1 00:00:01,010 --> 00:00:03,350 The following content is provided under a Creative 2 00:00:03,350 --> 00:00:04,740 Commons license. 3 00:00:04,740 --> 00:00:06,950 Your support will help MIT OpenCourseWare 4 00:00:06,950 --> 00:00:11,040 continue to offer high quality educational resources for free. 5 00:00:11,040 --> 00:00:13,610 To make a donation or to view additional materials 6 00:00:13,610 --> 00:00:17,570 from hundreds of MIT courses, visit MIT OpenCourseWare 7 00:00:17,570 --> 00:00:18,463 at ocw.mit.edu. 8 00:00:23,471 --> 00:00:25,490 GARY GENSLER: I just want to say how 9 00:00:25,490 --> 00:00:28,880 touched I am that you are all still here. 10 00:00:28,880 --> 00:00:32,930 I really-- you know, there's a lot of shopping opportunities 11 00:00:32,930 --> 00:00:37,640 in the MIT courses. 12 00:00:37,640 --> 00:00:40,970 And that you have come back and not shaken 13 00:00:40,970 --> 00:00:45,800 loose after reading Satoshi Nakamoto's 14 00:00:45,800 --> 00:00:51,680 peer-to-peer Bitcoin paper, or maybe you just came back 15 00:00:51,680 --> 00:00:56,670 to see whether I was going to crash and burn describing it. 16 00:00:56,670 --> 00:01:00,950 But what we're going to try to do in the next three classes, 17 00:01:00,950 --> 00:01:03,410 just to frame it, is really give you 18 00:01:03,410 --> 00:01:06,710 some of the technical underpinnings 19 00:01:06,710 --> 00:01:10,460 of blockchain technology through the lens of Bitcoin. 20 00:01:10,460 --> 00:01:16,020 Bitcoin is just the first use case of blockchain technology. 21 00:01:16,020 --> 00:01:19,370 So if I often say Bitcoin this or Bitcoin that, 22 00:01:19,370 --> 00:01:21,050 it's really largely-- 23 00:01:21,050 --> 00:01:23,240 not entirely-- largely applicable 24 00:01:23,240 --> 00:01:25,520 to blockchain technology. 25 00:01:25,520 --> 00:01:28,910 My feeling is I'm only about eight or nine months ahead 26 00:01:28,910 --> 00:01:29,990 of all of you. 27 00:01:29,990 --> 00:01:32,990 I may have spent my whole professional life 28 00:01:32,990 --> 00:01:36,260 around finance and public service, 29 00:01:36,260 --> 00:01:39,140 and I can talk a lot about markets and about 30 00:01:39,140 --> 00:01:42,260 public policy, but MIT has given me 31 00:01:42,260 --> 00:01:46,490 the gift of thinking about blockchain technology. 32 00:01:46,490 --> 00:01:50,410 And I'm trying to return that gift a little bit for you all. 33 00:01:50,410 --> 00:01:52,130 And I have a few computer scientists 34 00:01:52,130 --> 00:01:53,840 in the room that are going to bail me out 35 00:01:53,840 --> 00:01:55,670 if I don't get this right. 36 00:01:55,670 --> 00:01:59,625 Sabrina, and then, oh, I see Alin is putting up his-- 37 00:01:59,625 --> 00:02:00,500 do you all know Alin? 38 00:02:00,500 --> 00:02:04,220 He's actually a PhD student at MIT, computer science. 39 00:02:04,220 --> 00:02:09,344 So somebody gets to that part of their life-- 40 00:02:09,344 --> 00:02:10,636 AUDIENCE: Terrible life choice. 41 00:02:10,636 --> 00:02:12,350 GARY GENSLER: Yeah, yeah. 42 00:02:12,350 --> 00:02:13,178 What was that? 43 00:02:13,178 --> 00:02:14,470 AUDIENCE: Terrible life choice. 44 00:02:14,470 --> 00:02:16,310 GARY GENSLER: Terrible life choice. 45 00:02:16,310 --> 00:02:18,330 Yeah. 46 00:02:18,330 --> 00:02:20,510 But he's going to bail us all out. 47 00:02:20,510 --> 00:02:25,565 But the reason that I think it's relevant not to just belabor 48 00:02:25,565 --> 00:02:29,240 it, is I really believe the only way that any of us 49 00:02:29,240 --> 00:02:33,140 can get to ground truths is to know a little bit about how 50 00:02:33,140 --> 00:02:36,710 the inner workings of this technology are. 51 00:02:36,710 --> 00:02:39,440 You're not going to have to do an algorithm 52 00:02:39,440 --> 00:02:43,663 or actually do a hash function, but to know underneath it. 53 00:02:43,663 --> 00:02:45,080 And then you can step away and say 54 00:02:45,080 --> 00:02:48,500 I no longer need to know how the carburetor on the car works, 55 00:02:48,500 --> 00:02:50,620 but I know what a carburetor is. 56 00:02:50,620 --> 00:02:55,940 Or, you know, whatever analogy you want. 57 00:02:55,940 --> 00:02:59,960 So with that little bit, as opposed 58 00:02:59,960 --> 00:03:02,480 to sort of all of that Socratic cold calling 59 00:03:02,480 --> 00:03:05,600 that I did last class, because money, 60 00:03:05,600 --> 00:03:09,110 Fiat currency is something at the core, 61 00:03:09,110 --> 00:03:13,070 and ledgers is at the core of a Sloan student's 62 00:03:13,070 --> 00:03:16,820 either education or background, this a little less of the core. 63 00:03:16,820 --> 00:03:19,100 If today's and the next couple of lectures, 64 00:03:19,100 --> 00:03:22,280 if you can work with me then I want you to interrupt me 65 00:03:22,280 --> 00:03:24,230 anytime you've got a question. 66 00:03:24,230 --> 00:03:26,840 I'm not going to do much cold calling. 67 00:03:26,840 --> 00:03:28,580 I don't want you to relax too much. 68 00:03:28,580 --> 00:03:30,980 I still want you to do the readings the next three 69 00:03:30,980 --> 00:03:32,120 classes. 70 00:03:32,120 --> 00:03:35,100 But just raise your hand, stop me, say, well, 71 00:03:35,100 --> 00:03:37,740 but what is that all about. 72 00:03:37,740 --> 00:03:40,160 And that just sort of we can work 73 00:03:40,160 --> 00:03:44,940 a little bit different on these next classes. 74 00:03:44,940 --> 00:03:49,990 So, as I'm always going to be doing, consistency. 75 00:03:49,990 --> 00:03:52,380 What are the study questions? 76 00:03:52,380 --> 00:03:54,330 So really, what are the design features? 77 00:03:54,330 --> 00:03:57,870 What are the key design features of this new technology, 78 00:03:57,870 --> 00:03:59,280 blockchain. 79 00:03:59,280 --> 00:04:01,920 And I put a few on the syllabus. 80 00:04:01,920 --> 00:04:05,640 And we're going to go through all this today and next week. 81 00:04:05,640 --> 00:04:09,960 Cryptography, append-only, timestamps 82 00:04:09,960 --> 00:04:14,430 blocks, distributed consensus algorithms, and networking. 83 00:04:14,430 --> 00:04:16,470 I list four. 84 00:04:16,470 --> 00:04:20,079 Later in this lecture, you'll see 8 or 10 that-- 85 00:04:20,079 --> 00:04:24,730 I guess it's 10 that we're going to really dig dig into. 86 00:04:24,730 --> 00:04:26,610 Can I just get a sense of the class and this 87 00:04:26,610 --> 00:04:29,280 is not for Talita or Sabrina to write down 88 00:04:29,280 --> 00:04:32,610 notes about participation. 89 00:04:32,610 --> 00:04:35,850 Is it a decent assumption, did most or all of you 90 00:04:35,850 --> 00:04:38,290 at least read Nakamoto's paper? 91 00:04:38,290 --> 00:04:38,790 All right. 92 00:04:38,790 --> 00:04:39,810 Good. 93 00:04:39,810 --> 00:04:42,000 All right, great. 94 00:04:42,000 --> 00:04:45,420 Just a sense, how many of you felt you got at least half 95 00:04:45,420 --> 00:04:49,830 of it, maybe less than 2/3, but at least half of it? 96 00:04:49,830 --> 00:04:51,500 All right, pretty good. 97 00:04:51,500 --> 00:04:53,480 When I first read it, I was right with you. 98 00:04:53,480 --> 00:04:55,032 So it's all right. 99 00:04:55,032 --> 00:04:56,740 Alin you got more than half of it, right? 100 00:04:56,740 --> 00:04:58,610 AUDIENCE: I read it five years ago, so. 101 00:04:58,610 --> 00:04:59,720 GARY GENSLER: You read it five years ago. 102 00:04:59,720 --> 00:05:00,690 Yeah, yeah, yeah. 103 00:05:00,690 --> 00:05:04,990 Yeah, life choices, talk about it. 104 00:05:04,990 --> 00:05:07,680 All right. 105 00:05:07,680 --> 00:05:09,680 And you're taking this class. 106 00:05:09,680 --> 00:05:12,380 Good, good. 107 00:05:12,380 --> 00:05:14,090 So we'll go through each of those. 108 00:05:14,090 --> 00:05:16,490 And then more specifically, we're 109 00:05:16,490 --> 00:05:19,100 going to peel back the cryptography. 110 00:05:19,100 --> 00:05:24,830 The two main cryptographic algorithms, or these words 111 00:05:24,830 --> 00:05:28,700 that you'll hear sometimes, cryptographic primitives-- 112 00:05:28,700 --> 00:05:30,770 Alin, what is a cryptographic primitive? 113 00:05:30,770 --> 00:05:32,560 AUDIENCE: Oh, it's a wild beasts. 114 00:05:32,560 --> 00:05:33,900 There are so many of them. 115 00:05:33,900 --> 00:05:36,670 GARY GENSLER: Yeah, but what's the two words together mean? 116 00:05:36,670 --> 00:05:37,720 AUDIENCE: Well, that's I'm saying. 117 00:05:37,720 --> 00:05:38,220 It could be anything. 118 00:05:38,220 --> 00:05:40,590 It could be a hash function, could be encryption function, 119 00:05:40,590 --> 00:05:42,290 could be a very powerful computation scheme, 120 00:05:42,290 --> 00:05:44,832 it could be a data outsourcing scheme, could be a data access 121 00:05:44,832 --> 00:05:46,070 privacy access. 122 00:05:46,070 --> 00:05:47,570 GARY GENSLER: But it's anything that 123 00:05:47,570 --> 00:05:49,610 basically protects the communication 124 00:05:49,610 --> 00:05:51,120 in the presence of adversaries. 125 00:05:51,120 --> 00:05:52,537 AUDIENCE: Well it's also something 126 00:05:52,537 --> 00:05:55,430 that you can use to prove that computation was done correctly 127 00:05:55,430 --> 00:05:56,460 on trusted servers. 128 00:05:56,460 --> 00:05:59,660 It's not just communication, it's also computation. 129 00:05:59,660 --> 00:06:02,300 GARY GENSLER: So communications and computation 130 00:06:02,300 --> 00:06:06,090 that needs to be protected or verified, 131 00:06:06,090 --> 00:06:09,690 have some form of cryptographic algorithm, 132 00:06:09,690 --> 00:06:12,270 which happens to be called a cryptographic primitive. 133 00:06:12,270 --> 00:06:14,223 The two main ones-- 134 00:06:14,223 --> 00:06:16,140 and there's a third one we'll talk about later 135 00:06:16,140 --> 00:06:20,310 in the semester-- but the two main ones, hash functions, 136 00:06:20,310 --> 00:06:23,970 just as a working knowledge of blockchain is worthy to know, 137 00:06:23,970 --> 00:06:26,928 and we're going to get-- everybody's going to get there. 138 00:06:26,928 --> 00:06:28,470 We're going to all get there to where 139 00:06:28,470 --> 00:06:31,230 you have some sense of what a hash function is. 140 00:06:31,230 --> 00:06:33,940 And then this whole concept of digital signatures, 141 00:06:33,940 --> 00:06:37,200 which relates to asymmetric cryptography. 142 00:06:37,200 --> 00:06:42,003 Those two are very fundamental to blockchain technology. 143 00:06:42,003 --> 00:06:43,920 Later in the semester, we'll talk a little bit 144 00:06:43,920 --> 00:06:47,340 about zero knowledge proofs, but they're not 145 00:06:47,340 --> 00:06:51,180 as fundamental to the first application. 146 00:06:51,180 --> 00:06:53,630 And so that's why they're kind of-- 147 00:06:53,630 --> 00:06:56,430 and they help make things verifiable and immutable. 148 00:06:56,430 --> 00:06:58,380 And that's the business side, the market side. 149 00:06:58,380 --> 00:07:00,535 Why does it matter? 150 00:07:00,535 --> 00:07:02,660 Otherwise, like, who cares what's in the carburetor 151 00:07:02,660 --> 00:07:06,010 if it doesn't matter? 152 00:07:06,010 --> 00:07:08,240 And then how does this all relate to the double 153 00:07:08,240 --> 00:07:09,110 spend problem? 154 00:07:09,110 --> 00:07:11,000 I can cold call on this. 155 00:07:11,000 --> 00:07:13,100 Isabella, do you remember what the double spending 156 00:07:13,100 --> 00:07:15,020 problem was from? 157 00:07:15,020 --> 00:07:18,023 AUDIENCE: It was when they would use the same coin, 158 00:07:18,023 --> 00:07:19,940 I guess, and they would use it multiple places 159 00:07:19,940 --> 00:07:22,360 and other digital wallets [INAUDIBLE].. 160 00:07:22,360 --> 00:07:23,360 GARY GENSLER: All right. 161 00:07:23,360 --> 00:07:25,730 So in essence, a double spend is when 162 00:07:25,730 --> 00:07:30,380 you have a piece of information and you use it twice. 163 00:07:30,380 --> 00:07:32,930 And we happen to call this piece of information "money," 164 00:07:32,930 --> 00:07:34,610 but you use it twice. 165 00:07:34,610 --> 00:07:38,023 You can send an email to two people and that's OK. 166 00:07:38,023 --> 00:07:39,440 I mean, it's a little embarrassing 167 00:07:39,440 --> 00:07:42,150 if you're sending it to one friend telling them 168 00:07:42,150 --> 00:07:44,150 you're available for dinner and the other friend 169 00:07:44,150 --> 00:07:46,550 thought you told them you weren't available. 170 00:07:46,550 --> 00:07:49,130 But you can still send it to two places. 171 00:07:49,130 --> 00:07:51,950 But in the system of money, it's a critical thing 172 00:07:51,950 --> 00:07:55,940 that you don't use it twice. 173 00:07:55,940 --> 00:08:00,040 The readings, was the demo helpful? 174 00:08:00,040 --> 00:08:02,230 I mean, we're going to do a lot more on that. 175 00:08:02,230 --> 00:08:05,178 I watched that demo last November, December. 176 00:08:05,178 --> 00:08:06,970 That was one of the first things I watched. 177 00:08:06,970 --> 00:08:09,530 From an MIT student. 178 00:08:09,530 --> 00:08:13,060 I don't know if you knew Bosworth. 179 00:08:13,060 --> 00:08:15,580 And I found it very helpful, so I'm glad. 180 00:08:15,580 --> 00:08:18,910 And I see it's actually that demo is on a Stanford 181 00:08:18,910 --> 00:08:22,480 blockchain course as well, so the West Coast, one 182 00:08:22,480 --> 00:08:24,985 of our competitors is using an MIT product. 183 00:08:27,490 --> 00:08:31,540 And so we're going to just do a slight review of what 184 00:08:31,540 --> 00:08:32,780 we did in class 2. 185 00:08:32,780 --> 00:08:35,169 And then we're going to talk about the key design 186 00:08:35,169 --> 00:08:37,840 features, hash functions, as I mentioned, 187 00:08:37,840 --> 00:08:44,020 what is an append-only log, block headers and Merkle trees, 188 00:08:44,020 --> 00:08:46,330 and asymmetric cryptography and digital signatures. 189 00:08:46,330 --> 00:08:46,830 Crazy. 190 00:08:46,830 --> 00:08:51,260 We're going to cover all five of those today. 191 00:08:51,260 --> 00:08:53,620 And then you're going to tell me how we did. 192 00:08:53,620 --> 00:08:56,080 Oh, Bitcoin addresses, which is just a small thing. 193 00:08:56,080 --> 00:08:58,750 Six, actually. 194 00:08:58,750 --> 00:09:02,020 So last time, for those of you that weren't with us, 195 00:09:02,020 --> 00:09:03,310 we talked about money. 196 00:09:03,310 --> 00:09:05,980 And again, money is just a social construct, 197 00:09:05,980 --> 00:09:08,440 or an economic consensus mechanism. 198 00:09:08,440 --> 00:09:10,660 We're going to talk a lot about consensus 199 00:09:10,660 --> 00:09:13,390 next Tuesday when we talk about the consensus 200 00:09:13,390 --> 00:09:15,040 protocol on Bitcoin. 201 00:09:15,040 --> 00:09:18,340 But remember, money itself is just a consensus. 202 00:09:18,340 --> 00:09:22,210 There was a question on Tuesday, I 203 00:09:22,210 --> 00:09:24,370 think Alin actually had asked this question 204 00:09:24,370 --> 00:09:26,530 about well, what does it mean to be 205 00:09:26,530 --> 00:09:28,270 a liability in the central bank? 206 00:09:28,270 --> 00:09:31,730 Why is money, what does that actually mean? 207 00:09:31,730 --> 00:09:34,310 And I said it just means that somebody else will accept it. 208 00:09:34,310 --> 00:09:37,120 It's a social consensus because it's not 209 00:09:37,120 --> 00:09:39,400 that they're going to give you anything else. 210 00:09:39,400 --> 00:09:41,170 It's just that you can get a bank deposit, 211 00:09:41,170 --> 00:09:44,800 you can pay your taxes, you can use it at Starbucks, 212 00:09:44,800 --> 00:09:47,620 if in fact, you've already gotten a cup of coffee. 213 00:09:47,620 --> 00:09:52,490 If you remember, it's only legal tender for a debt. 214 00:09:52,490 --> 00:09:53,740 And so forth. 215 00:09:53,740 --> 00:09:56,950 Fiat money is just in that long line. 216 00:09:56,950 --> 00:09:59,110 But it's had its challenges and instabilities. 217 00:09:59,110 --> 00:10:01,400 It doesn't mean it's going to go away. 218 00:10:01,400 --> 00:10:04,690 I'm not a Bitcoin maximalist who thinks that Fiat currencies are 219 00:10:04,690 --> 00:10:05,420 going to go away. 220 00:10:05,420 --> 00:10:08,410 But Fiat currencies have their instabilities, particularly 221 00:10:08,410 --> 00:10:13,370 around weak monetary policy. 222 00:10:13,370 --> 00:10:16,280 In essence, when you debase a currency and allow a lot of it 223 00:10:16,280 --> 00:10:20,530 to be issued, or usually around unstable fiscal policy. 224 00:10:20,530 --> 00:10:23,390 So either the government is spending a lot, 225 00:10:23,390 --> 00:10:27,260 the King is off to foreign wars, and the Bank of England 226 00:10:27,260 --> 00:10:30,710 was actually set up in the late 17th century in essence 227 00:10:30,710 --> 00:10:33,950 to control the currency when the King was-- 228 00:10:33,950 --> 00:10:34,850 of England, I think-- 229 00:10:34,850 --> 00:10:37,820 was in wars with France, if I can recall. 230 00:10:37,820 --> 00:10:40,550 A lot of banks, central banks, were set up right 231 00:10:40,550 --> 00:10:44,360 about when a sovereign was off debasing a currency 232 00:10:44,360 --> 00:10:47,550 and spending too much at war. 233 00:10:47,550 --> 00:10:49,220 Ledgers, we talked about ledgers, 234 00:10:49,220 --> 00:10:51,170 how critical ledgers are. 235 00:10:51,170 --> 00:10:55,730 In essence, ledgers are a way to keep records. 236 00:10:55,730 --> 00:10:58,850 And those records could either be transaction records 237 00:10:58,850 --> 00:11:00,010 or balance records. 238 00:11:00,010 --> 00:11:05,720 We'll see that Bitcoin is set up as a transaction ledger system. 239 00:11:05,720 --> 00:11:07,970 Later we're going to be talking about other blockchain 240 00:11:07,970 --> 00:11:10,340 technologies that are set up as balance ledgers. 241 00:11:10,340 --> 00:11:14,690 So one should not just think immutability 242 00:11:14,690 --> 00:11:16,700 that there's only one way to do this. 243 00:11:16,700 --> 00:11:21,650 But transactions and ledgers are at the core of Bitcoin. 244 00:11:21,650 --> 00:11:25,520 And central banking is of course, built on ledgers. 245 00:11:25,520 --> 00:11:27,500 The master ledger of the central bank, and then 246 00:11:27,500 --> 00:11:30,560 the commercial banks have sort of the sub-ledgers. 247 00:11:30,560 --> 00:11:33,080 And then you can think sometimes your digital wallet, 248 00:11:33,080 --> 00:11:36,950 maybe Starbucks has yet a third tier ledger. 249 00:11:36,950 --> 00:11:39,920 We obviously live in an electronic age already. 250 00:11:39,920 --> 00:11:41,150 We know this. 251 00:11:41,150 --> 00:11:42,890 There's been many efforts, they've 252 00:11:42,890 --> 00:11:46,760 all died until Bitcoin to crack that riddle 253 00:11:46,760 --> 00:11:51,750 that we talked about, peer-to-peer money 254 00:11:51,750 --> 00:11:53,915 without a central authority. 255 00:11:53,915 --> 00:11:55,290 And later in the semester when we 256 00:11:55,290 --> 00:12:00,770 talk about what are the use cases, 257 00:12:00,770 --> 00:12:02,650 that's going to be the core thing. 258 00:12:02,650 --> 00:12:04,440 It's why I'm not a maximalist. 259 00:12:04,440 --> 00:12:07,450 I'm not sure in every circumstance 260 00:12:07,450 --> 00:12:12,680 a central intermediary isn't necessarily so bad. 261 00:12:12,680 --> 00:12:14,240 And this is not a value judgment. 262 00:12:14,240 --> 00:12:17,390 It's just pure money and markets and so forth. 263 00:12:17,390 --> 00:12:19,990 But in some circumstances, decentralization really 264 00:12:19,990 --> 00:12:24,470 will compete and beat the centralized intermediary. 265 00:12:24,470 --> 00:12:30,100 So let's talk about his little paper, which of course he 266 00:12:30,100 --> 00:12:33,610 was modest, or she was modest. 267 00:12:33,610 --> 00:12:38,920 Please remind me, we don't know who Nakamoto is or was, 268 00:12:38,920 --> 00:12:40,270 or a group of people. 269 00:12:40,270 --> 00:12:43,090 "I've been working on a new electronic cash 270 00:12:43,090 --> 00:12:46,720 system that's fully peer-to-peer with no trusted third party." 271 00:12:49,590 --> 00:12:52,950 So you've seen this slide before. 272 00:12:52,950 --> 00:12:55,800 But a time stamped append-only log. 273 00:12:55,800 --> 00:12:58,190 Just think blocks of data. 274 00:12:58,190 --> 00:13:03,420 To kind of oversimplify, but it's got a name, blockchain. 275 00:13:03,420 --> 00:13:05,130 And I don't think-- did Satoshi's paper, 276 00:13:05,130 --> 00:13:08,250 you all read it in the last few days, I of course 277 00:13:08,250 --> 00:13:12,210 read it again yesterday just to make sure I remembered it, 278 00:13:12,210 --> 00:13:14,700 I don't remember that he ever used the word blockchain. 279 00:13:14,700 --> 00:13:16,380 Am I right about that? 280 00:13:16,380 --> 00:13:17,270 Right. 281 00:13:17,270 --> 00:13:19,770 So the words blockchain are really-- 282 00:13:19,770 --> 00:13:25,530 have been sort of layered over his innovation. 283 00:13:25,530 --> 00:13:28,380 So information, blocks going on. 284 00:13:28,380 --> 00:13:31,780 And that leads to basically a database. 285 00:13:31,780 --> 00:13:33,700 But it's the blocks of data. 286 00:13:33,700 --> 00:13:37,840 Bitcoin right now is about 550,000 blocks, 287 00:13:37,840 --> 00:13:42,630 and the blocks are added on average every 10 minutes. 288 00:13:42,630 --> 00:13:45,700 And we'll talk about why it's every 10 minutes, and not 289 00:13:45,700 --> 00:13:49,820 only why Satoshi Nakamoto made it every 10 minutes 290 00:13:49,820 --> 00:13:51,550 but how they maintain that. 291 00:13:51,550 --> 00:13:55,490 Other blockchains like Ethereum it's about every seven seconds. 292 00:13:55,490 --> 00:13:59,830 So don't get too caught up that it's all the same. 293 00:13:59,830 --> 00:14:04,180 And there's some technologists, here Silvio Micali 294 00:14:04,180 --> 00:14:07,270 is working on Algorand and that's even tighter, 295 00:14:07,270 --> 00:14:08,930 less than seven seconds. 296 00:14:08,930 --> 00:14:11,170 So there's not one way. 297 00:14:11,170 --> 00:14:15,040 There's multiple designs on how often blocks are added. 298 00:14:15,040 --> 00:14:17,960 But let's start with Bitcoin. 299 00:14:17,960 --> 00:14:20,840 Secured by yes, guess what, those two 300 00:14:20,840 --> 00:14:23,750 cryptographic primitives, hash functions 301 00:14:23,750 --> 00:14:27,110 and digital signatures. 302 00:14:27,110 --> 00:14:28,650 Lose anybody yet? 303 00:14:28,650 --> 00:14:29,150 Yeah? 304 00:14:29,150 --> 00:14:30,350 Maybe. 305 00:14:30,350 --> 00:14:34,630 And then there's a consensus for agreement. 306 00:14:34,630 --> 00:14:37,900 The whole debate usually about databases 307 00:14:37,900 --> 00:14:41,630 is who gets to change the data. 308 00:14:41,630 --> 00:14:43,610 And this is true in all databases. 309 00:14:43,610 --> 00:14:45,980 In its essence, it's usually centralized. 310 00:14:45,980 --> 00:14:48,230 But in blockchain, it's all a sudden, well, maybe it's 311 00:14:48,230 --> 00:14:49,490 not centralized. 312 00:14:49,490 --> 00:14:53,200 Who gets to add that next bit of information, that next block? 313 00:14:53,200 --> 00:14:55,520 And the consensus agreement is-- 314 00:14:55,520 --> 00:14:57,140 which we'll discuss next Tuesday-- 315 00:14:57,140 --> 00:14:59,360 is about that very issue. 316 00:14:59,360 --> 00:15:01,540 And I think there was a little pretty picture 317 00:15:01,540 --> 00:15:03,955 of that done in slides before. 318 00:15:03,955 --> 00:15:06,080 But I'm going to I'm going to delay that discussion 319 00:15:06,080 --> 00:15:08,150 until next Tuesday. 320 00:15:08,150 --> 00:15:10,470 And hopefully you'll all come back. 321 00:15:10,470 --> 00:15:13,410 So what are the key features? 322 00:15:13,410 --> 00:15:15,570 And I might do a little cold calling. 323 00:15:15,570 --> 00:15:18,110 Do you remember any key feature, Tom? 324 00:15:18,110 --> 00:15:20,170 From the papers? 325 00:15:20,170 --> 00:15:21,322 AUDIENCE: Oh, boy. 326 00:15:21,322 --> 00:15:22,530 GARY GENSLER: It's all right. 327 00:15:22,530 --> 00:15:23,180 AUDIENCE: Yeah. 328 00:15:23,180 --> 00:15:24,363 You know, the hash function. 329 00:15:24,363 --> 00:15:25,530 GARY GENSLER: Hash function. 330 00:15:25,530 --> 00:15:26,658 Any other key features? 331 00:15:26,658 --> 00:15:27,450 Let's see how many. 332 00:15:27,450 --> 00:15:29,245 I'm going to have 10 on this page. 333 00:15:29,245 --> 00:15:30,805 AUDIENCE: A private and a public key. 334 00:15:30,805 --> 00:15:31,930 GARY GENSLER: What is that? 335 00:15:31,930 --> 00:15:34,303 AUDIENCE: Private and public keys. 336 00:15:34,303 --> 00:15:35,136 Private and public-- 337 00:15:35,136 --> 00:15:36,660 GARY GENSLER: Oh, private and public key. 338 00:15:36,660 --> 00:15:37,160 Yes. 339 00:15:37,160 --> 00:15:41,040 So asymmetric cryptography, or private and public keying. 340 00:15:41,040 --> 00:15:43,580 Yes, hash functions, yes, private and public key. 341 00:15:43,580 --> 00:15:46,890 Any other kind of key design features, 342 00:15:46,890 --> 00:15:48,810 or words you didn't understand? 343 00:15:48,810 --> 00:15:50,990 Maybe that's another way to put it. 344 00:15:50,990 --> 00:15:51,697 Leandro. 345 00:15:51,697 --> 00:15:52,530 AUDIENCE: Addresses. 346 00:15:52,530 --> 00:15:53,140 GARY GENSLER: What's that? 347 00:15:53,140 --> 00:15:53,890 AUDIENCE: Addresses. 348 00:15:53,890 --> 00:15:55,223 GARY GENSLER: Bitcoin addresses. 349 00:15:55,223 --> 00:15:56,170 Three. 350 00:15:56,170 --> 00:15:57,330 AUDIENCE: Timestamp server. 351 00:15:57,330 --> 00:15:58,410 GARY GENSLER: Timestamp server. 352 00:15:58,410 --> 00:15:59,500 That's four of the things. 353 00:15:59,500 --> 00:16:01,610 This is going well. 354 00:16:01,610 --> 00:16:02,110 [INAUDIBLE] 355 00:16:02,110 --> 00:16:03,810 AUDIENCE: Double payments. 356 00:16:03,810 --> 00:16:06,420 GARY GENSLER: Double payment is something 357 00:16:06,420 --> 00:16:09,030 that it's trying to address. 358 00:16:09,030 --> 00:16:10,740 It's not really a design feature, 359 00:16:10,740 --> 00:16:13,245 but it's a-- they have a solution for double payment, 360 00:16:13,245 --> 00:16:14,690 so I'll give you a credit for it. 361 00:16:14,690 --> 00:16:16,030 But it's-- 362 00:16:16,030 --> 00:16:16,850 AUDIENCE: Miners. 363 00:16:16,850 --> 00:16:17,850 GARY GENSLER: All right. 364 00:16:17,850 --> 00:16:22,170 So Hugo says miners, which is really the consensus. 365 00:16:22,170 --> 00:16:25,170 So I'll say that the design feature is 366 00:16:25,170 --> 00:16:27,240 the consensus or proof of work. 367 00:16:27,240 --> 00:16:27,740 Kelly. 368 00:16:27,740 --> 00:16:30,157 AUDIENCE: The full node versus the lightweight node. 369 00:16:30,157 --> 00:16:30,990 GARY GENSLER: Right. 370 00:16:30,990 --> 00:16:34,050 So very interesting, this concept of nodes. 371 00:16:34,050 --> 00:16:37,290 And Satoshi actually talks about full nodes 372 00:16:37,290 --> 00:16:38,490 or lightweight nodes. 373 00:16:38,490 --> 00:16:42,002 In essence, how much information has to be stored. 374 00:16:42,002 --> 00:16:42,960 I want to reserve that. 375 00:16:42,960 --> 00:16:45,240 Kelly, please remind me when we talk about block 376 00:16:45,240 --> 00:16:47,020 headers to come back to that. 377 00:16:47,020 --> 00:16:51,280 But nodes in the network is a very important design feature. 378 00:16:51,280 --> 00:16:51,780 Over here. 379 00:16:51,780 --> 00:16:54,210 AUDIENCE: The Merkle tree structure. 380 00:16:54,210 --> 00:16:55,980 The Merkle tree structure. 381 00:16:55,980 --> 00:16:57,670 GARY GENSLER: Merkle tree structure. 382 00:16:57,670 --> 00:17:02,520 So Merkle tree structure is a way to compress a lot of data, 383 00:17:02,520 --> 00:17:04,650 and also to sort through that data. 384 00:17:04,650 --> 00:17:05,480 Uh-oh. 385 00:17:05,480 --> 00:17:08,520 No, Sabrina's not going to clean me out here. 386 00:17:08,520 --> 00:17:10,109 Merkle tree structure is there. 387 00:17:10,109 --> 00:17:11,401 We're going to talk about that. 388 00:17:11,401 --> 00:17:12,402 Two more. 389 00:17:12,402 --> 00:17:13,069 AUDIENCE: Nonce. 390 00:17:13,069 --> 00:17:13,670 GARY GENSLER: What's that? 391 00:17:13,670 --> 00:17:13,975 The 392 00:17:13,975 --> 00:17:14,740 AUDIENCE: Nonce. 393 00:17:14,740 --> 00:17:15,819 GARY GENSLER: Nodes. 394 00:17:15,819 --> 00:17:16,319 All right. 395 00:17:16,319 --> 00:17:16,790 What's that? 396 00:17:16,790 --> 00:17:17,290 AUDIENCE: Nonce. 397 00:17:17,290 --> 00:17:17,819 GARY GENSLER: Nonce. 398 00:17:17,819 --> 00:17:18,520 The nonce. 399 00:17:18,520 --> 00:17:19,130 OK. 400 00:17:19,130 --> 00:17:20,579 So a nonce. 401 00:17:20,579 --> 00:17:22,680 Anybody know what the word nonce is? 402 00:17:22,680 --> 00:17:24,609 A year ago I didn't. 403 00:17:24,609 --> 00:17:26,400 So this-- so we're all getting there. 404 00:17:29,520 --> 00:17:32,260 What, do I have a look, do you know what a nonce is? 405 00:17:32,260 --> 00:17:34,375 Yeah. 406 00:17:34,375 --> 00:17:35,750 AUDIENCE: In the actual protocol, 407 00:17:35,750 --> 00:17:39,300 it's essentially a guess for the miners to kind of-- 408 00:17:39,300 --> 00:17:40,780 GARY GENSLER: So the word "nonce" 409 00:17:40,780 --> 00:17:44,030 means a random number that is used once. 410 00:17:44,030 --> 00:17:48,630 N for number, and "once." 411 00:17:48,630 --> 00:17:53,490 It's a number that's random and it's used once. 412 00:17:53,490 --> 00:17:55,064 That's how I've learned it. 413 00:17:55,064 --> 00:17:57,670 Whew. 414 00:17:57,670 --> 00:18:01,306 And so one more, because this is great, actually. 415 00:18:01,306 --> 00:18:02,440 AUDIENCE: Peer-to-peer. 416 00:18:02,440 --> 00:18:03,520 GARY GENSLER: Remind me your first name. 417 00:18:03,520 --> 00:18:04,135 AUDIENCE: Pria. 418 00:18:04,135 --> 00:18:04,927 GARY GENSLER: Pria. 419 00:18:04,927 --> 00:18:06,510 Peer-to-peer. 420 00:18:06,510 --> 00:18:07,010 All right. 421 00:18:07,010 --> 00:18:08,780 So this is what I have. 422 00:18:08,780 --> 00:18:10,380 Cryptographic hash functions. 423 00:18:10,380 --> 00:18:12,890 We're going to go through these in more detail. 424 00:18:12,890 --> 00:18:18,680 Timestamped append-only logs, block headers and Merkle trees. 425 00:18:18,680 --> 00:18:20,190 So Merkle trees were discussed. 426 00:18:20,190 --> 00:18:22,580 But we need to actually say what information 427 00:18:22,580 --> 00:18:27,740 is kept at the head of the block as opposed to all the body. 428 00:18:27,740 --> 00:18:32,330 And some of that's just to make it more manageable. 429 00:18:32,330 --> 00:18:35,060 Asymmetric cryptography, which is this public key, 430 00:18:35,060 --> 00:18:38,220 private key, and signatures. 431 00:18:38,220 --> 00:18:41,160 The Bitcoin addresses themselves, 432 00:18:41,160 --> 00:18:45,420 which interestingly are a little bit different than public keys. 433 00:18:45,420 --> 00:18:49,213 And then I breach break because in the next, 434 00:18:49,213 --> 00:18:51,630 we're going to talk about next Tuesday, the proof of work, 435 00:18:51,630 --> 00:18:55,730 the miners, the then the nodes, the nonces, they're 436 00:18:55,730 --> 00:18:59,620 are all in that little topic. 437 00:18:59,620 --> 00:19:03,360 There's actually in Bitcoin a really important protocol 438 00:19:03,360 --> 00:19:06,540 is how information gets propagated on the internet. 439 00:19:06,540 --> 00:19:08,610 Just the network communication. 440 00:19:08,610 --> 00:19:09,930 It's not written about a lot. 441 00:19:09,930 --> 00:19:12,870 You won't read a lot about it in Nathaniel Popper's Digital 442 00:19:12,870 --> 00:19:15,300 Gold or all the other popular books, 443 00:19:15,300 --> 00:19:18,090 but it is an important thing to remind ourselves 444 00:19:18,090 --> 00:19:21,600 that information has to propagate around the internet 445 00:19:21,600 --> 00:19:25,380 and all these transactions have to communicate with each other. 446 00:19:25,380 --> 00:19:30,550 There's currently about 10,000 nodes on the Bitcoin network. 447 00:19:30,550 --> 00:19:32,310 We don't know where all of them are, 448 00:19:32,310 --> 00:19:35,550 but they're probably in 180 different countries. 449 00:19:35,550 --> 00:19:36,960 And so it's just-- 450 00:19:36,960 --> 00:19:40,690 also the networking and communication matters. 451 00:19:40,690 --> 00:19:44,200 And it matters to the economics a lot. 452 00:19:44,200 --> 00:19:45,600 There's a native currency. 453 00:19:45,600 --> 00:19:48,360 This is interesting that it was the one thing that no one said. 454 00:19:48,360 --> 00:19:52,950 That's an actual technological design feature. 455 00:19:52,950 --> 00:19:55,890 It's not only that he created a currency, 456 00:19:55,890 --> 00:19:59,340 but the native currency is part of the economic incentive 457 00:19:59,340 --> 00:20:00,660 system. 458 00:20:00,660 --> 00:20:03,360 And we'll have some fun with that. 459 00:20:03,360 --> 00:20:05,520 In essence, he said that when you 460 00:20:05,520 --> 00:20:10,140 mine and did the proof of work, you created 461 00:20:10,140 --> 00:20:12,720 and you've got some native currency called Bitcoin. 462 00:20:12,720 --> 00:20:15,900 So he created an economic incentive system. 463 00:20:15,900 --> 00:20:18,970 Whomever Satoshi Nakamoto was or is 464 00:20:18,970 --> 00:20:21,780 knew a lot about economics, as well as technology. 465 00:20:21,780 --> 00:20:22,320 Yes. 466 00:20:22,320 --> 00:20:24,653 AUDIENCE: I just wanted to quickly add to what you said. 467 00:20:24,653 --> 00:20:26,940 So it's not only that he created this native currency, 468 00:20:26,940 --> 00:20:30,150 but wants the finite supply has reached, the currency can 469 00:20:30,150 --> 00:20:32,430 be distributed as a transaction fee, 470 00:20:32,430 --> 00:20:34,800 which I think is very important in [INAUDIBLE].. 471 00:20:34,800 --> 00:20:35,940 GARY GENSLER: And remind me your first name? 472 00:20:35,940 --> 00:20:36,720 AUDIENCE: Daniel. 473 00:20:36,720 --> 00:20:38,303 GARY GENSLER: So what Daniel just said 474 00:20:38,303 --> 00:20:39,930 is really interesting. 475 00:20:39,930 --> 00:20:44,160 Not only to take light of this individual or individuals 476 00:20:44,160 --> 00:20:45,580 that did this. 477 00:20:45,580 --> 00:20:51,680 But this world of Bitcoin and other cryptocurrencies 478 00:20:51,680 --> 00:20:56,880 creates a unit of account that could be valued. 479 00:20:56,880 --> 00:21:00,470 And once it's valued, you have sort of a native currency. 480 00:21:00,470 --> 00:21:02,930 But as Daniel said, Nakamoto also 481 00:21:02,930 --> 00:21:06,410 said there would be a finite limit. 482 00:21:06,410 --> 00:21:09,150 It happens to be 21 million Bitcoin 483 00:21:09,150 --> 00:21:11,610 is the most that it can be, and we'll 484 00:21:11,610 --> 00:21:15,080 get there around the year 2040. 485 00:21:15,080 --> 00:21:17,690 Does anyone know how many Bitcoin there are right now? 486 00:21:17,690 --> 00:21:20,080 About half of you were investing in it. 487 00:21:20,080 --> 00:21:20,690 Hugh? 488 00:21:20,690 --> 00:21:21,830 Hugo? 489 00:21:21,830 --> 00:21:25,460 About 17 million Bitcoin right now. 490 00:21:25,460 --> 00:21:29,150 And all 17 million have come from this process 491 00:21:29,150 --> 00:21:31,250 of proof of work and mining. 492 00:21:31,250 --> 00:21:35,120 Initially it was 50 Bitcoin every 10 minutes, 493 00:21:35,120 --> 00:21:37,040 roughly every 10 minutes. 494 00:21:37,040 --> 00:21:40,040 Then it went down to 25, and we're now 495 00:21:40,040 --> 00:21:42,280 at 12 and a half Bitcoin. 496 00:21:42,280 --> 00:21:45,530 And does anyone know what today's value purported-- 497 00:21:45,530 --> 00:21:47,930 I always should say purported value of Bitcoin, 498 00:21:47,930 --> 00:21:49,430 because I don't know if we can trust 499 00:21:49,430 --> 00:21:53,400 some of those websites that say with the values are. 500 00:21:53,400 --> 00:21:54,120 What is it? 501 00:21:54,120 --> 00:21:54,870 AUDIENCE: $6,500. 502 00:21:54,870 --> 00:21:57,480 GARY GENSLER: So $6,500 of Bitcoin 503 00:21:57,480 --> 00:21:59,985 at 12 and a half Bitcoin to mine a block. 504 00:22:02,770 --> 00:22:05,980 So you see that it's about $80,000 505 00:22:05,980 --> 00:22:12,740 US is the reward to mine a block, right? 506 00:22:12,740 --> 00:22:16,150 So he created an incentive system 507 00:22:16,150 --> 00:22:19,000 that initially, if you got 50 Bitcoin and they 508 00:22:19,000 --> 00:22:24,480 weren't worth a penny, you would not commit that much. 509 00:22:24,480 --> 00:22:27,630 You had to be a hobbyist, basically, in 2009, 510 00:22:27,630 --> 00:22:32,260 or a cyberpunk, or just kind of curious. 511 00:22:32,260 --> 00:22:34,420 Because you weren't getting much incentive. 512 00:22:34,420 --> 00:22:36,760 If in fact it's worth 6,500 today, 513 00:22:36,760 --> 00:22:41,920 you're getting $80,000 if you actually successfully mine 514 00:22:41,920 --> 00:22:43,850 a block. 515 00:22:43,850 --> 00:22:46,400 And then there's the transaction inputs and outputs. 516 00:22:46,400 --> 00:22:53,380 Think about a check, who signs it, where you move money. 517 00:22:53,380 --> 00:22:55,890 There's something called the unspent transaction ledger. 518 00:22:55,890 --> 00:22:57,868 So this is the ledger part. 519 00:22:57,868 --> 00:22:58,660 So when you think-- 520 00:22:58,660 --> 00:23:00,940 I think of the technology, I think 521 00:23:00,940 --> 00:23:03,370 of cryptography, which is kind of all 522 00:23:03,370 --> 00:23:07,190 that stuff at the top which we're going to discuss today. 523 00:23:07,190 --> 00:23:09,610 Secondly, the consensus mechanism. 524 00:23:09,610 --> 00:23:11,830 In essence, that's that key question 525 00:23:11,830 --> 00:23:15,760 of any database, who gets to amend the database? 526 00:23:15,760 --> 00:23:23,270 Who gets to decide to change the state of what we all agreed to? 527 00:23:23,270 --> 00:23:26,900 And then thirdly, is the ledger, or the transaction ledger, 528 00:23:26,900 --> 00:23:28,940 which we're not going to deep dive 529 00:23:28,940 --> 00:23:30,590 into the scripting language, but we 530 00:23:30,590 --> 00:23:32,510 are next Thursday going to talk a little bit 531 00:23:32,510 --> 00:23:35,180 about the underlying scripting. 532 00:23:35,180 --> 00:23:39,680 Does that give you a path that's all this cryptography, 533 00:23:39,680 --> 00:23:42,060 the consensus, and then the transactions. 534 00:23:42,060 --> 00:23:42,560 Yes. 535 00:23:42,560 --> 00:23:42,993 AUDIENCE: I have a question. 536 00:23:42,993 --> 00:23:44,410 GARY GENSLER: And your first name? 537 00:23:44,410 --> 00:23:45,830 If everybody just says first name. 538 00:23:45,830 --> 00:23:46,372 AUDIENCE: Oh. 539 00:23:46,372 --> 00:23:48,440 I'm just curious, so you mentioned that-- 540 00:23:48,440 --> 00:23:50,780 GARY GENSLER: I'm curious about your first name. 541 00:23:50,780 --> 00:23:52,000 AUDIENCE: Sean. 542 00:23:52,000 --> 00:23:53,000 GARY GENSLER: All right. 543 00:23:53,000 --> 00:23:54,667 AUDIENCE: So just curious, you mentioned 544 00:23:54,667 --> 00:23:59,170 that the block value is roughly $80,000 US as of now. 545 00:23:59,170 --> 00:24:02,100 So just curious, in terms of the CPU power, 546 00:24:02,100 --> 00:24:05,300 the electricity that will be consumed to mine the block, 547 00:24:05,300 --> 00:24:10,090 how much does that translate to equivalent US dollar terms? 548 00:24:10,090 --> 00:24:11,840 GARY GENSLER: So the question that's asked 549 00:24:11,840 --> 00:24:18,010 is how much electricity is being consumed for that miner 550 00:24:18,010 --> 00:24:21,850 to get that reward, that $80,000. 551 00:24:21,850 --> 00:24:25,150 And I'm going to try to answer in one minute. 552 00:24:25,150 --> 00:24:28,690 But we'll come back to this later in the semester about 553 00:24:28,690 --> 00:24:31,540 economics, and blockchain economics, and mining 554 00:24:31,540 --> 00:24:32,170 economics. 555 00:24:32,170 --> 00:24:35,530 But what has happened over these 10 years 556 00:24:35,530 --> 00:24:39,890 is more and more computers are being used, 557 00:24:39,890 --> 00:24:45,190 or are trying to mine for the Bitcoin. 558 00:24:45,190 --> 00:24:50,140 And so today in the most recent research I've seen 559 00:24:50,140 --> 00:24:53,350 is that the probability of winning a block-- 560 00:24:53,350 --> 00:24:57,400 there's so much-- is it measured in terahashes? 561 00:24:57,400 --> 00:24:59,500 I can't remember the numbers. 562 00:24:59,500 --> 00:25:06,180 But it's how many terahashes, which, is it 15 zeros 563 00:25:06,180 --> 00:25:07,460 Is a terahash? 564 00:25:07,460 --> 00:25:10,230 Is it that, or is it 12? 565 00:25:10,230 --> 00:25:12,600 Well, in any event, there's so many hashes 566 00:25:12,600 --> 00:25:16,800 being done a second, x number of terahashes, 567 00:25:16,800 --> 00:25:20,630 that your probability of winning is quite low. 568 00:25:20,630 --> 00:25:23,050 And so what's happened is most nodes and miners 569 00:25:23,050 --> 00:25:26,710 have entered into agreements called mining pools, where 570 00:25:26,710 --> 00:25:29,080 they smooth out the risk and everybody 571 00:25:29,080 --> 00:25:31,150 shares in the rewards. 572 00:25:31,150 --> 00:25:33,700 But those economics we'll talk about later, 573 00:25:33,700 --> 00:25:36,670 it's thought to be that you need electricity 574 00:25:36,670 --> 00:25:40,950 cost around $0.03 a kilowatt hour to be successful. 575 00:25:40,950 --> 00:25:42,430 And in most parts of the world you 576 00:25:42,430 --> 00:25:46,280 can't get electricity for $0.03 a kilowatt hour. 577 00:25:46,280 --> 00:25:48,550 So you would put your mining rigs 578 00:25:48,550 --> 00:25:51,250 where you can get low cost electricity 579 00:25:51,250 --> 00:25:55,700 or where you possibly can-- 580 00:25:55,700 --> 00:25:59,450 you can get it legally low cost or illegally low cost. 581 00:25:59,450 --> 00:26:01,600 So there are a lot of mining rigs 582 00:26:01,600 --> 00:26:04,810 and in jurisdictions where there may be local officials that 583 00:26:04,810 --> 00:26:07,270 are allowing those mining rigs, and instead 584 00:26:07,270 --> 00:26:10,190 of $0.03 a kilowatt hour to the electric company 585 00:26:10,190 --> 00:26:12,220 it's $0.01 to $0.02 cents a kilowatt hour 586 00:26:12,220 --> 00:26:15,940 to the local government officials. 587 00:26:15,940 --> 00:26:19,180 And the two largest mining pools are in China. 588 00:26:19,180 --> 00:26:21,680 And the third is in Russia. 589 00:26:21,680 --> 00:26:24,260 But we'll get into the sort of economics 590 00:26:24,260 --> 00:26:30,320 and at least some theories about why some are where they are. 591 00:26:30,320 --> 00:26:33,480 So cryptography. 592 00:26:33,480 --> 00:26:35,330 So Alin's probably going to clean me up. 593 00:26:35,330 --> 00:26:38,390 It's not just communication in the presence of adversaries, 594 00:26:38,390 --> 00:26:42,280 it's also computation in the presence of adversaries. 595 00:26:42,280 --> 00:26:44,330 That would be good. 596 00:26:44,330 --> 00:26:47,390 And we talked about-- we're not going to deep dive. 597 00:26:47,390 --> 00:26:51,530 If you remember, even in ancient times if you were going to war 598 00:26:51,530 --> 00:26:53,390 there was this wonderful little way 599 00:26:53,390 --> 00:26:55,040 that you could do cryptography. 600 00:26:55,040 --> 00:27:02,300 And then anybody who's seen imitation games 601 00:27:02,300 --> 00:27:05,918 about the British breaking into the German codes, 602 00:27:05,918 --> 00:27:07,460 even though they should have probably 603 00:27:07,460 --> 00:27:11,960 given more credit to the Polish government that had probably 604 00:27:11,960 --> 00:27:16,220 broken into it in the 1930s, but Turing did great work. 605 00:27:16,220 --> 00:27:18,890 And then we're going to talk about asymmetric cryptography 606 00:27:18,890 --> 00:27:20,040 today. 607 00:27:20,040 --> 00:27:20,840 All right. 608 00:27:20,840 --> 00:27:23,870 What is a hash function? 609 00:27:23,870 --> 00:27:28,130 A hash function, and these are just words that I think of it, 610 00:27:28,130 --> 00:27:30,200 I think of it as a fingerprint for data. 611 00:27:32,940 --> 00:27:35,440 But it has certain properties. 612 00:27:35,440 --> 00:27:37,170 The one that you'll see throughout 613 00:27:37,170 --> 00:27:41,190 is that it takes inputs of input x. 614 00:27:41,190 --> 00:27:46,200 It maps that input of any size to a fixed size. 615 00:27:46,200 --> 00:27:48,060 So one that we use here in the US, 616 00:27:48,060 --> 00:27:51,710 one hash function we all use is zip codes, in a way. 617 00:27:51,710 --> 00:27:53,850 It's five digits, it's a fixed size. 618 00:27:53,850 --> 00:27:58,500 I know I'm doing this as a loose hand, how can I think of it. 619 00:27:58,500 --> 00:27:59,490 But zip codes. 620 00:27:59,490 --> 00:28:03,270 You might have 50,000 people or 5,000 people all living 621 00:28:03,270 --> 00:28:06,090 in one postal district. 622 00:28:06,090 --> 00:28:10,910 And you can map them to zip codes, and it's a fixed let. 623 00:28:10,910 --> 00:28:14,060 Now, I don't know whether my friends in the computer science 624 00:28:14,060 --> 00:28:18,230 departments-- but it's an early sense of a hash function. 625 00:28:18,230 --> 00:28:22,040 I just wanted to say there are tangible things in our life 626 00:28:22,040 --> 00:28:24,440 that act like hash functions. 627 00:28:24,440 --> 00:28:27,380 Problem with zip codes is it will not in any way 628 00:28:27,380 --> 00:28:29,390 be a secure hash function. 629 00:28:29,390 --> 00:28:31,240 And you'll see that in a minute. 630 00:28:31,240 --> 00:28:32,900 But it does take-- 631 00:28:32,900 --> 00:28:39,530 you can be a 300-pound person or a 30-pound kid 632 00:28:39,530 --> 00:28:42,560 and you still map into the same zip code. 633 00:28:45,430 --> 00:28:46,600 It's deterministic. 634 00:28:46,600 --> 00:28:47,990 It's always the same. 635 00:28:47,990 --> 00:28:50,800 So if you take a certain set of data, 636 00:28:50,800 --> 00:28:53,230 it will always give you the same hash. 637 00:28:53,230 --> 00:28:58,270 And that's relevant to the background. 638 00:28:58,270 --> 00:28:59,800 And you can efficiently compute it. 639 00:28:59,800 --> 00:29:01,508 You don't want to take a year to do this. 640 00:29:01,508 --> 00:29:04,180 You've got to do it in short periods of time. 641 00:29:04,180 --> 00:29:08,290 And in Bitcoin's case, it's done in nanoseconds 642 00:29:08,290 --> 00:29:14,520 or less, because they're one computer, one CPU can do-- 643 00:29:14,520 --> 00:29:18,220 can't remember, probably-- how many millions a second? 644 00:29:18,220 --> 00:29:20,080 AUDIENCE: Couple of terahashes a second. 645 00:29:20,080 --> 00:29:23,500 GARY GENSLER: Couple of terahashes a second. 646 00:29:23,500 --> 00:29:28,090 So it's a remarkably efficient algorithm. 647 00:29:28,090 --> 00:29:31,780 And so a bunch of mathematicians-- and hashing 648 00:29:31,780 --> 00:29:34,510 started in the 1950s and '60s, but the ones 649 00:29:34,510 --> 00:29:37,120 that we're talking about here are much more recent. 650 00:29:37,120 --> 00:29:40,720 But it's really terrifically talented 651 00:29:40,720 --> 00:29:43,630 scientists, mathematicians, computer scientists, 652 00:29:43,630 --> 00:29:46,060 and sometimes the National Institute Standards 653 00:29:46,060 --> 00:29:49,940 of Technology here in the US working on hash functions. 654 00:29:49,940 --> 00:29:54,520 So it takes a array of any size, puts it into a fixed number-- 655 00:29:54,520 --> 00:29:57,580 I think zip codes for a minute-- 656 00:29:57,580 --> 00:29:58,600 it's deterministic. 657 00:29:58,600 --> 00:30:02,710 It's always-- you only live in one zip code, in a sense. 658 00:30:02,710 --> 00:30:04,420 And it's very efficient. 659 00:30:04,420 --> 00:30:06,700 But now what are its cryptographic properties? 660 00:30:06,700 --> 00:30:08,860 Because a zip code wouldn't make it. 661 00:30:08,860 --> 00:30:11,310 It just wouldn't. 662 00:30:11,310 --> 00:30:13,530 Well, the computer scientists use 663 00:30:13,530 --> 00:30:15,750 this term preimage resistant. 664 00:30:15,750 --> 00:30:18,790 I would just say it's one way, you 665 00:30:18,790 --> 00:30:24,750 can only go one way, meaning it's infeasible to determine 666 00:30:24,750 --> 00:30:26,880 the input from the output. 667 00:30:26,880 --> 00:30:32,580 It's infeasible to determine the x from the hash of x. 668 00:30:32,580 --> 00:30:35,940 Does anybody know why I use the word infeasible rather than 669 00:30:35,940 --> 00:30:37,865 impossible? 670 00:30:37,865 --> 00:30:38,740 AUDIENCE: [INAUDIBLE] 671 00:30:38,740 --> 00:30:39,250 GARY GENSLER: First name? 672 00:30:39,250 --> 00:30:40,000 AUDIENCE: Brotish. 673 00:30:40,000 --> 00:30:41,570 GARY GENSLER: Brotish 674 00:30:41,570 --> 00:30:43,835 AUDIENCE: Because we can do it with brute force. 675 00:30:43,835 --> 00:30:46,210 GARY GENSLER: So you might be able to use it brute force. 676 00:30:46,210 --> 00:30:47,890 What do you mean by brute force, just so everybody-- 677 00:30:47,890 --> 00:30:49,150 AUDIENCE: Try all the options. 678 00:30:49,150 --> 00:30:50,400 GARY GENSLER: Try all options. 679 00:30:53,550 --> 00:30:56,970 But as I understand it, a sort of tenet of cryptography 680 00:30:56,970 --> 00:31:03,840 for centuries is not to have it mathematically impossible, 681 00:31:03,840 --> 00:31:06,420 the point is getting it so infeasible 682 00:31:06,420 --> 00:31:10,600 that your adversary can't either get the communication 683 00:31:10,600 --> 00:31:12,350 or so forth. 684 00:31:12,350 --> 00:31:14,680 So hash functions, I just say this 685 00:31:14,680 --> 00:31:17,950 because you can't assume that Bitcoin can't be broken. 686 00:31:17,950 --> 00:31:19,300 We all call it immutable. 687 00:31:19,300 --> 00:31:20,680 It is immutable. 688 00:31:20,680 --> 00:31:25,990 Until the hash functions that are inside of Bitcoin 689 00:31:25,990 --> 00:31:27,280 might be broken. 690 00:31:27,280 --> 00:31:30,100 And even Satoshi wrote about this in 2010. 691 00:31:30,100 --> 00:31:31,130 He got emails. 692 00:31:31,130 --> 00:31:33,130 There's this wonderful book if any of you 693 00:31:33,130 --> 00:31:35,800 want that I mentioned in the bookshelf at the end 694 00:31:35,800 --> 00:31:40,120 of the syllabus, he said, well what if a SHA-256, which is 695 00:31:40,120 --> 00:31:42,670 the hash function, gets broken? 696 00:31:42,670 --> 00:31:46,000 And his answer, by the way, was well, 697 00:31:46,000 --> 00:31:49,090 there will be a better hash function at that time. 698 00:31:49,090 --> 00:31:54,470 Whatever that is, we'll hash the entire system, 699 00:31:54,470 --> 00:31:55,420 whatever that is. 700 00:31:55,420 --> 00:31:58,300 Because remember, you can take something of any size, 701 00:31:58,300 --> 00:32:01,160 hash it with a new system, and move forward. 702 00:32:01,160 --> 00:32:05,530 And so he or she felt in this wonderful email 703 00:32:05,530 --> 00:32:10,540 is that Bitcoin actually could transition to a new hash 704 00:32:10,540 --> 00:32:15,640 function as long as you had a little bit of time 705 00:32:15,640 --> 00:32:18,120 before it was all corrupted. 706 00:32:18,120 --> 00:32:18,620 Kelly. 707 00:32:18,620 --> 00:32:20,912 AUDIENCE: Is this what his article called the Gambler's 708 00:32:20,912 --> 00:32:22,740 Ruin problem? 709 00:32:22,740 --> 00:32:24,770 Is that we you're describing? 710 00:32:24,770 --> 00:32:26,700 GARY GENSLER: The Gambler's Ruin problem. 711 00:32:26,700 --> 00:32:29,790 AUDIENCE: The probability that an attacker could catch up 712 00:32:29,790 --> 00:32:32,972 to recreating it. 713 00:32:32,972 --> 00:32:33,680 GARY GENSLER: OK. 714 00:32:33,680 --> 00:32:35,480 AUDIENCE: That's something else. 715 00:32:35,480 --> 00:32:36,425 That's-- 716 00:32:36,425 --> 00:32:38,300 GARY GENSLER: Will you speak a little louder? 717 00:32:38,300 --> 00:32:38,925 AUDIENCE: Yeah. 718 00:32:38,925 --> 00:32:43,980 So that's the-- you want to sort of assess 719 00:32:43,980 --> 00:32:45,510 how hard it is to fork Bitcoin. 720 00:32:45,510 --> 00:32:47,400 If I have a lot of computational power, 721 00:32:47,400 --> 00:32:49,410 how hard is it for me to create a fork? 722 00:32:49,410 --> 00:32:52,320 And Satoshi does an analysis at the end of the paper-- 723 00:32:52,320 --> 00:32:53,670 GARY GENSLER: Oh, I apologize. 724 00:32:53,670 --> 00:32:55,390 You're talking about in his paper. 725 00:32:55,390 --> 00:32:55,890 Yes. 726 00:32:55,890 --> 00:32:58,530 In his paper, he's talking about how hard 727 00:32:58,530 --> 00:33:00,960 it is computationally to do what some people call 728 00:33:00,960 --> 00:33:05,337 a 51% attack, to basically take over all the nodes. 729 00:33:05,337 --> 00:33:06,920 And that part of his paper we're going 730 00:33:06,920 --> 00:33:08,650 to talk about next Tuesday. 731 00:33:08,650 --> 00:33:12,068 But it's basically, can you take over the nodes? 732 00:33:12,068 --> 00:33:13,610 I was talking about a separate thing, 733 00:33:13,610 --> 00:33:15,605 can you break the cryptography. 734 00:33:15,605 --> 00:33:17,480 And he doesn't write about that in his paper. 735 00:33:17,480 --> 00:33:22,660 He writes about it in an email about 10 months later or so. 736 00:33:22,660 --> 00:33:24,940 Second key cryptographic thing. 737 00:33:24,940 --> 00:33:27,610 So we said one is it's one way. 738 00:33:27,610 --> 00:33:33,280 The other thing is this concept of collision resistant. 739 00:33:33,280 --> 00:33:37,180 I presume if everybody in this room told me your birthdays, 740 00:33:37,180 --> 00:33:38,770 there's multiple people in this room 741 00:33:38,770 --> 00:33:41,390 who have the same birthday. 742 00:33:41,390 --> 00:33:44,480 And in fact, if we got it past 26 people in a room 743 00:33:44,480 --> 00:33:48,710 it's over 50% chance that two of you have the same birthday. 744 00:33:48,710 --> 00:33:53,510 We don't need to get to 183 people in the room, which is 745 00:33:53,510 --> 00:33:54,890 half of the days of the year. 746 00:33:54,890 --> 00:33:57,410 We can get to about 26 or 7. 747 00:33:57,410 --> 00:34:07,740 And similarly, the key thing is is that two sets of data are-- 748 00:34:07,740 --> 00:34:10,620 it's again, infeasible that x and y would 749 00:34:10,620 --> 00:34:11,969 hash to the same thing. 750 00:34:11,969 --> 00:34:13,540 It's not impossible. 751 00:34:13,540 --> 00:34:15,210 It's infeasible. 752 00:34:15,210 --> 00:34:17,760 And if you look at the history of hash functions, 753 00:34:17,760 --> 00:34:21,040 this is usually the thing, that at some point in time 754 00:34:21,040 --> 00:34:23,429 these hash functions will not be collision resistant. 755 00:34:23,429 --> 00:34:25,679 Some quantum computing will come along, 756 00:34:25,679 --> 00:34:27,520 or something will come along. 757 00:34:27,520 --> 00:34:31,760 But for now you can put something of any size in 758 00:34:31,760 --> 00:34:36,400 and they're independent. 759 00:34:36,400 --> 00:34:38,110 They also look terribly random. 760 00:34:38,110 --> 00:34:42,150 It's called an avalanche effect, meaning 761 00:34:42,150 --> 00:34:45,150 you change one little difference and the whole thing 762 00:34:45,150 --> 00:34:46,060 looks different. 763 00:34:46,060 --> 00:34:47,790 So when you noticed on that little video, 764 00:34:47,790 --> 00:34:51,760 if you changed one thing, it all looked so different. 765 00:34:51,760 --> 00:34:56,180 And why that's important is it makes it more secure. 766 00:34:56,180 --> 00:34:58,430 And then there's something called puzzle friendliness. 767 00:34:58,430 --> 00:35:00,222 Even if you know a little bit of the input, 768 00:35:00,222 --> 00:35:03,410 it doesn't mean that you're going to get the output. 769 00:35:03,410 --> 00:35:06,260 I put these up here not for you to know them. 770 00:35:06,260 --> 00:35:08,180 You're not going to get tested. 771 00:35:08,180 --> 00:35:10,837 If you go into business, as Elon, 772 00:35:10,837 --> 00:35:12,920 you've started, when you probably haven't thought, 773 00:35:12,920 --> 00:35:16,560 well, collision resistant this or that. 774 00:35:16,560 --> 00:35:18,090 But I just wanted you to know there 775 00:35:18,090 --> 00:35:21,860 is a bunch of cryptography underneath this. 776 00:35:21,860 --> 00:35:31,690 And the key is it is not 100% immutable. 777 00:35:31,690 --> 00:35:38,660 It's probably one in, you know, I don't know, 778 00:35:38,660 --> 00:35:40,260 a quadrillion immutable. 779 00:35:40,260 --> 00:35:43,050 But there's still-- these things could be broken. 780 00:35:43,050 --> 00:35:45,900 And quantum computing and something else might-- 781 00:35:45,900 --> 00:35:46,480 Alin. 782 00:35:46,480 --> 00:35:49,050 AUDIENCE: The actual probability should be actually 1 over 2 783 00:35:49,050 --> 00:35:51,540 to the power of 128. 784 00:35:51,540 --> 00:35:55,590 So much more than one quadrillion. 785 00:35:55,590 --> 00:35:58,320 GARY GENSLER: So it's 1 over 10 to about the 40th. 786 00:36:02,000 --> 00:36:03,950 How'd I do? 787 00:36:03,950 --> 00:36:05,820 My math all right? 788 00:36:05,820 --> 00:36:06,320 All right. 789 00:36:09,560 --> 00:36:12,350 And anybody who's interested can come to office hours. 790 00:36:14,900 --> 00:36:18,530 So it's highly unlikely to be broken. 791 00:36:18,530 --> 00:36:20,990 But I think it's always worthwhile to say, well, 792 00:36:20,990 --> 00:36:22,690 no, there's some outward-- 793 00:36:22,690 --> 00:36:26,170 it's not as bounded as you think. 794 00:36:26,170 --> 00:36:28,590 So what is it used for? 795 00:36:28,590 --> 00:36:31,580 In many places it's used for names, and references, 796 00:36:31,580 --> 00:36:35,260 and pointers, and in something called commitments. 797 00:36:35,260 --> 00:36:38,920 In Bitcoin, it's used for pointers because one block 798 00:36:38,920 --> 00:36:41,500 points to another block. 799 00:36:41,500 --> 00:36:46,300 But it's also used in commitments. 800 00:36:46,300 --> 00:36:47,950 You'll hear these words. 801 00:36:47,950 --> 00:36:49,810 We're not going to delve into them. 802 00:36:49,810 --> 00:36:52,420 But the headers and the Merkle trees use something 803 00:36:52,420 --> 00:36:56,770 called SHA 256, which is a standard which 804 00:36:56,770 --> 00:37:02,740 is literally 256 bits long. 805 00:37:02,740 --> 00:37:08,900 That's like zeros and ones for 256 registries. 806 00:37:08,900 --> 00:37:11,290 But a Bitcoin address actually-- 807 00:37:11,290 --> 00:37:15,430 Satoshi Nakamoto threw on a loop. 808 00:37:15,430 --> 00:37:20,210 I'm glad to debate why, but he uses two hash functions 809 00:37:20,210 --> 00:37:21,680 for Bitcoin addresses. 810 00:37:21,680 --> 00:37:23,750 The one thing I saw that he actually 811 00:37:23,750 --> 00:37:25,470 wrote about it is he said if one of them 812 00:37:25,470 --> 00:37:29,490 is broken at least the other one is less likely to be broken. 813 00:37:29,490 --> 00:37:31,970 So as I've read about it, I think 814 00:37:31,970 --> 00:37:36,180 in his own voice is you have to hash something twice. 815 00:37:36,180 --> 00:37:38,540 And he was just making it that much more secure, 816 00:37:38,540 --> 00:37:42,690 even knowing it was one out of 10 to the 40th chance. 817 00:37:42,690 --> 00:37:44,887 AUDIENCE: Which is astronomically low, so. 818 00:37:44,887 --> 00:37:45,720 GARY GENSLER: Right. 819 00:37:45,720 --> 00:37:48,140 So. 820 00:37:48,140 --> 00:37:49,780 So remember, where's Caroline? 821 00:37:49,780 --> 00:37:51,830 I remember-- there we are. 822 00:37:51,830 --> 00:37:53,903 You asked me about, I thought I had set it 823 00:37:53,903 --> 00:37:55,820 up for today, which you were good to remind me 824 00:37:55,820 --> 00:38:00,590 for Tuesday, what's the longest running hash, 825 00:38:00,590 --> 00:38:02,790 time stamped hash? 826 00:38:02,790 --> 00:38:06,960 AUDIENCE: That is a great question. 827 00:38:06,960 --> 00:38:10,470 GARY GENSLER: Thank you for the compliment. 828 00:38:10,470 --> 00:38:12,180 AUDIENCE: The answer is-- 829 00:38:12,180 --> 00:38:14,820 yeah, I don't know that phonetically, 830 00:38:14,820 --> 00:38:17,540 so I'm not sure if I'm totally butchering this one. 831 00:38:17,540 --> 00:38:22,930 But it came out of Bell Labs with Stuart Haber and Surety. 832 00:38:22,930 --> 00:38:25,050 GARY GENSLER: There he is. 833 00:38:25,050 --> 00:38:26,160 Yeah. 834 00:38:26,160 --> 00:38:30,180 So Haber and his colleague-- yes. 835 00:38:30,180 --> 00:38:31,202 You got it. 836 00:38:31,202 --> 00:38:32,410 AUDIENCE: That's my roommate. 837 00:38:32,410 --> 00:38:33,827 GARY GENSLER: That's you roommate. 838 00:38:33,827 --> 00:38:35,670 Terrific. 839 00:38:35,670 --> 00:38:41,040 So I'm just trying to say it wasn't Bitcoin that had it. 840 00:38:41,040 --> 00:38:43,890 He did this in 1991. 841 00:38:43,890 --> 00:38:46,680 But by 1995, they started a company called Surety. 842 00:38:46,680 --> 00:38:48,180 I don't think it took off that much. 843 00:38:48,180 --> 00:38:51,300 It's not competing with Apple for the largest market cap 844 00:38:51,300 --> 00:38:55,800 or anything like that or Facebook. 845 00:38:55,800 --> 00:38:59,310 But every week in the notices section, 846 00:38:59,310 --> 00:39:05,260 you can see a hash literally. 847 00:39:05,260 --> 00:39:08,950 It's time stamped because it's in the New York Times. 848 00:39:08,950 --> 00:39:14,320 And it's a hash, all those funky digits and everything 849 00:39:14,320 --> 00:39:16,550 of all the information came before it. 850 00:39:16,550 --> 00:39:20,090 And they're basically hashing any document. 851 00:39:20,090 --> 00:39:22,830 Any document that you want a timestamp in that week, 852 00:39:22,830 --> 00:39:23,960 you put it in. 853 00:39:23,960 --> 00:39:26,780 One follows another, and that's a blockchain. 854 00:39:26,780 --> 00:39:28,250 It's not about money. 855 00:39:28,250 --> 00:39:33,940 There's no native currency and so forth. 856 00:39:33,940 --> 00:39:37,140 I believe that Haber and Stornetta 857 00:39:37,140 --> 00:39:41,010 are three of the eight or nine footnotes in the Satoshi paper. 858 00:39:41,010 --> 00:39:43,170 Maybe it's four of them. 859 00:39:43,170 --> 00:39:45,410 So he gets his credit. 860 00:39:45,410 --> 00:39:47,690 And if you go to his website, Stuart Haber, 861 00:39:47,690 --> 00:39:51,370 I think he says, blockchain's co-founder 862 00:39:51,370 --> 00:39:54,240 on his personal website. 863 00:39:54,240 --> 00:39:54,880 Who knew? 864 00:39:57,450 --> 00:39:59,640 So here, we get-- this was in the National 865 00:39:59,640 --> 00:40:02,670 Institute, the NIST paper. 866 00:40:02,670 --> 00:40:07,900 But timestamp append-only logs in Bitcoin or blockchain. 867 00:40:07,900 --> 00:40:14,080 What is put together is the header, the top information. 868 00:40:14,080 --> 00:40:20,000 And if I can go past the visual and just say, what's there? 869 00:40:20,000 --> 00:40:22,220 There's five pieces of key information. 870 00:40:22,220 --> 00:40:24,410 The version, it doesn't change that often. 871 00:40:24,410 --> 00:40:27,200 But there is a version number. 872 00:40:27,200 --> 00:40:31,050 The previous block's hash, so it's 873 00:40:31,050 --> 00:40:37,280 some information about all the blocks that came before it. 874 00:40:37,280 --> 00:40:42,510 The Merkle Root hash, which does anybody want to tell me what 875 00:40:42,510 --> 00:40:44,400 that does, the Merkle Root? 876 00:40:49,047 --> 00:40:51,130 AUDIENCE: So it essentially posts the transactions 877 00:40:51,130 --> 00:40:53,600 in the bottom most layer of the tree 878 00:40:53,600 --> 00:40:55,210 and then creates the [INAUDIBLE] hash 879 00:40:55,210 --> 00:40:57,760 of each of the transactions. 880 00:40:57,760 --> 00:41:03,230 GARY GENSLER: So if I go back to this nice little picture, 881 00:41:03,230 --> 00:41:05,920 the yellow box at the bottom up each of these blocks 882 00:41:05,920 --> 00:41:07,120 is all the transactions. 883 00:41:07,120 --> 00:41:11,440 There could be upwards to 1,000, 2,000 transactions in a block. 884 00:41:11,440 --> 00:41:16,300 So there's blockchain concept, 1,000, 2,000. 885 00:41:16,300 --> 00:41:20,580 There's means and methods well before Nakamoto's paper 886 00:41:20,580 --> 00:41:23,430 about how to compress that, how to keep that information 887 00:41:23,430 --> 00:41:25,710 a little bit tidier. 888 00:41:25,710 --> 00:41:29,540 And that uses this thing called Merkle Roots. 889 00:41:29,540 --> 00:41:35,210 The five items right at the top, what's called the block header, 890 00:41:35,210 --> 00:41:38,420 doesn't have the 1,000 transactions. 891 00:41:38,420 --> 00:41:40,520 And earlier, Kelly, you had asked me 892 00:41:40,520 --> 00:41:46,300 about full nodes and light nodes. 893 00:41:46,300 --> 00:41:49,640 A light node or a wallet that anyone here 894 00:41:49,640 --> 00:41:53,930 could download on your cell phone 895 00:41:53,930 --> 00:41:57,920 probably does not download the millions 896 00:41:57,920 --> 00:42:00,080 of transactions that have happened 897 00:42:00,080 --> 00:42:01,970 in the history of Bitcoin. 898 00:42:01,970 --> 00:42:06,140 You are unlikely to download what's called a full node. 899 00:42:06,140 --> 00:42:09,270 But you might download all the headers, 900 00:42:09,270 --> 00:42:12,950 this bit of information that's all of the headers. 901 00:42:12,950 --> 00:42:14,540 All of the information in Bitcoin 902 00:42:14,540 --> 00:42:15,750 is still not that large. 903 00:42:15,750 --> 00:42:18,860 It's less than 200 gigs. 904 00:42:18,860 --> 00:42:23,120 But all of the headers, I think, is single digit gigs. 905 00:42:23,120 --> 00:42:26,180 I can't remember if it's four or six gigabytes right now. 906 00:42:26,180 --> 00:42:27,490 What is the number? 907 00:42:27,490 --> 00:42:28,865 AUDIENCE: The header is 80 bytes. 908 00:42:28,865 --> 00:42:30,590 So it's 80 bytes times 500,000, which 909 00:42:30,590 --> 00:42:34,010 is 50 megabytes, 60 megabytes of headers. 910 00:42:34,010 --> 00:42:35,500 GARY GENSLER: So it's 60 megabytes, 911 00:42:35,500 --> 00:42:42,870 so it's much smaller as opposed to like 180 gig. 912 00:42:42,870 --> 00:42:46,680 So Satoshi was thinking in advance. 913 00:42:46,680 --> 00:42:49,110 And every blockchain that you're going to work on, 914 00:42:49,110 --> 00:42:53,970 likely, I mean, there might be some, this concept of it's 915 00:42:53,970 --> 00:42:57,150 really keeping the security by a little bit of information 916 00:42:57,150 --> 00:42:59,850 in something called a header and then pushing 917 00:42:59,850 --> 00:43:02,910 all the meat of the transaction and data down. 918 00:43:02,910 --> 00:43:04,380 And this is really important when 919 00:43:04,380 --> 00:43:05,970 you get to like Ethereum where there's 920 00:43:05,970 --> 00:43:09,600 a lot of data, a lot of computation 921 00:43:09,600 --> 00:43:11,490 down in each of these blocks. 922 00:43:11,490 --> 00:43:16,350 It's sort of like if Stuart Haber 923 00:43:16,350 --> 00:43:19,860 had a lot of documents and pictures and everything. 924 00:43:19,860 --> 00:43:21,450 You don't have to have all the picture 925 00:43:21,450 --> 00:43:23,310 quality and a whole movie. 926 00:43:23,310 --> 00:43:25,230 You can actually hash a whole movie, 927 00:43:25,230 --> 00:43:28,410 and you still get these 256 bits. 928 00:43:31,020 --> 00:43:35,420 So whoops. 929 00:43:35,420 --> 00:43:38,810 So the header has the previous hash, this Merkle Root, 930 00:43:38,810 --> 00:43:41,390 which is just a way to get all the transactions. 931 00:43:41,390 --> 00:43:43,340 Just think of a Merkle Root as a way to grab 932 00:43:43,340 --> 00:43:46,640 2,000 transactions in a way. 933 00:43:46,640 --> 00:43:48,530 A timestamp, that one's easy. 934 00:43:48,530 --> 00:43:50,600 We can get that. 935 00:43:50,600 --> 00:43:57,980 Difficulty target, anybody know what blockchain, 936 00:43:57,980 --> 00:44:00,230 Bitcoin tried to do to make it more 937 00:44:00,230 --> 00:44:02,874 or less difficult over time? 938 00:44:02,874 --> 00:44:03,630 No. 939 00:44:03,630 --> 00:44:06,432 Brodish, we've heard. 940 00:44:06,432 --> 00:44:07,890 AUDIENCE: [INAUDIBLE] time but such 941 00:44:07,890 --> 00:44:11,410 that it stays with creating a block every 10 minutes. 942 00:44:11,410 --> 00:44:13,100 So with more computational power, 943 00:44:13,100 --> 00:44:15,300 it gets harder to find a block. 944 00:44:15,300 --> 00:44:17,290 GARY GENSLER: So it's harder to find a block, 945 00:44:17,290 --> 00:44:20,310 the more miners there are. 946 00:44:20,310 --> 00:44:23,070 So every block header needs to have some what's 947 00:44:23,070 --> 00:44:25,320 called a difficulty target. 948 00:44:25,320 --> 00:44:27,300 How difficult is the mining going to be? 949 00:44:27,300 --> 00:44:30,360 Since we're talking about mining next Tuesday, 950 00:44:30,360 --> 00:44:34,910 these all bring me back to difficulty target. 951 00:44:34,910 --> 00:44:38,516 And then what's a nonce? 952 00:44:38,516 --> 00:44:40,490 AUDIENCE: [INAUDIBLE] 953 00:44:40,490 --> 00:44:42,090 GARY GENSLER: What's that? 954 00:44:42,090 --> 00:44:43,613 AUDIENCE: Just a random number. 955 00:44:43,613 --> 00:44:45,530 GARY GENSLER: A random number that's used one. 956 00:44:45,530 --> 00:44:46,665 Number once, nonce. 957 00:44:50,580 --> 00:44:54,120 And that's hash functions. 958 00:44:54,120 --> 00:44:55,195 How'd we do? 959 00:44:55,195 --> 00:44:56,580 We're a little off the skids. 960 00:44:56,580 --> 00:44:57,960 We are MIT. 961 00:44:57,960 --> 00:44:58,850 Yes? 962 00:44:58,850 --> 00:45:00,017 AUDIENCE: I have a question. 963 00:45:00,017 --> 00:45:03,320 The number of characters in the hash is equal to your-- 964 00:45:03,320 --> 00:45:05,478 GARY GENSLER: The output, not the input. 965 00:45:05,478 --> 00:45:06,020 AUDIENCE: No. 966 00:45:06,020 --> 00:45:06,520 No. 967 00:45:06,520 --> 00:45:09,320 They put the number of characters in the hash 968 00:45:09,320 --> 00:45:10,120 is limited, right? 969 00:45:10,120 --> 00:45:12,727 So that's a pool of functions that you have. 970 00:45:12,727 --> 00:45:14,310 When you have many, many transactions, 971 00:45:14,310 --> 00:45:16,055 that's like a flow, right? 972 00:45:16,055 --> 00:45:18,430 So internally, you're just consuming and consuming hashes 973 00:45:18,430 --> 00:45:21,860 up to a point where you're going going to repeat that hash, 974 00:45:21,860 --> 00:45:22,360 right? 975 00:45:22,360 --> 00:45:25,340 So how do you know for the same has, 976 00:45:25,340 --> 00:45:27,860 you have two different information, 977 00:45:27,860 --> 00:45:30,750 to which information you're referring to? 978 00:45:30,750 --> 00:45:33,732 GARY GENSLER: So could you help me pronounce your first name? 979 00:45:33,732 --> 00:45:34,440 AUDIENCE: Diermo. 980 00:45:34,440 --> 00:45:38,220 GARY GENSLER: Diermo, has asked the right question. 981 00:45:38,220 --> 00:45:39,930 He's say, well, how do you know? 982 00:45:39,930 --> 00:45:42,930 Especially as you have more and more time and more and more 983 00:45:42,930 --> 00:45:48,030 time, you might get the same output of a hash 984 00:45:48,030 --> 00:45:50,658 from different inputs. 985 00:45:50,658 --> 00:45:51,450 And if you recall-- 986 00:45:54,590 --> 00:45:55,360 wait. 987 00:45:55,360 --> 00:45:56,440 Somebody does recall. 988 00:45:56,440 --> 00:45:59,980 Now before Brodish, in front of Brodish. 989 00:45:59,980 --> 00:46:02,320 AUDIENCE: The papers mentioned that it's 990 00:46:02,320 --> 00:46:08,200 possible that two the hash of x equal to hash of y. 991 00:46:08,200 --> 00:46:13,600 But if the miners are working at the same time, 992 00:46:13,600 --> 00:46:17,230 if the same information are not treated at the same exact time, 993 00:46:17,230 --> 00:46:21,865 it won't be a problem because then they just continue just 994 00:46:21,865 --> 00:46:23,530 like two different-- 995 00:46:23,530 --> 00:46:27,710 GARY GENSLER: So you're correct as it relates to mining. 996 00:46:27,710 --> 00:46:29,830 But there is another piece of it as well 997 00:46:29,830 --> 00:46:31,690 is that the hash function, if it's 998 00:46:31,690 --> 00:46:34,420 a good cryptographic secure hash function, 999 00:46:34,420 --> 00:46:37,330 is what's called collision resistant where what you're 1000 00:46:37,330 --> 00:46:40,430 saying is so infeasible, in fact, 1001 00:46:40,430 --> 00:46:45,920 1 divided by 10 to the 40th, that's a 1 with 40 zeroes 1002 00:46:45,920 --> 00:46:46,570 after it. 1003 00:46:46,570 --> 00:46:52,440 It's so infeasible to happen, it's possible but infeasible 1004 00:46:52,440 --> 00:46:54,480 to happen. 1005 00:46:54,480 --> 00:46:57,870 What you're referencing is what if two parties 1006 00:46:57,870 --> 00:47:03,390 solve the cryptographic puzzle as opposed to a collision. 1007 00:47:03,390 --> 00:47:08,170 And because of the difficulty, they just got at the same time. 1008 00:47:08,170 --> 00:47:08,915 Please. 1009 00:47:08,915 --> 00:47:10,790 AUDIENCE: It seems like a dumb question but-- 1010 00:47:10,790 --> 00:47:11,050 GARY GENSLER: No. 1011 00:47:11,050 --> 00:47:13,370 There's no dumb questions when it comes to this. 1012 00:47:13,370 --> 00:47:15,100 I really mean that. 1013 00:47:15,100 --> 00:47:18,580 AUDIENCE: The timestamps attributed, so is it 1014 00:47:18,580 --> 00:47:20,610 from the whole system or? 1015 00:47:20,610 --> 00:47:24,580 GARY GENSLER: So timestamps are not a particularly important 1016 00:47:24,580 --> 00:47:25,650 part of Bitcoin. 1017 00:47:25,650 --> 00:47:28,070 They are timestamped. 1018 00:47:28,070 --> 00:47:30,300 But sometimes if somebody puts something off 1019 00:47:30,300 --> 00:47:35,290 and it's off by a few minutes or even up to two hours, 1020 00:47:35,290 --> 00:47:38,980 there's a check in the technology 1021 00:47:38,980 --> 00:47:42,670 in the scripting function if the timestamp's off 1022 00:47:42,670 --> 00:47:44,540 more than a couple hours. 1023 00:47:44,540 --> 00:47:48,400 So literally, it's not that precise. 1024 00:47:48,400 --> 00:47:51,970 Having said that, the real way that timestamping happens is 1025 00:47:51,970 --> 00:47:58,540 if a block is mined and it's the 540,000th block and it's sort 1026 00:47:58,540 --> 00:48:02,410 of accepted in all the nodes, these 10,000 nodes start mining 1027 00:48:02,410 --> 00:48:08,130 the 540,000 and 1st block, in essence, 1028 00:48:08,130 --> 00:48:12,180 it's just think of it as almost like a stack. 1029 00:48:12,180 --> 00:48:16,920 And so what's, in essence, more relevant than the actual time 1030 00:48:16,920 --> 00:48:18,630 that's in the header, and they all 1031 00:48:18,630 --> 00:48:23,060 have a timestamp in the header, but what's 1032 00:48:23,060 --> 00:48:26,940 more relevant is the order of the blocks, 1033 00:48:26,940 --> 00:48:30,360 and, most importantly, the previous block hash. 1034 00:48:33,710 --> 00:48:34,210 Yes? 1035 00:48:34,210 --> 00:48:36,293 AUDIENCE: I would say that without the timestamps, 1036 00:48:36,293 --> 00:48:38,900 you cannot do this difficulty readjustment. 1037 00:48:38,900 --> 00:48:40,610 The timestamps are very important. 1038 00:48:40,610 --> 00:48:42,650 If you don't have timestamps on the block, 1039 00:48:42,650 --> 00:48:45,050 you cannot do the difficulty readjustment, 1040 00:48:45,050 --> 00:48:48,490 which is necessary to keep the rate of blocks 10 minutes after 1041 00:48:48,490 --> 00:48:49,120 [INAUDIBLE]. 1042 00:48:49,120 --> 00:48:50,870 GARY GENSLER: I'm going to partially agree 1043 00:48:50,870 --> 00:48:54,190 with you because the difficulty adjustment happens every two 1044 00:48:54,190 --> 00:48:54,740 weeks. 1045 00:48:54,740 --> 00:48:58,630 So even if any one individual or five or six timestamps 1046 00:48:58,630 --> 00:49:02,060 are a little goofed up in the two weeks, 1047 00:49:02,060 --> 00:49:05,180 the algorithm is basically looking over the course 1048 00:49:05,180 --> 00:49:07,850 of about 2,000 blocks. 1049 00:49:07,850 --> 00:49:08,690 AUDIENCE: Yeah. 1050 00:49:08,690 --> 00:49:10,530 So a little goofed up is fine. 1051 00:49:10,530 --> 00:49:11,967 But you need the timestamp. 1052 00:49:11,967 --> 00:49:13,550 GARY GENSLER: You need the timestamps. 1053 00:49:13,550 --> 00:49:18,290 But it's more important is basically the-- 1054 00:49:18,290 --> 00:49:20,310 here, I'll go back a slide. 1055 00:49:20,310 --> 00:49:23,570 It's the order of the blocks. 1056 00:49:23,570 --> 00:49:24,820 Please. 1057 00:49:24,820 --> 00:49:27,880 AUDIENCE: Going back to when we talked about collisions. 1058 00:49:27,880 --> 00:49:30,040 The paper didn't really go into detail, 1059 00:49:30,040 --> 00:49:32,590 but it said like in addition to how unlikely 1060 00:49:32,590 --> 00:49:37,510 it is with to the power of 128 that even if there were two 1061 00:49:37,510 --> 00:49:40,900 that hashed to the same kind of has digest 1062 00:49:40,900 --> 00:49:42,910 that it would be unlikely that they'd 1063 00:49:42,910 --> 00:49:44,410 both be valid in the context. 1064 00:49:44,410 --> 00:49:48,420 So given what's a valid blockchain transaction 1065 00:49:48,420 --> 00:49:49,990 that that could even further reduce 1066 00:49:49,990 --> 00:49:52,150 the likelihood of any problems, which there 1067 00:49:52,150 --> 00:49:57,194 wasn't a lot of detail as to why the blockchain context would 1068 00:49:57,194 --> 00:50:01,600 even make two hashes of the same value even more unlikely 1069 00:50:01,600 --> 00:50:02,983 because of the context. 1070 00:50:05,868 --> 00:50:08,160 GARY GENSLER: I want to hold that question for Tuesday. 1071 00:50:08,160 --> 00:50:12,030 But it has to do with rather than the collision issue, what 1072 00:50:12,030 --> 00:50:17,560 the paper is talking about is if two miners solve the puzzle. 1073 00:50:17,560 --> 00:50:21,010 And that doesn't mean that they got identical hashes 1074 00:50:21,010 --> 00:50:27,970 because the puzzle is not geared to getting an exact hash. 1075 00:50:27,970 --> 00:50:31,300 The Bitcoin puzzle is having a certain number 1076 00:50:31,300 --> 00:50:33,160 of leading zeros. 1077 00:50:33,160 --> 00:50:35,440 So it's literally started, I think, 1078 00:50:35,440 --> 00:50:37,630 it was nine or 10 leading zeros. 1079 00:50:37,630 --> 00:50:39,530 I'm talking about 10 years ago. 1080 00:50:39,530 --> 00:50:41,890 And now, you have to hash to something with, I think, 1081 00:50:41,890 --> 00:50:45,670 it's about 20 or 26 leading zeros. 1082 00:50:45,670 --> 00:50:48,100 Meaning it's gotten more and more difficult, 1083 00:50:48,100 --> 00:50:49,780 and the result of the hash has to have 1084 00:50:49,780 --> 00:50:53,500 a bunch of leading zeros, what you saw in that video. 1085 00:50:53,500 --> 00:50:54,310 I'm sorry. 1086 00:50:54,310 --> 00:50:57,610 AUDIENCE: I have a question on how the hash, the [INAUDIBLE] 1087 00:50:57,610 --> 00:50:58,740 hash comes about. 1088 00:50:58,740 --> 00:51:02,420 So if it's only hashing the transactions, 1089 00:51:02,420 --> 00:51:07,326 how does it change when the hash of the previous block changes? 1090 00:51:07,326 --> 00:51:11,100 GARY GENSLER: OK, so, Addy. 1091 00:51:11,100 --> 00:51:12,880 It reminds me of that old television 1092 00:51:12,880 --> 00:51:14,170 show with Johnny Carson. 1093 00:51:14,170 --> 00:51:16,400 And you just did a great setup for the comedian. 1094 00:51:16,400 --> 00:51:19,090 So thank you. 1095 00:51:19,090 --> 00:51:21,860 So I'm going to go to Merkle Roots. 1096 00:51:21,860 --> 00:51:25,720 So Merkle Roots, which are a binary data tree, 1097 00:51:25,720 --> 00:51:28,370 looks something like this. 1098 00:51:28,370 --> 00:51:33,610 If one had 1,000 transactions, I wouldn't have a pretty slide. 1099 00:51:33,610 --> 00:51:36,280 So this only goes to four levels. 1100 00:51:36,280 --> 00:51:40,290 But think of four transactions at the bottom. 1101 00:51:40,290 --> 00:51:42,920 They're each hashed. 1102 00:51:42,920 --> 00:51:45,400 And then you concatenate. 1103 00:51:45,400 --> 00:51:46,900 You put the two hashes together. 1104 00:51:46,900 --> 00:51:47,770 You hash that. 1105 00:51:47,770 --> 00:51:49,660 You keep going up the tray. 1106 00:51:49,660 --> 00:51:55,780 If you had 1,000 transactions, because that's 2 to the 10th 1107 00:51:55,780 --> 00:52:00,840 roughly, then you'd have 10 levels of this tray. 1108 00:52:00,840 --> 00:52:02,490 And so that's what happens. 1109 00:52:02,490 --> 00:52:06,960 And literally, the mining pull operators are doing this a lot 1110 00:52:06,960 --> 00:52:08,500 for the nodes. 1111 00:52:08,500 --> 00:52:13,910 But in the Bitcoin core application, 1112 00:52:13,910 --> 00:52:16,770 in software that anybody in this room 1113 00:52:16,770 --> 00:52:18,990 could download the software if you wished. 1114 00:52:18,990 --> 00:52:23,530 There is software that helps, takes transactions, puts them 1115 00:52:23,530 --> 00:52:27,040 basically into this binary tree called a Merkle tree, 1116 00:52:27,040 --> 00:52:30,220 uses hash functions, and basically skinnies it 1117 00:52:30,220 --> 00:52:31,715 all the way up to the top. 1118 00:52:31,715 --> 00:52:33,651 Does that-- 1119 00:52:33,651 --> 00:52:35,480 AUDIENCE: I think what my question was 1120 00:52:35,480 --> 00:52:39,760 that given that this structure exists, 1121 00:52:39,760 --> 00:52:43,840 how does the root hash change with the previous block? 1122 00:52:43,840 --> 00:52:46,570 So basically, we saw that if you change 1123 00:52:46,570 --> 00:52:49,390 the hash of the previous block, all the blocks forward 1124 00:52:49,390 --> 00:52:52,210 will get invalidated because the hash changes. 1125 00:52:52,210 --> 00:52:54,380 But it doesn't seem to use the previous hash. 1126 00:52:54,380 --> 00:52:56,463 GARY GENSLER: So I'm going to repeat the question. 1127 00:52:56,463 --> 00:52:59,420 Does the Merkle Root that is basically 1128 00:52:59,420 --> 00:53:02,600 a summary of the 10,000 transactions 1129 00:53:02,600 --> 00:53:08,070 that are in a block change if the rest of the header changes 1130 00:53:08,070 --> 00:53:10,440 or the previous block change? 1131 00:53:10,440 --> 00:53:13,960 And the answer is no. 1132 00:53:13,960 --> 00:53:18,010 It only changes if some of the data in the 10,000 transactions 1133 00:53:18,010 --> 00:53:20,470 change. 1134 00:53:20,470 --> 00:53:24,780 And so a Merkle Root will change if you 1135 00:53:24,780 --> 00:53:27,810 put different transactions in the mix 1136 00:53:27,810 --> 00:53:31,880 or, as is really important, one of the incentives. 1137 00:53:31,880 --> 00:53:35,280 You get your 12 and 1/2 bitcoins today 1138 00:53:35,280 --> 00:53:38,410 in what's called a Coinbase transaction. 1139 00:53:38,410 --> 00:53:40,830 And so one of these 1,000 transactions 1140 00:53:40,830 --> 00:53:45,150 is the payment to the miner. 1141 00:53:45,150 --> 00:53:47,250 So the Merkle Root would be different 1142 00:53:47,250 --> 00:53:48,655 depending upon who wins. 1143 00:53:51,360 --> 00:53:52,970 But that wasn't your question. 1144 00:53:52,970 --> 00:53:53,780 I'm just saying. 1145 00:53:53,780 --> 00:53:57,290 But Merkle Roots are a very efficient way 1146 00:53:57,290 --> 00:53:59,780 to take thousands of transactions, 1147 00:53:59,780 --> 00:54:01,810 store it up, have one spot. 1148 00:54:04,320 --> 00:54:05,280 Please. 1149 00:54:05,280 --> 00:54:08,070 AUDIENCE: So the order of the different transaction 1150 00:54:08,070 --> 00:54:11,430 has to be exactly the same for everyone that 1151 00:54:11,430 --> 00:54:13,280 is hashing, right? 1152 00:54:13,280 --> 00:54:14,860 GARY GENSLER: No, actually not. 1153 00:54:14,860 --> 00:54:18,210 So if you're hashing, and you're running a mining rig, 1154 00:54:18,210 --> 00:54:25,390 and Elon's running a mining rig, if Elon solves the puzzle 1155 00:54:25,390 --> 00:54:27,310 and propagates it out on the network, 1156 00:54:27,310 --> 00:54:29,980 and people start mining on top of Elon's block 1157 00:54:29,980 --> 00:54:32,180 because they say, well, he's finished. 1158 00:54:32,180 --> 00:54:35,560 You're not-- you're just going to probably start mining 1159 00:54:35,560 --> 00:54:38,630 on the top of his block and look in something called the mem 1160 00:54:38,630 --> 00:54:39,130 pull. 1161 00:54:39,130 --> 00:54:42,250 The memory pull is this network of all 1162 00:54:42,250 --> 00:54:44,080 the free floating transactions. 1163 00:54:44,080 --> 00:54:47,070 You'll scoop up the next set of transactions. 1164 00:54:47,070 --> 00:54:49,800 AUDIENCE: And so how can we validate 1165 00:54:49,800 --> 00:54:54,640 that all the transaction he wrote are the real ones? 1166 00:54:54,640 --> 00:54:56,980 GARY GENSLER: All right, so validation, 1167 00:54:56,980 --> 00:54:59,770 which is more next Thursday, but I'll give it a shot. 1168 00:54:59,770 --> 00:55:00,400 No, no, no. 1169 00:55:00,400 --> 00:55:02,180 It's a good question. 1170 00:55:02,180 --> 00:55:06,450 Every transaction-- or actually, you're setting me up, 1171 00:55:06,450 --> 00:55:07,800 digital signatures. 1172 00:55:07,800 --> 00:55:08,490 There you go. 1173 00:55:08,490 --> 00:55:09,090 Thank you. 1174 00:55:09,090 --> 00:55:11,700 Did you have a question or I'm going to on to digital. 1175 00:55:11,700 --> 00:55:13,860 So the second cryptographic thing, 1176 00:55:13,860 --> 00:55:15,870 and we're going to keep going back and forth, 1177 00:55:15,870 --> 00:55:19,650 hash functions are basically a way to compress a lot of data, 1178 00:55:19,650 --> 00:55:25,440 have a fingerprint, make sure that it's basically commitment. 1179 00:55:25,440 --> 00:55:27,810 Digital signatures, well, remember that little graph 1180 00:55:27,810 --> 00:55:30,370 that we had Alice and Bob? 1181 00:55:30,370 --> 00:55:34,840 Alice wants to send a note to Bob and just say, hello, Bob. 1182 00:55:34,840 --> 00:55:37,070 She wants to encrypt it. 1183 00:55:37,070 --> 00:55:41,350 She encrypts it with Bob's public key, sends it to him. 1184 00:55:41,350 --> 00:55:43,270 He decrypts it with his private key. 1185 00:55:43,270 --> 00:55:46,300 You might say, oh my god, Gensler, what's a private key? 1186 00:55:46,300 --> 00:55:47,840 What's a public key? 1187 00:55:47,840 --> 00:55:51,700 In cryptography, it's a way to kind of scramble information. 1188 00:55:51,700 --> 00:55:52,210 I know. 1189 00:55:52,210 --> 00:55:55,240 I'm really making this like-- 1190 00:55:55,240 --> 00:56:00,130 So if we went back to that little mechanism 1191 00:56:00,130 --> 00:56:03,970 the Romans used or we used what the Germans used in the Enigma 1192 00:56:03,970 --> 00:56:09,660 machine, they were symmetric cryptography. 1193 00:56:09,660 --> 00:56:11,820 Both people had the key. 1194 00:56:11,820 --> 00:56:16,830 The key was the Enigma machine with five rotors. 1195 00:56:16,830 --> 00:56:22,320 In the 1970s, some wonderful technologist here and elsewhere 1196 00:56:22,320 --> 00:56:26,200 basically said, well, what if the key isn't the same? 1197 00:56:26,200 --> 00:56:29,190 Because the adversary could steal the key. 1198 00:56:29,190 --> 00:56:31,660 What if it's not symmetric but it's asymmetric? 1199 00:56:31,660 --> 00:56:33,880 There's a private key and a public key. 1200 00:56:33,880 --> 00:56:36,040 In essence, there's two keys that have 1201 00:56:36,040 --> 00:56:39,230 some mathematical relationship. 1202 00:56:39,230 --> 00:56:41,420 And the math between these two keys 1203 00:56:41,420 --> 00:56:43,790 don't matter for a class like this. 1204 00:56:43,790 --> 00:56:50,140 But know that the public key and the private key link together. 1205 00:56:50,140 --> 00:56:53,000 They're bonded together. 1206 00:56:53,000 --> 00:56:57,590 But the critical thing is about digital signatures, 1207 00:56:57,590 --> 00:56:59,000 there's three functions. 1208 00:56:59,000 --> 00:57:00,660 You have to generate a key pair. 1209 00:57:00,660 --> 00:57:02,750 And when a key pair is generated, 1210 00:57:02,750 --> 00:57:08,390 a public key and a private key are generated at the same time. 1211 00:57:08,390 --> 00:57:11,667 And they need a random number to go into it. 1212 00:57:11,667 --> 00:57:13,250 And one of the things that makes a lot 1213 00:57:13,250 --> 00:57:18,360 of Bitcoin and other wallets insecure, 1214 00:57:18,360 --> 00:57:21,110 and it's probably why some have been hacked, 1215 00:57:21,110 --> 00:57:23,970 the wallets, not Bitcoin, is because they don't have 1216 00:57:23,970 --> 00:57:26,010 good random number generation. 1217 00:57:26,010 --> 00:57:29,070 Yes, Brodish? 1218 00:57:29,070 --> 00:57:31,050 I saw-- I was at a conference last week 1219 00:57:31,050 --> 00:57:35,790 where a technologist from the University of Pennsylvania 1220 00:57:35,790 --> 00:57:39,600 had done a survey of 150 hedge funds, mining 1221 00:57:39,600 --> 00:57:43,560 companies, and Bitcoin wallet companies and the like. 1222 00:57:43,560 --> 00:57:46,830 So they actually let a cybersecurity individual 1223 00:57:46,830 --> 00:57:51,090 get inside and do a survey of 150 what you would consider 1224 00:57:51,090 --> 00:57:55,500 really committed, high end users of Bitcoin, miners 1225 00:57:55,500 --> 00:58:00,600 and hedge funds and crypto exchanges. 1226 00:58:00,600 --> 00:58:03,370 And it was horrifying, their cyber security 1227 00:58:03,370 --> 00:58:07,530 as to what they're doing with their private keys. 1228 00:58:07,530 --> 00:58:09,780 Before he even got to the private keys, many of them 1229 00:58:09,780 --> 00:58:13,500 didn't really have a secure way to create the random numbers 1230 00:58:13,500 --> 00:58:15,850 to create their private keys. 1231 00:58:15,850 --> 00:58:17,700 So it's just a piece. 1232 00:58:17,700 --> 00:58:20,100 When somebody says they have really good private key, 1233 00:58:20,100 --> 00:58:23,100 public key, in the back of your mind, 1234 00:58:23,100 --> 00:58:25,890 just know there's got to be some way to do a random number 1235 00:58:25,890 --> 00:58:26,700 generation. 1236 00:58:26,700 --> 00:58:28,380 That's the only math that I'm going 1237 00:58:28,380 --> 00:58:30,590 to ask you to remember of that. 1238 00:58:33,490 --> 00:58:35,200 There is a signature function. 1239 00:58:35,200 --> 00:58:38,080 And the key thing is a signature creates. 1240 00:58:38,080 --> 00:58:40,660 You can create a digital signature 1241 00:58:40,660 --> 00:58:42,600 from a message and a private key. 1242 00:58:45,240 --> 00:58:48,870 So if Kelly has a private key and wants 1243 00:58:48,870 --> 00:58:53,140 to send a secret message to somebody across the room-- 1244 00:58:53,140 --> 00:58:54,810 Isabella, you want a message from Kelly? 1245 00:58:57,610 --> 00:59:00,250 Kelly's going to take the message. 1246 00:59:00,250 --> 00:59:01,850 You got this, Kelly? 1247 00:59:01,850 --> 00:59:03,470 You're going to take the message, 1248 00:59:03,470 --> 00:59:07,300 and you're going to sign it with a private key. 1249 00:59:07,300 --> 00:59:11,230 You send it over to Isabella. 1250 00:59:11,230 --> 00:59:14,660 How's Isabella know that it was from you? 1251 00:59:14,660 --> 00:59:19,340 AUDIENCE: She has to decrypt it with her key. 1252 00:59:19,340 --> 00:59:20,900 GARY GENSLER: She's got to verify it. 1253 00:59:20,900 --> 00:59:23,720 So there's a function called a verification function, 1254 00:59:23,720 --> 00:59:26,180 and it comes back just yes, no. 1255 00:59:26,180 --> 00:59:28,280 I mean, it might say it differently. 1256 00:59:28,280 --> 00:59:29,930 But it's just a yes, no. 1257 00:59:29,930 --> 00:59:31,760 It's a verification function. 1258 00:59:31,760 --> 00:59:34,390 Isabella-- you want to do this with me-- 1259 00:59:34,390 --> 00:59:37,190 is going to verify your signature 1260 00:59:37,190 --> 00:59:40,950 is valid for this message because you 1261 00:59:40,950 --> 00:59:42,820 have the public key. 1262 00:59:42,820 --> 00:59:43,740 So you're right. 1263 00:59:43,740 --> 00:59:46,880 Isabella has your public key. 1264 00:59:46,880 --> 00:59:51,580 But using your public key, she can verify that the signature. 1265 00:59:51,580 --> 00:59:54,140 It's magical math. 1266 00:59:54,140 --> 00:59:55,460 Well, it's not magical math. 1267 00:59:55,460 --> 00:59:57,260 It's real math. 1268 00:59:57,260 --> 01:00:00,680 But it's not math we need to study in this class. 1269 01:00:00,680 --> 01:00:02,290 Yes, Hugo? 1270 01:00:02,290 --> 01:00:04,040 AUDIENCE: Back to generating the key pair. 1271 01:00:04,040 --> 01:00:04,940 GARY GENSLER: Yeah? 1272 01:00:04,940 --> 01:00:06,120 AUDIENCE: So they're both generated 1273 01:00:06,120 --> 01:00:07,130 from the random number? 1274 01:00:07,130 --> 01:00:09,680 One is not-- like the private is not 1275 01:00:09,680 --> 01:00:13,607 determined by the public key or the other way around? 1276 01:00:13,607 --> 01:00:14,690 GARY GENSLER: The public-- 1277 01:00:14,690 --> 01:00:16,430 you can think of it-- 1278 01:00:16,430 --> 01:00:21,610 in Bitcoin, it uses an elliptic curve cryptography. 1279 01:00:21,610 --> 01:00:25,550 And you can think of it as that the private key 1280 01:00:25,550 --> 01:00:30,470 is based on the random number. 1281 01:00:30,470 --> 01:00:35,770 To be more technical, the random number 1282 01:00:35,770 --> 01:00:38,260 is what gets you to the public key. 1283 01:00:38,260 --> 01:00:40,110 But I think of it as the private key 1284 01:00:40,110 --> 01:00:42,550 is almost the random number, and then the public key 1285 01:00:42,550 --> 01:00:43,990 is generated along with it. 1286 01:00:43,990 --> 01:00:47,140 AUDIENCE: So [INAUDIBLE]. 1287 01:00:47,140 --> 01:00:49,693 GARY GENSLER: Yes. 1288 01:00:49,693 --> 01:00:51,610 AUDIENCE: So you pick a random number actually 1289 01:00:51,610 --> 01:00:54,885 between 0 and 256, that's your private key. 1290 01:00:54,885 --> 01:00:56,830 To pick a public key, you derive it 1291 01:00:56,830 --> 01:00:58,660 directly from the private key. 1292 01:00:58,660 --> 01:01:01,330 In fact, all you do is you exponentiate another number 1293 01:01:01,330 --> 01:01:03,800 by the private key. 1294 01:01:03,800 --> 01:01:05,380 So you can think of the public key 1295 01:01:05,380 --> 01:01:08,410 as a one way function of the private key. 1296 01:01:08,410 --> 01:01:11,303 So given a public key, you cannot recover the private key. 1297 01:01:11,303 --> 01:01:13,720 If you could, then you could sign, potentially disastrous. 1298 01:01:16,380 --> 01:01:18,870 GARY GENSLER: And instead of exponentiation, in Bitcoin, 1299 01:01:18,870 --> 01:01:23,040 it uses a function called the elliptic curve. 1300 01:01:23,040 --> 01:01:24,150 So what properties? 1301 01:01:24,150 --> 01:01:26,670 And these are the key economic properties as well as 1302 01:01:26,670 --> 01:01:28,410 cryptographic properties. 1303 01:01:28,410 --> 01:01:30,120 Basically, it's infeasible. 1304 01:01:30,120 --> 01:01:32,100 And again, I use the word infeasible. 1305 01:01:32,100 --> 01:01:34,950 I didn't say impossible, even though Eileen 1306 01:01:34,950 --> 01:01:37,500 might want to tell me that it's 1 over 10 1307 01:01:37,500 --> 01:01:39,270 to the 40th of something. 1308 01:01:39,270 --> 01:01:42,840 But it's infeasible to find a private key from a public key, 1309 01:01:42,840 --> 01:01:45,070 so reverse engineer. 1310 01:01:45,070 --> 01:01:48,070 AUDIENCE: So even if you can't find the private key, 1311 01:01:48,070 --> 01:01:50,670 like in the case of Kelly and Isabella, 1312 01:01:50,670 --> 01:01:55,320 if I knew Kelly's public key, could I 1313 01:01:55,320 --> 01:01:59,620 send a message to Isabella impersonating Kelly? 1314 01:01:59,620 --> 01:02:01,530 GARY GENSLER: No. 1315 01:02:01,530 --> 01:02:05,334 You need to do a signature-- 1316 01:02:05,334 --> 01:02:08,190 if you please just run your eye up there. 1317 01:02:08,190 --> 01:02:10,230 To do a digital signature, you need 1318 01:02:10,230 --> 01:02:12,330 a private key and a message. 1319 01:02:12,330 --> 01:02:15,510 And it's a function of the message and the private key. 1320 01:02:19,880 --> 01:02:22,670 Let's call it complex math. 1321 01:02:22,670 --> 01:02:30,250 That digital signature was created from the private key. 1322 01:02:30,250 --> 01:02:34,330 And the public key was created from the private key. 1323 01:02:34,330 --> 01:02:37,720 And to oversimplify the reason that the verify function 1324 01:02:37,720 --> 01:02:42,330 works is because both the digital signature 1325 01:02:42,330 --> 01:02:44,700 and the public key that Isabella has-- 1326 01:02:44,700 --> 01:02:47,810 Isabella has this digital signature, 1327 01:02:47,810 --> 01:02:51,995 and she has the public key, and she has the message. 1328 01:02:54,500 --> 01:02:57,560 The math is such that, basically, 1329 01:02:57,560 --> 01:03:03,090 the private key, if you wish, almost like factors out. 1330 01:03:03,090 --> 01:03:05,810 But think of two functions. 1331 01:03:05,810 --> 01:03:09,170 Isabella has Kelly's public key, the message, 1332 01:03:09,170 --> 01:03:10,490 the digital signature. 1333 01:03:10,490 --> 01:03:12,300 It either verifies or it doesn't. 1334 01:03:12,300 --> 01:03:14,750 But she never has to see the private key. 1335 01:03:14,750 --> 01:03:16,400 And in fact, Kelly does not want her 1336 01:03:16,400 --> 01:03:18,560 to ever see the private key. 1337 01:03:18,560 --> 01:03:22,350 AUDIENCE: Eric, maybe just to simplify 1338 01:03:22,350 --> 01:03:26,710 the way the validation of the digital signature works 1339 01:03:26,710 --> 01:03:32,570 is Kelly's message is run through a hash function which 1340 01:03:32,570 --> 01:03:34,010 generates a hash. 1341 01:03:34,010 --> 01:03:37,790 And it's encrypted with her private key. 1342 01:03:37,790 --> 01:03:41,270 Then the message encrypted and the digital signature 1343 01:03:41,270 --> 01:03:42,810 goes to Isabella. 1344 01:03:42,810 --> 01:03:45,830 Isabella, what she does is using the same hash function 1345 01:03:45,830 --> 01:03:49,850 to run it with the document to generate the hash function 1346 01:03:49,850 --> 01:03:54,050 and uses the public key of Kelly to unencrypt the signature 1347 01:03:54,050 --> 01:03:55,850 and compare those two hashes. 1348 01:03:55,850 --> 01:03:57,710 If those two hashes correspond that 1349 01:03:57,710 --> 01:04:01,070 means that the message belongs to Kelly 1350 01:04:01,070 --> 01:04:02,840 and it hasn't been tampered with. 1351 01:04:02,840 --> 01:04:05,420 So that's the more or less the simplification 1352 01:04:05,420 --> 01:04:09,710 of the digital signature process. 1353 01:04:09,710 --> 01:04:11,770 AUDIENCE: I don't know if-- 1354 01:04:11,770 --> 01:04:14,060 GARY GENSLER: So I mean, the key is basically 1355 01:04:14,060 --> 01:04:16,940 that there's a scheme unrelated to Bitcoin 1356 01:04:16,940 --> 01:04:20,180 that exists for many other reasons on the internet, 1357 01:04:20,180 --> 01:04:25,490 many other reasons in commerce and at war 1358 01:04:25,490 --> 01:04:30,140 that this public key, private key cryptography. 1359 01:04:30,140 --> 01:04:33,290 And it's not simply just going back, 1360 01:04:33,290 --> 01:04:35,930 it's not just simply Alice sending something. 1361 01:04:35,930 --> 01:04:38,360 It's also digital signatures. 1362 01:04:38,360 --> 01:04:40,250 You generate the key pair. 1363 01:04:40,250 --> 01:04:42,770 Everything in Bitcoin, everything in Ethereum 1364 01:04:42,770 --> 01:04:45,870 has key pairs, public key and private key, 1365 01:04:45,870 --> 01:04:47,150 a digital signature. 1366 01:04:47,150 --> 01:04:51,430 But, Kelly, never lose your private key. 1367 01:04:51,430 --> 01:04:52,060 You got that? 1368 01:04:52,060 --> 01:04:52,967 Do not. 1369 01:04:52,967 --> 01:04:55,300 And by the way, you have to create it with a good random 1370 01:04:55,300 --> 01:04:58,870 number generator because most sophisticated hedge funds 1371 01:04:58,870 --> 01:05:00,263 around the world aren't. 1372 01:05:00,263 --> 01:05:01,930 So you're going to be better than those. 1373 01:05:01,930 --> 01:05:04,960 That's what I learned at a conference I was at recently. 1374 01:05:04,960 --> 01:05:08,050 And then there's a verification function. 1375 01:05:08,050 --> 01:05:10,570 AUDIENCE: A quick question about the random number generator 1376 01:05:10,570 --> 01:05:12,640 and the verification function. 1377 01:05:12,640 --> 01:05:16,150 So is there any third party generating 1378 01:05:16,150 --> 01:05:23,110 the generator or the generator is a function already existing 1379 01:05:23,110 --> 01:05:26,640 and already there? 1380 01:05:26,640 --> 01:05:30,450 GARY GENSLER: So the question is, if random number generation 1381 01:05:30,450 --> 01:05:33,480 is so important, are there outside parties that 1382 01:05:33,480 --> 01:05:36,720 have good software, in essence, to produce the random number 1383 01:05:36,720 --> 01:05:37,380 generation? 1384 01:05:37,380 --> 01:05:38,797 And the answer is yes, and there's 1385 01:05:38,797 --> 01:05:40,440 some that are not so good. 1386 01:05:40,440 --> 01:05:43,590 And yes, some good laptops have it. 1387 01:05:43,590 --> 01:05:47,100 At the heart, I want to skip ahead. 1388 01:05:47,100 --> 01:05:50,100 Elliptic curve digital signature algorithm, 1389 01:05:50,100 --> 01:05:54,180 that's the actual algorithm that Bitcoin uses to take 1390 01:05:54,180 --> 01:05:56,880 the private key and so forth. 1391 01:05:56,880 --> 01:06:03,990 But many of the wallets, if you download a wallet application 1392 01:06:03,990 --> 01:06:06,300 to hold your Bitcoin, to hold your Litecoin, 1393 01:06:06,300 --> 01:06:09,390 to hold some other coin, that wallet application 1394 01:06:09,390 --> 01:06:15,770 has a random number generation software. 1395 01:06:15,770 --> 01:06:19,310 I can't attest to all the random number generation software. 1396 01:06:19,310 --> 01:06:22,400 I'm not a cyber security expert. 1397 01:06:22,400 --> 01:06:24,350 But there's probably a range of some 1398 01:06:24,350 --> 01:06:27,970 that are a little bit more. 1399 01:06:27,970 --> 01:06:29,740 There's stronger ones. 1400 01:06:29,740 --> 01:06:31,360 The key to random number generation 1401 01:06:31,360 --> 01:06:35,500 is if you're generating any length that it truly 1402 01:06:35,500 --> 01:06:40,710 is not clumpier, that there's let's 1403 01:06:40,710 --> 01:06:45,160 say it's what maximum entropy, and that you really 1404 01:06:45,160 --> 01:06:47,850 don't have any clumps. 1405 01:06:47,850 --> 01:06:50,350 If it all clumps in one area, then 1406 01:06:50,350 --> 01:06:52,103 that's not great randomness. 1407 01:06:52,103 --> 01:06:53,770 So I just want to finish because there's 1408 01:06:53,770 --> 01:06:55,478 one other thing we're going to chat about 1409 01:06:55,478 --> 01:06:59,230 to lay the groundwork is Bitcoin addresses. 1410 01:06:59,230 --> 01:07:00,040 I put that up. 1411 01:07:00,040 --> 01:07:02,140 You can look at the slides later. 1412 01:07:02,140 --> 01:07:05,170 The details don't matter much. 1413 01:07:05,170 --> 01:07:07,930 But the key thing is that when you hear somebody talk 1414 01:07:07,930 --> 01:07:13,030 about public keys and Bitcoin addresses, colloquially, 1415 01:07:13,030 --> 01:07:15,250 we all reference them the same. 1416 01:07:15,250 --> 01:07:17,780 They're actually not. 1417 01:07:17,780 --> 01:07:25,080 The technology that Nakamoto did was he uses the public key. 1418 01:07:25,080 --> 01:07:30,990 He literally hashed it twice, once with this hash function 1419 01:07:30,990 --> 01:07:35,130 called SHA256, another hash function, 1420 01:07:35,130 --> 01:07:39,980 then concatenates, and puts a little check sum at the end, 1421 01:07:39,980 --> 01:07:42,620 and then uses something called a base 58 to make 1422 01:07:42,620 --> 01:07:45,420 it even shorter. 1423 01:07:45,420 --> 01:07:48,480 I've gone back and read some of Nakamoto's emails 1424 01:07:48,480 --> 01:07:51,630 for the two years after he published all this 1425 01:07:51,630 --> 01:07:53,220 and I've read other things. 1426 01:07:53,220 --> 01:07:56,520 My understanding is the reason there is two hash functions 1427 01:07:56,520 --> 01:07:58,950 and actually two different ones was just 1428 01:07:58,950 --> 01:08:02,260 to make everything a bit more secure. 1429 01:08:02,260 --> 01:08:04,490 Also, a public key is very long. 1430 01:08:04,490 --> 01:08:07,850 It's about 512 bits. 1431 01:08:07,850 --> 01:08:10,430 And so you can shrink the data and make 1432 01:08:10,430 --> 01:08:15,320 the data more compressed by hashing it, 1433 01:08:15,320 --> 01:08:17,630 which took it to 256 bits. 1434 01:08:17,630 --> 01:08:21,000 He hashes it twice, and then he does this base 58 1435 01:08:21,000 --> 01:08:24,770 and makes it even a little tighter. 1436 01:08:24,770 --> 01:08:28,399 So for all purposes, you could go ahead and just use 1437 01:08:28,399 --> 01:08:30,970 public key and Bitcoin address is the same. 1438 01:08:30,970 --> 01:08:34,649 But remember back in the mind, oh, actually, 1439 01:08:34,649 --> 01:08:36,189 they're a little different. 1440 01:08:36,189 --> 01:08:41,029 Bitcoin addresses are a little bit more secure supposedly, 1441 01:08:41,029 --> 01:08:43,880 unless of course somebody has hacked into your wallet 1442 01:08:43,880 --> 01:08:46,939 and figured out all these little details. 1443 01:08:46,939 --> 01:08:49,640 A Bitcoin address is a little bit 1444 01:08:49,640 --> 01:08:54,979 like the signatures on these notes we talked about, right? 1445 01:08:54,979 --> 01:08:59,120 Remember what an-- half of you don't use checking accounts. 1446 01:08:59,120 --> 01:09:02,510 But these are early forms of checks. 1447 01:09:02,510 --> 01:09:04,370 And there's a signature on the bottom. 1448 01:09:04,370 --> 01:09:08,420 That's really kind of a Bitcoin address. 1449 01:09:08,420 --> 01:09:11,970 I'm sorry, the signature is the digital signature. 1450 01:09:11,970 --> 01:09:15,550 The address, the Bitcoin address is who it's paid for. 1451 01:09:15,550 --> 01:09:17,712 And I promise last slide. 1452 01:09:17,712 --> 01:09:19,670 We're going to be talking about this next week. 1453 01:09:19,670 --> 01:09:22,010 Transactions, all that stuff that 1454 01:09:22,010 --> 01:09:24,050 rolls up into the Merkle trees. 1455 01:09:24,050 --> 01:09:27,979 All that little itty bitty important information, 1456 01:09:27,979 --> 01:09:33,130 they basically have an input and an output, the input 1457 01:09:33,130 --> 01:09:34,870 and a lock time. 1458 01:09:34,870 --> 01:09:39,220 But the input is a previous transaction. 1459 01:09:39,220 --> 01:09:44,710 This uniquely identifies, basically, money. 1460 01:09:44,710 --> 01:09:46,760 And you're going to send value in Satoshis. 1461 01:09:49,609 --> 01:09:54,510 He named the unit of count for himself. 1462 01:09:54,510 --> 01:09:56,910 There's a lot of Satoshis in every one Bitcoin. 1463 01:09:56,910 --> 01:09:59,010 That's why we don't hear much about Satoshis. 1464 01:09:59,010 --> 01:10:04,560 But there's 10 to the 8th Satoshis in every one Bitcoin. 1465 01:10:04,560 --> 01:10:06,570 So when you actually enter in the computer 1466 01:10:06,570 --> 01:10:11,880 code in a transaction, you're doing it in Satoshis. 1467 01:10:11,880 --> 01:10:13,740 And it's sent to a public key. 1468 01:10:13,740 --> 01:10:15,330 That's a coin. 1469 01:10:15,330 --> 01:10:18,640 That is what the incentive system's all about. 1470 01:10:21,640 --> 01:10:24,660 Any other questions? 1471 01:10:24,660 --> 01:10:26,150 And this is just I know. 1472 01:10:26,150 --> 01:10:27,730 There's a lot. 1473 01:10:27,730 --> 01:10:31,370 I wonder how many of you are going to come back on Thursday. 1474 01:10:31,370 --> 01:10:31,870 No. 1475 01:10:31,870 --> 01:10:33,290 Let me say this. 1476 01:10:33,290 --> 01:10:34,840 It's not just that we're at MIT. 1477 01:10:34,840 --> 01:10:35,980 But we are at MIT. 1478 01:10:35,980 --> 01:10:37,690 Come on. 1479 01:10:37,690 --> 01:10:43,330 Everybody in this room can get these kind of key concepts. 1480 01:10:43,330 --> 01:10:45,790 The key questions that we talked about 1481 01:10:45,790 --> 01:10:48,430 were timestamped append-only logs. 1482 01:10:48,430 --> 01:10:50,320 Does anybody want to tell me what a-- 1483 01:10:50,320 --> 01:10:52,990 if this class here in the next seven minutes 1484 01:10:52,990 --> 01:10:55,180 can get these two concepts, that's 1485 01:10:55,180 --> 01:10:57,040 all we talked about for the last hour. 1486 01:10:57,040 --> 01:11:01,432 So I don't know your name in the orange shirt. 1487 01:11:01,432 --> 01:11:02,240 AUDIENCE: Andrew. 1488 01:11:02,240 --> 01:11:03,323 GARY GENSLER: What's that? 1489 01:11:03,323 --> 01:11:03,830 Andrew? 1490 01:11:03,830 --> 01:11:06,260 Andrew, what's time append-only logs? 1491 01:11:06,260 --> 01:11:08,960 AUDIENCE: Timestamped append-only logs is essentially 1492 01:11:08,960 --> 01:11:11,090 a record of transactions or a block 1493 01:11:11,090 --> 01:11:13,835 as blockchain uses it with a time. 1494 01:11:13,835 --> 01:11:15,560 And that can't be changed in the future. 1495 01:11:15,560 --> 01:11:17,060 So you can only add on transactions. 1496 01:11:17,060 --> 01:11:19,018 GARY GENSLER: So it's kind of immutable because 1497 01:11:19,018 --> 01:11:21,150 of all this cryptography. 1498 01:11:21,150 --> 01:11:26,310 Stuart Haber was making it in a timestamped append-only log. 1499 01:11:26,310 --> 01:11:28,095 And he was placing it where? 1500 01:11:28,095 --> 01:11:29,220 Carolyn, you still with me? 1501 01:11:29,220 --> 01:11:31,088 Where was Haber putting it? 1502 01:11:31,088 --> 01:11:32,130 AUDIENCE: New York Times. 1503 01:11:32,130 --> 01:11:33,338 GARY GENSLER: New York Times. 1504 01:11:33,338 --> 01:11:35,225 There you go in the classified section. 1505 01:11:37,780 --> 01:11:42,892 So it's just it's a bunch of blocks of data compressed up. 1506 01:11:42,892 --> 01:11:44,350 So we talked about something called 1507 01:11:44,350 --> 01:11:46,450 Merkle trees and Merkle Roots. 1508 01:11:46,450 --> 01:11:49,540 Just think about as that's a way to take a lot of information 1509 01:11:49,540 --> 01:11:53,830 and compress it but also make it searchable later 1510 01:11:53,830 --> 01:11:57,050 because 1,000 transactions, when we talk next week, 1511 01:11:57,050 --> 01:11:58,800 you have to be able to verify. 1512 01:11:58,800 --> 01:12:01,690 Somebody asked me about how to verify, right? 1513 01:12:01,690 --> 01:12:05,830 When you go back to verify, you need an index number to find it 1514 01:12:05,830 --> 01:12:08,870 in that Merkle tree situation. 1515 01:12:08,870 --> 01:12:10,560 And it's secured through hash functions. 1516 01:12:10,560 --> 01:12:12,870 Anybody want to tell me that easiest lay definition 1517 01:12:12,870 --> 01:12:14,220 of the hash function? 1518 01:12:16,930 --> 01:12:19,470 Jennifer? 1519 01:12:19,470 --> 01:12:22,700 AUDIENCE: It's like a mapping can be 1520 01:12:22,700 --> 01:12:26,280 so members can get to just one. 1521 01:12:26,280 --> 01:12:27,460 GARY GENSLER: Right. 1522 01:12:27,460 --> 01:12:32,770 You could take a picture of this classroom and everybody exactly 1523 01:12:32,770 --> 01:12:35,678 and they could map it into something. 1524 01:12:35,678 --> 01:12:36,220 I don't know. 1525 01:12:36,220 --> 01:12:38,710 Would a QR code be a form of a hash? 1526 01:12:41,340 --> 01:12:43,210 Not cryptographically secure. 1527 01:12:43,210 --> 01:12:44,438 But is it a hash? 1528 01:12:44,438 --> 01:12:46,480 AUDIENCE: It's more of a different representation 1529 01:12:46,480 --> 01:12:49,590 of some data rather than binary you're using. 1530 01:12:49,590 --> 01:12:52,850 GARY GENSLER: All right, so I failed that one. 1531 01:12:52,850 --> 01:12:55,617 AUDIENCE: It often stores hashes. 1532 01:12:55,617 --> 01:12:57,450 GARY GENSLER: So cryptographic hash function 1533 01:12:57,450 --> 01:13:00,030 is a way to take not only a lot of information 1534 01:13:00,030 --> 01:13:03,600 and put it into a fixed form, but the key thing here 1535 01:13:03,600 --> 01:13:06,990 is the hash functions are what tie the blocks together 1536 01:13:06,990 --> 01:13:11,080 because hash functions can point to previous information. 1537 01:13:11,080 --> 01:13:15,000 And as the video showed, if you change any of the underlying 1538 01:13:15,000 --> 01:13:18,190 information, the hash changes. 1539 01:13:18,190 --> 01:13:21,090 So what does that give you? 1540 01:13:21,090 --> 01:13:23,690 It basically secures the data. 1541 01:13:23,690 --> 01:13:25,700 You know if somebody has tampered. 1542 01:13:25,700 --> 01:13:29,780 So the only reason to really learn about hash functions 1543 01:13:29,780 --> 01:13:31,790 is it's to say, oh, I get it. 1544 01:13:31,790 --> 01:13:37,070 This is one of the ways to make this data tamper proof. 1545 01:13:37,070 --> 01:13:37,660 Go on. 1546 01:13:37,660 --> 01:13:40,830 AUDIENCE: I have a question about a theoretical event where 1547 01:13:40,830 --> 01:13:47,430 a better hash function is found than the SHA256. 1548 01:13:47,430 --> 01:13:50,010 How would that be implemented into the Bitcoin network 1549 01:13:50,010 --> 01:13:51,270 practically? 1550 01:13:51,270 --> 01:13:53,310 There needs to be a consensus and-- 1551 01:13:53,310 --> 01:13:57,960 GARY GENSLER: So how would any relevant change 1552 01:13:57,960 --> 01:14:01,170 be adopted into Bitcoin is always a challenge 1553 01:14:01,170 --> 01:14:04,350 because it's a decentralized network. 1554 01:14:04,350 --> 01:14:07,650 And all decentralized networks have a little bit 1555 01:14:07,650 --> 01:14:09,210 of a governance challenge. 1556 01:14:09,210 --> 01:14:12,850 The governance challenge is, how do you do software updates? 1557 01:14:12,850 --> 01:14:17,040 We all know that on our laptops, our iPhones, 1558 01:14:17,040 --> 01:14:20,040 there's probably software updates going on here now 1559 01:14:20,040 --> 01:14:22,200 unbeknownst to me, right? 1560 01:14:22,200 --> 01:14:24,030 They're probably just Apple has dropped. 1561 01:14:24,030 --> 01:14:26,700 I mean, who knows what they're doing in here, right? 1562 01:14:26,700 --> 01:14:30,060 And Uber, I really, one of my favorites, who knows what's 1563 01:14:30,060 --> 01:14:31,450 happening inside this phone. 1564 01:14:31,450 --> 01:14:36,630 But the commercial enterprise, the central authority 1565 01:14:36,630 --> 01:14:38,280 has a way to update the software. 1566 01:14:38,280 --> 01:14:40,560 We probably sign some terms of use 1567 01:14:40,560 --> 01:14:42,620 that allows them to do that. 1568 01:14:42,620 --> 01:14:45,930 In a decentralized network like this, 1569 01:14:45,930 --> 01:14:48,210 there has to be consensus. 1570 01:14:48,210 --> 01:14:51,150 And so the only way really to update 1571 01:14:51,150 --> 01:14:55,660 the software for a new hash function or for most everything 1572 01:14:55,660 --> 01:15:00,010 else is, in essence, that the nodes, 1573 01:15:00,010 --> 01:15:03,220 the operators of the software collectively in a consensus 1574 01:15:03,220 --> 01:15:04,720 form adopt it. 1575 01:15:04,720 --> 01:15:10,050 So it's another way that not only is the data 1576 01:15:10,050 --> 01:15:15,090 immutable because of these hash functions but the software is. 1577 01:15:15,090 --> 01:15:18,790 And that comes both with benefits and costs. 1578 01:15:18,790 --> 01:15:21,010 Some people would say that's a bug of blockchain. 1579 01:15:21,010 --> 01:15:22,905 Some people would say it's a feature. 1580 01:15:22,905 --> 01:15:24,280 You can come to your own judgment 1581 01:15:24,280 --> 01:15:26,110 over the course of this semester. 1582 01:15:26,110 --> 01:15:29,780 But the software is harder to update 1583 01:15:29,780 --> 01:15:33,170 than software in centralized authorities 1584 01:15:33,170 --> 01:15:35,450 because centralized authorities just say-- 1585 01:15:35,450 --> 01:15:38,322 they just push the-- 1586 01:15:38,322 --> 01:15:40,280 now sometimes you have to click and say update. 1587 01:15:44,020 --> 01:15:45,130 But don't be naive. 1588 01:15:45,130 --> 01:15:49,150 Not every software do you click. 1589 01:15:49,150 --> 01:15:51,460 I mean, there's some that's just happening. 1590 01:15:51,460 --> 01:15:53,998 But here, you've got to have consensus. 1591 01:15:53,998 --> 01:15:55,540 I know it didn't answer your question 1592 01:15:55,540 --> 01:15:56,842 about the hash function. 1593 01:15:56,842 --> 01:15:59,050 But if it were a hash function that had to be updated 1594 01:15:59,050 --> 01:16:03,890 and everybody said they had to quickly update it, 1595 01:16:03,890 --> 01:16:06,840 there's interesting debates about this, 1596 01:16:06,840 --> 01:16:10,140 but you wouldn't need to go back over all 540,000 1597 01:16:10,140 --> 01:16:12,780 previous blocks. 1598 01:16:12,780 --> 01:16:19,110 You could just hash all 540,000 blocks, 180 gigabytes to one 1599 01:16:19,110 --> 01:16:23,160 256 or maybe it's then a different, 1600 01:16:23,160 --> 01:16:25,270 and then you'd have that. 1601 01:16:25,270 --> 01:16:27,350 And it would be tamper proof. 1602 01:16:27,350 --> 01:16:28,670 So those are the key things. 1603 01:16:28,670 --> 01:16:30,230 That's what we covered really. 1604 01:16:30,230 --> 01:16:35,270 What we're going to cover next Tuesday is consensus protocol. 1605 01:16:35,270 --> 01:16:36,860 We've talked a lot about proof of work 1606 01:16:36,860 --> 01:16:41,850 here because everybody thinks of Bitcoin about proof of work. 1607 01:16:41,850 --> 01:16:44,360 But we're going to talk about proof of work, the nodes, 1608 01:16:44,360 --> 01:16:45,812 and the native currency. 1609 01:16:45,812 --> 01:16:47,270 And then next Thursday, we're going 1610 01:16:47,270 --> 01:16:48,980 to talk about transactions. 1611 01:16:48,980 --> 01:16:52,840 Again, I try to break down this technology. 1612 01:16:52,840 --> 01:16:54,550 If you want to forget about this lecture, 1613 01:16:54,550 --> 01:16:56,110 and you're going to go, oh my god, it 1614 01:16:56,110 --> 01:16:59,167 was like going to the dentist, you 1615 01:16:59,167 --> 01:17:01,000 can tell your friends that you actually know 1616 01:17:01,000 --> 01:17:02,290 something about cryptography. 1617 01:17:02,290 --> 01:17:04,660 It is called cryptocurrencies. 1618 01:17:04,660 --> 01:17:07,210 So how could we not know something about cryptography? 1619 01:17:07,210 --> 01:17:09,130 But it's basically those three things. 1620 01:17:09,130 --> 01:17:10,730 It's cryptography. 1621 01:17:10,730 --> 01:17:14,410 It's a consensus mechanism and the transactions. 1622 01:17:14,410 --> 01:17:14,980 So right? 1623 01:17:14,980 --> 01:17:18,795 Cryptography, consensus mechanism, transactions. 1624 01:17:18,795 --> 01:17:19,920 And we will get through it. 1625 01:17:19,920 --> 01:17:22,510 And then you'll see this matters to finance 1626 01:17:22,510 --> 01:17:24,280 and whether it's got any use cases. 1627 01:17:24,280 --> 01:17:26,400 So thank you.