Elliptic Curve Cryptography: A Self Study Guide (part 2)

All right good morning. Good morning. It's let everybody know what time it is because you know that's important here, but good morning, man

Good. Have you said you're good mornings? I just did. I just did. You got it on camera. You got it. You got it recorded. That's right. We do have it on camera.

This is the Magic Internet Math podcast episode four.

And I think this will probably be the second part two of what we called the Liptic Curve Cryptography Study Guide.

Yeah. We started in last week talking about some clock math which formerly known as modular arithmetic.

Very powerful. Probably one of the things I'm the most excited about that has ever existed in the world.

Is this ability to do modular arithmetic just for the hell of it?

Just because we can. Yeah. And then like what has that given us, you know, not to think boy this thing out too much, but I just it's such a primitive, such a powerful primitive, and it's going to fit.

It's going to feature very heavily now and what we're going to talk about today.

Yeah. I'd say so. I think what we did last time is we kind of at a very high level connected the core concepts of these math pieces that actually relate to Bitcoin.

And we and we kind of at a very high level like a survey level just quick pass through talked about all of these mathematical interdependencies that make the system of Bitcoin security, which is the public private key pair.

Right. And so we're going to slow it down a little bit today.

We're going to go a little bit more into some of the interesting mathematical properties that yield that.

And if I would recommend starting at last episode, even if you don't, uh, rock 100% of every single beat, you'll see kind of the big picture vision of what we're trying to connect and ground these concepts for, which is the securing of Bitcoin.

Getting a public degree, being able to reveal information that you have a private key, but no one else knows that private key and the mathematical properties that we use with this a little bit of curve.

Um, we're going to slow it down a little bit more today and talk about a lot of those like smaller building blocks.

Yeah, and I like, I mean high level is a great way to put it. And it's just that if you don't, if you don't like, um, you don't see the depth of it.

It's what's the mean with the iceberg where you see is the tip of the iceberg.

So like at the tip of the iceberg, you see Bitcoin working.

But like, I feel like in some ways we're the bearer of bad news by pointing out, we're starting to talk about the bottom of the iceberg.

Yeah, just and say, hey, trust us for now that it's connected. Stick with us.

Right. And, um, I think it's important to see it, even though we, you know, don't kill the messenger. We are.

That's where we're trying to create a rich conversation here for an understanding of something we all really care about.

Very deep. Yeah. I would say last episode, we sketched out the shape of the entire iceberg.

And now we're going to start coloring in all of the little details at the bottom and work our way up.

Yeah. Yeah. It's good. So, um, and I can't overemphasize. Oh, the thing I forgot to say was go look at the study guy in the show notes.

I was like the one mental prompt I gave myself before I just said what I said I forgot. Go look at the study guy because what's.

What we're doing now is I think we have a little bit of a three way attack on this. We have this podcast where we awkwardly explain these things.

But mainly I think what we're doing in the podcast is we're showing you what's important.

And then when you want to go and really grok it, we have a study guide and I have a YouTube series now that is available in the show notes.

So, like, I think if you want to, I mean, obviously, I don't think anybody expects to master the math of anything by listening to a podcast.

Right. Yeah. And I think my experience of doing this the first time with Gary shout out is it's hard.

It's like frustrating. A lot of people said, man, it's so hard to sit through this podcast. So, like, what I want you guys, I think it's, I think it's less difficult to know there are.

Supporting other supporting tools now.

Yeah, I would say every person learns differently and kind of what's effective for them to be able to unlock concepts.

Me personally, what I would do is I would read the study guide then listen to the podcast because when you read the study guide and you're able to throw your hands up and say, this is too complicated for me, I don't get this.

When we go re-explained on the show that may be able to provide you different mental models to be able to kind of get across the chasm.

And then additionally, drop us a comment on fountain if there's a part that you want us to go deeper into.

Absolutely. Like, if you're listening along, you're flipping through the study guide, you're listening to the podcast and there's things that you just still don't quite get.

Like, just drop a line to us and it can be like a little bit of an asynchronous study group that we all go through on this journey together.

Oh, yeah, I should also mention before we jump in too quickly is that I mean, this is going off a lot of people, but like there are there is a membership available at the Magic Internet Math Academy and right now what you see is everything that is there is freely available.

So that is the tip of the iceberg. So I haven't yet identified what's below it, but there will definitely be like subscriber only content and there's a few people.

It's like $2 a month if you want to do that for a very limited time right now, accepting lifetime memberships in Bitcoin only.

And so we have four members so far shout out to those guys. And so let's get to it. Make sense.

That sounds good to me. All right. So I think what we want to do is start with chapter two of the study guide.

Okay. And so anybody who already looked at study guide is about to pay off by knowing what's in chapter two.

And we did that, you know, we hit this last week, but did. I mean, this repetition is everything. And so we're going to repeat what chapter two is called is the inverse problem.

And, you know, inverses is it's like of real importance to know that your private key, which is a point on the elliptic curve, right.

It gets multiplied by some generator that is another point on the elliptic curve that the public sees.

It's of utmost importance that you know, you can invert that public key back into your private key.

Right. Like that is of imagine if for some reason, you were in a number system where that was not possible. And it can only happen by dividing by zero, which anybody who's ever tried to code anything knows how easy that can happen at a given point in time if they're not severely restricted by the number system they're working with.

So what we kind of talked about with modular arithmetic, a little bit, and then got in groups, right. We went, we went very, we took a very large leap across stones and went to groups because what groups and fields do is ensure and what they really do is ensure the existence of an inverse. That's one of the things they do.

And when we're dealing with things like hash functions where, you know, you just have to knowing the math allows you to know the inverse exists without really being able to do the math with a pen and paper or even with a computer, right. So like we're kind of in this realm of like, you have to, you have to, there's certain things now you do have to trust and you have to trust an inverse exists with a hash function.

Even though you can't really do it, like, you know, you know, if you're into real numbers and you have a number five, you know, one fifth is the inverse of that, you can handle that in your brain, your brain can handle that.

If you're in a certain number system, that's, you know, most number systems and most numbers, your computer can handle, right. But the whole point of this, all point is your computer can't handle it. No computer can, no group of computers can.

In fact, there's, as long as you're on this earth and subject to the constraints of energy and the current state of, you know, algorithms and all of that, there's not, there's nothing you can do to actually sit and prove that your, that your inverse exists. You have to trust the math on this one. But that's why we, that's why we're here. That's what I'm motivating at the moment is, right. How do you know you have an inverse.

Which would end this is again, as just one high level concept we talked about in the last on the last podcast is that the reason why you, you basically have to remove a brute force like always checking and you have to go to an abstract theoretical proof is that the number of points on this curve out numbers, the atoms that exist in the universe.

And since it requires energy computation in time, none of this stuff is free, even with Moore's law and like doubling every 18 months, the ability for us to compute things. This is so many orders of magnitude outside of the scope of what could be kind of infinite, like being able to definitively every single point of the curve proving it has an inverse through brute force is impossible. You're, you're looking at the heat death of the universe.

Even with quantum times over, which mean a field will mention the word comma, but like even it's true, but it's so like that's a good point with quantum is that quantum is not going to be able to definitively show every single point on a curve. It can find an individual point of a public key and find that one inverse to the private key, but it's not going to be able theoretically, but it's not going to be able to brute force and show the universe of all possible keys.

Yeah, so what I kind of want to let before we get into it, it's like when you go to the Bitcoin store and say, I am ready to buy Bitcoin right theoretically as a customer, you already, I don't know how many people own Bitcoin, but every single one of them should have gone to the counter and asked to see the manager and say, I need you to before I buy this Bitcoin, can you just show me that I have that an inverse exists to my private key.

Right theoretically, that is the thing you should, you should be doing at the store. Yeah, okay, and that's called verify, okay, right, that's the thing that we call verify, will we say don't trust verify it, I think in my opinion, it goes that it should go that deep, like how do you well, it has to because otherwise, I got you know if you generate an a Bitcoin address that there's actually a corresponding private key.

That's right, you're self manually, that's right, you can't so this I this evergreen idea of an inverse is now the is the way this happens right it's the way a person motivated to actually who maybe who has that a good natural barrier for not wanting to trust his life savings to a bunch of zeros and ones that may or you know that may not pan out or be spendable right this is a

big this concept of inverse is now the is one of the things that can get you over a very big hump and I guess, you know, part I'm really saying you should be asking this question, people should be asking this question, people should not tolerate only Bitcoin and not asking this question, so what I would love to do is we should explain this inverse property, and then I'm going to tie it into

Livsack Pean how the library actually works because it's a little interesting thing we'll get to but I want to lay out the core math first so okay, so real cool before we before we talk about an inverse, we're going to talk about something called the identity.

So this is very abstract, however, there's a reason method for it so like, you know, an identity under addition, I think people can handle is the number zero, like that's the identity meaning like zero plus anything is that number.

Right, so like when you talk about an identity, you want to know that you it's the thing to sound so like a pedantic, but it's really really important, it's like, what can I, how do I operate on a number and not change it at all, and the answer is you use the identity, you operate on the identity, and that's really important.

And the identity changes based on what the problem set is, so and the operation and the operation, so I think the other one I think most people would be able to think through is with instead of addition, multiplication, and I want everyone to take a half second and think before we say the answer, what do you do in multiplication to get the same number after you multiply it.

That's right, the number one, right, two times one is one, right, so you can see that the identity is not a constant across all methods and all perspectives, but the identity as a concept though existing is really important for the stuff we're talking about.

Yes, and this is why we talk about groups, rings and fields, because, you know, a group is gives you an identity for an operation. It doesn't tell you what the operation is and it doesn't tell you.

So it doesn't tell you what the identity is, however, like a group is just a primitive to understand this concept that you have again closure identity, and if you have identity, you have an inverse, because the inverse is the thing, the element that gets you back to the identity, so when we talked about addition, in the integers, let's just say if you have the number five, and the identity is zero, because we said zero is the identity for.

Addition, then the number that gets you back to zero is negative five, right, so which happens not to exist, well, no, sorry, does exist in the integers happens, yes, so in addition, you're good there, right, yeah, so five plus negative five is zero, so therefore, negative five is your inverse your additive, your additive inverse your inverse under the operation of addition.

And to take it to multiplication, if I have the number two, what can be combined with two to always get back to the inverse, which in, well, what is the inverse in that case that gets you back to the identity of one, it's one half, right, one over two, so two times one over two equals one, which is the identity.

So that's another example about how you can get the identity and you can compute it depending on the field up, like what you're doing as the operation and changes.

But there is an inverse that exists for all the real numbers, and it's one over that.

And we're so confident in our human race is so confident about this, we've given both of those things names, because it's so they're so general.

We call the additive inverse the opposite or negative or negation, and we call the multiplicative inverse or reciprocal, and I'm saying this because I'm pretty sure everybody knows what these words are, right.

But what I want, like, now I want to, I want those words to be associated.

It's easier to associate this concept now.

Yes, reciprocal is the multiplicative inverse, and then, and the negative is the additive inverse, and why do we focus on addition and multiplication here?

And why do we talk about rings and fields?

Because in a ring and a field now, you define the, you have both operations, addition and multiplication.

And so in a field, the field is like a perfect version of a ring, where you have an inverse for both, right.

You have an additive inverse.

And so I don't want to get to a field here, but like I just want the reason we talk about fields is the field is like a statue, and the ring is more like the block of clay.

That we know can become a statue.

Yeah, right.

And the reason why we're doing this is because remember what we talked about on the last episode is that we're not dealing with just the number line in all the real numbers.

There's a very particular set in order of the points that we deal with in the bitcoin elliptic curve, which was y cubed equals x squared plus seven.

That's where this all works.

And we're not looking at everything.

We're looking at things within that subset and the relationship of how that all works, which we briefly touched upon last episode creates a closed field.

And that's where the modular arithmetic and everything starts coming into play is that we're not just doing negative infinity to positive infinity.

There's a very particular set of numbers that we're working on.

And that's right.

And imagine, imagine being Satoshi, right, and worrying about worrying in 100 years that someone's going to try to spend, you know, do a spend and they're going to run into some divide by zero or infinity thing.

I mean, it's like it had to be eliminated, right?

It had to be eliminated on day zero.

So we have, we use a number system, not the integers of the reals, we use a number system called a finite field modulo prime.

And I know like that's confusing a little bit, but, you know, if you go back to last episode, we talk a good amount about it.

And it's really just a compact system that operates under the operations of addition and multiplication.

And if you go back to the modular arithmetic, it's just, it's like, it's just so happens that modular arithmetic follow modular arithmetic, follows the same rules as regular arithmetic almost across the board.

And so it's a very nice convenient way of now being able to do math.

This type of math in a way that ensures this structure, the structure again, meaning closure identity inverse under addition and multiplication.

This is just, and the reason I get, and you know, here's the thing I can't reiterate enough is why is, why do we even talk about the structure?

It's like, I know everyone's like, why the hell you talk about the structure?

So alienating and I haven't already confused.

And the answer to this is that you can't do this math on a pen and paper or with computer or with all the computers in the world.

So you have to, you have to be able to trust that the math is doable no matter what, no matter what the situation is.

Yeah, and I'd even have we're just laying out the axiomatic baseline principles of where you get to the point to be able to understand the system works as it's designed.

And it's not, it's less axiomatic. Each one of these has a mathematical proof and a reasoning behind it. It is not, it is because we say so, which is when an axiom is, right?

It's like just a definitive, like, base truth. But we're trying to lay out all of these theoretical concepts so that you're able to know, not trust how this all works.

That's right. It's all about knowing without even, without the ability to actually do it.

Normally, the way I know how arithmetic works is I sit and do it.

I know three plus three equals six. I can sit there. I can count my fingers. I can, you know, I can know that.

The things we're talking about are in a world where you just can't know by the same type of ways that we know things.

And it's not even like we can even trust our computers to do it either. You have to understand, you have to know that the structure, you just have to understand the structure and say, you know what, the structure preserves these important things.

It discards everything else. Right. I don't need to know anything other than that it present that these operations of multiplication and addition are preserved and that these properties of the group are preserved.

That's all I need to know to be able to essentially have knowledge of this kind of unverifiable thing.

Right. So with all of that context laid out, let's talk about these multiplicative inverses and how they work with Bitcoin.

Yeah, or like before we get before we get before we get before we get before we talk about Bitcoin.

Like, you know, maybe in a fine, let's just like really in a finite field.

You know, like I'll talk about a finite field, maybe modular seven and one like modular six, right?

Like so, like that's a good place to start. Just keep it super simple base abstraction of the concept in a domain space, which is very easy to understand.

That's right. So like once again, I should have all of this written out and prepared out prepared out. So I'm not doing this in my head. However, let's just look at a finite field modular seven, which we said would consist of the numbers zero through six.

And the reason why is if you got to the number seven, seven divided by seven is one actually doesn't.

Sorry, sorry, sorry, sorry, it doesn't include zero either. So my bad on that.

There you go. One, you know, one tooth. It's, it's basically what it does remainder. Sorry. The remainder is zero. If you do seven, the remainder is zero. So modular zero.

That's right. Now I do have a video on this that's buried in my YouTube site that I did to you.

Like last year, but basically what you have the finite field consists of all of the numbers that are relatively prime to your modulus. So any number relatively prime to seven, which if that number is prime, it's all of the numbers before seven.

So one, two, three, four, five, and six, or what you call relatively prime because they don't share a common factor. Whereas if we, the modulus was six, then you're, you don't have that finite field because two is, you know, you have two four and two, you know, you have two and four, which are not relatively prime.

So those, these numbers don't have inverses in the modulus six because I say two times three, two times three is zero. So like that's unacceptable on a finite field. You can't, so that now you have no inverse.

What you're looking for is two numbers that multiply to one and they're called associates, but that's what you're really looking for is that you have a number in your number system.

And a number, you have two numbers in your number system that can multiply to one and just drive that home why you don't want to be able to get to zero is that if you get to zero and multiple points get to zero, you don't know what your original input is anymore because you can't get there.

You can't guarantee now that the random number you created can be like can be traced back.

Right. You have a collision in another way. You have, you have, you have two different, you could have multiple numbers that result to the same point on the curve, which doesn't work.

Oh, you know, you know what I'm being, so I'm creating a basic algebra series, like high school algebra series and one of the thing when we get into inverses, there's this story in like in mythology about somebody who had to go through a cave.

And fight all these monsters and like the gods gave, like they gave a different weapons to different people and like the person who traversed the cave is one, the one that God's gave a thread.

Because everyone went in this cave couldn't find the way out except the person whose weapon was a thread was able to find his way back out of the cave.

After, you know, being able to defeat all the monsters in the cave. And that's like really what this, it's, this is you holding a thread in a dark cave.

And, you know, do accomplishing whatever the quest is and finding your way back out of the cave and you want to, but you have to, the thread is the thing that tells you, you can find your way out.

You're not going to be lost, lost at sea, right?

Totally. And I think in the interest of building that thread, let's keep it to the simplest example with modulo seven.

Let's say, okay, one modulo seven is one.

That's my identity.

Two modulo seven is two.

You can go all the way up to six.

Is, you know, six, right?

And like if you jump ahead and say, okay, what's 10 modulo seven?

Well, if you divide 10 by seven, your remainder is three.

So your remainder is now three.

So let's talk.

You want to hit the, you want to, let's identify the pair, the associates that, you know, when you pair them up, our inverses of each other in the, in the finite field modulo seven.

So if we have two, right?

The inverse is the thing that we multiply to two that gives us one, which is four, right?

Because two times four is eight.

Modulo seven is one.

So two and four are called associates.

And they're basically two is the inverse of four.

Four is the inverse of two.

Just like in the reals, five is the inverse of one fifth.

One fifth is the inverse of five.

Right? So in the, but in the, in this number system, the finite field modulo seven, two is the inverse of four, four is the inverse of two.

If we hit the number three, right?

And I think the inverse of three is five.

It's three times five is fifteen, which wouldn't divide it by seven as a remainder of one.

So two and four are associates in versus of each other, three and five are associates.

So what have we left four and six?

Sorry, we, we have, we have two, we said two and four, three and five.

Yes, so we're all three and five.

And so six is kind of six is special, you know why?

Because you start going through, well, that's the only number left.

What the heck, right?

Six, before I do, before I do the big reveal, six modulo seven is six, but it's also negative one as, as it happens.

And this is a very interesting property because the number less than one is all that squit like it's its own inverse.

Because negative one times negative one is one.

Six times six is thirty six, which, you know, modulo seven, thirty five, seven times five is thirty five.

Thirty six minus thirty five remainder of one.

So six is its own inverse and the prime, whatever the last number, the like the largest number in your finite field is always negative one.

And it's always its own inverse.

Kind of cool.

Yeah.

Alright, it's like the last, and then that's the last, that's the last one.

So we identified, so it's it closes the field.

Everyone has a buddy.

That's right, everyone has a buddy and one obviously has a buddy.

We forgot.

We forgot.

You never want to forget one.

That's true.

It's very easy to do.

So everybody has a buddy.

And your buddy is your thread out of the cave, right?

And it's like the way so that when you go to the Bitcoin store, you don't have to tell people, hey, can you make sure you prove to me that my, my guy has an inverse so that my point is back on the curve.

Like I'm not going to like, you know, you have to trust that no matter what operations you do,

just be identifiable on that curve.

It's cool.

Great.

And these inverses is like you're saying when you're going to the Bitcoin store, it's basically when you're verifying a signature, you're doing this.

This is what you're doing.

Yes, you're verifying that the point exists.

And when you're doing, you're going to the Bitcoin store saying, hey, I have one Bitcoin.

I want to spend it somewhere.

The whole network is doing this math of finding the inverse to prove that you own the private key.

That's right.

Pretty sick.

Now, are they really doing the inverse though?

That's the question.

Right, because it's like they're not right.

They're not really doing the inverse.

Correct.

Does that take us to the next point?

Maybe we'll just put a pen in that one.

Right.

That because a couple of primitives, I think, are really like, so I think that I do want to talk about the Euclidean algorithm.

That's what I was trying to have now.

Let's go there.

So like none of this Euclidean algorithm is a fancy name for something we all started doing when we were seven years old, which is long division.

Right.

Or I'd say when we did long division when we were seven, we were kind of, we were doing the Euclidean algorithm without, without the name.

Would you say?

Yeah, you bring it to a level.

When you get to the point of long division, like third, fourth grade, you've done your addition.

You've done multiplication.

You started doing some multiplication.

And now what you're doing with long division is you're combining addition and multiplication to kind of undo the whole thing.

Yes, and we did this in a field.

We didn't know as a field.

We didn't know that all this stuff was nice, but we did it in a field called the real numbers.

Right.

With, well, using integers, really just using, we, using integers as coefficients.

Maybe we could say we did it in a ring, a ring of integers, but we didn't know about the structure.

We didn't know why this would all work.

Frankly, not to get to a field again, but we don't, we don't realize that a number is actually a linear combination.

It's a polynomial.

A number is a polynomial, which in polynomials form rings, and this is actually a while out of this works as well.

Meaning, like, you know, the number of 5,262 is 2 plus 6 times 10 plus, I already forgot the number, but like you get it.

It's a linear combination of powers of 10.

And we have powers of 2 in our binary numbers that are just, these are polynomials, they are a ring.

We do the Euclidean algorithm on a, we're pulling apart that polynomial with the base.

Would it be fair to say Euclidean algorithm, like, it's basically maybe another term from like 4th, 5th grade math, like greatest common denominator?

It's a way of finding that, it's a way of finding that.

And usually, when we were in 3rd, 4th grade, it was heartbreaking to have to find a remainder.

We're like, oh, no, no.

What I hate reminds me.

Isn't it nice and easy, even, and it all goes in nicely, yeah.

Right, but it's basically finding a greatest, and in our parlance, we call it greatest common divisor.

So, when I mention relatively prime before, basically when two numbers are relatively prime, it means there's no more, there's no more division you can do with any of them.

You're sort of at the bottom of the barrel of how much you can reduce your system.

But when there are greatest common divisors, this comes up like something simple like in the Pythagorean theorem, right, is of trying to sort of solve a lot of that stuff that, you know,

you have a 3, 4, 5, trying all 3 squared plus 4 squared equals 5 squared.

But like, that scales, like, you know, it's just all, that can all scale with size.

So, 3, 4, 5, and a 6, 8, 10, or this is kind of the same thing.

And so, we only want to really, in our systems, when we do this, we only want to operate in the system where there are no common divisors.

Right, that's sort of like a, it's not an axiom, it's more of just like, it makes it faster.

And easier to just always be, it's to not be that redundant, right, to say, well, it's kind of, you know, similar to similar modular arithmetic.

We're operating in the lowest kind of lowest atomic element of being able to divide these numbers.

So, the way that what the Euclidean algorithm does is it uses this recursive algorithm kind of mean.

It uses this recursive division of finding remainders to ultimately get sort of to the end and find out if there's a greatest common divisor between two numbers.

Well, find out what it is.

And if it's 1, that means those two numbers are relatively prime.

So, that's all to say, backtrack a little bit. I get a couple numbers like six and seven. I know they're relatively prime.

I know that if I divide seven into six, I get a remainder of one.

Boom, that is, that's how I, their greatest common divisors, well, I know they have no common divisors.

But if I'm dealing with numbers that are hundreds of digits long, it would be really nice if there was a way to find out if there were greatest, if, you know, if there was common divisibility.

You know, numbers of common divisibility among them.

I'm happy you started with six and seven for the 12-year-olds that are in the audience.

You did, you did it, like, you did it.

Yeah, it's all over.

No, but this is a really important point, though, right?

Is that being able to quickly be able to derive and understand these properties is just very important for doing this at scale.

And so while the greatest, so the Euclidean algorithm is a powerful way, this is, this is a rich thing in and of itself because, hey, it's a powerful way of finding common divisors, which is actually really important.

With that, with a common, in order to know that your field is real, is you have like a finite field.

You have to know that any two numbers are relatively prime. That gives you the property of the, that's part of what gives you the property of the inverse.

So like, you already know there's a flying the ointment.

If there's a greatest common divisor of any two elements in your finite field, that are not one.

So that's like an important thing to be, that's one way to verify this, right?

It's also that you can, there's this, I was telling you before we started, like, when I was learning all this a couple, like a year ago or two, and I was like really looking to try to teach it and rock it.

You know, one of the things I like, I like in a textbook is if there's like a code implementation that really shows me, and this is like part of how we got here to begin with, because like Bitcoin's code implementation is beautiful.

It's like so informative.

LiveSecP not so much, right? And it's like what the hell, right?

So if you ever ask, like I asked chat GPT, that was like the best AI at the time.

I said, you know, make me a function for the Euclidean algorithm.

I encourage you guys to do that, because it's what's so interesting about it is it'll give you literally one of the shortest, it'll give you a one line formula.

This is what I got one line that is like actually not maybe 30 characters long, and I didn't find that very helpful, right?

It's like what, what, what is going on? And then it's like, I wonder if you need to go to school for computer science to understand this, right?

But the more that it's ironic that the more I repeated, the more you repeat going through this and the more I did pen and pencil exercises on the Euclidean algorithm, just like any two numbers.

You just do your pen and pencil exercises, and I don't know how many it takes, but at some point it clicks that it's this recursiveness is, it's because it's recursive.

It's very clever that you can do it all in one line and just say just, you know, go until essentially go until, you know, until you can't go anymore.

But, and then output either one or whatever the final number is, right?

Like, it's a lot of what we do here is about going inside inside out the way you learn is inside out, not outside in, right?

You go to the bottom of the iceberg and you start climbing your way out.

And so I would encourage people to do exercises on the Euclidean algorithm and inside, inside out with real numbers.

Because it's just, again, it's the way, it's the beginning of understanding why entrusting, I mean, trust is a bad word.

It's the best word I have right now for saying, how do you know it actually works on numbers? You can't do this on, you can't do it by hand on or on the computer.

So, I don't know if you had any, any, any more on that one.

Rob is deeply thinking.

Deeply thinking and of microphone on mute.

So, looking through this, like, I think the pen and paper exercises good if people want to kind of follow along.

And I think the city guide is like a great way to like tee up the context around it.

Do we want to tie it back to finding the inverse with the extended Euclidean algorithm?

Yes. Yeah, we should do that.

I call it, there's a lot of things you can call, there's like, think called, based out of identity.

So, basically, when you do the, it's like, when you do a long division, you can then, you can then put that process in reverse to find the actual, you can come back to the two numbers you were trying to reduce to begin with.

Right. How would you approach this explaining this in words?

Well, this is just the idea that you, since the nature of multiplication, like we're talking greatest common divisor, like divisor denominator, whatever, like you're taking a system, you, it can go both ways.

So, you can start with the numbers that you're looking to find the greatest common divisor, or you can start with what that number is and work backwards to find the original numbers.

You're basically taking both sides, you can go A to B or B to A, and those are the same idea.

But the, I guess the powerful thing you have with the base-out identity is that what you have, if you, if you do have two numbers that resolve sort of that, with a, that a relatively prime, that algorithm tells you a relatively prime, right?

And what you now have is a linear combination of those two original numbers that resolve to the identity.

And so that you can sort of see the, you know, it gives you now powerful algebraic ability to eliminate, you know, to eliminate like a lot of factors when you're now doing math with those numbers, which is really what you're doing to begin with.

I know that probably didn't connect, but it's just like, what base-out identity says is that one, two numbers that are relatively prime, you can have, you can have any linear combination of those two numbers, and it'll equal one, modular, your modular that prime.

So in the modular rhythm take world, that's.

And, you know, so anytime you have numbers, anytime you have anything, when you operate it, and it resolves to one, your identity, you're going to be able to use that to essentially make the math easier down the line.

I don't know if that really covers it.

I'm pulling up right now to do a.

But that leads to from that little theorem, which I think is like the most important things.

Yeah, yeah, and I think like, no, in the bigger picture, we're talking about this large finite field for all the big points up, but like let's just talk about it at the simplest level if you were to take very small numbers.

So, let's start with, I have here, I just.

Please don't choose six and seven, please don't choose six and seven.

Let's do the universe of three modulo 17.

So we're trying to do is you're trying to say three times what equals one mod 17.

So this number 17, and what you do is you can take, well that's three times five plus two.

Because three times five is 15 plus two is 17, right? 17 is divided by three.

17 divided by three is five with the remainder of two.

And so you have three now equals two times one plus one.

And then you hit a remainder of one.

You stop.

You found the answer.

Now phase two is to build it back up.

You're kind of walking backwards.

Hold on, hold on, hold on.

Your remainder of two basically means that it's not your inverse though.

You have to keep on going.

You have to keep on going.

It's just the recursive nature of this.

Yes, that's right.

So you start with 17, right?

And you're trying to say, again, the question is, is.

So you do a Euclidean algorithm between, you do, you try, usually Euclidean algorithm to try to find the greatest common divisor of three and 17.

And this is like the tool, this is very hard to talk through, right?

But this is the tool of how helping you find the inverse of three with respect to 17 in that finite field.

Bingo.

And so just to walk through it again, the question is, if you're taking the inverse of, so you're saying in the problem is,

what number do I multiply by three in modulo 17?

Do I get one?

And so you say, okay, well I have this 17 number equals.

And what you do immediately is you start factoring out, you get three times five.

Well, I get, well, no, because I get a remainder of two, I get a remainder of negative two actually with three times five.

Three times five.

Well, it's the first step.

So I get a remainder of 15, right?

Negative two is, negative two is 15 in this system, right?

So I get, yes, there you go, right?

You have to keep on going.

That's the first step.

So if you're doing this with pen and paper, you have to keep on going, right?

And you can then go one more lap and say, well, three divided by two is one with a remainder of one.

And you hit a remainder of one, so then you stop.

So what does that tell you, though?

Let's just zoom out for a second.

In the modulo 17, I just know the answer six.

I know three times six is 18, which gives me a remainder of one.

So the real question is, I don't know if this can be talked through or if it's possible without a pen and paper.

But like, how does the Euclidean algorithm in general get you to that inverse?

And it's, you know, I think what it comes down to is when you're doing it, you realize that one of the things, you know, the base thing you're multiplying by is going, is essentially going to be zero it out because it has them, you know, you can zero it out because it has a multiple of your modulus.

Right. Right. It's like, and then what's what's left when you finally get the, when you finally get to a number that's lower than 17, that's going to be your inverse.

And maybe we, I do need to code your exact point, an example, three times six equals 17 plus one.

There's your remainder one. That's right.

So I know the answer six is very hard to take people through the steps of this thing to see that.

We're going to have to upgrade the production value and get a nice little interactive whiteboard going here.

Yeah. I'm like, I'm on it. I'm thinking about it. And that's why like the YouTube series is was designed to support this so you can see examples.

And, you know, when I, it's like when we sort of step in shit like this, that's when I discover what's needed.

Yeah. The way I would view it is like if you're viewing like this, this field in this system is like a machine.

What you're doing is you're labeling each part and disassembling it and reassembling it like a key of furniture.

Yes. Like that, you know, that's what, like it's a key of furniture. A field is like a key of furniture. Every single piece has a piece that you click in and there's instructions on how they all interact with each other.

And what we're doing in these operations is we're provably showing that you can take it apart, put it back together and kind of complete the system.

Yes. And I think, I think I'm debating whether to do this right now, but I'm going to do it. I want to read, I want to read the what I call the Steiner's lens blurb from the, you know, from the manual from the study guy because I just think it explain.

It finally does put words and explains like what I think is important here. So I'm going to do it. Okay. So basically, Steiner distinguishes between a finished thought, which is like a proposition we contemplate from the outside.

And a thinking activity, which is a process we follow through transformations, right? So thinking activities like the algorithm.

So an algorithm is closer to the latter. It is a living, thinking, not a static truth. When you follow the Euclidean algorithm, you're not contemplating a fixed fact.

You're participating in a thinking process that unfolds in time. Each step transforms the problem into a simpler version of itself.

So in the example here that you can, the greatest common divisor of 252 and 105 can be reduced to the, the greatest common divisor of 105 and 42.

I'll just pause for a second to say, because you can, you can get through that fair. That should be a step that people can do self-evidently.

By doing the division, 105 goes into 252 twice with a remainder of 42. So they have this, you can now, you have the same greatest common divisor between 252 and 105 as 105 and 42.

And then you do that step again, and you get a GCD of 42 and 21, which maybe some people recognize as 21, because 21 times 2 is 42.

So basically, again, you understand the algorithm, not by looking at it from the outside, but by doing it, entering into the process and following it through each transformation until it reaches its conclusion.

That's the, that's what I wanted to read from that. And what I want to kind of like also mention is that I just, I've always thought about this thing with Rudolph Steiner.

So my kids are in Waldorf schools, and one of the things I noticed very early on with my kids in that school, as it applies to this is, every kid in Waldorf school, an adult, if you ever go there, is knitting.

Knitting is a big part of the, big part of the education. And you know, part of it, what they talk about is emphasizing and working with your hands.

But what I saw was, particularly with crochet, is that you trust a pattern, and then you do it.

And you don't know until you're done that it was going to work, but you can't, but these people who look like hippies that sit around knitting all the time, they actually have high conviction in this algorithm.

And I remember seeing that for myself and telling people, you realize you guys are teaching math here without realizing it, because this is like, you're teaching people to trust an algorithm that's going to lead to this, you know, there's a reason why it always works.

And you know, if you, if your pattern didn't, didn't come out the way it was supposed to do, you messed a step up in that process.

But you learn by doing it, you learn by putting yourself through it, just because we have computers and AI doesn't mean you can shortcut that process of learning.

And so, you know, I would think of it like knitting a sweater.

Right. You just, you, all you know is the next step and the next step and the next step and the next step.

You're just repeating the same thing. Right.

But you do understand the structure of the thing and why it's going to, you do sort of understand why it does turn out, because why would you spend your time playing around with needles and threads like that?

If you didn't know it was going to turn out cool in the way you thought it was.

Right.

And so it's like, it's internally like you, it's, it's internally to you as a human being, you get an, you know, to gain the experience of, you know, this algorithm, which traces back to you,

like no one's improved on this in 2000 plus years. Right.

It's pretty remarkable.

And at the base of it again, it's just really trying, at the base of it, we're trying to find out if two numbers have a share, a common divisor.

Yeah.

But it gets you, but it also, it's so powerful that it also, you know, this traces back to the inverse problem.

I often think too that like sometimes like the reason why something like this like is thousands of years ago, and we haven't really been able to iteratively prove on it is because it's just, it's so simple.

And back then you did not have the aid of technology to try and like accelerate and complicate things and get more abstract.

You have to just sit there and think about it.

That was really your, that was really what you had.

And it's a beautiful property.

It's how I got to grow up too.

Like in like the kids without the internet got to grow up really sitting and thinking about the things they're doing like that.

And all the more reason why I think it's good to emphasize spending this kind of time.

It's getting you, this is all how the substitute for being able to go to the Bitcoin store and ask to prove to you that your key exists.

And should, yeah, should we take this now to, because we keep, there's a reason why we mentioned this a little bit earlier.

We're doing modulo seven, modulo 17.

Like you were very bold, you were very bold and going for 17.

Yeah, well, like the idea though, the idea of why we're picking these numbers.

And we mentioned it briefly earlier is that these are, what's unique about these numbers are they are prime numbers.

Right. Do we want to take this maybe a little bit to Fremont's little theorem?

Yes, we're going to go to Fremont's little theorem, which everyone knows about Fremont's last theorem.

But frankly, Fremont's last theorem isn't that useful to us.

Fremont's little theorem, oh my god, one of the most powerful, incredible little factoids that you can, we're now taking the pin out.

We're taking the pin out of, are you really calculating the inverse?

It's like, what are you actually doing? Like that's where I was uncorking that now to revisit that point from earlier.

So you remember when we said, boy, anything that resolves to the identity is very powerful, because we can then eliminate a lot of the math once we, because, you know, you multiply by one over and over again.

Guess what? Nothing changes, right?

So it's nice to just multiply things by one. I wish I could do it all the time.

But, you know, take a number like, so let's take this field, modulus seven, right?

And let's just take an element of our field that we know is a generator.

And I think, let's just, you want to just prove that two, do we know if two is a generator, or should we just go through that?

Let's just go through the exercise.

So we get two, two times two is four, right?

Two times, and then, so we get two, four, and six.

Well, this is on the additive side. On the multiplicative side, we have two, four, eight, which is one, right?

So two is not a generator, because it only gives you two, four, and one. It stops there.

And you have a closed loop, and it's not all of the points.

So that's not correct.

And for the benefit of the audience, once you get to, once you get to one, you're just starting the cycle again.

So two, one times two again is two. Two times two again is four, four times two again is one.

You're kind of on rails. You really can't get outside that cycle.

Yes. So, okay, two is not a generator.

And there's a, this is a number theory concept called the primitive root, primitive root.

And it's not that easy. It's not easy to find.

That's why we define the generator in Bitcoin, by the way.

When you go to the GitHub, you see the big capital G is defined already, so no one's going to have to sit.

It's the smallest number that can be the generator.

So let's now try three.

I have a good feeling about it.

Like two.

So three times three is nine, which is two.

So we get three, three goes to two, which goes to six, two times three, six, right?

So we get three to two to six.

And then we go to 18, which is six times three.

And modular seven, which is four.

So three to two to six, four.

Four times four.

So then we go to five.

Four goes to 12, right?

Do we do this right? Are you sure we did this right?

Three to six.

Three times four.

We're doing generator three.

Yeah, so three to six.

Yeah, so we got three, six, four to five.

Wait, sorry.

So three times three is nine.

Three goes to zero, seven is two.

Two times three is six.

Modulo seven is six.

So I don't want to keep three is 18.

I want to keep saying it.

We go three to two to six, right?

And you should be in your mind's eye.

Have the numbers one, two, three, four, five, and six, and crossing them off as we identify this.

So we started with three.

We went to two.

And then to six.

So those are crossed.

Six times three is 18, which is four.

Modulo seven is four.

Yeah, so three to two to six to four.

Four times three is 12.

That's five.

Modulo five.

So three to two is six to four to five.

And then five times three is 15.

Modulo seven is one is one.

So boom.

So three is the generator.

Three definitely gives us all six.

You can create all six elements.

And remember, this is the same thing we talk about when we say that

the, um, your, your lip, the points in the elliptic curve can all be generated by the big generator point,

which means when you have a private key, any number, any other number in the field multiplies to a point,

that's all we just did there with prime being seven, right?

So back to the back.

So back to the, so back.

So if you have a, um,

and I don't know if it was necessary for us to just do that, but it's good little refresh.

It was fun because we talked about generators last episode.

It's a good way just to kind of like nudge the concept real quick and we can go on to Fremont.

So, okay.

So in Fremont, we basically say any number, any number in that field to the power of p minus one is one.

And so that's really, that's really interesting.

You can go through the math on that.

But like we can just basically say, okay, we can actually say two to the sixth power is one.

We really did show it because we went two.

Remember, we went two, four, eight.

We just do it twice.

Two, four, eight, two, four, eight.

That's one, right?

Two, four, one, two, four, one.

So two to the sixth power is one.

We showed the three being a generator clearly three to the sixth power is one, right?

And then it gets kind of easy because four, if two to the sixth is one, then four to the sixth is one also.

Why?

Well, because four is two squared.

And so, you can just do the math and you're multiplying one by itself now, a bunch.

This is an important point, is that when you find that point, you can take that base number and multiply it again.

But you're just, if you factor it out, you're just doing one times one times one, however many times you're putting it together.

And this gets to the power because if two to the sixth is one, then two to the sixth hundredth is one.

Two to the sixth billionth is one, two to the...

I think because, okay, let's just go back, two to the six hundred is two to the sixth to the power of a hundred, two to the sixth is one.

One to the power of a hundred is one.

Thank you.

One to the power of a billion is one.

You want to hear something, you want to hear something kind of funny?

I'm going to expose part of my trick of how I taught my children a lot of this math, especially when it comes to algebra.

I get so frustrated with them not understanding these certain generalities that I basically showed them that I could substitute...

I don't need the number two, I could use a toilet seat as a variable.

And I should draw a toilet seat and put it to, say, the sixth power.

It's going to be one.

Any number, you know, if it's in my finite field.

And so, like, I use a called toilet seat math, where like, it just doesn't matter anymore, two to the sixth is one.

And one to any power.

One to the toilet seat doesn't matter what it is, it's going to be one.

So, here's the thing.

So, two to the six hundred.

Now, we said is one.

Two to the six billion is one.

Two to the six, good, Jillian is going to be one.

Which really, you're starting to get to the point where, okay, remember what we were saying?

Like, I can't even do this on computer.

I can't even do this math.

But I can do that.

But I know because of Vermont's little theorem that I can actually eliminate a large portion of this calculation.

I could reduce it to one and discard it.

Right.

So, you know, you want to know what's two, what would be, if I asked you two to the one thousandth power, right?

You would basically look at the one that you would say, well, what part of this can be reduced to one, right?

So, I know that like, I know nine sixty is going to be one.

So, I got forty left, right?

And so, thirty-six out of that forty is going to be one.

So, I know that nine, ninety-six.

I know two to the nine ninety-six is one.

Which, so, if I wanted two to the one thousandth, it's one times two to the fourth.

I know this is horrible.

Well, this is, well, what you're doing here, which is just important, is that you're taking, you're doing factoring,

which we haven't talked a lot on this podcast.

But anyone with, you know, I would say an elementary school math understands the concept of being able to break a number into smaller numbers.

And like, the number one hundred, you could also make ten times ten.

And what you're doing here in this exercise is you're breaking out each, you're doing factoring,

but you're explicitly factoring out what can I factor out that goes to one, because it's kind of just noise.

You're basically trying to, you're removing everything that doesn't factor the one, and then sitting in what's left.

Which is, in its own way, kind of what we've been doing with the modular arithmetic.

Like, like, what is a hundred modular seven?

It's like, okay.

Well, I know ten times seven is seventy.

Right. You just start pulling these things out until you get what's left.

And then you, instead of doing math on the entire number,

you basically take out the garbage for what you can, that you know just goes to the identity property immediately,

and then stick with what's left to do the remaining math.

But what, so from a little theorem, powerfully exploits modular arithmetic to make a lot of this actually really easy.

So you can make finding inverses formulaic.

As long as it's prime, as long as the field, as long as you feel this prime, which should light you up as like,

oh, this is part of why my modulus in Bitcoin's elliptic curve is also a prime number.

Correct?

Yep.

So that, you know, we're building, I feel like we're building a tower.

So maybe it's a little part of these bricks that we later, a little painful.

But we're building a tower to, how do we know based on what we can see invisibly verify?

Right.

How do we know Bitcoin works?

Right.

We're building, we're building a big tower.

From that little theorem, I have to say, man, this is one of the big mind blowing things.

And I remember in Jimmy Song's programming Bitcoin book, like seeing it being used, but not like really explained.

And I was like, oh my god, how do they, how do they do this?

You know, and it's like, okay, no, I gotta, you know, you go into some number theory textbooks and you just see it.

And I was like, oh my god, this is one of the real beautiful, beautiful things.

Yeah.

I got some documents that there's like many different ways to prove it.

It's very, like this is one of those things that like people locked into over the years.

Because format didn't like, didn't like proving a stuff.

But this one was.

Yeah.

So this one was easy.

Maybe for the sake of the conversation today, we can explain what the exact equation is.

And as a take home exercise or maybe on a future episode, we can go into an actual proof of it.

But if you have a field that is prime, let's call it P.

Finite field.

Finite field.

Finite field.

If you have a finite field that's prime, let's just call that P for prime.

The inverse of a number is that number to the P minus two,

modulo P.

Yes.

And so let's take our example earlier of a finite field of seven.

And you want to find the inverse of three.

Well, what you can do.

Wait, can I just stop you for a second?

Because it's like, I feel like I, and I, I'm just speaking from my own experience.

Sure.

Like, where did P minus two just go?

I think you just said it was P minus one.

And you did this whole exercise to show us that P minus one had this property.

Why are we talking about P minus two?

So it's because that's the benefit of showing it on paper, right?

Yeah.

So the actual, I skipped a step of the actual theorem and I kind of rearranged things.

So to go one level higher, A.

So if a field is prime, P.

A to the P minus one power equals one modulo P.

We just did that whole math.

We two to the 6,000.

We said two to the 6 is one, three to the 6 is one.

Any number inside that field, modulo seven.

Any number to the power of six is one.

That's the first thing.

That's the first step, right?

Because now what we're trying to do is, okay, what, what are the two?

Now, if I take a number in that field, right?

Yes, I can raise it to the power of P minus one.

But that's not what really we're trying to do now to find an inverse.

We're going to use that product.

We're going to leverage that property to find the inverse, right?

We're going to say what number do I multiply it by?

To get one, right?

And so to take it to the next level of the abstraction of the equation, right?

If you have that, if you're trying to look for the inverse of A in a prime field of P,

the inverse of A equals A to the P minus two modulo P.

And that's just basically rearranging the equation, which would be much easier to do

with pen and paper and a visual, but just take my word for it.

You can do it trivially yourself.

You could rearrange the equation.

Because what you're doing is you're basically trying to isolate the inverse of A.

So for the field seven, which is a seven's a prime number,

and to plug this into the equation, if you want to find the inverse of three,

so your three is A, so now you have three to the P minus two,

which is seven minus two, which is five.

So three to the fifth power is 243.

29, 27, 81, 243.

Bingo.

Right?

And so 243 will mod seven?

We're 243 equals five mod seven.

So what you do is, yeah.

Yeah.

So remember, we discussed this a half hour ago where we just said,

well, three times five is 15, which means those are those two are inverse.

Those are associates, right?

So like, how do you use Vermont's little theorem to get to that?

That's what basically Rob just did.

Right?

It took three to the power of five.

What we have the benefit of, like we've both been through a bunch of code

and a bunch of textbooks that take this property for granted,

and I don't know about you, Rob, but I have to do like how the heck do you just tell me

that this number to the p minus two is my inverse.

I see it implemented in Bitcoin books all, like, and so that it's,

it's because of this theorem, this property, right?

And so he just demonstrated with the number three,

let's maybe do an easier exam.

Remember, we also said two and four are inverses of each other?

So if I took two to the fifth power is 32, that's a lot easier,

I think, to see that 32 mod seven

is four.

Right.

28 to 32 is four, right?

28 is four from, it has a remainder, right, of four.

So that's just an easier way to, easier way to visualize it in our minds eye,

which is what we're trying to do,

difficulty on this podcast.

Of course, yeah, yeah.

Yes, and I mean, like, it's funny,

because you're going to even go to a smaller prime field.

You could pick the prime field of three if you wanted to.

You can make these numbers smaller, but with the core equation,

you can click and move these things.

Oh, and I'm going to just say,

if it bothers you guys, like, I just, if it bothers you right now,

that we just did this and it's not, it hasn't clicked,

that's fine.

I'm good with that because I'm hoping that just motivates you to just

get a pen and paper and do some of these.

Yeah.

Go to the study guy, go through the examples and check out,

like, it should bother you.

That's one of, that's, it's like, it should bother you,

as much as, yeah.

Any point, this is tripping you up,

you should be agitated and go figure it out.

A little bit, right?

It's just the same way it should bother you that you don't know,

you don't maybe know if your private key is,

if your private key is invertible.

Like, you don't really know until you actually learn this math,

it should bother, that should bother you too.

Yeah.

Right? And it should bother you a little bit that we're talking

through this, but like, yeah, if you go through this exercise,

two to the fifth, and why would we say, again, two to the fifth,

I'm so sensitive to this because I've been through this so many times.

Five is p minus two, right?

It's a two, so you got, again,

remember, p to the n minus one,

any number to the n minus one was one, right?

So we're pulling that apart and we're saying,

well, we take that number times what?

Well, that number times p minus two,

you add, remember, you add exponents

when you multiply the same number by itself.

So p minus two plus one is your p minus one

from Vermont's little theorem.

So Vermont's little theorem doesn't give you the inverse.

It gives you the property that allows you to sort of exploit that property

to find that inverse.

It's an extension.

It's like an application.

Yeah.

So any number to the n, but any number in a finite field,

module of p, you can multiply by that number to the p minus two

and boom, you get your inverse.

And that's going to, it's going to come in handy when you're multiplying

by numbers that are bigger than atoms on this earth.

Right.

Which I think to talk about that as a gateway

and to directly touch a little bit,

a little bit of just how this works in Bitcoin,

is that we've been using very small finite fields,

seven, 17, three, whatever.

The universe of what we're talking about, though,

in Bitcoin is 256 bits, right?

256 zeros and ones.

And like the size of that universe,

that would be really computationally huge painly asked to do all the time.

But you could already see how unwieldy it gets if my prime is 17.

Right.

And I want to just say two to the 15th.

But I can tell you two to the 15th is going to multiply by two

and give me the number of one in that field.

That much, I know, I know two to the 15th is my inverse of two.

Yeah.

I know that backwards and forwards,

because of Vermont's little theorem.

Even though I, do I know a two to the 15th is?

No.

I think it was a two to the 10th, 1024.

I can start doing it.

1024, 2048 is to the 11th, 4,096 is to the,

like that's what you should already kind of see in your brain

is getting unwieldy.

And that's only the number 17, okay, right?

Now you start dealing with computation that a computer can do.

It's going to get unwieldy at two to the 128th power.

Right.

It's going to start to get unwieldy.

Yeah.

Right.

Exactly.

And so there's ways that you can further kind of chunk this up,

so to speak.

So it's something that computers can do.

And this is also really important.

If, from a security standpoint,

the reason why it's a toast,

she started with 500 lines in the lipstick P.

Well, of the, of the lipstick P part of the code base.

And it turned, well, the sec P operations.

Avid podcast, mode of it,

the Magic Internet Math Superfan, Richard Hart.

Yes.

Last two weeks ago,

did a very correct technicality callout of what I said.

I was being very short and fast with my explanation of the sec P 256K1 curve.

That is not the lip sec P library Bitcoin uses.

The lip sec P library is kind of think of it.

If sec P 256K1 is like this theoretical,

like field that we use all of our public private key math and Bitcoin around,

lip sec P is the execution implementation of how you work with that.

And that actually didn't come to exist originally in Bitcoin.

Satoshi was pulling in, I think, from like an open SSL library originally.

And that has problems and concerns because the level of care you would put

for securing web traffic is different than if that library was securing money.

There's a different threat model involved.

And so the problem is that you need to compute this like A to the P minus 2 mod P.

But P instead of being 7 is 2 to the 256K1.

Not 256, 2 to the 256.

So 2 times 2 times 2 times 2.

And you get this number that's bigger than 2 to the 256 minus 2 to the 32 minus 976.

Yes, so I did a little bit of a shortcut there.

It's 2 to the 256 minus 2 to the 2 to the 32.

Just saving us from having to explain another correction next week.

We talked about this, we talked about this last...

Last episode.

2 to the 256 minus 2 to the 232 minus 2 to the 9 minus 2 to the 8 minus 2 to the 7 minus 2 to the 7...

two to the seven miles, two to the six miles.

I think that's 977, that last piece is 977, I think.

So there's 77 digits.

The number has one more five, seven, nine, two, zero, eight, nine,

two, and it goes on for 77 digits.

But the distinction, though, is because a general hash function

only uses two to the 256, right?

Yeah, and that's exactly right.

So when you're doing these operations,

they're kind of constrained and bound within that.

By the way, I got another correction.

I should just mention while we're doing via Rada section

of the podcast, because I posted the video series

to stack our news and somebody gave it to shout out

to fucking people who give these corrections.

By the way, and I wish I had your username,

you know, shout out Richard Hart.

And also, this is like, this is like Hart talking about,

Rob and I are not, yeah, we're trying to create a conversation

and we will miss some things.

And maybe, so I think the correction I got on stack our news

was the, I, and it wasn't on the podcast, it was on the video,

but the video is based on everything the podcast is based on.

It was that the K and cobb, the K meant cobblets curve

in sec p, which it was a very fine distinction.

And I'll be honest, I don't fully understand the distinction,

but there is a distinction here with the K in 256 K one.

Not exactly meaning that it's a cobblet,

not necessarily exactly meaning it's a cobblet's curve.

This is something I was, I don't even know if the correction's true,

but I was corrected, but, but the correction was like triangulated

by another like chat, another, uh, clawed call,

somewhere down the line in the valve.

It's like, oh, that guy's probably right.

Yeah.

Yeah, no, that's, don't trust verify, including us guys.

Um, yeah.

So for the moment, before I bake a bunch more videos,

before I bake a bunch more of additional errors,

we'll conclude the erotic section, but we'll do another one

in about 90 seconds.

Uh, so you have this really big number,

which I just fully listed out before,

256 X minus two to the 32 minus two to the night, whatever, right?

We need a good word, we need to need a good word for this.

It's the Bitcoin number.

It's a Bitcoin.

It's the Bitcoin prime.

It's the Bitcoin prime.

It's the Bitcoin prime.

It's the Bitcoin prime.

Well, it's a great name for a, it's a great name for a,

like a slop account that does news, the Bitcoin prime.

I like it.

I like it.

Yeah.

Um, so your, your, your finite modular prime field

is this massive number.

One that you're not going to be, we're not going to try

and manually calculate one of these out.

But what you can do is really interesting, um,

is that it's a binary number, right?

So if you have zero and one and then you just each,

each additional digit and binary is a new power of two.

So zero, right, is just zero.

One, you could have as the number one,

but then you add the next number.

So now you have zero, you have one zero,

and binary is the number two.

The number one, one, and binary is the number three.

Yeah.

And before I, like, yeah.

Yeah.

Yeah.

Let me like also just mention here.

If you got nice bar, that on my website,

on MagicInternetMath.com, there are, there is a, uh, game.

There's two games.

Actually, that I think are really cool and useful.

And you should go, there's, there are four skill building.

One is called modular.

It's a racing game doing modular arithmetic.

And, um, it progressively gets harder with, like we just did.

Like the first level is like mod five,

and then he goes like mod 17, and then maybe mod bigger numbers.

But like, um, so it's like, you can play against computer,

play against your friends, and get points, and build skill doing modular arithmetic.

And another one is bass.

Like I'm doing, it's conversion of binary decimal and hacks.

And I think it's the design it.

The thinking there is just get,

this would be a lot more fluid in easier conversation.

If we didn't have to like explain binary arithmetic all the time.

So like, it'd be good to know that like,

just off the top of your head, 1010,

and 1010 is the number 10, right?

It's just like, 1011 is the number 11 and decimal.

And like I think it's just helpful if you do enough of these.

And I, I made the game for myself.

Like I remember coding this in Florida,

and on the flight home, all I did was play this game over and over again,

doing these binary conversions.

And it's very helpful to see a four-number binary and know exactly

what number between zero and 16, or zero and 15 it is.

Yeah.

And so this is the tie that like,

I think being fluid in all of these different units that you do operations in,

is pretty important.

And the, the way I would tee this up to make this like a problem

because I started going down binary, which is a different representation of numbers.

But like, what's actually really interesting here,

let's say if you wanted to do three to the power of eight.

Three times three times three times three times three times three,

do it eight times.

And I'm keeping it as a small number to explain when you get to really,

really, really, really big numbers.

6401.

Right.

Like how, how big it can go.

It's my guess.

That's just my 64.

That's just my,

65, 61, 6561.

But what you can do though,

is a shortcut instead of doing three times three times three times three,

just start gripping them together and squaring them.

Three times three is nine.

Cool.

And then you have nine times nine is 81.

I try to do an 80 one square there.

You just did three to the four.

Yeah.

I try doing 81 squared in my head.

Yeah.

So 81 squared is 6561.

So instead of,

you could do three squarings instead of seven multiplications.

And it's like three versus seven.

Like that's not that big of a deal.

But like we're still dealing with small numbers.

When you start getting to the number of just actual,

like if you did it at these large,

like the Bitcoin prime number,

how unruly it gets quickly.

Well, here's the power of that, right?

If I said,

if I said you're doing mod 10, right?

And you said,

what's three to the eighth power mod 10?

And I already know 81 is three to the fourth.

And that's one.

So like, again, that's like my,

it's not from a little theorem.

This goes into,

it turns out that Euler generalized from a theorem

if your modulo is not a prime.

Yes.

And it's brilliant.

And I,

that's, I have a video,

I have videos buried in my youth.

It's got four views.

Okay.

But it's a really cool video of me actually sitting there

and doing all that math and showing you how Euler generalized

with the touch and function,

generalized from a little theorem for you.

If you're,

if your modulus is not prime,

then your finite,

you're sort of like what the analogy to the finite field

is now,

it's, it's a group of units that you know has inverses.

Well, this is where the grouping gets really interesting, right?

So we're getting to this like Bitcoin prime number,

which for the sake of conversation,

it's not two to the 256,

but you're doing two to the 256 minus two to the 232,

which is infinitesimally smaller comparatively,

it's effectively in the scope of being similar to two to the 256,

because the things you're subtracting away are just infinitesimally small

compared to the scale of it.

What's interesting about this is that it very nicely starts collapsing on itself

if you are doing the squaring trick that I explained,

where instead of doing two to the 256 multiplication operations,

you can square and multiply 512 times.

And that's something that, again,

a computer can do 512 mathematical operations trivially fast.

Yeah, by the way,

I'm really struggling right now because I want to,

I feel like I want to rename the podcast,

the Bitcoin prime,

the whole other,

the whole other issue that I'm dealing with in the back of my head right now.

So good.

Okay. Anyway,

I struggled with this algorithm squaring multiplier a little bit,

except the only way I kind of like reconcile it for myself

is when I think of,

by the way, this is all,

this is all Euclidean algorithm,

everything we were saying before,

it's just a way of unpackaging and repackaging the process of the long division.

What makes sense to me,

like I always struggle with bit shifting,

except when I think of it indesimal in multiplying.

You know, I always know that multiplying by 10 adds a zero, right?

Right.

In binary multiplying by two adds a zero.

This is like, that's the only way I reconcile that in my head is like,

that multiplying by the base is when it adds a zero, right?

Well, this is where I started with binary.

The reason why is because it's,

this basically the square multiply trick is leveraging binary representation.

And this is something we also,

I think briefly touched upon last episode,

is that the reason why the LibSecP library exists

and we're not using Satoshi's original code.

Is that when the math is actually the money,

you have to take us different security posture than if I'm securing my website

with an open SSL library.

One of the ways you can attack a system is called a timing analysis attack.

And so if you are able to,

if you're sitting on a computer,

and you're able to see the CPU usage,

and you're able to see exactly how it's spiking and how it's computing all of these numbers,

you can start inferring what the actual number is.

And if you know the number, you know the private key, right?

And so the way the LibSecP library handles this,

the reason why I was going with binaries is because like you said,

every time you multiply by 10, you add a zero at the end.

Every time you multiply by 2, you add a zero at the end

if you're doing binary representation.

You can take this number as 256 zeros and ones,

and you can just work on each of those.

The way LibSecP 256K1 gets around this,

is that no matter what the number is,

it basically does a bunch of extra garbage math,

so that it looks like it's taken the same amount of time,

no matter what the number is.

Let me ask you, let me try something here.

This notion of a timing attack is the equivalent in cryptography

of like knowing that the word the is a very common three-letter word,

and being able to say,

well, I don't have to brute force everything here,

I can actually, I know that E is the most popular letter,

and I know that I can try to substitute that

and get a good clue as to how I can eliminate a lot of them.

A lot of the brute force math, just by knowing those facts.

So a timing attack is sort of a similar way of reducing the computation

it takes to, because you're giving those clues.

I'll do a rare throwout to pop culture here.

And if anyone's familiar with the movie,

like the enigma with basically Alan Turing

and basically the war effort to decrypt all of the non-sequentication

in the movie, they have like the aha movement,

where they realize every single cable that the axis powers are sending

starts with Hyal Hitler.

And because it says that, they reverse engineer and say,

wait a second, we know for a fact they're always starting with this,

and they use that as a way to start deconstructing and understanding

the rest of the message that's being said.

And because of that, they're able to basically break down the entire thing.

That's a version of like in a way a timing attack.

Yes.

So that's really it.

So the ability to essentially, you know,

completely reduce a lot of the computation

that would otherwise be brute force,

because you've introduced a pattern.

Yeah.

And the...

I'm realizing, I'm waiting for the Southern power,

the law center to put me on their hate list,

I just said that on a podcast.

No, you know what you've done?

Not to get too excited.

The podcast is getting deep monetized now, losing my career.

No, not at all.

It's the other way around.

I've done this before because, you know, I'm a Jewish guy

and I talk about this stuff sometimes.

This podcast is over.

Well, some of my podcast partners have a theory that,

like, I've triggered the massage machine to...

And so because we've seen some spikes and downloads in certain episodes,

where we ended up talking about that and we're like,

what the hell?

Why is this happening?

So you might have...

You might have sparked...

I might have gotten a spike in downloads.

You might have hit the aggregator on this one.

Yeah.

For the CIA, Mossade, everyone listening, send some boosts.

Especially right now, right?

I mean, although it'd be hard to...

It'd be hard to be noticeable now in...

This is like two days after the Iron Attack

and everybody hates Jewish people in the world because of it.

I think they did before the two days ago, but also now.

They did.

Yeah, but now it's over.

Well, the noticing is definitely up there right now.

And so they might be...

They'd probably extend to the podcast.

I think you might have helped the download count.

There you go.

Perfect. Great.

But anyway, that's the example of a timing attack, right?

You have fingerprinting that you're able to always determine

as things look like and be like,

oh, if you're always starting with this or your point,

like, ease the most common letter, right?

And with the way the lipstick library...

The lipstick peach 56k1 library ultimately handles this,

is it adds a bunch of noise.

And so that every...

The computation for every number on the elliptic curve

looks like the same amount of computation no matter what.

And that was not part of the original library

because they were using the Open SSL library to secure websites

and stuff.

It wasn't securing the money,

but this is the stuff that everyone leverages and uses

when they're actually using Bitcoin.

Most hardware wallets import this library

as how they do their signature operations.

This is another example of why you don't want to roll

your own cryptography most of the time.

Because the moment you're like,

oh, I found a shortcut.

It doesn't even faster.

And then you realize like,

you're not doing constant time computation

and anyone who's sitting on your machine

can infer what your number is.

It's like, not a great spot to be here.

Yeah, so it's worth first, probably worth glazing,

because we want to get these guys in the pockets.

It's worth glazing.

Of course.

It's worth glazing, Tim roughing,

and Jonas Nick, a little bit.

Yes.

And the...

Like, you know,

it's a double-edged sword we talk about here

because, you know,

one of the reasons we've all gotten away

with not being Karen's at the Bitcoin store

is because these guys did all the work.

These guys are the managers,

and they're doing good work.

They did the good work already to make sure

that we didn't have to ask these questions,

even though we...

What Robin are doing now is saying,

well, it's back up a second, man.

These guys have done good work,

but are we always going to live in that world?

Where are those people are doing good work?

I mean, we don't...

We are adversarial by nature,

and we should be, and we should be...

We should have the ability

to know when to glaze these guys

and say good work,

because we can see...

You know, we can see what they've done

and understand it,

versus saying thank God

for being benevolent dictators.

Exactly.

Exactly, right?

So, like, I want to point out...

I want to make sure that that's clear,

and that we...

You know,

again, having the agency

to say good call, guys,

that's the kind of thing you only get

at the end of...

It's suffering through the end of this podcast.

It's a nice job to him, Ruffing.

Yeah.

Right?

Yeah.

Especially, like, we're...

I think we're getting to a point where...

I think we've just about

gone through all of chapter two.

We did a little bit of a sprinkle candy

at the end for those

that wanted to understand how it works

with LibSecP,

the library itself in Bitcoin.

There's...

Every single step of this library,

you could do a whole hour and a half long podcast,

talking about the nuances

and how they put the thought into it.

And it's a culmination of a decade of work.

We covered a lot of chapter three two here,

but we've stopped...

Where we've stopped short,

where we'll probably pick up next time,

if we don't have...

if we don't have our guest already,

where we've stopped short

is the discrete log problem.

Hmm. Right.

Would the discrete log problem be a good spot

to do solo,

so we're not bringing it up.

For sure.

And then you can tee it up.

Yeah.

I'm going to be at op next...

Same here?

...since now March 1st.

And...

I don't think we'll...

We'll also be presenting there.

Yeah.

We should try and just do a live rip.

That's a good idea.

Let's see if we can...

Let's see if we can finagle that.

Up next is April.

I'm looking at it right here.

15th or something like that.

It's in the middle of April.

16th.

Okay.

April 16th.

Thursday, April 16th.

I'll be in town in New York City

if you're going to be there.

Absolutely.

That would be...

And that would actually give us

one more...

I'm looking at the date.

That would actually give us two more podcasts

before we do a live show with them.

So if we could actually figure out

what we do for the...

If we get his scheduled look

from it and work for it.

He said he was interested in coming on.

But I didn't realize that if we're all going to be

in the same room,

it'd be really cool to just rip for 90 minutes.

Maybe you and I can do a pilot live rip

when we're in Nashville.

When I'm in Nashville.

Yes.

Because we don't know...

I do five podcasts.

I don't do a lot of live rips.

I don't even know if I have the

technical ability right now

so we can prepare for that.

Yes.

I would like that a lot.

That'd be great.

And I should be getting just back to

the Nashville for Grassroots Bitcoin

just as that's happening.

So...

Got what a month?

April's sick because we have...

We'll be in Nashville.

We'd have op-necks

and then we'll be in Vegas.

Yeah.

It's going to be a busy...

Maybe we'll do three live rips.

Yeah.

Bitcoin Plus Plus is happening before Vegas.

I may be...

And then there's a fish show.

Or we're going to start talking about...

There's a fish show.

There might be psychedelics and math and...

Combining everything together.

Yeah.

This might get out of control really quick.

But...

Yeah, dude.

This was cool.

This is great.

I like this banter a little bit at the end

because we just need to kind of like land...

Just land the ship a little bit that we're...

We just went through...

I think a lot of people just went through something kind of difficult.

And possibly injurious.

Absolutely.

And the reality is we are just...

It's baby steps.

We have a large driveway to shovel.

And it's baby steps.

And we just want good form.

And understand where we're going.

Whether you like the analogy of knitting a sweater.

Or you like the analogy of finding...

Navigating the iceberg.

This is about developing an ethic

of spending a little bit of time every day on this.

And eventually building something substantial.

A substantial bedrock of your foundation.

Agreed.

Yeah.

Just listen to the podcast.

Go through the study guide.

I think the ones every other week.

Cadence for these episodes is a good way to like...

Find an hour...

In every two weeks.

Just to flip through this stuff.

And then listen to the podcast.

Like is a good way to...

You know, over the course of a year.

And if you find the podcast later, just start doing that rough cadence.

So you get a chance to retain information.

Yeah.

Trying to provide a good way for people to get...

As like a ladder to get brought up into this.

That's right.

So just keep grinding.

Keep climbing.

And we will see you in two weeks.

Two weeks, please.