Unchained - Monero's Riccardo Spagni, aka Fluffypony, on How He Feels About Monero Being Used for Crime - Ep.93
Episode Date: November 20, 2018Riccardo Spagni, the lead maintainer for Monero, describes the four pillars of Monero's privacy, makes the case for why it would still be valuable even if BItcoin were to adopt privacy, and explains t...he ways in which its privacy is stronger and weaker than Zcash's. He also discusses his new project, Tari, and how it could enable a new world of natively digital assets such as tickets, loyalty points and in-game assets, and how it will relate to Monero. He also explains his view on the fact that Monero is one of the top currencies used on the dark web and appears to have been in demand by bad state actors such as North Korea. Plus, he gives us his backstory, which includes gel-based nail polish and bikinis, and the origin of his nickname, Fluffypony. Thank you to our sponsors! CipherTrace: https://ciphertrace.com/unchained Altlending: https://altlending.com Abra: Click this special link for a free $25 in Bitcoin! https://www.abra.com/unchained Episode links: Riccardo Spagni: https://twitter.com/fluffypony?lang=en Monero: https://getmonero.org Tari: https://www.tari.com Wired article on Monero's traceability: https://www.wired.com/story/monero-privacy/ Laura's listener mail episode: http://unchainedpodcast.co/listener-mail-laura-answers-your-questions-on-the-markets-velocity-privacy-and-more-ep88 Unchained episode with Zooko Wilcox of Zcash: http://unchainedpodcast.co/zcashs-zooko-wilcox-on-why-he-believes-privacy-coins-will-be-used-more-for-good-than-bad Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Hi everyone. Welcome to Unchained, your no-hype resource for all things crypto. I'm your host, Laura Schind. If you've been enjoying Unchained, pop on the iTunes to give us a top reading or review that helps other listeners find the show. Within months, cryptocurrency anti-money laundering regulations go global. Are you ready? Avoid stiff penalties or blacklisting by deploying effective anti-money laundering tools for exchanges and crypto businesses, the same tools used by regulators. CipherTrace is securing the crypto economy.
ABRA is the easiest way to invest in crypto.
Their all-in-one exchange and wallet provides access to 28 cryptocurrencies.
And Bit10, the only crypto-index product available to everyone, everywhere.
Get started with $25 in Bitcoin at Abra.com slash unchained.
The future of lending is here.
Altlending enables companies to leverage their Bitcoin or Ethereum assets to borrow U.S. dollars.
To learn more, go to altlending.com and use promo code,
chained for offer details for an interest-free month.
Crypto-collateralized, old-lending.com.
My guest today is Ricardo Spanii,
aka Fluffy Pony, as you may know him on Twitter.
He is the lead maintainer of Manero.
Welcome, Ricardo.
Thank you very much for having me, Laura.
You have an incredibly fascinating background.
It's one of my favorite backstories in all of crypto.
Tell us what you were doing before you got into Bitcoin and how you got into it.
Now that you're putting me on the spot, I feel like I should change it up and be like I was a superhero.
And then I quit my life of crime fighting to like get into Bitcoin.
Well, if you did that, I would just tell everybody that that's not true.
So why don't you stick with the real story?
Cool.
So I'll stick with the truth then in the absence of an interesting lie.
No, I've been a developer for most of my life, eventually worked my way up to quite a senior
a position at a listed company in South Africa.
And I did not enjoy that for a number of reasons.
I felt that corporate just wasn't a good fit for me.
And the way we treated employees and the way we didn't value them really had an effect on me.
So after a couple of years at that, I quit and started an import-export business with my wife
or my girlfriend at the time.
And that ended up becoming quite successful.
I wrote all of the back end systems for that, which I think contributed, at least I hope it contributed to its success.
And along the way, we took on a bunch of staff, we eventually took on a general manager to manage operations.
And I found myself in a position where I was largely non-operational.
And that freed me up to do other things.
And I discovered Bitcoin.
And this was early 2011.
I read an article on Slashdot.
It was about a Google engineer who had,
he was either writing or had finished writing a library for Bitcoin. And I was like, well, if a Google
engineer thinks it's interesting, maybe it is interesting. And I sort of went down the rabbit
hole, started with mining Bitcoin, which I think is a journey that a lot of people take. They
sort of look at mining and they go, wow, this is a way to earn free money, which it isn't, but
your brain tells you that. And went from that to really poking holes.
in Bitcoin because I felt that its claims as to security and robustness were not entirely valid.
And so I spent a lot of time proving it to myself and writing, you know, sort of theorizing
about civil attacks and even writing tools to try and attack the network.
And through the process, I learned a lot about Nakamoto Consensus.
I learned a lot about the robustness of proof of work.
And eventually this led to me getting really interested in the ecosystem, the mining ecosystem
and as well as the burgeoning ecosystem as a whole.
And eventually I started a bunch of things along the way.
Some of them are still going.
Some of them were crazy ideas that crashed and burned.
And, you know, did a lot of experimentation with like, you know, ways to enable people to earn
Bitcoin.
And eventually in 2014 discovered Minero just before it was launched when it was pre-announced
and got involved with Minero from day one.
Well, so there's a piece in there that I feel like you left out, which is what I find so
funny and interesting.
But wasn't at least a piece of the business that you ran with your wife?
One of it was bikinis and the other was gel nail polish?
Yeah, good memory.
So, well, I saved my inner.
reviews. It's not like I was working from memory. Although, although those were such good details
that, yeah, I probably did remember them. So, yeah, so we, with the import export business,
our main product lines, our two biggest product lines were Joel-based nail polish systems
and bikinis. And I would often joke with people that, like, I know more about nail polish,
Joel-based nail polish in particular than, I think, like, most men on the planet.
And like with the bikinis as well, you know, like I took a, I took a sincere interest in bikini design, which I think a lot of men would.
And it is kind of weird having your wife walk in and you looking at pictures of girls in bikinis.
And she's like, what are you doing?
That's not a design that we have.
And you're like, yes, this is a design that we want.
And she looks at it.
She's like, oh, you know, this design is terrible.
And you're like, I start, you know, having a debate about bikini design.
That's not a conversation that most couples have.
So it was interesting.
Yeah.
And I mean, I feel like even if that were a conversation that most couples would have,
like you wouldn't expect that then also they would be the same couple that would be talking about, you know,
cryptography and privacy and digital currency.
So yeah, that is a piece of your story that I love.
As you mentioned, you did not found Minero, which I think a lot of people think of you as the founder.
But obviously, as you just mentioned, that's not true.
So tell us how you came to be the lead maintainer for Monero.
Sure.
So Minero was started by a guy called Thankful for Today, obviously not his real name.
And yeah, just in case everyone was wondering.
And thankful for today at the beginning was fine.
The first few weeks, he was like a benevolent dictator.
Everything was great.
And after like a relatively short period of time, I mean, I'm talking like three, four weeks.
He just started being odd and not listening to the community.
So the community would say like, oh, we think that such and such should happen.
And he'd sort of put his foot down and be like, no, we're not doing it that way.
And it culminated in a decision where he wanted Monero to be merged mined with another coin called Bitcoin, which was like a giant scam.
And the community was like, no, we don't want to be merged mine with a giant scam.
and he was like, well, tough, that's what's going to happen.
And with the massive community outcry amongst all 25 members of the community at the time,
it was kind of like, you know, it was due or die time.
And myself and six others decided to fork the software and to have a parallel implementation
that would not, you know, if he decided to go and make Minero emerge mind,
the parallel implementation would not have that.
And, you know, to his credit, he ran his implementation for a few months, for like six months,
but then eventually gave up and abandoned it and disappeared and hasn't been seen since
late 2014, early 2015.
Interesting.
I guess this is a lesson to all crypto creators who,
don't listen to their communities.
So many of Monaro's developers are anonymous.
How did you decide to make yourself the face of Monero?
That's a good question.
I didn't decide to make myself anything.
I guess...
Well, I mean, you're publicly known.
People know who you are.
They could recognize you on the street.
So, you know, my interest in Minero was primarily at the time and still is ideological.
I have a belief in privacy as a basic human right.
And I was interested in this technology that could advance that,
that could enable people's privacy,
especially those who were in places and in situations
where their privacy was taken away from them.
And I found it very interesting from that perspective and very empowering.
And I guess,
part of me felt that a privacy technology like Minero would struggle to make inroads unless
there were at least some people that were not pseudonymous and that was a contributing factor
and another part of me just felt that like from an ideological stance like what's the worst that
can happen you know if if a government that is anti-privacy tries to take you out you just
become a martyr. So it's not really in their interest to do that. That's not to say that everyone
that's working on a privacy technology should use their real name, but I didn't feel that it was
high risk. And I did discuss it with my wife beforehand, and she agreed with me that there were
risks, but they went high enough so as to worry. Oh, that's interesting. Yeah. I mean,
if you piss off the right state actor or the wrong, I guess you could say state actor, then
depends on your point of view. Yeah, then you definitely do run a risk. But something that I find
interesting is, you know, you talked about how you think privacy is so important. But do you think
most people view privacy is important? Because I feel like from what we see in people's
behaviors and their reaction to certain big news events like the Edward Snowden revelations or
this Facebook Cambridge Analytica data breach and other things. It feels like people don't really
care about it. Do you agree with that? And if so, how do you make them care about it? Yeah, I absolutely
agree with that. I think that people are largely apathetic, which is sad. They've sort of,
they've got this worldview where, and it's not their fault, but they've been slowly suckered
into believing that you can have access to a bunch of services on the internet for free
and that that's a good thing.
And what they don't realize is that they are paying for the services.
They're just paying for the services with their data, with their information, sometimes
with their intimate information.
And I don't, you know, I sort of, I joke apart this that people will gladly give over like
all of their photos and all of their personal information as long.
as they can carry on playing Farmville. And it's sad but true that people, people are, they just do not
even realize it. And I think like things like the Cambridge Analytica breach and all of the breaches
have, there is a growing group of people who understand why privacy is so important. But by and
large, the general internet using populace either doesn't know or doesn't care.
Yeah, so this is something, yeah, I feel I am aware of because as a journalist, I've written
about how dangerous it is if your data gets out there and in the wrong hands.
But yeah, I don't know how to make people care about it because I literally just a few weeks
ago was on this panel and one of the other panelists said, I don't care about privacy.
can have my data and I was like, oh my God, like, you do not know what you're talking about.
But anyway, one other thing I want to ask about is obviously Monero's main distinguishing feature
is the fact that it offers privacy. But a lot of people have been talking about the potential
for Bitcoin to adopt privacy and their interest in Bitcoin adopting privacy. So if that happens,
then what would the use case be for Monero? That's a good question.
So I guess I have two views on this.
The first is the view as it pertains to Bitcoin adopting privacy.
I'm a firm believer in Bitcoin's success.
I think any effort to enhance Bitcoin's privacy is a sorely needed and B will invariably,
if it's added to the core part of the protocol, will definitely be a feat of excellent engineering.
The problem is there is a significant number of Bitcoin users who believe that adding privacy to Bitcoin will be bad.
That Bitcoin has only been accepted by regulators because of its transparency and traceability.
And they might be right.
It could be that trying to switch it up and make Bitcoin or enhance Bitcoin's privacy,
is bad and, you know, from regulatory perspective,
and regulators are just going to use that as a reason to stomp on Bitcoin.
Now, successfully or unsuccessfully doesn't really matter.
They would still be an annoyance and maybe even a hindrance to most people.
On the flip side of things, you know, let's assume that despite all of this,
Bitcoin does add privacy.
And when I say add privacy, I mean they add privacy in a manner where it is
like it's mandatory, you know, where maybe not initially, maybe like Segwit, it grows over time,
but the idea is that eventually within a couple of years, every transaction will be private
and will have this extremely high level of privacy such that Bitcoin is fungible.
And whilst technically you might still be able to make non-fungible transactions,
they will be, you know, they will be frowned upon.
They'll be the odd one out.
If that is the case, and if this does happen, I believe that Minero's existence is still interesting and important for two reasons.
The first is that Minero has gone places and will go places that Bitcoin cannot go right now due to the lack of privacy.
And so Minero will have made inroads already in places like Venezuela and in countries,
with oppressive regimes.
And at that point where Bitcoin has added privacy,
it will not necessarily be an easy switchover for the people that are in that
ecosystem.
The second thing is Manero presents a, in many ways, presents almost like a backup plan
for Bitcoin.
So Manero isn't based on Bitcoin's code, which means that it has its own bugs,
its own flaws, its own issues.
it has a different
types of
cryptography. It has a different
elliptic curve which is
relevant to the cryptography
that's in use. And I think
that that's important as a
technical hedge
against critical
failures in
Bitcoin's design decisions
or in its cryptography
choices. That's not to say
that Bitcoin couldn't change
or adjust or
or modify any of those, but that in the interim, whilst they are deploying such a fix,
there would at least be something that people could flee to as a store of value before being
able to switch back later on. To continue this kind of like comparison that I want to make with
some of the other options out there, Zcash makes privacy optional so that only certain of the
Zcash transactions are private. Why is Minero private?
by default. Is it important for every transaction to be private? Yes. So the trick with privacy is you want to be
lost in the crowd. Now, if you're a bunch of people getting out of a bus and their policemen standing
there and they're looking for the guy with the orange hats and people get out of the bus,
but there are only 10 of them getting out of the bus, then it doesn't matter, even if everyone's
wearing an orange hat, you can just arrest all ten of them and then figure out which of the
orange-hatted people is the culprit. But now if the bus doors open and tens of thousands of people
pour out and they're all wearing different colored hats, now it suddenly becomes impossible. It's
not a task that anyone can practically approach. So Minero's biggest advantage is in the size of its
anonymity set.
And so that means that whilst in certain aspects
Minero's privacy
might be weaker than Zcashes,
the fact that there are so many more users
and there is
a bigger ground swell of support
means that the anonymity set
is significantly larger.
It also doesn't mean that you can't have
transactions that are non-private with Minero.
So you can, for example, reveal the details of a particular transaction in order to prove that you sent money to somebody.
And you can do that by revealing the details of that transaction just to a third party.
So like to an auditor, you could also reveal those details publicly.
If somebody called into question publicly on Twitter whether you made a certain payment,
you could cryptographically prove that you did without compromising the rest of
your privacy. Manero also has something called a view key that lets you reveal details about your
entire wallet. And again, this is something that you might reveal to an auditor, to the taxman,
but you don't want to necessarily reveal it publicly unless perhaps you're a charity. And the
view key allows you to do that. So there is default privacy, mandatory privacy, but it is opt out.
So if you need to opt out of it, you can do so at any time publicly or to a third party with no impact on anyone else or on you.
And without putting your wallet at risk for somebody being able to spend the funds.
The scorebed app here with trusted stats in real-time sports news.
Yeah, hey, who should I take in the Boston game?
Well, statistically speaking.
Nah, no more statistically speaking.
I want hot takes.
I want knee-jerk reactions.
That's not really what I do.
Is that because you don't have any knees?
The score bet.
Trusted sports content, seamless sports betting.
Download today.
19 plus Ontario only.
If you have questions or concerns about your gambling or the gambling of someone close to you,
please go to conicsontera.ca.
Local news is in decline across Canada, and this is bad news for all of us.
With less local news, noise, rumors, and misinformation fill the void.
And it gets harder to separate truth from fiction.
That's why CBC News is putting more journalists in more places across Canada,
reporting on the ground from where you live,
telling the stories that matter to all of us,
because local news is big news.
Choose news, not noise.
CBC News.
Yeah, this is interesting.
I like how you also described how it could be,
or at least the view key, could enable Monaro to still, I guess,
not be frowned upon by the government.
if you're kind of enabling others like the taxman, as you said, or an auditor to look at transactions.
So let's actually, at this point, dive into the technology a little bit.
Why don't we talk about all the ways in which Monero is private, like the different types of data
that are private in Monero? What are they?
Sure. So Monero focuses on four different aspects of privacy.
and the first one is being able to protect the person who's sending the money.
So being able to hide where the transaction is coming from.
And it does something, it does this using something called ring signatures.
Now, I mention this first because this is the only aspect of Menera's privacy that we would generally consider weak as respects to privacy.
because the way it does this is by choosing, every transaction chooses a number of old transactions on the blockchain.
And then that transaction appears to come from one of those, that group of transactions, that ring of transactions.
But you can't figure out which one it is, ostensibly.
The issue, of course, is people typically receive money and spend it quite quickly.
And so the act of choosing those decoy transactions can sometimes reveal which of them is the real transaction that's being spent, where the money is coming from.
Over time, we've improved the way these are selected.
The Manero Research Lab in particular has spent anordinate amount of time thinking about ways to improve the output selection algorithm.
and we're at a point now where it is, I think, reasonably,
it's probably as good as we're going to get.
It matches people spending patterns reasonably well.
Transactions look pretty uniform, or the output selection looks pretty uniform at any rate.
And there's not much more that we can do to improve that.
There is, however, going to come at time where we will want to replace that with something else
that truly obfuscates, truly hides where a transaction is coming from.
So that's pillar one.
And just to have you explain a little bit further, so when you say it's fairly easy to pick
out which of the transactions is the actual one and not the decoy, is that because
it's generally the most recent?
Yes.
So this was a particularly bad problem early on in Manero's history where the transaction
were picked uniformly across the blockchain, and it was almost always the recent one.
No one was spending money from like, you know, six months ago or a year ago.
So that was an extremely naive decision on the part of Manero's creators.
That was relatively quickly changed, and through a series of relatively rapid improvements over a few years,
we've eventually gotten to a point where the output selection algorithm now includes a number of
recent transactions. So it's not as clear cut as, oh, just pick the most recent one. It is significantly
harder now to perform any sort of tracing on Monero. But an article I read about this said that,
so before it was about 90% of the time that they could figure out which transaction was the real one.
And then the article, this was in Wired, I'll link to it in the show notes.
It said that now it's about 45% of the time they can figure out which one it is.
Is that still the case?
This article is, you know, not super recent.
So I was wondering what it is now.
Sure.
So the wide article specifically focuses on transactions that were pre-Ring CT.
So RingCT is another technology I'll talk about in a bit that created uniformity of amounts
where before you had to mix with denominations that were the same as yours,
and it was a nightmare and would often leak a lot more information than anything else.
So by removing that and by having this uniformity of amounts,
then you were able to choose any output, and so that drastically changed things.
At this point in time, it's anyone's guess.
There's no published research on modern Monero and on how,
how traceable the transaction graph is.
That said, even the stuff that the wide article, the period of time that the wide article is
focusing on, their 90% is not an absolute, it's guesswork.
So they're saying we can guess the correct output in 90% of transactions because there
is a recent one.
But that obviously ignores the fact that you have plausible,
liability. If someone had to somehow trace back and say, oh, this came from an exchange and leads to
you and there's, you know, the possibility is one in ten. You can say, well, it's not me. Go ask the other
nine people. And that's sort of where the trail ends. Because there's no cryptographic proof that it's
you. It's merely a guess that it could be you. Okay. All right. So, yeah, let's move to ring CT,
ring confidential transactions.
Sure.
So confidential transactions, ring CT, is basically a way to hide transaction amounts.
And so this is the second pillar.
And this is obviously not done through something that involves obfuscation or guesswork
or anything like that.
This is absolute.
So it uses something called cryptographic commitments.
And basically what happens is that commitment represents your amount without revealing your amount.
And it is a extremely robust, extremely reliable way of doing this.
Commitments are not a new type of cryptography.
They've been around for decades.
And this is an extremely strong aspect of Monero's privacy.
It absolutely hides amounts.
there is no way to try and attack that.
It's like your amount is encrypted,
and no one can decrypted unless they have the decryption key.
And this is obviously enabled for all Manero transactions
and has been for several years.
And that means that at the very least,
Minero would obscure the amount that you're transacting,
even if everything else had to fall apart.
I think in this regard,
this is maybe where,
it's most similar to Zcash. Am I right in thinking that?
Well, Zcash also does all of these.
It also focuses on the first three pillars that Minero focuses on.
And it does so in, you know, like in terms of obscuring where transactions are going to,
in terms of obscuring the transaction amount, it has the same strength, I guess, is probably the best way to describe it.
when it comes to how private it is.
The only aspect where it is much stronger is in the hiding that transaction graph,
so where transactions are coming from.
But it's important to note that with Monero,
where these three pillars are applied to every transaction,
with Zcash that are only applied to a special type of transaction,
where you're going from a Z address to a Z address.
Otherwise, Zcash is as traceable as Bitcoin.
Yeah, I recently did a listener questions episode. So for people who missed that, I did note that only
13% of transactions are shielded and that less than 1% are shielded to shielded transactions. So,
yes, as I told Zuko in my interview with him, I thought it sounded like a Sudoku puzzle.
But anyway, we're going to keep discussing how Monero works, plus talk about Ricardo's new project
but first I'd like to take a quick break for our fabulous sponsors.
A startup that completed an ICO and looking to leverage Ethereum for working capital.
A miner looking to buy more rigs without having to sell Bitcoin.
Alt lending can help.
Altlending enables companies to leverage their Bitcoin or Ethereum to borrow US dollars
while retaining ownership of their crypto assets.
We bring years of financial and technological expertise to the blockchain space.
Access to institutional capital means borrowers don't have to wait weeks to receive a loan.
Our simple and efficient vetting process makes getting a loan easy.
No membership tokens or complicated signups required.
To learn more, go to altlending.com and use promo code Unchained for offer details for an interest-free month.
Asset lending, reimagined.
Altlending.com.
Unchained listeners can receive $25 in Bitcoin just for getting started with Abra atabra.com slash unchained.
Abra's all-in-one exchange and wallet lets everyone, everywhere, easily.
and securely invest in crypto, with 28 cryptocurrencies available and the Bit 10, the first
easily accessible crypto index. With as little as $5 a month in Bit 10, you can invest in an
index of the top 10 cryptocurrencies, professionally rebalanced every month.
Get started with $25 in Bitcoin at Abra.com slash unchained.
Face it, regulations can stall or kill a fast-moving crypto business. New FafT and EU
cryptocurrency AML laws are coming soon.
Soon, you could be hit with stiff fines or blacklisted, no matter where your servers are in the world.
Prepare now. Deploy the same powerful CipherTrace tools used by regulators.
Protect your assets, streamline your compliance programs, and keep your exchange or
crypto business out of the regulators' crosshairs. Learn how effective anti-money laundering
tools help keep your crypto business safe and trusted. Learn more at ciphertrace.com
slash unchained. CipherTrace is securing the crypto economy.
I'm speaking with Ricardo Spanii, aka Fluffy Pony of Manero.
Let's also talk about, well, you tell me, I wanted to maybe talk about Covery.
Would that be the next piece of Minero's privacy?
Almost. Before we get there, the third thing, the third pillar that we haven't touched on is
hiding where a transaction is going to. And that Minero does using something called stealth
addresses. In particular, it uses dual-key stealth addresses. And this is, again, a very strong
form of privacy. There is no way for you to look at a destination for an output on the Minero blockchain
and be able to somehow determine what the actual Minero address was that was getting paid.
So this is an extremely strong part of Minero's privacy, and it means that no one can link your
an error address to transactions of the blockchain. Whereas obviously with Bitcoin, if someone has your
Bitcoin address, they can go and look it up on the blockchain and see all the transactions
that have occurred. And in this case, again, you know, I mean, this is, this is similar to,
with Zcash, is the address paying a Z address. You can't see what that Z address is.
Okay. And then...
The fourth pillar. So the fourth pillar that you were alluding to earlier is obscuring
the IP address that a transaction originates from.
Now, this is something that is largely overblown
because actually figuring out the IP address that a transaction originates from
is a very difficult task.
It requires that you run thousands or even tens of thousands of nodes on the network
and that they're all recording the exact time when they first saw a transaction.
and then through the process of deduction, you'll be able to figure out that this is where the transaction originated from
because this node sought from that IP address first.
It's an extremely expensive attack to carry out, and it's, you know, I mean, I can only imagine that it is potentially worthwhile to carry out against Bitcoin right now,
but it's also easily defeated because, as an example, I can use something called push,
TX, which a lot of block explorer support, and I can go visit that block explorer on the web.
I can take my raw transaction from my Bitcoin wallet, and I can plug it into the push
TX dialog box and hit send.
And then the originating IP address is that block explorer, not my computer.
So this attack is not only expensive and difficult to carry out, but it's also largely
useless because it is trivially mitigated by anyone with half a brain cell and it doesn't require
any expensive tools or any fancy technology to mitigate it. You can mitigate it without even
using Tor. So it's really, it's totally overblown. At the same time, we obviously realize that
there is a very small risk that an attacker could carry out such an attack. If they genuinely
wanted to figure out where some future Manero transaction originated from.
And so the Manero community has been working on various technologies.
We're very interested in Danderlion, which is a technology that is hopefully coming to Bitcoin
to try and reduce this risk.
We're also interested in Tor.
We're adding support to Minero, native support to Minero for Tor, so that you can use the Tor network
without to broadcast your transactions without needing to download a whole separate thing.
And then we have the Covary Project, which is adding I2P support to Minero.
I2P is a network, hidden services network that is similar to Tor.
It's also quite old.
It's been around for many years.
And the biggest issue with ITP is that the routing software is written in Java,
which is obviously an additional dependency.
that we don't want people to have to run.
And so Carvery is a project that is rewriting the ITP router in C++,
specifically for general use, but also specifically to add ITP support to Minero at some point.
And when do you think that will be completed?
That's a good question.
So native tool support is coming pretty soon.
There's a Minero developer, contributor.
Lee Claggart, who has started work on that in earnest.
And I expect that he'll probably have that buttoned up in the next couple of months.
Covery had its alpha release recently.
The alpha release happened in August, I think it was, when we were at DefCon.
And it's probably got like, I don't know, I'd imagine another six to 12 months before it reaches any sort of stability.
and we can look at integrating that natively as well into Minero.
So how can users of the system be sure that there isn't double spending or counterfeiting going on?
So the same way that it's prevented with Bitcoin, there's validation rules in place to ensure that a transaction can only be mined once and that an output can only be spent once.
and so for every output when it gets spent it produces something called a key image
and that key image is unique to the output that's being spent
and it can be validated as definitely being part of the ring signature
and it can also be validated as being unique
you know you can you check the whole blockchain to make sure it hasn't existed before
and that's all part of the monaero software and it's all done automatically
to ensure that there aren't double spins.
And when I'm looking at a Manero Block Explorer,
what exactly, what info does it show me
and what information does it not show me?
Good question.
So when you're looking at a Manero Block Explorer,
you can see the structure of the data.
You can see that there are blocks.
Each block has a block header
that contains various pieces of information about the block.
Each transaction has a transaction header
that contains some basic.
information about the transaction such as the transaction ID.
And there are inputs in the transaction in the transaction.
And most block explorers, in fact, all of them really, let you see the ring signature
on each input and you can see the number of members in the ring signature.
And you can see which old transaction links back to.
On the output side as well, you can see the destination that is being paid, which
like I said before, is like an encrypted version of your Minero address, such that each time is unique.
And even if the same Minero address is paid multiple times in a transaction, that destination will always look different.
That's the whole stealth addressing thing.
So you will see the destinations.
You will not be able to see amounts.
A Block Explorer can show you the range proofs, if they're interesting.
The range proofs are these things that let us confirm that the amounts are positive,
that they're greater than zero, so that we can go owe the total commitment outputs, less the total
commitment inputs balances out, and so we know that no new minero is being created in a transaction.
Otherwise, you could use negative amounts to create magical minero out of thin A.
You have also talked about adding Mimble Wimble, which I guess is now also being called Grin to Minero.
But I'm not sure if I fully understand what this is because Grin now is going to be its own blockchain with its own cryptocurrency.
So how would you do this when and also why would you do it when you already have so many privacy features?
Sure.
So Mimble Wimble Wimble as a technology has multiple implementations.
Grin is one of them.
There's another one called beam, like a beam of light, and I believe there's some others that are interested in, or that people are interested in writing.
At Monero, we're interested in mimble-wimble, not as a base layer, but as a side chain, because whilst it has weaker privacy than Minero, it has much stronger scalability, significantly better scalability.
So a side chain, a mobile mobile side chain would be advantageous because people could go,
I need maximal privacy, I need maximal privacy, I need maximal privacy, okay, I now am going to do my daily spending
so I can take a bit of a hit on privacy, but I need that scalability.
I need faster transactions.
I need to take up less space on the blockchain for buying groceries.
And so that's really the idea.
And this is kind of a nice segue because there's another member,
Wimble implementation that is that is being written and that is at Tari.
So Tari Labs is writing a Mimble Wimble side chain for Minero, a mergeMind side chain, which
will allow people to do this.
And actually, before we move to Tari, I know that you guys also recently added something
called Bulletproofs that make Minero more scalable.
So what are those and how do they work and how is that different from Mimble Wimble?
Sure. So those range proofs that I spoke about earlier that prove that a commitment in a transaction is above zero is a positive number. Those range proofs are pretty big physically, like in terms of the amount of space it takes up on disk and the amount of space it takes when broadcasting the transaction over the internet. But they're an essential part of the transaction. And so bulletproofs is a range proof that is more compact.
than the ones that we were using.
And so it just allowed us to reduce monoros transaction size by about 80%,
because bulletproofs were such a range proofs were such a significantly large part of
minero transactions.
So bulletproofs have given us much smaller transactions,
but that's all it's really done from a scalability perspective.
It hasn't significantly changed minero's scalability properties at all.
And then actually one last question before we talk about Tari, I did want to ask a little bit more about the VUKi.
You mentioned two of the ways that that might be useful was for auditing or for tax purposes.
What are some of the other reasons why the Vuky is important or ways in which it could be used?
Sure.
So one of the things that I often talk about with Vukis is charities.
So a charity can claim that they received 100 Minero in a year.
And meanwhile, they actually received 150 and they're skimming 50 of the top.
But if they are forced to publish their view key, then there's no way for them to lie about that.
So it could play an important role in transparency.
And one wouldn't normally associate transparency with Manero.
But, you know, there's a way that Minero can be both private and transparent at the same time.
Similarly, it could be used, you alluded to this earlier, it could be used by a government that says, oh, you know, for minero transactions above a certain value that you're withdrawing from an exchange, we need your viewkey so that we can, you know, make sure that you aren't, that, you know, that you're not doing anything nefarious or whatever, that it's definitely going to your wallet and you're not withdrawing it to a wallet under somebody else's contract.
control where they might use it for nefarious reasons or money laundering or whatever.
Yeah, or to make sure that you're paying your taxes.
Yeah, absolutely.
You know, is the amount of money you've claimed to have earned in a year the actual amount
of money that you've earned if you're being paid in the euro.
Right.
Yeah, which is kind of interesting because I feel like everybody, like I, when I was kind of
doing some research before this episode, I did see people literally.
asking on places like Quora how to use
to evade taxes or things like that.
Oh, wow.
Which is kind of funny.
But anyway, so let's actually now talk about Tari.
What is Tari?
Sure.
So Tari is a decentralized or what not is.
Tari will be a decentralized asset protocol
when it is completed.
We hope it will be anyway.
if it ends up being something else,
if it ends up being a giraffe,
then we obviously haven't done a very good job of building it.
But the aim is for it to be a decentralized acid protocol.
Yes, you know, Tari the giraffe, then we've done well.
And we've learned a lot about genetic engineering along the way.
Yeah, so I guess the best way to think of Tari is as like,
it's kind of like counterparty.
So in some ways,
we view it as like the spiritual sister to counterparty.
Just explain what that is for people, yeah, who don't know.
Yeah, sure.
So counterparty is built on top of Bitcoin and it enables the creation, the transfer,
and the modification of assets.
So digital assets are things like in-game assets.
So, you know, you can have a game like CryptoKDitties.
where you have like digital collectibles in that game.
Obviously, digital collectibles on their own can be an asset class.
So maybe somebody creates a set of trading cards,
and now you can represent them on this decentralized permissionless platform.
Similarly, things like loyalty points, tickets, in-game currencies,
security tokens, ICO tokens, utility tokens, DRM tokens.
These are all things that are natively digital assets.
A digital asset is not when somebody has a physical thing and they try to represent it
on some sort of chain.
So a digital asset is not something like, oh, I'm going to take a piece of property
and cut it up into a thousand pieces and represent that on chain.
and then everyone can own a piece of my property because, no, you still own the property.
Everyone owns a piece of an entity that owns the property, maybe, but you still own the property.
The same goes for people who are going, oh, we're going to decentralize gold ownership by
representing the ownership of gold bars on chain.
No, the person who physically has the gold bars in their safe, they're the ones who own the gold bars.
everyone else are suckers who bought a token that they think might represent that.
So that's just to, and that's just, it's a thing it's important to clarify because
people often think of asset as like, oh, a property is an asset or, you know, there's
liquid assets and there's movable and immovable assets and they've got all these ideas
about what an asset is.
But when we talk about digital assets, we mean things that are natively digital or things
that can be represented in a natively digital way without the need for a physical component.
or whether the physical component is merely a representation of the digital thing,
not the other way around.
So yeah, that's what Tari is or will be or could be.
So there are other protocols that are doing something similar.
Cryptokinies, I guess, is an obvious example where you have these natively digital assets.
So how does Tari differentiate itself from some of the other ones?
And in the ICU craze, there were, I know a few ICOs that were tackling things like ticket sales.
So how are you guys different?
Sure.
So where Tari is very different is that Tari is in this case a like a base layer protocol.
So it's not just slapping something on top of Ethereum and hoping that Ethereum is going to solve all their scalability issues.
it's not
you know
doing anything like
a very narrowly
focused technology
where we're only focused on
loyalty points and this is
loyalty chain or whatever
this is a general purpose
decentralized assets
protocol and so that means
that it can be used for all of these different types
of natively digital assets
and it is designed
to be
fast and it's designed to be scalable and it's designed to really speak to the needs of the
digital asset issuer because where a cryptocurrency is not issued by a single or shouldn't be
issued by a single centralized party a digital asset is normally issued by a single centralized party
and yet at the same time there's advantages to having it
decentralized thereafter. As an example, in this decentralized world, you can have an asset
issue that issues, let's say, loyalty points, so Emirates. Emirates issues loyalty points,
and they give me loyalty points because I fly a bunch and I fly with Emirates. But I don't
really care about my loyalty points. They're a gigantic waste of money. And so I go, hmm, what I'm going to
do is use my loyalty points for something else. So Emirates will let me buy, I don't know,
a massage or a room at a hotel, neither of which is very exciting.
But what if I could sell those loyalty points to somebody else, either for money,
or trade those loyalty points for something else like, oh, the latest skins for Fortnite?
And now I'm able to put those loyalty points to work in a way that I could never do
if I was within Emirates World Garden.
at the same time, Emits is still the Isher.
So, you know, there's this whole, like from Tari's perspective, at any rate, the protocol needs to be built in such a way that it is advantageous.
And for the Isha to use the Tari protocol as opposed to just using a database.
Interesting.
Yeah, I really like this idea.
I hope someday we can do this because I would love to take some assets that I have that I don't particularly care for and treat them for something that I really do want.
I love that idea. So how does Tari relate to Minero?
So Tari is merge-minded with Minero.
So what that means is that we inherit Minero's security model.
And, you know, I mean, I'm sure you've seen a lot of the, the hoo-ha that some of the media have made about,
oh, Bitcoin is terrible for their environment.
And, you know, look at all of the trees that it's burned.
with all of its terrible mining.
And so one of the things that you get when you inherit Minero's security model
is you're not adding to that burden.
So Minero already has a strong, stable proof-of-work network,
and there's no reason to spin up an entire another one for Tari.
We're able to just bolt on top of Minero's security model
and inherit all of its good security properties
without needing to go and recruit miners of our own.
Interesting. I like that idea, I guess, because that also means that in the early days of Tari, then it will, you know, be pretty secure as opposed to needing to just rely on whoever wants to join in in the early days.
So I actually want to ask you a little bit more about Monero.
We have alluded to Monero being used on the dark web or by criminals in a few different.
ways in the podcast. And you've also talked about ways in which it could be used where somebody
could maintain their privacy, but then, you know, governments could still be sure that what you're
doing is, is okay. However, the fact is right now that I think Monero is at least one of the
cryptocurrencies of choice, if not the cryptocurrency of choice, on the dark web. So how do you
feel about the fact that something that you are working on and championing could be used to fund
crimes that you find reprehensible? That's a good question. So I guess there's two things. The first thing is
when I was in Panama recently, I was at the Panama Blockchain Embassy and I got to meet a lot of
people from Venezuela. And when I look at the impact that cryptocurrencies like Bitcoin and Manero have
on the Venezuelan people and how important a private,
privacy-enhancing cryptocurrency like Minero might end up being if the Venezuelan government starts to clamp down.
I am reminded of the good that Minero does.
But the second thing is Minero is just a tool.
Minero is a tool the same way a kitchen knife is a tool.
And I can't imagine that a kitchen knife designer who designs an amazing, incredibly sharp kitchen knife
and produces them in droves, lies awake at night worrying about all the murders that are occurring with his kitchen knives.
It's a tool.
You know, when a terrorist takes a car and drives into a crowd of people, the car manufacturer doesn't release a statement about how sorry they are that they put seatbelts in the car.
You know, it's just a tool.
It can be used for good.
It can be used for bad.
as a person who works on the tool, you want that tool to be as good as it possibly can,
not to enhance things for people who use it for nefarious reasons,
but to protect the people who are relying on it because it might mean the difference
between life or death for them.
And those are the people that I constantly think about.
So I take your point in a lot of ways.
You know, I do agree that, I mean, I literally, the other day,
I accidentally cut myself with a box cutter, which we know that was the tool of choice in 9-11.
However, I think right now, and there's probably no way to know this, but I think right now,
the balance of Monero transactions is more heavily weighted toward dark web activity, darknet activity.
And also, it was reported that North Korea was doing things to obtain more Monero.
North Korea is essentially this huge prison that masquerades as a country.
Like their gulags have been compared to the Holocaust.
So, you know, I mean, while there isn't any way to know exactly for sure how much of
Monero is being used for good versus bad, it does seem a lot of the time that Manero is
being associated with bad activity.
So even when you think about just the balance of things between good and bad, does that make
you pause? I guess the thing is like, well, there's something, there's one thing to consider,
and that is, what can I do to stop it? You know, I mean, like, let's approach this from a,
from the perspective of a developer or of a software engineer. If I go, okay, I don't want
people to use my tool for bad, then there are various steps that I can take from a technical
perspective. I can build in a process where anyone who is making a transaction above a certain
value, that transaction is rejected and it has to go through me. And I'm the decision maker
about whether this person should transact or not. And all that really does is it just moves
things from a system of law and a system of government and governance to a system of Ricardo's
will, which is not ideal.
And in the absence of being able to solve this technologically, which we will never be
able to do because there's no way for a decentralized permissionless system to go into
your brain and figure out whether you're doing something that's inherently evil,
there's really nothing that we can do except make the system permissionless.
And whilst the, and I don't know if this is true, you know, I mean, let's assume that the balance
of Manera Transactions or the bulk of Montero transactions are used by people who are doing nefarious things.
I would ask two questions of you.
The first is nefarious from whose perspective?
Because nefarious from my perspective might be different to nefarious from your perspective.
Somebody buying cannabis in order to extract CBD oil to treat their cancer in a country where that is illegal might not be something
that I find morally reprehensible, but somebody living in that country might find it incredibly
morally reprehensible. Somebody from a couple of generations back might find it incredibly
morally reprehensible. So it becomes very borderline because I'm sure that there are some things
that Minero has been used for, which we can all agree are outrightly bad, they're outrightly evil.
but I think for the most part there are lots of things that are either nefarious or evil or not evil but nefarious or reprehensible but only from the perspective of some people not from the perspective of other people and the reason I say this is because I've I got into a big debate with someone the other day who was like taxation is theft and taxation is evil and so from their perspective anyone using Manero to to evade
taxes is good and now it becomes a little bit like you know like where do you stand on the
taxation thing and how do you judge someone using minero to evade taxes how do you judge someone
using minero to obey taxes in china versus someone using minero to obey taxes in the u.s.
it's it is this is such a it is such a difficult um uh thing to wrap your head around
And, you know, this idea of morality and relative morality that it is, it's better not to even think
about it. And rather to just consider the fact that Bitcoin in its infancy definitely had more
illegal transactions, more nefarious transactions than ones that were used positively. But it outgrew
that. And I am positive that Minero will do.
So there's no way to make this a good transition. But I did.
want my last question to you to be, why the name Fluffy Pony?
Yeah, it's like, on the note of tax evasion, why do they have Fluffy Pony?
Well, no, no, no.
My last question was about the Goulogs in North Korea.
That's really.
Yes.
Yeah, ready.
So, you know, like, you know, why don't have a proper North Korea name?
I mean, Fluffy Pote is not a very North Korean name.
So, yeah, it was given to me many, many years ago by two girls.
that I worked with in one of my first jobs.
And it was, initially it was a big joke and ha-ha-ha-ha.
But when, you know, whenever's using it every day,
then it eventually just sticks.
And I carried on using it after that job.
And there was a period of time where I tried to shed it and it did not work.
And eventually I just realized I'm stuck with it.
Yeah, I would say that you've embraced it.
But why did they nickname you Fluffy Pony?
Well, because one of them was called Fluffy Puppie,
and the other one was called Fluffy Bunny.
And so then I needed a fluffy nickname, I guess.
Okay.
Well, so I know that you're critical of ICOs,
but I always feel like when I hear that,
I always imagine also Vitalik's unicorn T-shirts.
So in that mind.
And now you've got your,
shoot, what is it called magical crypto friends?
Yeah, I imagine what's a different. I mean, you know, we've got a fluffy pony and we've got a whale panda and we've got a lion and we've got a chicken. I mean, you can't get away from the farmyard animals.
I need to come up with something. I like one of my writing mascot basically is a goat. So I need to think of a good adjective with goat and that will be me. I'll let listeners know what I've decided on later. Well, this has been a great conversation. Where can people learn more about?
you and Manero and Tarry. They can learn more about me on Twitter. I'm Fluffy Pony on Twitter.
Tari is at tarri.com, T-A-R-I, and Monero is at get-Manero.org, like M-O-N-E-R-O.
Perfect. Well, thank you for coming on Unchained. And thank you very much for having me.
Thanks so much for joining us today. To learn more about Ricardo, check out the show notes inside
your podcast player. New episodes of Unchained come out every two.
Tuesday. If you have until ready, rate review and subscribe on Apple Podcasts. If you liked this
episode, share it with your friends on Facebook, Twitter, or LinkedIn. And if you're not yet
subscribe to my other podcast, Unconfirmed, I highly recommend you check it out and subscribe now.
Unchained is produced by me, Laura Shin, with help from Rayleigh Gallipolle, Fractal Recording,
Jenny Josephson, and Daniel Nuss. Thanks for listening.