[00:00.000 --> 00:14.240]  I'm going to talk about the new breakthroughs that are happening in cryptography, the opening
[00:14.240 --> 00:31.880]  doors to unexplored spaces.
[00:31.880 --> 00:38.080]  I will try to speak louder.
[00:38.080 --> 00:50.560]  The free software movement and Linux at one time had power, it had vitality but then somewhere
[00:50.560 --> 01:03.160]  along the way we started to play catch up, we started to try and follow the competition.
[01:03.160 --> 01:10.240]  This on the desktop never happened.
[01:10.240 --> 01:20.560]  The once great browser Firefox, its market share dwindled to zero.
[01:20.560 --> 01:30.760]  Even this conference which has the best minds in free software community is funded by surveillance
[01:30.760 --> 01:35.840]  capitalism, Google, Microsoft.
[01:35.840 --> 01:46.560]  In this talk I want to talk about how we can escape the death trap and create the new paradigm
[01:46.560 --> 02:04.000]  of computing.
[02:04.000 --> 02:31.240]  This
[02:31.240 --> 02:41.960]  talk is dedicated to Peter Hintzians.
[02:41.960 --> 02:52.800]  Peter Hintzians was from Brussels and he was a programmer who, he wasn't born in Brussels
[02:52.800 --> 03:01.760]  but he lived and he died in Brussels and he really embodied the ideas of what elegant
[03:01.760 --> 03:04.040]  abstraction means.
[03:04.040 --> 03:14.040]  Abstraction is something which Don Pauli creates complexity, Don Well empowers the software
[03:14.040 --> 03:24.080]  developer but he was not just a good developer who made, for example, zero MQ which is really
[03:24.080 --> 03:29.320]  interesting conceptualization about how we could build distributed systems but he was
[03:29.320 --> 03:36.080]  also a theorist on creating free software, the social layer and creating free software
[03:36.080 --> 03:37.920]  communities.
[03:37.920 --> 03:46.640]  He taught us that free software is more than just having the code being accessible but
[03:46.640 --> 03:55.880]  it's an entire philosophy and when we create the good, elegant abstractions, it enables
[03:55.880 --> 04:01.040]  us to create software that's composable while not contributing complexity.
[04:01.040 --> 04:09.160]  This is like the basis of how the Linux architecture is created, there's components and rather
[04:09.160 --> 04:15.560]  than like in a Windows system where there's a system 32 filled with hundreds of DLLs,
[04:15.560 --> 04:23.440]  there is a component which people can modify and in our projects we try to embody his ideals,
[04:23.440 --> 04:29.880]  we try to carry his philosophy.
[04:29.880 --> 04:42.880]  So everything that we use today, the concept of the sockets, the processes, the file system
[04:42.880 --> 04:47.080]  was invented in the 70s with Unix.
[04:47.080 --> 04:58.600]  Since then, nothing has fundamentally changed about computing and when they created Unix,
[04:58.600 --> 05:06.680]  their vision was something that would enable deep collaboration between communities and
[05:06.680 --> 05:11.520]  the infrastructure that they created, the software, ended up becoming the basis of the
[05:11.520 --> 05:20.840]  web but they, at the time, they couldn't take their vision to its full conclusion.
[05:20.840 --> 05:28.040]  They didn't have the algorithms that we have now like around peer to peer and consensus
[05:28.040 --> 05:32.280]  and cryptography and so on.
[05:32.280 --> 05:41.040]  There wasn't huge network bandwidths, the resources in the hardware weren't as big.
[05:41.040 --> 06:03.520]  And since its invention, not much has changed.
[06:03.520 --> 06:07.280]  What is a zero knowledge proof?
[06:07.280 --> 06:20.720]  If I have a simple function and I call the function on a set of parameters or arguments
[06:20.720 --> 06:28.840]  and I produce a result, the return value of the function, if I want to show to you that
[06:28.840 --> 06:38.320]  this value that I've computed from the function is computed from some parameters that went
[06:38.320 --> 06:45.080]  into the function, then normally the way that you do that, like logically, is I would have
[06:45.080 --> 06:51.000]  to give you those input parameters and you have the function and you would compute the
[06:51.000 --> 06:58.600]  function yourself and get that result at the end and then be able to verify that the result
[06:58.600 --> 07:01.600]  is what it claims it is.
[07:01.600 --> 07:10.120]  For example, in a Bitcoin blockchain, you're doing transactions and everybody verifies
[07:10.120 --> 07:16.520]  the transactions that the computation is to advance the state machine to the next state
[07:16.520 --> 07:28.560]  is correctly done.
[07:28.560 --> 07:32.800]  Then there are two very interesting properties of ZK proof.
[07:32.800 --> 07:36.600]  So first, the ZK proof is succinct.
[07:36.600 --> 07:42.000]  What that means is the actual proof object that proves the computation that has been
[07:42.000 --> 07:45.560]  run on the values is very small.
[07:45.560 --> 07:49.640]  It's smaller than the input parameters that go into the function.
[07:49.640 --> 07:58.460]  You would expect that it would be some big proof, but actually, we save computation.
[07:58.460 --> 08:07.040]  When you want to verify that, you save computation compared to if you would compute the evaluation
[08:07.040 --> 08:13.080]  of the input values, what we call the witnesses yourself.
[08:13.080 --> 08:18.880]  The proof size is small and the time to verify the proof is very small compared to actually
[08:18.880 --> 08:22.520]  computing it and it can be anonymous.
[08:22.520 --> 08:27.320]  So there are some values that you put into a function to get a result.
[08:27.320 --> 08:30.080]  You don't know what S, X, and Y are.
[08:30.080 --> 08:36.120]  You know Z, you know Foo, but you don't know S, X, and Y and that enable us, they give
[08:36.120 --> 08:45.560]  us a very powerful technique in our arsenal, in our toolkit of anonymous engineering.
[08:45.560 --> 08:52.560]  So this is the general schema of ZK proofing.
[08:52.560 --> 08:54.840]  So you have a proof function.
[08:54.840 --> 08:58.280]  So that means that's how we generate a ZK proof.
[08:58.280 --> 09:05.480]  So you have some private values, the input values to your function Foo, and you have
[09:05.480 --> 09:09.680]  the output of the function, which are your public values, and you create a proof.
[09:09.680 --> 09:14.080]  And then I give to you the proof, and you want to verify the proof, and you have the
[09:14.080 --> 09:21.000]  public values from the evaluation of that function, and you get true or false back.
[09:21.000 --> 09:23.320]  So how does it work?
[09:23.320 --> 09:31.560]  This is obviously greatly simplified, but just observe this property.
[09:31.560 --> 09:38.640]  If I have polynomials, and I add two polynomials, and then I evaluate the polynomial, that is
[09:38.640 --> 09:44.680]  the same as evaluating the polynomials and adding them together.
[09:44.680 --> 09:52.080]  This is due to what is called mathematically the homomorphic property of the function that
[09:52.080 --> 10:02.080]  maps from the ring of the polynomials to the ring of the closure.
[10:02.080 --> 10:05.440]  And it works as well for multiplication.
[10:05.440 --> 10:15.440]  So just remember that homomorphic property, and then what we do is that function Foo,
[10:15.440 --> 10:18.640]  we do this step called erythmetization.
[10:18.640 --> 10:26.040]  So any code that you write, we turn that code into a set of polynomials.
[10:26.040 --> 10:27.680]  So how do we do that?
[10:27.680 --> 10:34.840]  Well, here imagine A and B are Boolean values, either 1 or 0.
[10:34.840 --> 10:39.000]  So how can we turn those into arithmetic expressions?
[10:39.000 --> 10:46.480]  So if you notice with those formulas in the top left, and these tables on the right, if
[10:46.480 --> 10:54.760]  you do the calculation, you will get the same thing as long as A and B are 0 or 1.
[10:54.760 --> 11:02.480]  When you perform those formulas, they are the equivalent to those Boolean expressions.
[11:02.480 --> 11:10.800]  And if you want to enforce, just as a side note, that a value s is in a certain range
[11:10.800 --> 11:17.840]  of values, for example, 0 or 1, well, it's just the same as saying s minus 0 multiplied
[11:17.840 --> 11:25.720]  by s minus 1 is equal to 0, which is the roots of the polynomial where it would evaluate
[11:25.720 --> 11:26.720]  to 0.
[11:26.720 --> 11:34.760]  That will be a degree to polynomial, and there will be no other roots of 0 there.
[11:34.760 --> 11:42.240]  And so we have that function foo, which, if you remember, where was it?
[11:42.240 --> 11:46.800]  It was here, this one.
[11:46.800 --> 11:52.200]  If s return x times y, else return x plus y.
[11:52.200 --> 11:54.040]  And how do we arithmeticize that?
[11:54.040 --> 12:02.120]  Well, you can see below that we have z is equal to sxy plus open bracket 1 minus s x
[12:02.120 --> 12:03.120]  plus y.
[12:03.120 --> 12:05.320]  Both of those are equivalent.
[12:05.320 --> 12:16.760]  So we've taken piece of code, we've arithmeticized it as a mathematical expression.
[12:16.760 --> 12:27.120]  So then we can use this Schwartz-Zippel lemma, which is rather than having to give you all
[12:27.120 --> 12:42.440]  of these huge degree polynomials, depending on the number of equations that you're checking.
[12:42.440 --> 12:49.280]  There is something that we can do where we can just evaluate a polynomial at one point.
[12:49.280 --> 12:51.480]  That relies on the Schwartz-Zippel lemma.
[12:51.480 --> 13:01.600]  So let's pretend that we have two polynomials that we're trying to check a multiplication
[13:01.600 --> 13:02.600]  of.
[13:02.600 --> 13:08.720]  If you remember in the first slide, we had fg evaluated alpha is equal to f of alpha
[13:08.720 --> 13:11.160]  multiplied by g of alpha.
[13:11.160 --> 13:22.360]  So these polynomials, if you notice, they're constructed so that they intersect through
[13:22.360 --> 13:24.640]  a certain number of points here.
[13:24.640 --> 13:34.560]  So the red one goes through 1, x equals 0, the red one goes through 1, x equals 1, the
[13:34.560 --> 13:42.000]  red one goes through 2, x equals 2, goes through minus 1, x equals 3, goes through 1, etc.,
[13:42.000 --> 13:43.880]  2, 3, 2.
[13:43.880 --> 13:48.520]  So that's a Lagrange interpolation of those points.
[13:48.520 --> 13:56.240]  And the yellow one, likewise, does the same, but for 0, 2, 2, 0, 2, 1, 3.
[13:56.240 --> 14:03.880]  So you can imagine those are the lines of our kind of proof or program that we're trying
[14:03.880 --> 14:04.880]  to enforce.
[14:04.880 --> 14:13.400]  So the first one might be that we want to check that 0 times 1 is equal to 0, and 2 times
[14:13.400 --> 14:17.800]  2 is equal to 4, and 2 times minus 1 is equal to minus 2.
[14:17.800 --> 14:20.480]  So how do we construct that proof?
[14:20.480 --> 14:28.360]  Well, if we multiply the points together, like so, we get a new set of points.
[14:28.360 --> 14:36.400]  And then, because these polynomials are degree 6, to create the polynomial that comes from
[14:36.400 --> 14:44.520]  multiplying these two polynomials, we need 12 points, which are multiplied from both
[14:44.520 --> 14:47.100]  of these, but I've only done six here.
[14:47.100 --> 14:55.840]  So then we have these points, and we interpolate, we draw a polynomial interpolating those.
[14:55.840 --> 15:02.800]  So this is the new polynomial we get, the pink one.
[15:02.800 --> 15:17.280]  And if you remember this relation from earlier, we now have this polynomial FG, and therefore,
[15:17.280 --> 15:25.720]  if there is a protocol where a random point or a random X value is selected, then it's
[15:25.720 --> 15:38.720]  sufficient to prove that there is this evaluation at this combined polynomial FG of alpha is
[15:38.720 --> 15:44.520]  equal to evaluations of the other two polynomials multiplied together.
[15:44.520 --> 15:50.640]  And therefore, you can be sure that that pink one is the multiplication of all the individual
[15:50.640 --> 15:59.000]  points, because the random point and the probability of you being able to preempt that is basically
[15:59.000 --> 16:04.000]  nearly zero.
[16:04.000 --> 16:20.280]  And so we can actually see here, if we look at any two points, the top two is the red
[16:20.280 --> 16:27.880]  and the yellow one, and the white one is actually the multiplication of the two points, and
[16:27.880 --> 16:30.160]  the purple one is the purple one.
[16:30.160 --> 16:40.520]  So we've actually created the polynomial which have this property at all points along it.
[16:40.520 --> 16:46.400]  And because it has this property, it's sufficient just to pick a random point and check that
[16:46.400 --> 16:54.960]  that's true.
[16:54.960 --> 17:04.320]  And there is another puzzle piece which is the polynomial commitment proof.
[17:04.320 --> 17:12.960]  So essentially, you can create a commitment of a polynomial which is like hashing a polynomial,
[17:12.960 --> 17:16.960]  and you don't know what the polynomial is, so this is where the zero knowledge property
[17:16.960 --> 17:28.160]  come from, and then there's an object representing a polynomial in your system, and any time
[17:28.160 --> 17:36.280]  you can create a proof using the polynomial which has this statement on the right, which
[17:36.280 --> 17:51.240]  says that the f is a commitment or hash of this polynomial f, and z is equal to an evaluation
[17:51.240 --> 17:53.640]  of f at s.
[17:53.640 --> 18:03.360]  And so that's what that open does is it creates this proof on the right, and then I can give
[18:03.360 --> 18:09.120]  you this proof, and I can give you the commitment to the polynomial, which is just a hash of
[18:09.120 --> 18:15.840]  the polynomial essentially, and you can verify that whatever polynomial is inside of f is
[18:15.840 --> 18:26.120]  equal, is the z is equal to f, or evaluator s, and the same principle is true for addition.
[18:26.120 --> 18:32.360]  So we have multiplication and we have addition, which means we can construct any NP-complete
[18:32.360 --> 18:35.640]  program inside of zk proof.
[18:35.640 --> 18:43.800]  Also, another technique is multi-party computation.
[18:43.800 --> 19:11.880]  So in NPC, so with a zero knowledge proof, I can compute a value, I can prove a statement
[19:11.880 --> 19:21.720]  about some values that I hold, but maybe sometimes we need to compute, or other people need to
[19:21.720 --> 19:28.120]  be able to know certain facts about other actors in the system, and maybe they don't
[19:28.120 --> 19:35.560]  have the incentive to create a zk proof or to prove statements about values that they
[19:35.560 --> 19:36.560]  hold.
[19:36.560 --> 19:44.240]  So that's where we use another technique that's called MPC, and I will show you how we can
[19:44.240 --> 19:47.960]  do addition of values with MPC.
[19:47.960 --> 20:00.280]  So Alice has some number, some secret number, 110, and Alice and Bob has some other number,
[20:00.280 --> 20:12.800]  1177, and Alice now splits her number randomly, such that those numbers add up to 110.
[20:12.800 --> 20:17.680]  So if you add them up, it would be 110, and then sends them to each other's servers.
[20:17.680 --> 20:23.800]  So none of the servers know what Alice's number is, but they know parts of it.
[20:23.800 --> 20:28.720]  They can reconstruct it if they collude, but we're assuming they don't collude, and then
[20:28.720 --> 20:36.900]  Bob does the same thing, he sends his numbers, and now when we want to compute an addition
[20:36.900 --> 20:42.600]  of the values, each of the server will add the values together, and now they get these
[20:42.600 --> 20:44.560]  new values.
[20:44.560 --> 20:56.040]  And if you look, those values added together when they reconstruct it is the answer of adding
[20:56.040 --> 21:04.040]  the two private values together, and multiplication is similar, but slightly more involved, but
[21:04.040 --> 21:05.760]  also it's possible.
[21:05.760 --> 21:12.840]  So MPC is another powerful technique.
[21:12.840 --> 21:20.680]  Also we have homomorphic encryption, so very simple partial homomorphic encryption is simply
[21:20.680 --> 21:24.880]  this function, which is elliptic curve multiplication.
[21:24.880 --> 21:31.360]  So if I have two values, and I add them together, and I multiply them by the generator of an
[21:31.360 --> 21:37.040]  elliptic curve, or just some point on the elliptic curve, that is the same as taking
[21:37.040 --> 21:44.360]  the value multiplying it by g, and then adding it to the other value multiplied by g.
[21:44.360 --> 21:54.400]  So homomorphic encryption, the original idea in the 80s was there's a cloud, and anybody
[21:54.400 --> 22:02.600]  can put values into this cloud, but they're encrypted, and then other people can compute
[22:02.600 --> 22:09.320]  answers encrypted for a certain public key.
[22:09.320 --> 22:18.880]  So you can use this to make computations on secret values.
[22:18.880 --> 22:30.400]  From an abstract level, there is this new emerging field of anonymous engineering, so
[22:30.400 --> 22:38.400]  we can compare it to other forms of engineering, so for example when we have software, we write
[22:38.400 --> 22:48.000]  these instructions that run on a CPU and execute, and when we do cryptography we try to use
[22:48.000 --> 22:56.560]  deep mathematical laws to try and create primitives or schemas, but the anonymous engineering is
[22:56.560 --> 23:01.720]  actually using those different techniques like the ones I just showed, or other ones
[23:01.720 --> 23:10.160]  like VDF or hash function, public key, asymmetric crypto, et cetera, to try and come up with
[23:10.160 --> 23:19.680]  schemas that enable certain forms of applications with invariance to hold.
[23:19.680 --> 23:31.120]  So let's give the first practical example, which is I have a set, I have a set of values,
[23:31.120 --> 23:41.240]  and this set is just represented by a single hash, and I want to prove that my value is
[23:41.240 --> 23:50.320]  in this set of objects, so to do that we have to construct something called a Merkel tree,
[23:50.320 --> 23:59.960]  so let's say we have eight values, and what we do is we take two values at a time, so
[23:59.960 --> 24:08.080]  we take the first two values and we hash them together, so we get hash of them, and let's
[24:08.080 --> 24:17.560]  represent that by A, and now let's hash the next two values, we get another node B, and
[24:17.560 --> 24:26.280]  then we hash them together and we get another node, so we get this kind of tree which the
[24:26.280 --> 24:34.360]  root R represents the entire set of values, and this is a simplified diagram, normally
[24:34.360 --> 24:42.320]  these might be 32 layers, so two to the power of 32 values will be in the tree, so for example
[24:42.320 --> 24:51.560]  we had V1 and V2, and we hash them together and we get A, and likewise we have V1, V3
[24:51.560 --> 24:59.880]  and V4, we hash them together and we get B, and then we hash those together and we get
[24:59.880 --> 25:07.480]  AB, and then we do the same, we do the same on the right hand side and eventually we get
[25:07.480 --> 25:19.360]  to R, now if I have some value, any value, let's say, I don't know, V5, and let's say
[25:19.360 --> 25:29.720]  we also have R, how can I prove to you that I have, that V5 is in R, well what I need
[25:29.720 --> 25:37.640]  is a pathway to be able to get to R, so what does that pathway mean, so for example if
[25:37.640 --> 25:53.120]  I give you V6, then we can hash those together and we get C, and then if I give you D and
[25:53.120 --> 26:03.760]  we hash those together, then we get CD, and then if I give you AB and we hash that with
[26:03.760 --> 26:11.960]  CD, then we get R, and then I've proved to you that V5 is in R, using, instead of needing
[26:11.960 --> 26:16.800]  to give you all of the items, I just give you a logarithmic number of items, I give
[26:16.800 --> 26:22.200]  you a smaller number of items, so it's faster, it's used as a technique, but it can also
[26:22.200 --> 26:28.800]  be used to create an anonymous inclusion proof, so we can anonymously prove that there is
[26:28.800 --> 26:35.760]  some value in R, and we can even encrypt that value, or we can prove other statements on
[26:35.760 --> 26:42.960]  that value, so I'll show you some code, how that looks like, maybe I can put this mic
[26:42.960 --> 27:09.960]  somehow, like this, yeah that would be great, I need to speed up, but here is the proof,
[27:09.960 --> 27:15.720]  you see the Merkel route at the top, we're saying, and there's a pathway, we're proving
[27:15.720 --> 27:25.560]  some values in the route, and then we're re-encrypting the value, and we're exporting it, and, yeah
[27:25.560 --> 27:32.920]  hold it, yeah, and to compile it, and then I compile the proof, like this, so it's compiled,
[27:32.920 --> 27:49.640]  and then I have, sorry it's here, I have the code which actually computes the Merkel tree
[27:49.640 --> 28:03.280]  with the value, but then also you see, includes the ZK proof code, and then creates the witnesses,
[28:03.280 --> 28:09.840]  and where is it, and then loads the circuit, and then creates, constructs the proof here,
[28:09.840 --> 28:17.520]  so now we get a proof, and then for the verifier we do here, we verify the proof, so we can
[28:17.520 --> 28:43.400]  just run that, like so, ah, okay, no internet, but anyway, let's not worry about that, okay,
[28:43.400 --> 28:54.160]  so then we can use that to create anonymous voting, so how do we do that, well, we say
[28:54.160 --> 29:03.640]  on the, we create, when we create, constructs the people who are going to vote, we create
[29:03.640 --> 29:08.880]  something like a coin, and there's like a, you generate a random serial number, that's
[29:08.880 --> 29:13.720]  private, and you just create this commitment to it, and then when you want to use up your
[29:13.720 --> 29:21.200]  vote, then you burn the coin, and you make that public, that secret value S, which means
[29:21.200 --> 29:27.520]  you can't ever generate the same thing again, because that value is deterministic, and then
[29:27.520 --> 29:34.160]  you just, you prove that there is a C, that's the hash of S, and that C is in the tree, using
[29:34.160 --> 29:40.360]  the previous inclusion proof, and so how do we change that to do anonymous payments, well,
[29:40.360 --> 29:47.400]  it's very similar, except now this coin, not just being a hash of S, is also a hash of
[29:47.400 --> 29:59.160]  value for the coin, so it's two and four, which are owned by Alice, and then when we
[29:59.160 --> 30:05.080]  want to spend that coin that Alice has, then we reveal those serial numbers, and we can
[30:05.080 --> 30:15.800]  compute the partial homomorphic encryption of the two and the four, and we create this
[30:15.800 --> 30:23.360]  transaction with two outputs, and we create the two new coins, like we showed before in
[30:23.360 --> 30:27.840]  the previous slide, but we also want to prove that the value that goes into a transaction
[30:27.840 --> 30:34.080]  is the same as the value that goes out, and we do that using homomorphic encryption, like
[30:34.080 --> 30:40.560]  we showed earlier, and you see here, we've got the two plus the four is equal to the
[30:40.560 --> 30:49.800]  three plus the three, so there we go, then we can do atomic swaps with different types
[30:49.800 --> 30:59.520]  of assets, so Alice constructs her input and one output sending to Bob, Bob takes the transaction,
[30:59.520 --> 31:05.400]  adds his input and one output sending to Alice, Bob also signs the transaction, Bob signs
[31:05.400 --> 31:12.840]  and sends the finalised transaction, we can also do something where you have a network
[31:12.840 --> 31:25.720]  with anonymous spam protection, so you have a sharing scheme, and normally, so basically
[31:25.720 --> 31:33.120]  with this, you have this evaluation, I'm going to go fast now, and when you want to send
[31:33.120 --> 31:42.880]  a message you compute the message M, you compute this X and Y, and if in one epoch, you again
[31:42.880 --> 31:50.480]  create another message, so you're spamming the network, then you get these values, which
[31:50.480 --> 31:58.760]  using the equation on the first line, you can compute what A0 is, and A0 is actually
[31:58.760 --> 32:03.720]  your secret key, and so then that means that whenever you try to send another message to
[32:03.720 --> 32:09.360]  the network in any other epoch, now you've lost your account, you can never send, but
[32:09.360 --> 32:19.160]  it also means that messages are unlinkable, so you have unlinkability, we can do anonymous
[32:19.160 --> 32:29.240]  auctions using MPC, so Alice has bids $4, Bob bids $6, they do a computation, they compute
[32:29.240 --> 32:41.800]  who's the winner, we can do anonymous WikiLeaks, so I have this thing.jpeg, and then there's
[32:41.800 --> 32:47.440]  a protocol where, you know, I've said that this is, I've made some claim about what this
[32:47.440 --> 32:54.720]  file is, and it selects a random chunk from the file, and then we verify, yep, that file
[32:54.720 --> 33:00.360]  is what it claims it is, and then there's an auction on the remaining chunks, and the
[33:00.360 --> 33:14.320]  winners of those auctions decrypt the remaining parts, and then the file is decrypted, so
[33:14.320 --> 33:30.080]  if you go to doc.fi website, and you go to the docs section, we have, where is it?
[33:30.080 --> 33:36.840]  So go to the website, and there's also a blog called Insights, we have our own peer-to-peer
[33:36.840 --> 33:45.080]  anonymous chat, there's no concept of identities, so if you go to the doc, there's a section
[33:45.080 --> 33:56.000]  called IRCD, and we have a weekly meeting every Monday, but also there's a crypto section,
[33:56.000 --> 34:14.760]  ZCAS section, testnet guide, you know, we're looking for good devs as well, so, conclusion,
[34:14.760 --> 34:27.040]  so, we missed the mobile and the desktop, will we also miss the crypto renaissance, this
[34:27.040 --> 34:33.720]  is like our best chance to capture value for development, like, this is the biggest problem
[34:33.720 --> 34:38.560]  with creative people, is they create value, they don't necessarily have a way to capture
[34:38.560 --> 34:46.840]  some of that value back, we now have techniques to do that, we were promised this future of
[34:46.840 --> 34:56.920]  computing in the 90s, you know, the interface is, whatever happened to that, never got it,
[34:56.920 --> 35:08.880]  and now, our phones, they're filled with all these dog shit, electron apps, like, that's
[35:08.880 --> 35:14.720]  a failed paradigm, we're literally trying to copy Silicon Valley, I'm optimistic that
[35:14.720 --> 35:20.080]  now people are actually going, actually, no, Linux is different, we're distinct, we have
[35:20.080 --> 35:25.920]  our own energy, but we need to rediscover that, we need to create something that's new, because
[35:25.920 --> 35:31.760]  their model is about capturing users under surveillance capitalism, to extract value
[35:31.760 --> 35:37.400]  from them, our model is we create infrastructure, we create economic value for our networks
[35:37.400 --> 35:46.200]  to become strong, and as a movement grow powerful, it's a different way of thinking, open source
[35:46.200 --> 35:52.320]  was a mistake, you know, like, we discarded the beating heart of what gave us energy,
[35:52.320 --> 35:57.840]  so we need to conceptualize the computing paradigm, so, you know, let's build something
[35:57.840 --> 36:02.920]  new, like, actually inventive, so if I have a couple of minutes, I'm actually just going
[36:02.920 --> 36:32.800]  to show our website, so I can show where to find docs, okay, I guess there's no, no,
[36:32.800 --> 36:40.980]  I'm not there, come on to it, go into it.
[36:40.980 --> 36:59.440]  All right, let's give a tour of how docsos, so here, there's book, I talked about peer-to-peer
[36:59.440 --> 37:04.440]  distributed IRCD, you see there, instructions.
[37:11.000 --> 37:13.520]  There's also crypto section.
[37:15.880 --> 37:16.720]  You see here.
[37:18.000 --> 37:21.600]  And also implementations.
[37:22.640 --> 37:25.360]  There's a ZK explainer and also implementations
[37:25.360 --> 37:27.680]  of most of the major ZK algos.
[37:30.720 --> 37:34.480]  And also, probably more interesting for you guys,
[37:34.480 --> 37:39.480]  the ZCAS stuff, like how anonymous voting works
[37:39.480 --> 37:41.620]  and also anonymous payments.
[37:44.800 --> 37:48.080]  All right, I just showed the distributed chat.
[37:49.000 --> 37:50.560]  You just run a daemon like that.
[37:50.560 --> 37:55.560]  Open my WeChat, bam, here we are.
[37:59.080 --> 38:02.240]  There's encrypted channels as well.
[38:02.240 --> 38:05.000]  You just set in your config file an encrypted channel
[38:05.000 --> 38:06.880]  and then we have a chat.
[38:06.880 --> 38:09.160]  See I can chat with other people.
[38:09.160 --> 38:10.640]  So, yep, that's it.
[38:10.640 --> 38:12.000]  That's my talk.
[38:12.000 --> 38:13.080]  Thanks very much.
[38:13.080 --> 38:20.080]  Thank you.