Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies - Sarah Meiklejohn: Anonymity, Central Bank Cryptocurrencies and the Academic View on Bitcoin
Episode Date: September 5, 2016With academic research on Bitcoin and cryptocurrencies still in its infancy, Sarah Meiklejohn’s track record of publications in the area stands out. The UCL computer science professor has explored t...opics ranging from anonymity in Bitcoin to how a central bank could go about issuing a cryptocurrency. Topics covered in this episode: What techniques can be used to deanonymize Bitcoin users How Bitcoin’s usage evolved over time Whether privacy-enhancing overlays in Bitcoin currently work What a cryptocurrency issued by a central bank could look like The architecture of RSCoin Episode links: Sarah Meiklejohn UCL Website Meiklejohn & Orlandi (2015): Privacy-Enhancing Overlays in Bitcoin Danezis & Meiklejohn (2016): Centrally Banked Cryptocurrencies Meiklejohn et al (2016): A Fistful of Bitcoins EB70 - Michael Gronager: Chainalysis EB83 - David Andolfatto: Fedcoins and Cryptocurrencies Issued by Central Banks This episode is hosted by Brian Fabian Crain and Sébastien Couture. Show notes and listening options: epicenter.tv/147
Transcript
Discussion (0)
This is Epicenter, Episode 147 with guest Sarah Micklejohn.
This episode of Epicenter is brought you by Jax.
Jacks is the user-friendly wallet that works across all your devices and handles both Bitcoin and Ether.
Go to JAAWX.io and embrace the future of cryptocurrency wallets.
And by the Ledger NanoS, the hardware wallet which sets the new standard in security and usability.
Get it today at ledgerWallet.com and use the offer code Epicenter to get 10% off your order.
And by Hyde.Me, protect yourself against hackers and safeguard your identity online with a first-class VPN.
Go to hide.combe slash Epicenter and sign up for a free account today.
Hi, welcome to Epicenter, the show which talks about the technology, startups, and people driving decentralization and the global blockchain revolution.
My name is Sebastian Gutsuio.
And my name is Brian Robin Crane.
Today is a bit of a special show.
So we've started Epicenter Bitcoin.
It's now been more than two and a half years in January of 2014.
And from kind of the very start, or briefly after we started,
we already started kind of branching out and doing a whole bunch of topics
that went beyond Bitcoin.
We started between the first shows on Ethereum,
just when the show was a few months old.
And we had conversations already back then about changing the name.
SimaCM was like, yeah, Bitcoin, episode of Bitcoin, it's too narrow.
It doesn't really reflect what the show is about.
And at the time, I was kind of saying, well, no, but it's this umbrella term, right?
It's not just Bitcoin itself, but it also represents the kind of larger space, this movement, this technology.
And that was true back then, but that's definitely not the case anymore.
So we've been too big now for quite a while to change that because the show is about a whole bunch of stuff, right?
It's about Bitcoin.
It's also about Ethereum, Z-cash, and a lot of other new protocols coming up, new cryptocurrency.
cryptocurrencies, permission ledgers, the application of smart contacts, permission ledgers
in existing systems.
So all of those.
And because of that, we've decided to rebrand to choose a new name that is more reflective
about where the show is at today.
So that's why it's come to the time for us to rebrand and for our new identity to reflect
all of this.
So at this point going forward, the show will now be called simply Epicenter.
Of course, we'll continue to do regular episodes about Bitcoin.
and all the other topics that we usually cover.
So I guess the content doesn't change.
Simply the name changes in order to reflect the broader ecosystem of decentralized technologies and distributed systems.
So as a listener, you won't need to change a thing.
All our feeds and distribution channels remain the same.
You'll still be able to get the podcast feed at the same place you get it now.
You don't need to change any settings.
You can still watch the videos on YouTube, on our channel,
and our social media presence will also remain the same.
So none of that will change.
You could just keep listening.
And also, we're excited to announce our brand new website,
ampresenter.tv, which will be rolling out progressively in the coming weeks.
The new website will have lots of new features.
For instance, one of the main things that the website,
our current website doesn't have,
which will be available on the new website,
is the ability to watch the videos because our current website didn't even have our videos.
So we're really excited about that.
And some other new features, like we'll have some
the ability to search content by topic or by guest.
So we've been working on this new website for a long time, and we're really excited about it.
We hope you'll like it too, and we're open to your feedback.
If you have any comments or feedback on how we can improve the website, we're definitely
open to that so you can reach us at all the regular places you normally reach us.
So, yeah, without further ado, we'd like to introduce a new show, Epicenter, and also introduce
our guest for today.
So today we have Sarah Mikkeljohn as our guest.
She's an assistant professor in computer science at University College London,
where I also used to study once upon a time.
She's been doing research on Bitcoin for four years.
She's published a whole bunch of papers.
I think the one that's gotten the most attention had a name,
was named after an Italian Western called for a fistful of dollars,
although this one was for a fistful of Bitcoin.
So she's been doing a lot of really interesting work on Bitcoin,
and we're very exciting to have her own.
So thanks so much for joining us today, Sarah.
Oh, yeah.
Hi, guys.
Thanks for having me on.
Yeah, so I actually came across you because I was thinking like,
well, we need to think a little bit about what guests everyone.
Of course, I'd heard your name before and seen kind of your work.
But then I was sort of looking at Google Scholar about just articles about Bitcoin.
And then you came up a few times.
I was like, oh, we should really talk about this stuff.
Sure.
Especially. So if we talk about the anonymization, it's also a topic that I think we've done
a few episodes on. At the very least, we've done one with chain analysis once.
And I'm not sure to what extent, I don't remember to what extent we've covered some of
the privacy enhancing techniques. But do you just want to give us a little bit of background
about what you were looking at in this research?
Sure.
So we basically got looking at Bitcoin in, I think, 2012, like early 2012.
And, you know, at the first we weren't really sure what we wanted to look at.
I mean, we just kind of thought it was interesting.
It was, you know, not as big as it is now.
So kind of the first few, you know, use cases were coming out.
And so we thought we just kind of look into it.
And previously, you know, I'd been doing a lot of work in cryptography, a lot of work in like anonymous credentials, electronic cash and stuff like that.
So maybe kind of naturally our interest was in the privacy of this things.
And also at the same time, kind of just a general question of, you know, what are people really using these things for at the moment?
I mean, you know, in the beginning you had heard so much, of course, about Silk Road, you know, in the infamous sort of pizza transaction.
but the question was, you know, what's going on with these currencies?
What are they being used for?
We're seeing all these transactions, you know, how can we kind of take this just ledger of transactions
and try to assign meaning to it, you know, try to figure out what is being represented in that ledger.
And so that basically is how we got started with this topic of, you know, de-anonymization.
And again, really just trying to figure out what individual transactions were representing.
So basically we, as I said, started doing that and eventually our approach boiled down to kind of two things.
So one side of things was clustering different Bitcoin addresses together, right?
So if one person can go use a lot of different pseudonyms, then if we're trying to figure out, you know, the transactions that belong to that person, we need to have some way of assigning, you know, common ownership to their pseudonyms.
And then the other one was this kind of actual tagging of addresses, right?
So even if you can cluster all these addresses together, if you don't know, then who they belong to,
it's just sort of, oh, one cluster transferring to another cluster.
And you don't, again, you don't know the actual actors here.
So that was sort of our approach.
So the idea of de-anonymizing Bitcoin, I guess sort of goes contrary to the initial ideas of Bitcoin
where payments are meant to be anonymous or at least pseudonymous.
What kind of reception has your research received from the broad Bitcoin community?
Yeah, it's been mostly kind of negative, or it certainly was at the beginning.
You know, people saying, oh, how could you? It's unethical.
But, you know, I think, to be honest, you know, so most of those concerns stemmed from this
very legitimate question of, you know, what were we doing with our data set, right?
So we had collected addresses by doing our own set of transactions.
Okay. And then we had used that sort of tagging of transactions to feed into this clustering.
And so we had built up this kind of database of observable addresses, right?
Which addresses belong to whom?
And so, you know, I think it's fair to say, well, you know, I didn't consent to that in some way.
And now you might be sharing that data set with, you know, God knows who.
And that's really not fair.
So I think, you know, as the years have gone by, people have realized, you know, we're not the enemy, right?
So for one thing, we only did transactions with people who were willing to do transactions with anyone.
And so what that actually really translated into is we didn't do transactions with people at all.
We mostly did transactions with services.
Okay, so we mostly opened accounts with exchanges and did transactions there.
So we weren't, you know, de-anonymizing a person.
we were de-anonymizing Mount Gox, let's say, or, you know, Silk Road or something like that.
And then the other thing is, you know, that now, you know, our technique and the techniques
that were kind of built around the same time have been incorporated into, you know,
these commercial products, right?
So this is now a service that people are doing.
And so it's sort of, I mean, maybe it's, you know, that we've, we look sort of less bad
in the face of what's happening now.
So I think, you know, the reception initially was kind of,
you know, people were a bit shocked.
But, you know, the other thing is, I mean, people really sort of deeply embedded in the Bitcoin
community already knew this was possible.
You know, they already knew that pseudonymous doesn't mean anonymous.
And so I don't think it really came as a surprise to any of them in particular.
So, you know, I think after the sort of initial shock maybe people realized that, you know,
in some sense, I would hope that our research could be viewed as more useful than anything else
because at least it's drawing awareness to something that was already possible
and that, you know, for all anyone knew, law enforcement or whoever, was already doing anyway.
And all we did was make that fact public.
So you mentioned the things of clustering users and then trying to sort of tag and say,
okay, who is this?
Are there other things that are being done?
Do you know some of the commercial products now?
Do they also rely on some other techniques?
Yeah, so, I mean, I've, you know, only talked to a handful of them.
The ones I've talked to, I've been quite surprised that basically they are doing these things manually.
Right.
So, you know, when we did this project, I mean, you know, I basically spend a full month just sitting there, you know, transacting with Mount Gawks.
And then, you know, so depositing Bitcoins into Mount Gawks, waiting for the six confirmations, you know, waiting for them to maybe mix them up a bit, withdrawing them, depositing them into.
Insta Wallet. I mean, it was really, really dull. So I was pretty surprised to hear from them that
basically, you know, while some of the clustering techniques that they're using maybe have gotten,
well, definitely have gotten more sophisticated, the way that they are tagging addresses
sounds like it's pretty much just what we were doing. You know, they basically hire someone to
sit there and do this kind of stuff, which I really sounds quite shocking. I mean,
I mean, I really thought of it as just this total academic exercise, you know, proof of concept.
But it's not apparently.
Now, during this process, right, so you de-anonymized a lot of entities in there,
and you kind of looked at also the history of how Bitcoin was used throughout its time
and how different services came about and usage pattern changed.
But can you share a bit, what are the most interesting takeaways from looking at?
at doing almost this archaeological digging in the underground of Bitcoin.
Sure. Yeah, so I guess I am going to sound like a bit of a historian here.
So I think, you know, one of the things that we noticed was that the sort of usage of wallet services
had gone through quite a lot of peaks and troughs, right? So in the beginning, you know,
know, people were using these wallet services quite extensively. So I'm completely blanking on the name
of one of the first ones. But it was really, really popular, you know, in our clustering, that cluster
showed up huge. There were a lot of bitcoins going into it. And then that service suffered a theft.
You know, maybe the creators made off with all the funds. It was never really clear. And so then you saw
for a long time that people weren't using them. And then you saw sort of another peak where people,
People started using Insta Wallet quite heavily, right?
And then they stopped using that as well because of their also heist, possibly theft.
Who knows?
So in general, that was sort of one trend.
Then obviously, I mean, we sort of did manage to chart, you know, the rise in the fall
of services like Mount Gawks and Silk Road, less so with the newer dark markets.
Of course, one of the biggest things that really kind of was annoying.
in our analysis was stuff like Satoshi Dice, you know, just completely clogging all of the transactions.
I mean, just jumping up to, you know, 60% of all transactions.
And we'd be like, oh, there's this really interesting pattern going on.
You know, let's investigate it.
And then we'd go into it.
And it would just be some Satoshi Dice tick.
And we were like, oh, never mind.
And it was just, it was really frustrating.
I mean, if you sit there and read a lot of the details of the paper, you know, a lot of the heuristics that we developed.
you know, in particular this one around change addresses.
I mean, we just had to tweak it so many times, you know, because of Satoshi Dice or because
of stuff like this, because it would just have such a massive effect on everything we came up
with just due to the sheer volume of transactions.
So that was sort of an interesting one.
And then, yeah, we just sort of had our own, you know, set of weird interactions, I guess.
I mean, the one that I think people like to quote from our papers that, you know, are
Our experience with the mixing services that existed back in 2013 was pretty unimpressive, I'd say.
So they either failed completely to mix our coins.
So we would send them Bitcoins, and they'd send us back our own Bitcoins.
So not so much erasing the transaction history.
Or one of them just stole our Bitcoins.
That was great.
I guess what do you expect?
But yeah, I don't know.
I mean, it was definitely very interesting.
You know, I can only imagine what you'd see if you kind of kept this stuff up
and saw what's going on with the market today.
Let's take a short break to talk about Jax.
Jacks is a multi-coin wallet created by the people at DeCentral.
Now, in the past, if he had a whole bunch of cryptocurrencies,
it was a pain to handle them.
You either had to leave them on an exchange, which was insecure,
or you had to have all these different wallets,
a hassle. Fortunately, now with Jack's, those medieval days of darkness, misery, and suffering
are over. Jack supports multiple cryptocurrencies and new ones are being added. But it's not
just storing cryptocurrencies you can do with Jacks, but you can also exchange them directly
from within inside the wallet thanks to their shape-shift integration. And since there's only
one seed, Jax makes it super easy to back up and sync to the other devices. Jacks works with
Windows, MacOS, Linux, Android, iOS, and has browser extensions for Firefox and Chrome.
So go to jacks.io, that's J-A-A-W-X.I-O, to download the wallet and get started today.
We'd like to thank Jax for the supportive Epicenter.
So could you explain then, if we dive into this more technically, how clustering works to de-anonomize users?
Sure. So basically what we did was we used two techniques.
So the first one has been used by a lot of other papers, basically every other paper that's done stuff like this.
And this is based on sort of this co-spend thing, right?
So basically in Bitcoin, you know, transactions can have many inputs and many outputs.
But the idea is that if you see two addresses used as the same input, right?
So the transaction has to be signed by the secret key corresponding to every input address.
And so the idea is that, you know, people are sort of, well, people are very unlikely to share secret keys,
since that would allow them to spend each other's bitcoins.
And they're also unlikely, although we'll maybe get into this later, to sort of sit around and sign each other's transactions.
So the idea is that if you see two addresses used as the input in the same, in the same Bitcoin transaction,
then they probably belong to the same person.
And again, with people, it maybe gets more complicated.
With services, it's really, I think, quite a safe assumption even today.
Okay, so a service is just going to create a transaction and sign it itself and send that out.
So this is the first heuristic, is basically every address shared ownership.
Okay?
And of course, this collapses, you know, things a lot more than, say, just, you know, for one transaction, right?
So if you look at, you know, addresses A, B, and C, and A and B were used as input to the same transaction.
And then in a different transaction, B and C are used as the input, you know, now you can collapse A, B, and C all into the same cluster.
And so actually, this is already, like, an extremely effective heuristic.
Right.
But in our analysis, the issue was, you know, we, we didn't just want to sort of cluster things.
We wanted to be able to track flows of Bitcoins.
And in, as I said, Bitcoin address transactions can have both many inputs and many outputs.
And so if you've got a multi-output Bitcoin transaction and you're trying to say, okay, where are those bitcoins going, it kind of obscures what's going on, right?
Because you don't really know which output is meaningfully representing sort of the output of the transaction.
So this gave rise to the sort of second heuristic, which was based on this usage of Bitcoin change addresses.
Okay, so in the sort of standard Bitcoin client, at least as it was in 2013, 2012,
Basically, the client would create a new, fresh change address every time change was needed.
And by change, I really just mean, you know, the standard notion of change.
You know, I want to pay for something with a 10-pound note, but it only costs 6 pounds,
so I'm going to get 4 pounds back.
So, of course, in Bitcoin, you know, you can't, I'm not going to give you the 10 pounds first.
You might just take them.
So I kind of create this transaction where I just send 4 pounds back to myself.
And maybe somewhat ironically, the idea was that these, this use of fresh change addresses, okay, so a new change address for every transaction, the idea was that this was somehow more anonymous than just reusing, say, one of the input addresses, or reusing an address that you've already used.
Okay, because a priori, if you look at these transactions, and it's a fresh change address, you can't necessarily tell which is the change address and which is the, the, the, the, the, the, the,
legitimate one. But it turns out, you know, that there are some identifying characteristics,
okay? And in particular, this sort of fresh one-timeness of change addresses allowed us to at least
attempt to identify them. So I say attempt to, I mean, I think in the end we were successful
in reducing the false positives, but, you know, it was extremely tricky, okay? So if you just said,
right, I'm going to just look at every one-time address as a change address, and assume,
then that I can cluster that address in with the input addresses, you're going to end up with
like every service in Bitcoin as one cluster. Okay? So it was really, it would really just
collapse the whole network if you just did things that way. So we had to do quite a lot of tweaks.
You know, I won't get into all of them, but quite a lot of convincing ourselves that the
false positive rate was as low as possible before we could finally apply this heuristic.
And I would say this heuristic, I'd probably not consider, you know, safe for use today.
You mentioned that in, you may see transactions with multiple inputs where you have many of the same inputs.
Is that right?
So, well, you could.
But what would be the use for that?
Why would someone have two of the same inputs in one transaction?
Well, so, I mean, technically in Bitcoin, an input is not just an address.
right? It's an instance of an address, right? So if I receive, if I have an address that I'm, you know, telling everyone about,
if I receive bitcoins into that address in one transaction and then I receive bitcoins into that address in another transaction,
it's not like the bitcoins are just sitting in that address, right? So inputs to a Bitcoin transaction are really more unspent transaction outputs rather than addresses.
and so each input is actually referring back to the transaction
in which it received Bitcoin.
So even though it could be the same address,
the fact that it received Bitcoins in a different transaction
means it still needs to be referenced separately.
Hopefully that makes sense.
Yeah, absolutely.
Now, we talked a little bit about the reception you've gotten, right?
That people were kind of being a bit skeptical.
But if we, what about you?
Like, what is your opinion about the ability to do this kind of thing in general?
Do you think this is a problem because it undermines the kind of privacy that people can have when they use Bitcoin or cryptocurrency?
Do you think that's going to be a roadblock in terms of getting adoption?
Or do you think it is a good thing because it can be used to attract thieves and to prevent money laundering perhaps?
I mean, I'm going to try to take a pretty neutral position on this.
I mean, I would say, you know, it's a bit surprising that people were thinking that a currency they're transacting with that has a globally visible transaction ledger.
You know, every transaction can be seen by anyone forever.
It's a bit surprising that people would think that was, you know, going to provide them with a lot of privacy to begin with, right?
I mean, I know it's using pseudonyms and, of course, looking at those pseudonyms, they have nothing to do with your real identity.
And of course, it's true that even, you know, all these de-anonymization techniques, it's not like they fully actually de-anonymize anyone, right?
It's not like in our paper we've got the real-world identities of people, you know, listed next to all of their Bitcoin addresses.
But, you know, I think, you know, I would say that that expectation to me was never particularly realistic.
So, you know, I would say, again, I think our paper was, you know, a good thing in terms of demonstrating the feasibility of this, and then letting people make their own decisions. I mean, you know, there's always cash if you want really, really genuinely opaque, anonymous transactions. Now, of course, there are the sort of rollout of new ledgers like Zcash and then these overlays onto Bitcoin like coin join and stuff like that that are designed.
to make things, you know, more anonymous. But, you know, the truth is, I mean, again, you've got this
public, transparent transaction ledger. So I think just acknowledging that that is, you know,
never going to get full anonymity in this sort of airtight cryptographic sense is sort of useful
to just guide people in terms of the decisions they're making about, you know, what they're
doing with this currency. Great. So we also talked, we touched briefly about,
coin join and and you wrote a paper recently that talked about some of the privacy enhancing technologies
that are available in general. Can you give a brief overview about what you think are the most
interesting and important ones? Sure. So I mean I think you know coin join is is probably one of the
more interesting ones to me. I mean it's so sort of simple in a certain way you know what it allows
you to do. It's also seen you know actual adoption as far as I can tell.
And, you know, I think it's, it is relatively effective.
I mean, the point of the paper we wrote was that, you know, there were all these claims that, you know, oh, if the values are different, you know, just do subset some, right, just see sort of what adds up to what and you can figure it all out.
And we actually achieved, I mean, granted, we were using, like, my laptop rather than some really beefy machine.
But, you know, we found that it was actually pretty difficult to really do this effectively.
And, you know, part of that is that it's really difficult to even know what's a coin join to begin with, right?
So coin joins typically have sort of more than average inputs, maybe, and more than average outputs.
But increasingly, a lot of the way, you know, exchanges are kind of handling things and wallet services are handling things.
some of their transactions look like that too.
And so it's not actually possible to say.
And just to give some context on coin join, some people may not be familiar with it.
Coin join is essentially if you're going to say, okay, we're going to try to confuse people like you
about like whose address is who.
So if, for example, I want to pay, I want to buy coffee.
SimaCM wants to buy some drugs on Silk Road.
we sort of like mix our inputs and outputs and like sign each other's transactions or make
one big transactions and to mix them. And then it will be hard to know whose output actually
came from whose input. Is that roughly? Yeah. So it's basically, you know, what I said before
about that heuristic of, oh, you know, if there are two input addresses, they probably belong to
the same person. You know, and I said, who's going to bother to sit around signing each other's
transactions, well, coin join is basically the answer to that. So coin join is basically saying,
you know, find two people. Now, of course, with coin join, there is still the question of, of how
do you find these people? But, you know, coin join basically says, right, you guys get together,
sign each other's transactions. This first heuristic, this co-spend heuristic, is now out the window.
I mean, you can't apply it at all. And the other sort of nice thing about coin join was,
you know, there were these mixing services, right? But, you know, as I said with our experiences,
with them, you know, trusting them with your coins. I mean, literally sending them your coins
and then hoping they'd send you someone else's coins back. I mean, that's a flawed trust assumption,
right? I mean, why would you trust some service that you found via Tor? So Coinjoin also addresses
that thing, and then it's sort of fully decentralized, right? I don't have to trust you if I want
to mix my coins with you. And you mentioned that this has actually seen some adoption. Can you
share anything, like what services use it? How has the percentage of coin joint transactions
increased over time? So again, I mean, I can't say 100% because, you know, I don't know
what's a coin join and what's just some transaction with many inputs and many outputs.
I will say, you know, we did a very rough guess at what a coin join might look like.
And regardless of, you know, whether it was true, the number of transactions, you know,
matching that pattern did kind of go up pretty exponentially,
starting roughly around the time coin join was proposed,
so like September, November, 2014, or something like that.
And then the other thing is the way we engaged with coin joins,
or shared coin, as it was called,
was using blockchain undinfos wallet service.
So they actually had it integrated as a feature in the service.
And, I mean, early implementations of it were a little bit,
buggy and I'm not sure if they even support it now, but the fact that it was, this technique
was integrated into one of the main wallet services, kind of speaks volumes about its adoption,
I think.
So there have been some other proposals on how to, you know, have privacy in a cryptocurrency.
Some of those have been actual cryptocurrencies like Dash. We've had Zcash as a topic on the
show before, Manero as well. What is your opinion on these privacy enabling cryptocurrency
I mean, to be honest, I'm a bit torn on them. I mean, I, you know, I think, well, certainly, you know,
cryptographically, you know, stuff like Zcash is, is really interesting. You know, it's really great
to see that, you know, the feasibility of it. You know, I'm in a lot of senses a big supporter of it.
On the other hand, you know, a sort of fully anonymous cryptocurrency, you know, it is,
it is ultimately a little worrisome, you know, just thinking about sort of, you know, the kinds of
people who would gravitate towards that, you know, what people are doing with it. You know, and I, I do think
also from a sort of, you know, regulatory law enforcement perspective, I mean, you know, we've been,
it's been pretty positive, right, mostly the response that we've seen to Bitcoin. And I think,
you know, a big part of that is that law enforcement, again, maybe after some initial shock, is
looking at this saying, you know, well, actually, this transparency works to our benefit. And, you know,
if we just sort of learn to deal with this, you know, this is, I mean, in some sense, it's a lot
better for them if, you know, drug dealers or whoever are using Bitcoin than using cash, right?
I mean, you can learn a lot more from the Bitcoin transaction ledger than from cash, which again is
really opaque. So, you know, in some sense, I'd also wonder, you know, if we sort of see real adoption
of stuff like CCash or dash or whatever, you know, what the response would be there, right?
Because there you really can make essentially no case about the ability of, you know,
law enforcement to effectively, you know, neutralize threats or whatever.
So that, that I think, would be really interesting to see, you know, how it plays out.
Let's take a break to talk about the Ledger NanoS, the new flagship hardware wallet by Ledger.
I'll pass it over to the Ledger's CTO, Nikodabak.
who can tell you all about Ledger's security features and SDK.
So Ledger NanoS is a personal security device based on a secure element, a screen and button,
so that you can verify everything that is done on device
and make sure that you are really doing what you wanted to do.
Compared to our previous solutions, this device is based on the latest generation secure element,
the ST-31 from ST-My core.
The SD-31 is using a secure arm core,
which means that you can have the same ease of development
that you would have on a generic microcontroller,
but benefit from the security features of a secure element.
Security features include an application firewall
at the lowest level that let you protect applications from each other,
which means that you can load multiple applications on the hardware wallet,
even post-issurance,
and you as a developer will be able to leverage these features
to load your own application without our authorization
and without any kind of authorization from the vendor.
We will be providing this.
device with an open SDK that let you do anything you want with this device.
We provide sample applications for cryptocurrencies, different cryptocurrencies, so Bitcoin,
Ethereum. We will also provide a Fido Authenticator and you will be free to add everything
you like. For example, you could have some secure messaging, some encrypted chat,
and you'll see that the solution is quite powerful and very easy to develop with.
The nano-s sets the new standard in hardware wallet security and usability.
You can get yours today at ledgerwallat.com.
And when you do, be sure to use the offer code epicenter to get 10% off your first order.
We'd like to thank Ledger for their support of Epicenter.
Coming back to specifically your research and denonization,
do you have any experience or, yeah, has law enforcement used those techniques?
know of any instances where law enforcement says use those techniques to de-anonomize transactions
and potentially, like, you know, catch a criminal?
Well, I mean, I guess everyone likes to point to sort of, you know, what's publicly known,
right, in the sort of Ross Ulbricht case, you know, that one of the appendices or whatever
was essentially, you know, blockchain tracking analysis, you know, from him to Silk Road or
Silk Road to him. I've definitely talked with law enforcement. You know, they don't,
necessarily keep me in the loop in terms of what they're doing. So I genuinely don't know,
you know, exactly what version of these de-anonymization techniques they may or may not be using.
But I've certainly talked with them. Now, this is probably kind of a question that doesn't
have a real answer, I suspect, but let me ask it anyway. Do you think there is a way to have
sort of the best of both worlds, to have some ability for,
law enforcement, for governments to prevent money laundering, but at the same time also have
a privacy for the users. Is there a way to have both? I mean, basically, no. You know,
there are ways technically to, you know, achieve things that look kind of like that, assuming, you know,
honest governments and stuff like that, right? I mean, there's escrow systems or, you know, identity
registration. But, you know, the assumption there is that, you know, basically your identity
is sort of locked up in some way that only if law enforcement came along with, you know,
probable cause and whatever, whatever, that they could unlock it or someone could unlock it
for them. And unfortunately, this assumption just doesn't satisfy anyone anymore, right?
Especially not people in these communities. I mean, so basically, the answer is not in any way
that you could really see being adopted. I mean, you could propose this,
where technically all the features were there.
But, you know, I suspect no one would believe in it.
Maybe we've, yeah, just, maybe it's a bit cynical.
But I basically think that the assumptions that would be necessary
to guarantee that, you know, your identity wasn't going to be revealed
unless blah, blah, blah, people just wouldn't buy that anymore.
Although I guess you could have something like with what you talked about, right?
If sort of the information was guarded somewhere and then you had some,
kind of multi-sick type thing that gave access to law enforcement, so at least you could have,
for example, have a record of every request being made and the evidence presented by law enforcement
so that someone can go back.
Perhaps one could construct systems that would at least give a decent amount of assurances.
Well, again, it's technically feasible to do these things.
I mean, maybe it's even interesting to sort of see what it would look like.
But again, I mean, the issue with these things is not just that, you know, most people in this space would just assume that law enforcement was just de-anonymizing everyone.
It's that that kind of thing. It's almost impossible to make that visible.
Right. So this sort of de-anonymization where they're just, you know, getting every identity out of escrow, so to speak, it's very, very difficult to imagine how to
make that like a visible known process as opposed to something they can just invisibly do behind
the scenes without anyone knowing how many identities they're you know opening up and and
which ones and stuff like that and of course if you could know which ones then it would kind
of defeat the purpose so that that is the part that you know is technically kind of it's not
clear what that would look like maybe if you could make it visible you know how often
this was happening and enforceable, then people would be more attracted to it. But, yeah,
again, I think technologically, there are interesting questions. Maybe it's feasible,
maybe it's not. Sociologically, there's quite a lot of, you know, obstacles for a system like that.
Today's magic word is currency, C-U-R-R-E-N-C-Y.
head over to letstockbidcoin.com to sign in, enter the magic word, and claim your part of the listener reward.
So moving on to another topic that you've done a lot of research on and written a paper about is central bank cryptocurrency.
So, of course, we've had David Andolfato on quite a few months ago to talk about this topic.
And recently has come up in the news since the bank.
of England has announced that they are working on a project to build a central bank
cryptocurrency, which I personally find this really interesting. Kid, you talk to us about,
about your research around this, and specifically the protocol that has been developed
that you've co-authored called R.S. Coin. Sure. So basically, I moved to London
almost exactly two years ago.
And, you know, I was sort of, you know, giving talks, meeting people working in kind of
fintech and stuff like that in London.
And got introduced to someone at the Bank of England and learned that they had formed
very recently this digital currency group, kind of went, met them, talked with them.
They pointed me at this research agenda that they had just published, this one bank
research agenda. And in this agenda was this question of, you know, how would central banks issue
cryptocurrencies? So, you know, I mean, anyone who's sort of spent, you know, any academic
anyway, who spent time looking at, you know, stuff like Bitcoin, you know, finds it a bit worrisome
that, you know, there's so much hashing going on and that, you know, the scalability is seven
transactions per second. I mean, it's a pretty common list of complaints that, you know,
people have, or, you know, limitations that people see in these systems. And so, you know,
already I had sort of talked with my colleague on George Janaisus, my now co-author, about, you know,
some of these limitations and about, you know, ways to maybe get around them. And so this kind
of naturally coincided with, you know, looking at this question of how would central banks
issue cryptocurrencies. And so our feeling was, you know, full decentralization is ultimately
quite a sort of paranoid requirement, I guess. Like if you say my system has to be fully decentralized,
I don't trust anyone, you know, I don't trust any group of people, I just want this sort of to be
spread out as much as possible. You know, that that's not a setting that we always find ourselves in,
right? I mean, I can name sort of lots of computing settings where I would be willing to trust,
you know, a set of people. And so our question was, you know, if, if you're willing to, you're willing
to relax there, and if you're willing to trust, say, a set of people, you know, many people,
it doesn't have to be small, what would it look like instead? Okay, and in particular,
if you sort of inject a central bank into this picture, okay, and you have this sort of
central point of trust, to what extent can you minimize the trust that you place in the
central bank, but still get much, much better properties,
in terms of these kind of scalability limitations.
Okay, so to what extent can you overcome these
by placing trust in some kind of central party,
hopefully not too much trust?
And that was basically how the project got started.
So one of the main characteristics of a,
or roles of a central bank is money issuance.
Could you explain how in your proposed protocol,
the central bank would have the ability to issue
money into the system and extract money from the system?
Yeah, so it's really quite simple, actually.
So basically, the bank is the only one who's allowed to issue new coins.
And that's because the sort of rules of the system are that all sort of new transactions,
so creation transactions where the coins come from nowhere, have to be signed by the bank.
So you check if the signature on that transaction is valid under the public key belonging to the bank.
And if it's not, then it's not a valid coin generation.
And if it is, then great.
So it's very simple sort of technologically, you know, how we make that limitation.
Actually, the question of extraction is a really interesting one.
So in our system, it's not just the central bank that can extract coins from the system.
So, right, in any, you know, system like Bitcoin or whatever based on sort of public and private keys,
basically anyone can destroy coins, right?
And we've seen lots of examples in Bitcoin of people destroying their bitcoins or just accidentally, you know,
wiping the hard drives that the keys were stored on instead just losing their bitcoins.
And so that's also a property of our system in the end as well, that anyone can still, you know,
burn their coins if they want to.
Although I guess would it be possible, let's say I, in Bitcoin, I had my hot drive with
a million dollars on or something and I throw it in the dump and then it's gone.
I mean, I guess there wouldn't be, because I mean, if you could prove that it's lost,
potentially you could go back to the central bank, say, listen, it's lost.
Can you reissue my money?
Right, but I, again, I don't see how, I mean, lost is indistinguishable from dormant, right?
So I can't prove that I don't know a secret key.
Right, unless, I guess sometimes it gets sent to an address where you know that there's no private key now.
Yeah, although, that's an interesting, like, crypto question, whether you can prove that it's like a hash.
I mean, the thing is it's a hash, right?
So I don't think you can even prove that, that it's a hash for which no secret key exists.
I mean, there is that one Bitcoin address, right, which is the hash of like the all zero string.
But even for that, I don't really know how you'd quite prove it.
Interesting crypto questions.
So what would some of the advantages be for a central bank to do something like that?
Sorry, just to clarify, do you mean the advantages for the central bank itself or the advantage?
Yeah, for government to say, okay, we're going to go ahead, we're going to issue our national currency, British pounds, for example, on a blockchain and running it as a sort of cryptocurrency.
Why would they do that?
Yeah, I honestly can't answer that.
So, you know, I don't work for the Bank of England.
I'm not an economist.
I mean, you know, I think we've asked them that.
I think they did recently publish something with, you know, some money.
ideas in sort of economic terms.
But yeah, to be honest, you know, we were really focused on the how and not so much on the
why.
Let's take a short break and talk about hi.combe.
High.combe is a VPN provider.
And if you don't know yet why you should need a VPN provider, let us help you.
I'm sure you were like me and when all the crazy revelations came out during the Snowden
time of all the spying that is being done by the NSA and other government agencies, you
were shocked and you said not with me, not with my own rights. Now, the way government agencies
can spy on you, there's many of them, but the most easiest way is by simply going to your
ISP and getting all your traffic, capturing all your traffic. And the VPN can protect you from that.
It can give you a secure tunnel from your computer to any of the exit nodes all over the
world so that all your traffic goes to this secure pipe that's encrypted and cannot be.
intruded on and with Haid.Me, you can choose any of their 30 exit nodes all over the world
so you can enter the internet in a secure location.
The best thing about Hyde.mee is that they have a free plan, which includes two gigabytes of
unthrottled bandwidth per month. So you can go to Hyde.me. slash Epicenter to create your free
account. And when you use that URL, you'll automatically get 35% off if ever you decide to go
premium. Now, the premium plans are really great. They include unlimited bandwidth, access to all of
the 30 exit nodes that HyD.Me provides, and you can install it on up to five devices at a time
so you can have this running on your phone, your tablet, your computer at work, your personal
computer, and just be completely protected all the time. And of course, Hi. DotMe accepts Bitcoin.
So we'd like to thank HyD.Me for their support of Epicenter Bitcoin.
So in your paper, you talk about Mintets, which are, I guess, sort of validates of transactions.
Could you explain how then, what, so what does the transaction validation system look like in RSCOIN?
Yeah, so basically these mintettes, as you said, are there to validate transactions.
And the idea is that, you know, rather than using a very expensive broadcast channel like Bitcoin uses,
users can actually be aware of these mintettes directly.
Okay, so this is, again, the big, big trade-off in terms of trust that RSCoin makes,
which is we say that there's sort of this list of known mintettes.
These mintettes have, you know, some real identity, okay, so they could be like a commercial
bank or something like that.
And users can actually go directly to mintettes with their transactions to process.
The sort of space of transactions is sharded up.
So this means that each mintette is an owner of a certain sort of subset of all transactions.
Okay, so again, we're sort of.
sort of avoiding this situation in which every mintette needs to hear about every transaction.
This is really the thing that makes Bitcoin so very expensive.
And the idea is that users will now go to mintets with their transactions.
Mintets will sort of process their own little space, you know, of these transactions,
obviously talking at some point with other mintets who they might overlap with.
And then at the sort of end of some predetermined time interval that we call a period,
Mintette send these transactions to the central bank, and, you know, by sort of the magic of
consensus, the set of transactions that the bank receives is, hopefully, if everyone's been
behaving well, already consistent.
Okay, so there's no double spending.
There's no, well, mostly double spending is the thing we're worried about.
So this is a good set of transactions, and all the central bank has to do is kind of, you know,
set union and publish these transactions, and, you know,
this is the sort of set of transactions that have happened.
So if you, let's say now Barclays was one of those mintettes.
And does that mean if I hold some money, it is held with a particular mintette kind of
and I have to send my transaction there or can I say my transaction anywhere?
Well, so the way we've designed the system, we designed it to eliminate communication amongst mintettes.
Okay? So the way it currently works is that a user will sort of have this lookup table,
and they'll say, right, here's my transaction, who do I send it to? Okay, so the transaction
itself sort of determines the mintette it needs to get sent to. So yeah, it's not the case that,
oh, all my transactions go through Barclays or all my transactions go through HSBC. They go to
whichever mintette is responsible for that particular transaction. And then if I have another
transaction, it may go to a different mintette. Now, of course, I should mention you might imagine a
system in which, you know, while I say, well, I know Barclays, you know, that's my, that's my bank,
can't I just send all my transactions there? And the answer is basically yes, but then that's,
that just requires another layer of sort of communication, right? So Barclays would then sort of
forward your transaction to the Mintette who was actually responsible for it. So it's a bit of just
a technical detail. But in the system as it's currently laid out, transactions just sort of
go to whichever mintette is responsible for that transaction.
And if you dig a little bit deeper, so let's say I want to send some money to
Sebastian and then my transaction, it would get sent to the mintette where his address is
managed at, or I don't totally understand how this works.
Yeah, so basically you have some coins and you received them in a certain transaction.
And that transaction, just, you know, it has some hash, and the hash of that transaction
determines which mintettes are going to be responsible for processing that transaction.
So when you go to send those coins onward, it's just sort of determined by that hash.
So it's really quite a random, well, not literally random, but yeah, it has nothing to do with you
or the recipient or your address or which address you're using.
it's really just dependent on this sort of, you know,
random string of characters that represents a transaction.
And so what about double spends?
Let's say now the mintets were maybe some corrupt employee or something like that,
or maybe one of the mintettes itself is sort of dubious.
Is it possible then for them to facilitate double spend of money?
So if one of the mintettes is bad, then no.
If a lot of the mintettes are bad, then yeah, this becomes a problem.
So in particular, we have these two sort of models.
One is a nice friendly model where we say there's an honest majority of mintettes per shard.
So that means that when I'm processing my transaction, a majority of the mintettes that are looking at it are good.
Okay, they're going to not sign off on double spending.
So if you're in that setting, then we can guarantee that double spending is not going to make it into the ledger, you know, full stop, even if there are in every shard, you know, one or two bad mintettes.
We still can make that guarantee.
I mean, of course, this depends on the number of mintettes per shard, right?
So this is your classic, like, distributed system redundancy thing, right?
I mean, it could be three, five, seven, whatever.
Now, there is, you know, we're cryptographers, we have to be paranoid professionally,
so, you know, there is the possibility, well, what if you have a dishonest majority per shard?
And so in that setting, we actually can't guarantee that double spending isn't going to make it into the letter,
but what we can guarantee is auditability, basically, of these mintettes.
And so in particular, we can say that if double spending does make it into the letter,
we can force mintettes to essentially log their activity throughout this period,
and we can then go back and look through that activity
and see which mintettes were responsible for getting that double spending into the ledger.
Okay, and then, again, because we do have this sort of central point of trust in this central bank,
we can actually take action against those mintettes, okay,
and they can be punished appropriately for allowing double spending to make it into the ledger.
Let's look at it this way.
I don't know if this would be possible or not, but would it be possible?
Let's say you had, you know, like all the major banks in England, for instance, and a majority of them were in disalignment or not agreeing with economic policy.
Could we see some sort of, I don't know, like an economic banking coup where, like, a majority of banks would take over the system and form their own, like, new central bank?
where they would impose their own monetary policy?
Well, I mean, you know, ultimately, you know, R.S. coin, as we've proposed, it is just sort of another ledger, right?
So, I mean, of course, it really just depends on adoption and on what people want to do, right?
I mean, if the banks say, you know, I don't agree with your policy, I'm not going to act as a mintette for you anymore,
then they could stop acting as a mintette, and they could go off and, you know, form sort of, yes,
some system without the central bank or some system with another central bank.
But, you know, ultimately these things are all driven by adoption, right?
I mean, maybe no one's ever going to use something like RS coin.
They're all just going to keep using Bitcoin, right?
Or something like that.
So, I mean, they can certainly set up alternatives.
You know, in our imagining of the system,
Mintets have, you know, quite a lot of pre-existing incentives going on with the central bank
that would lead them to want to act as Mintets.
But sure, it's in their power to stop at any point.
So one of the things that strikes me as interesting in this sort of paradigm where a central bank currency now has a payment system integrated into it is the need or reliance that we have on payment system.
So today we have cash and we build all of these electronic payment systems to allow for electronic transfer since cash doesn't allow for that.
So it sort of at a macro level, when you look at it now, what becomes of payment service providers
in a new paradigm where a central bank currency has a payment system integrated into it?
Do they become redundant?
Or do they have, are they still valid in that system?
I guess is my question.
Yeah, it's a good question.
I probably haven't thought enough about it to have a great answer.
I mean, you know, I think in all of these things, you know, we just see a sort of shift, right?
So with commercial banks, for example, you know, you could imagine that rather than having individual users hold accounts with central commercial banks, these commercial banks would instead shift to acting as these mintettes, right?
And maybe the central bank, you know, as it does now, it could actually delegate some of these responsibilities of, you know, generating new coins and stuff to some of these mintets.
over time. Now, of course, I'm not really envisioning any sort of near future scenario where,
you know, we stop having bank accounts and start doing all this kind of stuff. I mean, for one thing,
in this system, you know, there is a bit more of a burden placed on the central bank to
maintain things, you know, than in the system where this is all sort of just outsourced to the
commercial banks. Here I'm probably revealing my complete lack of understanding of the banking
system. But yeah, I mean, you know, you would definitely see a shift in the sort of role of
payment processors and commercial banks and all that. And I guess one thing also is that you put a
burden on the user since now the user has to protect their keys. So perhaps then in that case,
the banks could, you know, continue to act as custodians of private keys to, you know,
avoid just like people just losing their money outright. Another thing that's really interesting
about this is the, and of course this is dependent on whether or not a central bank issued
cryptocurrency, whether that central bank would keep the protocol open, well, is the ability
for people to innovate at the edges. So, you know, if you allow basically just anyone to create
wallets or create applications built on top of the central bank currency, you basically have a
scenario like Bitcoin where you can allow innovation at the edges. Have you thought of some of the
perhaps use case, you know, interesting new use cases or business models that this would
enable? Again, probably, you know, not enough to really get into it. I mean, I will mention this
definitely was, you know, one of the things that came up, you know, in our conversations with the
bank, you know, that it was sort of, you know, the system we have now is very fixed, right? If a,
you know, cool new startup comes along and they want to be a competitor to a central bank or even
to one of the really established payment processors, you know, there's quite a high barrier
to entry to a lot of these systems, right? I mean, it's sort of unimaginable that a startup
would come along and just start acting as like a clearing bank, right, or start participating
in these kind of like really nitty gritty interiors of this system. And so one of the things
they emphasized was, you know, that they wanted to kind of lower this barrier to entry, right?
They wanted a system in which a startup could come along and start acting as a mintette and start doing this kind of stuff.
And then, as you mentioned, I mean, I think there's lots of other, you know, interesting ways to innovate here.
I mean, as you said, you know, users shouldn't be storing their own keys.
We don't really want users to actually have to contact, you know, look up who the mintettes are and go contact them.
So you could imagine creating kind of, you know, much better interfaces there.
So, yeah, I mean, again, I probably haven't thought.
it through enough, but I would say lots more room to innovate.
So also, we mentioned a few times you've done an episode before with David Andolfo
who wrote this paper Fed coin, right? And he sort of looked at the same thing, but from
economists' perspective. And one of the things that we talked about there, which is interesting,
and I think the payment processor aspect is an interesting question. Even a more fundamental
question is what happens with the role of banks, right? Because if you have, you
have something like that, right, the central bank issued money, then all of a sudden the whole
fractional reserve system doesn't really make so much sense anymore because you actually have,
everything becomes kind of like cash. And with cash, of course, you don't have the kind of leverage
and credit that you have in, that you can have with today's digital money system. So it's,
it would be a very fundamentally, very fundamentally, very fundamentally,
sort of challenges the entire way of how the banking system works. So we talk with him about that,
we also realize, no, this is actually an extremely disruptive thing. And what was also, of course,
interesting that some of the sort of, you know, Bitcoin users are like, oh, terrible, you know,
this is not trying to keep everything the same. It was like, if you actually look at it, it's like,
no, this is not keeping everything the same at all. It would have massive implications. This is probably
also why it's not going to happen anytime soon. At least that's what I suppose.
Well, I mean, you could imagine a sort of hybrid world, right, in which, you know, something like this gets rolled out alongside the existing banking system, right? So the, you know, digital sterling or whatever you want to call it wouldn't replace the pound sterling. It would be sort of an alternative. Now again, this gets back to the question of why, why use this, which I really genuinely don't know how to answer.
But yeah, I mean, you could imagine, you know, some kind of rollout that wasn't, you know, fully disruptive that was kind of, you know, just a bit of experimentation, you know, see how it gets adopted, see what people are, you know, sort of using it for.
What are the interesting use cases rather than trying to, yeah, just completely replace what's going on now?
And also one of the things we mentioned with David, which I'm not really sure how this would play out, but if you have most of the major,
economies issuing central bank currencies on an open cryptographic ledger and all of a sudden,
you know, someone in Guatemala can really easily use the U.S. dollar than what happens to all
these, you know, second and third tier currencies when, you know, anyone in the world can start
using first-tier currencies. Do they simply evaporate or, I mean, I don't have enough economic
knowledge or know anything about that, but it just seemed to me that if this were to be massively
adopted by large countries, we may also see a shift in how currencies get issues worldwide.
Yeah, I mean, again, not enough real knowledge to answer.
I mean, yeah, one of the things we did kind of talk about, though, was, you know, how different
chains would interact with each other and, you know, how trades would be made across chains.
And, you know, as you said, Guatemala or a lot of, you know, countries in Central America,
either just use the US dollar or a pegged to the US dollar, you know, so how would that kind of thing work?
So these are all, you know, very, very interesting, I think follow-up questions, you know, again, certainly don't have the answer now.
So you've done quite a lot of research on some of these Bitcoin questions and now with R.S.S.coin, what are some of the questions you find interesting today and would like to look at at this point?
Well, you know, I'm still interested in these kinds of questions of, you know, scalability and just the basic, you know, tradeoffs that are being made. I think, you know, we've just, we've seen a few examples along the design space, you know, the full decentralization, but then quite limited scalability. You know, we've seen kind of maybe our answer. We've seen other things going on. You know, I'm still very interested in exploring that. I'm also, you know,
still very interested in this question of how to balance, you know, privacy and transparency,
right? So, I mean, I think, again, we've seen and discussed that, you know, Bitcoin is
one way, a very, very imperfect way. We've seen Zcash as another approach, but, you know,
Zcash is largely, I mean, Zcash is sort of for Bitcoin, you know, I think going outwards
to stuff like, you know, Ethereum, you know, how are you going to start balancing privacy,
there, you know, people are talking about, you know, the blockchain is the solution for every problem,
you know, medical records, stuff like that. I mean, then you really start to, you know, wake up
and think, you know, what are you talking about? You can't store people's medical records on a
blockchain. That's insane. But, you know, I mean, as we talk about storing, you know, all this
different kind of information, you know, how is this really going to work? So all these different
use cases. So, you know, for me, it's really about, you know, we've got a lot of sort of interesting
prototypes out there, you know, things that people actually can play around on. I think I'd quite
like to go a bit in the other direction and start with interesting use cases and interesting applications
and then work backwards a bit, you know, and think, what are the requirements of this setting, you know,
is privacy, I mean, I think privacy is probably always going to be something that's quite critical.
But, you know, in, for example, the central bank setting, you know, this was basically our answer to that, right?
We were saying, okay, this is not a setting where you need decentralization, right?
I mean, it's just if you believe in central banks, if you are a central bank and you want to issue a digital currency, you don't need full decentralization.
That's very clearly overkill.
So what's the solution?
And this is how we came up with our S-coin.
And so I think in general, you know, it's maybe time, things are maybe mature enough to start looking.
more at the use cases and then working backwards to an appropriate architecture for those use cases,
you know, rather than just saying, you know, oh, you need to use Bitcoin or oh, you need to use
Ethereum. That sounds very interesting and I agree. I think that will be a huge task is to figure
out how to actually use all of this technology and in all of these new applications that people
think about. And I certainly do think that there's so much interesting potential there and so much it can
be done, but at the same time, people do kind of forget about a lot of the complexities and
problems that first have to be solved. And I think privacy is certainly an excellent example
of that, and it's a hard problem to solve, right? Yeah, definitely. I don't expect to, you know,
have an answer for you in a week. But, you know, this is the perk of the academic lifestyles.
We've got lots of time to work on these tricky questions. Well, thanks so much for coming on,
Sarah. It's been a pleasure and we certainly look forward to seeing all the future papers and
research coming out of your work and out of your lab. And so I think that's great work you're doing.
So thanks so much. All right. Yeah. Thanks so much for having me again.
And of course, thanks so much for listeners. We were going to have links to Sarah's papers and also
to her academic page. So if you're going to keep up with her work, we'll have that in show notes.
so you can check that out.
And we'll be back next week.
So Epicenter is part of the LTV network.
You can find this show and lots of others on let's stopbrickman.com.
And yeah, we put out new episodes every Monday.
You can find it on all the apps, iTunes, Android, etc.
Just look for Epicenter and you should find it.
So thanks so much.
And we look forward to being back next week.
No.