get repeated so this makes this makes the mesh network actually very hard to deal with us because you actually have to insert valid you have to put valid transactions out there and if you try to inject something invalid the network just it just in zero six send it to your peers and they'll ignore you and if you're really badly behaved the disconnect from you and you want in your messages will propagate through the network there are also some tests on transactions is standard tests that test whether it's a standard formed transaction there's also some criteria like you must have a certain fee attached to the transaction and if you're below a certain threshold the nodes won't propagate your transaction so all of this means that the mesh network is pretty hard to us. It's nodes independently by observation of the network conditions. Set those thresholds so. I mean you can look at a block chain and see like what the prevailing fees are per kilo by on a transaction and get a pretty good idea of what kind of fee you need to attach on a transaction for to get accepted into the network and there's a formula that the software uses to compute you know what. You know what what is above the threshold for to propagate. And you can just. I mean every node can make that decision independently but most of the software is using the same formula to compute whether or not it's going to propagate a transaction. So this means it costs you real money if you want to just flood the network with lots of transactions and trying to us it. So the another way to think about this mesh network too is there's there's also there's two policies you can choose from one one is deployed and has been deployed for a long time one is. Kind of getting phased in now. So if I broadcast a transaction and then I say I'm going to try to dump. Broadcast a second transaction that spins the same coins and I broadcasted it to different parts of the network I might be able to fool somebody into thinking my first transaction was good when in fact my second one which sends a money back to me actually gets confirmed in the bot chain and parts of the mesh network might think one is valid in the other part of the mesh network thing the different one is valid the other one is valid. Although the nodes have a first scene policy which is one policy you can choose from that policy says that if I see one transaction and it's valid and then I see a second one that conflicts with that first one the second one I discard no matter what the fee is no matter what you know what it you know what it looks like. So that's that's been the way the mesh network has worked for a long time a second policy that's being phased in is a replaced by fee policy so I can broadcast a transaction if I for whatever reason decide I'm not happy with that transaction I want to replace it with something new I can broadcast a second transaction but it has to meet certain criteria it has to have a higher fee and it can't be by a just a nominal amount it has to be by more than just a couple So she's. And I can broadcast that second transaction and the network will then replace the first transaction with the second one is very important you know and then this is set by a flag in the transaction. You know if you're receiving funds it's very important for you to know which kind it is whether it's replaced by fee or whether it's first first seen. Because you might be at more risk to double spend if you accept a replaced by fee transaction than the sender can replace it with a new transaction that sends money back to themselves and so you have to be your wallets have to make you aware of of that. But there are actually applications that where this is going to be very useful. Moving on to the platform imperative section so that's kind of the rundown of Bitcoin overview of decline and sort of sort of its kind of security properties. In this section I'm trying to talk about like what's important from a platform perspective when you're operating in this network right. So. You have this block chain that's out there that has all this public information but the private information is stored on edge devices phones laptops and those are your private keys that are used to sign transactions it's your private key that gives you the ability to create a transaction that modifies this database called Big going in and anybody can create transactions and modify this database called Big going as long as they have some transaction out but somebody sent them some because somebody sent me some that point I've got a private key that matches that I can create a transaction that sends it on to somebody else. So key handling is really important. And you know the subject of a lot of focus of you know people building wallets in this ecosystem so things that are really important are that the keys get generated on edge devices so I start up a wallet on my phone the key needs to get generated on this phone not generated somewhere else an important keys need to be stored on this device and really never to leave this device in an unencrypted form and even if it is encrypted you need to trust the device a. If you transfer it to because even an encrypted key could be attacked if somehow you messed up or the encryption is somehow flawed or used a weak key. Generally speaking keys are encrypted with a two fifty six so. Devices go try to generate. You know very strong keys to perform that encryption and. Most of all it's today are generating random seeds to. Generate keys from. And then the other important thing is you know backup needs to be robust easy to use and safe. So working on the US issues with you know getting people walking people through the process of backing up keys is really important. Yeah. I can probably give you a demo right here. I can add a new wallet create a new wallet can you see this. But this right the middle of fortune I can't make it any bigger. So I just created a wallet it just generated a brand new you know set of keys you know using the random number generator on here that's another important thing for you to have a good secure random number generator. So if I go to receive it's going to tell me I need to back this up and if I click on that it's going to give me the wallet see now since this is being recorded I'm going to destroy this while. After this so it gives you there are twelve words that you can go right down so we try to make this as simple as possible we tell people write this down somewhere. Put it in a safe. Keep a couple copies of it P.G.P. encrypted if you if you're really paranoid. And you should be really paranoid. So that's that's the backup process right so this. Twelve words gives you enough entropy that. You know it's sufficiently secure. At least we think so. And that's that's basically how we do the back up in this particular wallet. Yes except that we most of the industry is moved to something called H.D. wallets which stands for hierarchical deterministic wallets so what though that public private keep areas is actually a Ruki Ruki pair from. It's a route to keep air so from that we derive other key pairs from that route so you can actually generate multiple wallets from that same you know route key pair and you only have to back it up once right. The public key is in the wallet publish it. Let me get back here. He wants me to type the words right. When you click on receive that. Well when you quit click on receive it's going to show you a cure after I've done the back up it's going to show you a Q.R. code and that your Q.R. code. Will be a newly generated address and so you know if you. Want somebody to send you the Queens you would have them scan that. We don't currently share the room public key between wallets it does share it with the big course server so the big course server C'mon monitor the block chain and see what's relevant to the wall that's coming in so that could be a privacy concern you want to make sure that whatever server has your route publicly they're going to be able to see what activities going on and while they can't spend your funds or steal your phones but they can see what's going on in that wallet. There's something that we're working on called reasonable payment codes that is a code that you can share that you can publish in the public and that nobody can discern from that payment code any any transactions on the botching that are related to that payment so that's something that you could share publicly you could post it on a website or in a D.M.'s like system and then. And then safely know that people can use that to send you funds or even communicate with you but that any transactions created from that reusable payment code. Can't be reversed back to the payment code by another observer seeing the transaction on the block chain that makes sense so it's a privacy thing. And questions on that. Probably not explaining as well as I could. Yeah so that's key handling. Device integrity you want to make sure that the devices you know you take steps to prevent intrusion I mentioned the secure random number generator that's that's important. Trusted execution environments a number of chips now have these and we're starting to use those to do key handling to generate the key in the Trusted execution environment and to do the key signing and in make it so that private key never leaves that trusted execution environment. So a number of chips have this technology ARM chip Intel and were. Integrating co-pay with those to. To make sure that those keys can't be accessed. You know nothing's perfect but running in that trust execution environment the theory is that that environment can be accessed by viruses and malware that gets installed on them on a machine. To do yeah it is and. This is also an opportunity to get that to that in a bit but things that you would do with your device you might airgap it so a lot of people when they generate their private keys what they'll do is they'll take a device go get it set up and then disconnected from all networks turn off the wife I put it in a Farraday cage. And then generate the generate the key on that device and then never allowed to leave that device and then they they're very careful about how they train and if they need a transaction signed they're very careful about and some software helps you with this they're very careful about the mechanism by which they try and transfer a transaction over to the device so they can be signed and then transferred back off of that device. So air gapping is a good security technique. And then level security I mention that because. This is a particular interest of mine I spend a good number of years working on compilers virtual machines operating systems languages and there's been a lot of a lot of research that's been done a long time ago on how to build secure operating system from the ground up and. The operating systems that we work with today were never built with this threat environment in mind and so I think there's a real opportunity actually because we may. Really create some incentives to go to create a new operating system that is built from the ground up to be secure and then of course you've got to extend that into the to the hardware level. Right. One good mitigation technique is multi signature transaction so I showed you co-pay co-pay was named co-pay to stand for collaborative payments originally we called it cosign but we got a. I don't so I have a trademark on that. But the idea is. I can mitigate this device getting compromised if I have if I require two signatures or two out of three signatures on a transaction in a wallet so I can create a wallet I could share I can have this computer join this wallet in a third computer join the wall and now and I can require two out of three of those devices to put a signature on a transaction and so what happens is we create a transaction proposal that gets routed to all the wallets and then independently on each device you sign that transaction and only when you've got two out of three signatures is it actually valid because transaction that can be broadcast and put into the bought chain and so you never have to bring the keys together physically on the same device so for an attacker they've got to compromise two out of three of those machines and know that you've got a shared wallet on those machines and how to access them. So this has been very effective we see you know. We're seeing increase and increasing percentage of all the big goings being stored in multi signature addresses. Actually I say multi signature addresses but they're technically paid a scrip hash addresses but probably ninety nine percent of those are multi signature scripts. Right. And I should also mention that that's a very basic form of a smart contract. Of what. Yeah a lot of them. All kinds of attacks. Famous One was the Mt Gox one thing got us really concerned in thinking about this particular vulnerability the vulnerability is basically now. Was running an exchange you send your Because it's the exchange of senior dollars the exchange and they keep track of trading and then people can withdraw now got to set some limits would draw limits so that you can withdraw like you know I don't know what it was more than ten thousand dollars worth of decor or yeah you can withdraw more than like ten thousand ten thousand dollars worth of because no one account could draw more than ten thousand dollars worth of declines So somebody got the idea well if I can break into that system credit my account with tons of an issue a market seller I can crash the price to practically zero in withdraw all the big coins because ten thousand they would be worth less than ten thousand dollars according to their exchange rate and they broke into the into that system they changed you know they they did exactly what I described they credited their account with a lot of that coins and then they did a market sell order in Crash the price on that exchange to like one penny and fortunately for Mt Gox they. They didn't they didn't update that limit in real time like it was a manual setting that they had to go in and change and so they got what were basically you know ten or twenty or thirty thousand dollars I don't know how much it was exactly but they got a relatively small amount that they were successfully able to draw back off of that system but they didn't steal all their bitcoins course Mt Gox had other problems and collapse later. So that's what that was one famous hack there been tons of you know stolen bit coins people forgetting not putting good passwords on their systems and you have one case where in the early days back in two thousand and eleven private keys were encrypted so you just had this file sitting on your desk in the private keys were in there and they weren't encrypted I know of one case where. A wallet was they had created the wallet before wallets were encrypted and then they upgraded and upgraded to a new version of software that did encrypt the wallets and what they didn't realize. Is that they were using a backup service cloud backup service and that cloud backup service happen to keep the very first version of any file and then the most recent so many files and then you know if there was a beyond a certain age they they didn't keep it and what in the way we kind of figured this out was that the. Some I got ahold of an earth that first back up that had an encrypted private keys in it some I probably that worked at that back up company found the wallet dat file and they stole a bunch of there because but not all of them and the ones that they did and then when we started looking at the ones they didn't steal were the ones that were for addresses or were created after the they upgraded to the encrypted version of it and so the big point I happen to be in those addresses that were encrypted were the keys were encrypted they were fine but the other ones were stolen. Yes. Yeah we've got much better security I haven't heard of like major theft you hear that most recently it's been social engineering type of attacks where some matrix somebody in the spending money one way or another we have one case where we found that there was a tour exit node that had compromised somebody had compromised one of our wild card certificates for a domain which we normally have the Eevee certificate at that pay dot com But we also had a wild card certificate and we've stopped using them since this but we had a wild card certificate it got compromised somehow we don't know. And and so I tore exit node was mimicking and making it look like you had a secure connection to bit pay but it wasn't the easy certificate is the Wild Card certificate and then they were rewriting the addresses on the invoice to be somebody else's addresses so they were tricking people that were using Tor to access a bit pay you know invoice. Tricking you know tricking those users into paying the wrong address. Trying to think. Which I think of some more interesting compromises that I've heard of related to Bickel and. All right another aspect of security software disagree distribution this is something we're focused on a lot right now. You know the software would not work if it wasn't open source because people look at the code they can read it they can make sure does what it says it's doing it I would never trust a closed source while it's right because who knows what that wall is doing with your private keys and you know. So the first criteria sort of the first security mitigation is you know make sure using software that's open source an audit of all can be peer reviewed get is you know a great tool I was a fan of wrote a version of whole system in the past and about a week after Get was released I was like This is fantastic but it's great because it's content based right it's using hashes of code so the one bit in that source code is changed you've got a different hash so you can verify when you do a clone of a get repo you can verify that you're getting exactly what that what you're supposed to get. An ancient source code distribution where possible it is one of the things that is the scariest thing to me is that we ship so much precompiled X. eighty six code around the Internet and really. If you compare that with like say web pages which transmit javascript and H.T.M.L.. When I download javascript and I execute it it's only possible to do what that language you know that whatever the semantics of that language give you the ability to do and then that browsers of course can sandbox that but shipping X. eighty six code that somebody downloads and installs could be doing anything on your computer and so that's a big risk. And it's a big risk on devices not just not just the software that you're downloading to handle because but any other software that you might install so you have to be really careful about what software you're installing. On a device that you're also using because when with. Deterministic builds. So when it comes to distribute distributing software it's not always convenient to distribute source code and have somebody wait twenty minutes while that calling compiles. And. To have to install the tool chain and everything to actually compile it. So binary to get distributed people do builds and they distribute the binary. But it would be nice if you could to say take this get get commit or this shot hash of the source code and then you could take the shot hash of the house by an Aries and I could run a build and verify that the software that's being distributed that shot I could verify independently that my build produce the exact same results on software no running that build on software that I control on a on a machine that I control and then I can put my G.P.G. signature on that shot and that's basically me saying to anybody who cares I've independently verified that this shot hash of these binary is derived from this shot hash of the Get repast atory following this process and if enough people. Verify that that independently verify that build and put their signatures on it then when I go to download it or when somebody goes to download it chances are maybe there's somebody they know and that they trust it's but their signature on it that says that they verified that that Bill has is correct and then they can feel they can trust that binary that that my narry doesn't have any nefarious stuff and it. Turns out this is really hard. It's hard to do deterministic builds you know in Linux environment it's hard for me to say Here take this. Image of a Linux distribution and run the compiler and produce an output there are time stamps embedded in those builds there are all kind of stuff imbedded in those builds that make it non-deterministic So you need a deterministic build process and there's actually Debbie in Project working on this now it's called the. Reproducible builds project so it's really important and they're trying to work backwards and get all the way to the point where you can deterministically build you know the Linux kernel and everything the toolchain everything and then there's also a project called Gideon. Project is using this today and it's trying to deal with some of those trying to fix all those places where things like timestamps creep into a build process so you can have a deterministic build. Without that were left trusting that some person that's put their G.P.S. signature on a building that they didn't do something nefarious and put something in there and it's like one signature or a group's signature with a deterministic build anybody can independently run the build and verify the Shah some and put their signature on it. So deterministic builds is important software distribution and how you manage software distribution is really important. I mentioned using the P.G.P. web of trust to manage signing or verifying of minorities. All right. Yeah I've talked to some about this on this get through a couple slides here because we're running short on time. Energy I'm going to I'm going to just say one thing about energy consumption I always get asked the question are we you know like destroying the planet by running all these miners consuming all this energy in the The short answer is No And the reason is the the relationship of money to energy and think about it in these terms if you have two people that are bartering for two products that they each have to build. And you don't have money you are going to have to build both products and both then that takes energy and consumption if on the other hand one of those people except money. Money allows them to defer consumption into the future so if they accept money instead of them building a product that they bought barter with you're using half of the electricity or half of the energy for those products so the relationship of money and energy is really to me if that's a fascinating thing then I think enough people of that I think there needs to be some more thought or you know sort of philosophy you know philosophical thought about. Database technology as a database. As we think about Bit pay and we think about solving that Mt Gox problem at that pay we start to look more and more of what that pay does as a block chain and that watching having different kinds of transactions with the sides money monetary transactions the transactions where merchant updates their account settings you could instead of that being an A.P.I. call I can make that a transaction that the that the customer creates on their device signs with a private key on their device and some it's to bit pay and we incorporated into our chain of history. Now you need to secure that chain of history so when we do it is run minors but we're never going to have the kind of computing power that the big point at work is going to have another way we can do is we can take all those transactions in periodic lead time stamp them in the big chain and so we have the pay has its own set of consensus rules we run a cloud of computers that are building this chain of transactions periodically ten times stamping it into the coin box chain and if it's hacker gets into our system well they might be able to see a lot of activity and maybe they could even change recent activity anything that's been timestamped against the big chain they really are going to be able to change because they would need cryptographic keys to create those transactions to forge those transactions and then we could boot up a brand new node and independently synchronize with the big point block chain and with our own that pay bar chain and verifying the entire the integrity of the history from the very beginning and independently and trust us Lee repeat replay and Rick. Cover that entire history so I'm excited about that because I think it's kind of the A game changer in terms of how you think about protecting a company you know or any kind of you know database system no longer are you so dependent. You know on boundary defenses you still want to keep people out of your systems but if they do get in and they in in evitable you will you're kind of mitigating or limiting the damage they can do. The other thing is it's really good from a proper performance perspective. To pay we use a database as a primary secondary kind of architecture and what that means is that you know your transaction log is getting created on the primary placated out to the secondaries and there's automatic fail over and all that kind of stuff but it means that if somebody accessing our site in Australia there's a round trip that has to happen back to the primary to get that thing into the transaction log on the primary but if instead we architected like that corn itself that means that we replicate events all over the world so that we can have a replica of the Bit pay state sitting in Australia so that the customer in Australia only has to hit that server in Australia and then we use consensus test like techniques very similar to bit coing to resolve any kind of conflicts that could occur among those independent replicas so from a performance perspective we're really interested in moving to this architecture. And really I think it's a superior model to locking in transactions and databases. I mention A P I's again real quickly. You know if a merchant was going to change the state of something in pay rather than call and make an A.P.I. call and use a shared secret they can instead have a key pair of their own and cryptographically sign a transaction that's modifying the state of whatever they do and pay and submit that transaction to bit pay and we incorporated into the botching that is our A.P.I. So I think that's again change. They are as far as software as a service. So I would expect you know companies to start moving over to that kind of an architecture rather than a traditional you know restful A.P.I. type of architecture. And we have an internal project called chain to be working on a lot of this we haven't fully moved over to this architecture yet but we're working on it. And there's tremendous opportunity in terms of identity management because when is an identity system those private keys are stored and while it's our identities This is how other other nodes on the network verified that you know the person signing this transaction was the person that was originally sent the because in the first place that that's their identity that private key is their identity and so when we think about identity of a human I think about it like let's say I have a private key on a device and it's encrypted with a password that only I know that I've memorized. I think of a human's identity as being the particular unique composition of neural connections in your brain and in a very real sense your memorization of that password is forming those neural connections in the brain and that password gives you the ability to access that private key in your device and inside transactions so I think of it like my identity extending into the cyber you know realm by the devices that I directly use. So that's the way we think of our wallet of co-pay is really this the primary function of co-pay is to securely store and manage these private keys that are used to sign things and transactions happen to be one but other kinds of transactions may be interactions with the bit pay service or any kind of software as a service might be other than they're all kind of transactions that you could sign with those keys. I mentioned the unit. Cation of P.K.I. and web of trust. Really P.K.I. in the D.N.A. system and web of trust or really the same thing if you look at the root CA's there really concentrations of trust so a lot of people trust those CA's you could accommodate that model in a in a fully in a web of trust system where you know it's. You know. How what. By by what to cover the. Same way you tax any other transaction and. Not sure I understand the question. If you're a minor Yeah if you're OK so minor you have costs. Sorry. The question is how how are minors taxed or how they treated. So taxation of minors. You know it's actually different in different countries but but very simply there it's a business that earns revenue and that revenue has you know they are big but those big ones have a market value so you have capital expenses you pay however much you pay for mining equipment and then you earn revenue as you run that and you have electricity costs and so on so it's just a business that are in the revenue it's not really it's not really any different from any other business. I guess of. Yeah of course not. But that's true of any anonymous business. And then And then once you when you are in decline. I've. Talked to lots of mining companies big you know big professional operations and the best way to model it from a financial perspective is you you recognize that revenue as soon as you are in it so soon as you find that block you're recognizing that revenue at the current market value of declining and if you want to keep that that coin you put that into another company where it's an investment company and so that those big points transfer to that investment company and you hold that you have either capital gains or losses write a lot of mine or sell everything they just sell every single bit coin that they get immediately they've got to pay suppliers they've got to pay the electricity costs and they don't speculate at all on the value of Bitcoin. It's. Now. Used by a miner and start running it out of your house. You know I think I'm not a tax expert but you know the I.R.S. does have something called like hobby income that I mean if you're if you're making less than a certain amount they just don't care I mean it's just hobby income. But once you get to a certain scale then you've got to start reporting and what not. I know it's hard to know that I know some miners they just they they don't want to speculate in the degree to which they do speculate in because it is independent of their being business right so they they probably are speculators in their calling but they're not necessarily viewing their mining offer and you really shouldn't view your mining operation you can conflate the volatility or the appreciation in value of big coin with the profitability of your mining operation right because you're you're buying equipment you're paying cost for all of that you're paying electricity you're getting rewarded with coins that have a market value. You there's your revenue your profitability right there take the speculation of the value of big oil and completely out of it or separate it. Because a lot of times people get into mining thinking that they can make all these big point but they realize that electricity isn't free. And they and they may be better off actually speculating in the in the price of that coin that was a case of me in the early days in two thousand and eleven and I was doing G.P.U. mining and it was fun and I I was able to find some declines but I actually would have been better off had I just taken all that money and bought declawing. Let's see. Last slide next to last slide platforms. So big ups the ante from a security perspective I've talked a lot of security reaches researchers and they they actually are excited about that coming from the perspective of you know this is just yet another reason to really you know it creates economic incentives direct economic incentives for building more secure you know platforms. You know we see new threats emerging things like crypto locker you've probably heard of the encrypt people's you know devices and charge declines for them to get them unlocked. The credit card for this is a credit card fraud is really interesting. So I in the early days a lot of people had the idea hey I can set up a website and I can sell because I can take credit card for those big Koreans or can take a pay pal transaction and then they put up the website and all this and they get all the stolen Pay Pal accounts all the stolen credit cards come in their website trying to buy coins and so they very quickly realize they're going to be out there because and out there you know Visa or Master Card transactions but it's an interesting case where you have a more secure environment fundamentally more secure platform mixing with less secure system and the more secure system is devouring the less secure system in a very direct way so you see you know a lot of credit card fraud a lot of bank account hijacks there. Instead of using cash and runners their start to use because when to get the value out of those find ways of getting value out of those so that this is why it's very difficult to buy big ones all the exchanges are very you know put a lot of fraud mitigation in place because you know if they get a fraudulent a C.-H. transfer or whatever then they could they could lose a lot of money in a very short amount of time. So that that's kind of an impediment to adoption when it's so hard to actually buy an acquired calling. Yet I mentioned you know they calling creates economic incentives for secure platforms I think we'll see lots of new security tools sort of being designed you know with protecting and private keys come about I mentioned new operating systems you know linux you know these are all forty plus year old operating systems again operating in a are built in a in an environment where the current threat environment was not really you know top of mind. In the new hardware ultimately you can do all that all the work in the world to create secure operating systems from the ground up but don't forget about the hardware right we really kind of need open source hardware and maybe one day we'll be able to manufacture own chips you know three D. printing maybe that will twenty years from now who knows maybe some maybe people can independently build their own hardware according to specs that have been vetted and verified and not have to trust Intel or A.M.D. or chip manufacturers. And I mention that a lot of the research on it particularly on operating systems and languages that get first class treatment to to security a lot of that research has been done and done for a long time. But they're just hasn't been the economic incentives or the right alignment of circumstances for those operating systems to kind of get off the ground but I'm optimistic that will we'll see movement in that area in the next decade or two. I didn't really talk too much about distributed autonomous corporations or smart contracts prediction markets but these are all very exciting you know areas for the future not directly related to security but. Cool stuff in it needless to say prediction markets are going to be a really controversial thing prediction markets are where somebody could say make a bet on the outcome of the next election and they can place bets on either side of that and then the market will give you odds on who's going to get elected. And the theory behind a prediction market is that you can bring together the collective wisdom of the market to make predictions about what's going to happen in the future but there are downsides to I mean you can you know an executive at a company if they can make an these anonymous bets they could do effectively insider trading by betting on the future price of their stock. So there's downsides to it but there's an interesting side effect I mentioned earlier that time stamps are the only external data in the blocking the only data that's outside of Bitcoin that's in being embedded in the botching prediction markets give you a way to actually get external real world data into the bog chain in a trust lists in verifiable manner and so if I can get so if I predict who's going to win the next election I create a market election happens then you have this verification period and then then actual the bets get settled but that verifiable independently verifiable data of who won that election gets embedded into a block chain and then you can use it in smart contracts and I can build a smart contract that says if you know Hillary when's the next election then pay this person this amount of money and if somebody something else happens to do X. so getting extra late a story into the bot chain is where I see what's really exciting about predictions. It's big and they're going to be. I mean if you thought that point was controversial I think prediction markets are going to be another level of controversy. But exciting at the same time. Yeah but how do you know they aren't gaming it you know how do you how do you yeah they definitely are I guess I guess you there's no question. Yeah. Yeah. Yeah. Yeah I mean there's a project called Truth coin where there's a lot of papers written on this subject that goes into all those details about you know how how do you form the market Saudi you. Form the bets in a block chain How do you then once the event happens how do you verify it. But it's using sort of crowdsourcing of information to get data into a block chain once it's in a blog chain it's in a form that you can use in a smart contract which is again the most exciting part of it. So all right that's all I had any other questions. We have to. Yeah so the question is about the block size and decentralization So there's a lot of debate about this issue a lot a lot of you know things to consider. The main concern that people have is if you increase the if you. If you produce really big blocks then. It'll be more expensive for an individual to fully verify the block chain so to run their own full no that's doing full verification trust verification and if that's the case fewer people will do that trust us verification will start trusting a big server or a company that does the verification for them right and then that that harms decentralisation. So the miners aren't against it the Chinese miners are against going too far mostly miners are actually in favor of increasing the block size they want more throughput they want more people to be able to use the system they see more throughput as being more customers. But. In China they have the fire wall and there's a concern about network propagation in it increasing their orphan rates that I talked about so they create a block and they can't get it through the firewall fast enough to the rest of world and then they have a war from blogs so they most of them now are in favor of going up to two megabytes of basically doubling the capacity of the network but they don't want to go to like eight or ten or twenty as have been proposed. So there's lots of things to consider we put out a proposal about an adaptive block size so the original reason for the box sizes and make sure it wasn't artificially kept the capacity the system is actually to prevent us on the network so it was to prevent a minor from creating a really gigantic block and by the way this wasn't in the very first you know iteration of because. It was added you know a few months after because it was actually launched. Put it in there kind of quietly didn't really say much about it. But it was it was to prevent like people from creating really huge blocks and D. O. S. in the network but we put out a proposal called an adaptive block size the like uses a recent median block size to enforce a limit so that if you look back over the last three months of block size you pick the median and then that becomes your and then you double that and then that becomes your cap on blogs. Rises we think that has the same effect and it allows the miners to put keep producing bigger and bigger box until they start hitting up against real scale ability limits once they start seeing increased orphan rates and real scalability constraints in the back off and you'll it allow the network to grow along with innovations in scale ability. What you want to know them. Trying to remember how many bits of interplay it is I want to say it's like one hundred twenty eight bits of entropy would you say how many. Yeah OK maybe more each one of those where there's a there's a pre-selected pool of words to choose from and so the. I don't know it's a it's a standard it's not something we invented. And a lot of wallets are using this today but basically the idea is you create a random number and then you turn it into these twelve words that people can easily write down and you pick words that can easily be confused with each other in the order matters of those words. So. It's just meant to be. It's used to derive the private key the E.C.C. private key so if you have that you can derive the private key from it. That's why I'm going to delete that wallet after this talk. Now. Thanks.