WBD560 Audio Transcription

Bitcoin Privacy Through Statechains with Nicholas Gregory

Release date: Wednesday 28th September

Note: the following is a transcription of my interview with Nicholas Gregory. I have reviewed the transcription but if you find any mistakes, please feel free to email me. You can listen to the original recording here.

Nicholas Gregory is the CEO of Commerce Block, the company behind Mercury Wallet. In this interview, we discuss how they have used statechains to develop a virtual version of Opendime, the balance of trust and privacy on layer 2 protocols, and onboarding Lightning users.


“We send around UTXOs, at the moment those UTXOs are Bitcoin, they could be lightning channels. Now, there’s a lot of complexity there, but I think that’s where we’re gonna go where you’d be able to move around lightning channels, and that’s like swapping around your checking account.”

— Nicholas Gregory


Interview Transcription

Peter McCormack: Afternoon, Nicholas, how are you?

Nicholas Gregory: Good, how are you?

Peter McCormack: I just asked if you prefer Nicholas or Nick and I called you Nicholas, but I have a habit actually of doing that.  I call Jeremy, Jeremiah; I call Danny, Wanker!  How are you?  Good to see you.

Nicholas Gregory: I'm good, thanks.

Peter McCormack: Thank you for coming to Bedford.

Nicholas Gregory: Thank you, I enjoyed the trip.

Peter McCormack: It's going to be an interesting conversation.  We're going to be covering some things along a line of things we've been doing recently.  As you mentioned before we started, we interviewed Paul with regard to drivechains; we've had Seth for Privacy on; we also just had Max in from Wasabi Wallet.  Privacy is out there, it's something people are discussing quite a bit.  We had Obi on to discuss Fedimint, which I think might come up today.  So, yeah, really interested to talk to you about statechains.  It's not anything I know particularly much about, interested to learn, but just before we get into that, can you just tell the audience about yourself, who you are, give us your Bitcoin story?

Nicholas Gregory: Yeah.  So, I'm a technologist, I used to write a lot of code, started in Silicon Valley, moved back to the UK, then I ended up in New York working for the banks, but writing software for banks.  And around 2012 while in New York, I just slowly started getting into Bitcoin.  I didn't get into it straightaway, questioned it a lot, didn't really understand the ten-minute block times.  But then eventually, a guy I met told me you could mine Bitcoin and you could make money, and that really tweaked me; and from that, the journey started and I think I went full time around 2016, left New York around 2017, and been full time ever since.

Peter McCormack: Did you like New York?

Nicholas Gregory: I did, it's a great city.  It's a bit like living in a night club.  After a while, it was time to leave.  I got to the stage where I couldn't really live in Manhattan anymore.  I had a kid, it was too noisy.  The choice of New Jersey, Connecticut, Westchester or London, I think I preferred London.  But Manhattan as a single guy, great fun.

Peter McCormack: Yeah, I'm a big fan of New York.  I never really got into the underground fight scene there, but…!  Come on, man, I cannot talk to you and not talk to you about this particular subject.  Danny told me about this.  You were in an actual fight club?

Nicholas Gregory: Yeah.  Funnily enough, since I've left, it's become bigger than when I was actually there.  When I was there, it was just two or three guys playing with martial arts, going to some interesting parts of New York and just exchanging ideas.  When I left, it's become big, and I'm a bit like the Satoshi Nakamoto of that fight club, in that they probably remember me as a tougher guy or more revolutionary!  But it wasn't really much. 

Essentially, I'm a martial art hobbyist, had a few amateur fights in China, nothing special.  When I went to New York there was an ad somewhere from a Muay Thai guy who wanted to meet up in Central Park and train with people who'd done different things, and it kind of grew from there.

Peter McCormack: Was it one of those ads where they leave little tear-offs?

Nicholas Gregory: No, this was before -- this was in the early days of martial arts and the internet, and it literally was, I met a Muay Thai guy, we put a bigger ad, and it was exchanging ideas.  It wasn't like Fight Club, there were no bloody faces, and it was just fun.

Danny Knowles: You've ruined it!

Peter McCormack: Yeah, you're ruining it, man!

Nicholas Gregory: But what was interesting, there are some videos.  If you search hard enough on YouTube, there are some interesting videos where I go dressed as an English gentleman in a pinstripe suit in some of the roughest parts of New York and meet other guys there, and we'd spar.  That was what was fun about it.  And some of the guys on YouTube were quite famous in martial arts at some point in time, and that was the cool bit; you got to meet people from different backgrounds, and it's become bigger since I left, and I'm like one of the founding members, which is quite hilarious!

Peter McCormack: Was it like street sparring, or were you going to gyms?

Nicholas Gregory: There was one street sparring session on the north side of Central Park.  There is a video on YouTube about it if you looked, but no one's trying to kill anyone.  It really is exchange of ideas.

Peter McCormack: Well, Fight Club, the film, was an exchange of ideas.

Nicholas Gregory: Yeah, but there's that famous scene in Fight Club where I think Brad Pitt's battering someone.  That never happened.  Occasionally someone would get a cut eye or broken nose, but nothing --

Peter McCormack: Was it anything beyond the martial arts; was there an exchange of other ideas; were you all aligning at the same time?

Nicholas Gregory: Yeah, and you have to remember MMA wasn't legal in New York.  So, MMA only became legal in 2016, maybe 2017.  That's why when Connor McGregor fought for the first time in New York, it was quite a big deal.  So, that's why it happened, you couldn't fight MMA in New York, and it was kind of controversial at the time.  So, that's why these kinds of things popped up.

Peter McCormack: Have you found it?

Danny Knowles: How do I find this video?

Nicholas Gregory: If you type, "Wing Chun brotherhood", and there's a picture of me in a kind of --

Peter McCormack: I've heard of Wing Chun.  Is that the fast-hands thing?

Nicholas Gregory: Yeah, movie stuff.

Peter McCormack: Yeah, I've heard about that.  I think somebody I used to work with did Wing Chun.

Nicholas Gregory: Yeah, it's bigger in the UK than it is in the US.  I think that's more to do with the UK's relationship with Hong Kong, because it came out of Hong Kong and obviously we have a close relationship, as a lot of people from Hong Kong came to the UK and taught it.

Peter McCormack: Are you still active?

Nicholas Gregory: I'm not active in Wing Chun, I left that about five years ago.  I'm still a regular with Brazilian Jiu-jitsu.  I just enjoy it.  It gives me an outlet outside of crypto, outside of life, and I tend to go to Jiu-jitsu three or four times a week at 7.00am, and it's just different, it's just fun; it keeps me in shape.  I'm not into going to a gym, I'd rather just train.

Peter McCormack: It seems to me it's grown massively this last few years.  I think Rogan's helped with that.

Nicholas Gregory: Joe Rogan's big into Brazilian Jiu-jitsu and he's quite senior in terms of what he's accomplished there.

Peter McCormack: A serious competitor.

Nicholas Gregory: Yeah.  Funnily enough, I was watching a Jiu-jitsu vid about a year ago, like a podcast for Jiu-jitsu, like what you do for Bitcoin, and Michael Saylor popped up!

Peter McCormack: Did he?

Nicholas Gregory: He was doing an interview on a well-known Brazilian Jiu-jitsu podcast, obviously talking about Bitcoin.  So, yeah, I could find that for you as well.

Peter McCormack: I think he's been on every podcast there is.

Nicholas Gregory: Yeah, that was quite -- I never expected to see him on a Brazilian Jiu-jitsu podcast, but he was there talking about Bitcoin.

Peter McCormack: Danny can't find it, this is disappointing.

Danny Knowles: I can't it, I know.

Peter McCormack: All right, man, well listen, we're here to talk about statechains.  We should do this very similar to how my drivechain session with Paul was, explain it like, well I am a moron; explain it to a moron.  No, but explain it like I'm 5, help me understand it.  Well, let's go back a step.  How did you get to that point where you started developing statechains, like you made a decision to leave the banks and start building Bitcoin projects?

Nicholas Gregory: Yeah, so originally, I was building OTC-type software in New York with some of the guys I'd met at local meetups.  That grew into wanting to build Bitcoin infrastructure.  Commerce Block raised money and spent some time building Bitcoin sidechains.  What we did is we forked the Elements codebase, which is well-known for being the codebase behind Blockstream Liquid, to build sidechains for companies, a bit more proprietary, a bit more KYC AML.  And that really didn't take off; we had one client.

We were in competition with the Tezoses of the world, the IBMs of the world, and it just didn't really go anywhere.  So, in the bear market, we just made a decision to either fold or look to do something different.  It just so happened that the statechain paper come out, it wasn't written by us.  The way it was written, written by a guy called Ruben Somsen, but he needed changes to Bitcoin to happen, so it wasn't really seen as something realistic at the time.  My co-founder, he's quite well-known in the cryptography space, he had some cryptography tweaks to make it work now, so we just thought, "Why not?" 

You could say it was a bit of an ego/vanity project.  There's only a few scaling solutions that people talk about in Bitcoin.  You've got sidechains, which you probably know well now; Lightning, which is obviously the market leader; and we just thought we'd take an opportunity to build another version to scale Bitcoin on the second layer and give it a go.  We didn't know if it would work, there were a lot of questions, and we just gave it a go.

Peter McCormack: So, did those changes to Bitcoin come, or did you find a workaround?

Nicholas Gregory: They didn't come and, yeah, we found some workarounds.  It does make the solution a bit more clunky, which I can go through, but it does work.  We've been live for six months, it's operational.  We're very small in terms of users, but we kind of wanted that as well, because like Lightning, if you remember when Lightning went live, it never really went live.  They started announcing it saying --

Peter McCormack: "Be reckless!"

Nicholas Gregory: Yeah, "Use it, you may lose your money!" and we didn't want to say, "Use it, you may lose your money", but we didn't want many users, because you have UI bugs.  We weren't like the Lightning Network where it was a group of people; we were one set of people, and the last thing you want is people to use it and lose their money, it's quite scary.

Peter McCormack: Okay.  So, take me to the absolute basics.  What is a statechain; how does it work?

Nicholas Gregory: The best way to think about it, you're probably familiar with Opendimes?

Peter McCormack: Yes.

Nicholas Gregory: Someone else, someone you know, Shinobi, turned the word, "We are virtual Opendimes".  So, we produce these state coins, which you could basically put a Bitcoin in it, or a part of a Bitcoin, and we allow people to transfer those.  So, what's happening under the covers, we allow the transfer of a UTXO, essentially a private key.  So, we break one of the memes of Bitcoin, "Not your keys, not your coins".  With a statechain, you can send your private keys around.

Now, there's a lot of crazy cryptography to make that happen, but essentially that's what we do.  We allow Bitcoin to be wrapped in this kind of state coin UTXO, and allow it to be transferred trustlessly; well, not trustlessly, you have to trust us, but we're non-custodial.  If we were to vanish, or if we were to misbehave, you can always pull your funds out.

Peter McCormack: Okay, so let's go through it step-by-step.  I used my first Opendime recently.  A few months back, I won a bet with American HODL.  He put it onto an Opendime for me, because he didn't think I would be competent enough to figure it out.  I was; fuck you, HODL, with help from a Matt Odell video!  But I understood it.  It's essentially a bit of money.  It's a bit of money for me, and what I want to do, he gave it to me, handed it to me in person and I was able to pop it, use the private key, sweep it and send it to a wallet. 

He could have just sent me the Bitcoin wallet-to-wallet, but essentially it's quite cool, because there's no link between the two of us.  He essentially gives that to me, so I thought that was pretty cool and I understand that process for how that works; I understand.  If I'd have lost that Opendime, it was quite a bit of Bitcoin that would have been lost.  So that, to me, is a risk factor; in that period between when he gave it to me and when I swept it, if my luggage had been lost, I would have lost it, because I was travelling.  But at the same time, it was quite a neat thing.

I'm not sure how often I would give somebody 0.5 Bitcoin on an Opendime, but $100, $1,000, I think that's kind of cool.  But I get how that works, I get the physical journey.  I need you to take me step-by-step on the physical journey.  Say I want to give Danny --

Danny Knowles: 0.5 Bitcoin?!

Peter McCormack: -- 0.5 Bitcoin, or 0.1 Bitcoin, but I don't want to use an Opendime; and the reason I don't want to use an Opendime, he's in Australia, I'm in the UK.  I don't want to send it wallet-to-wallet.  I guess that's the reason, right, because you want to avoid wallet-to-wallet connections?

Nicholas Gregory: You basically stay off-chain.  So, the way it would work, you would come onto the wallet, you would create a statecoin.  Essentially, what's going on behind the covers, you're creating an address with two private keys.  You have one of the private keys and we have one of them, we being Mercury.  That creates a special address which allows you then to deposit a Bitcoin into it, or 0.5 Bitcoin.

Now, the key thing is, if you want to transfer it to Danny, Danny would go onto the wallet, create a statecoin address, and basically there's a cooperation between you and the statechain server to basically tweak your private key to generate a new private key for Danny.  Then, there are some cryptographic techniques to stop us from being able to steal the money and basically delete the previous key that was referencing your key before it went to Danny.

Peter McCormack: Right, that's a lot of stuff.  We're going to go the Pete McCormack method. 

Nicholas Gregory: Yeah, sure.

Peter McCormack: Okay, I go onto the wallet, I want to send Danny 0.5 Bitcoin, I click on, "Create…"?

Nicholas Gregory: "… statecoin".

Peter McCormack: "…statecoin", okay.  And that interface creates that statecoin that has no value, it is just a deposit address?

Nicholas Gregory: Yes.

Peter McCormack: And at that point, once it creates the deposit address, I can deposit my Bitcoin into that.  In the background there are two private keys?

Nicholas Gregory: Yes.

Peter McCormack: You have one and I have one.

Nicholas Gregory: Yes, correct.

Peter McCormack: What do those private keys do together or independently?

Nicholas Gregory: It's not a multisig, it's called "Two-party ECDSA".  That's a mouthful in itself, but essentially with the two private keys, you're creating one public key.  That's what exists on the Bitcoin blockchain which holds the Bitcoin.  So then, when you do a transfer, you tweak essentially the private key so that your private key's invalid, and now the relationship --

Peter McCormack: Hold on, we're going to go back.  What can I do with my private key to that address; can I sweep it back?

Nicholas Gregory: Yes.  At any point in time, you can basically take it out and redeem it, send it to an address you own.  You can then stay in the statechain world and send it to other users; you can do swaps.

Peter McCormack: Okay, and if I lose that private key, that statechain will permanently hold that Bitcoin?

Nicholas Gregory: Yes.

Peter McCormack: What does your private key do?

Nicholas Gregory: Nothing.  All we can do is cooperate with you.  The way the protocol works, the API works, is we can cooperate with you.

Peter McCormack: Cooperate how; what does that mean?

Nicholas Gregory: So, it's not trustless in that you need to work with us to send your money to Danny.  You don't need to work with us to take your money out.

Peter McCormack: Okay, so I can sweep it back, but to get it to Danny, I need to work with you, how; how do I work with you?

Nicholas Gregory: You basically sign a transaction, just like in Bitcoin, saying, "I'm the owner of this statecoin, you're the statechain server, I want to send it now to Danny".  We then tweak the key, we have a key share on our own side which we provably delete, we use hardware security modules.

Peter McCormack: Hold on, is this a physical job somebody's doing?

Nicholas Gregory: No.

Peter McCormack: Oh, so it's all automated?

Nicholas Gregory: All automated, all software.

Peter McCormack: Okay, so in my head I've clicked, "Create statecoin", I've sent my 0.5 Bitcoin to it.  What do I physically do to get it to Danny; what do I actually have to do?

Nicholas Gregory: All you need is Danny's statecoin address from him, which he can send you.

Peter McCormack: Oh, so we both have to create one?

Nicholas Gregory: Yes.

Peter McCormack: Okay.  So, this is a method of transferring the Bitcoin from my statecoin into his statecoin?

Nicholas Gregory: Yes.

Peter McCormack: So, there's like a bridge?

Nicholas Gregory: Correct, yeah.

Peter McCormack: Do you consider them like wallets?

Nicholas Gregory: Well, you have a statechain wallet and inside it, you have multiple statecoins.  Think of the statecoins of $1 bills or $100 bills.  You're essentially turning Bitcoin into bearer bills, like Opendimes, and you need to cooperate with the server to transfer to another person.

Peter McCormack: Okay, so I can only transfer it to Danny when he's got one.  So I'm like, "Danny, go and create yourself a statecoin, I've created one, I'm going to send it to you".

Nicholas Gregory: Yes.

Peter McCormack: Give him a call, on an encrypted line!  And, when he's ready, he just has an address for his statecoin and I can send it to him?

Nicholas Gregory: Yes.

Peter McCormack: Can he send it then back to me; can we send it back and forth?

Nicholas Gregory: Yeah, I mean there's a limit on how many times you can send it, because this is part of the trade-offs that we had to do to change the Bitcoin.  But yeah, we set it to a three-month time limit.  The reason for that is, every layer 2 has certain risks.  There is a scenario where after three months, a previous owner could steal your funds.  You could solve that by having watchtowers, but then you have issues like, "Well, what happens if the watchtower's not available when someone tries to do that?" so we've just set it to three months.

So, in that three-month period, you know that you can send it, it can be sent and there's no risk of any previous owner taking the funds.

Peter McCormack: Okay.  I mean, so they're really one-time use.

Danny Knowles: What happens after that three months?

Nicholas Gregory: The wallet will automatically, if you're the owner of the statecoin, the wallet I think within ten days or seven days of that expiry will automatically send a coin to an address you own, that address being owned by the private key you already created in a wallet.  But you can send it within a three-month period.  There is a decrementing time, not where the time goes down, but you can send it.

Peter McCormack: Can we see it; can we put it up and see it work; is it possible?

Nicholas Gregory: Yeah, we can see it.  There's been a lot of demos on it.

Peter McCormack: Yeah, let's have a look.  Let's get one up, Danny, I want to see.

Nicholas Gregory: Actually, BTC Sessions did a show on it once.

Peter McCormack: Okay, so there's an interface for me to send to Danny, which I put his statechain address in.  At the point I press send, that's when your software does something?

Nicholas Gregory: Yes.

Peter McCormack: And your software tweaks it so that my private key no longer works and his private key does?

Nicholas Gregory: Correct.  So, he's now the owner.

Danny Knowles: I might be jumping ahead a little bit here, but I really don't want to miss it.  How can you provably delete something; you said you provably delete your key?

Nicholas Gregory: So, we use an HSM on the back end.  We built our own HSM based on Intel SGX.  So, one of the hardest things in software is deleting something.  I mean, you go on your computer, it's quite easy to delete, but how do you prove to the outside world that you delete?

Peter McCormack: What's an HSM, sorry?

Nicholas Gregory: A Hardware Security Module.  Think of it as a server-side version of a Ledger, or something like that.  But if you delete something on your computer, you don't necessarily delete it.  You've deleted it, but it could still be in your cache, it could still be all over the place.  So, we basically work with HSMs, built our own, which is all open source, which provably deletes the key share.  But even if we weren't to delete it, we can't steal your -- that key only allows us to cooperate with an owner of a statecoin.  Even the key alone, without it being deleted, can't steal the funds.

Peter McCormack: So, your key is different from mine?

Nicholas Gregory: Yes.

Peter McCormack: Mine allows me to withdraw, yours just allows me to transfer.

Nicholas Gregory: Mine just allows me to cooperate with you.

Danny Knowles: What about in a scenario where Pete was sending me 0.5 Bitcoin, he sent it to me and you obviously allow that transaction, however that works on your private key side, could you two then collude to get the money back?

Nicholas Gregory: If it was before that three-month period, we could, yes.

Peter McCormack: If he hasn't swept it?

Nicholas Gregory: Yes.

Peter McCormack: How do we do that, because I thought the point where it transfers to him, my key no longer works?

Nicholas Gregory: So, if you were to transfer it to him, if the server was to misbehave and not delete that key share and that three-month period has expired, then there is a scenario where the previous owner could cooperate.  But the wallet as such would never allow that, because we basically hard-coded that three-month period.

Danny Knowles: And presumably, you have no incentive to do that, I get that; I'm just thinking.

Nicholas Gregory: Yeah, also one of the things, I kind of said it at a Bitcoin rally and everyone thought it was weird, but if we were to cooperate, you'd be able to prove that we misbehaved with Pete.  So, we call it "proof of a scam"!

Danny Knowles: I'm probably getting caught up in something that's not important, but on the provably delete side, and this might be way oversimplified, but if it's a private key on your computer, could you not take a picture with your phone and then provably delete it, but you still have a picture of the private key on your phone?

Nicholas Gregory: That would assume that we've got a copy of the key.  We use an HSM, so the key is never actually -- an HSM is basically, it's hard to explain it.  It's a hardware security module where the key lives inside.

Danny Knowles: Right, you don't actually interact with the key?

Nicholas Gregory: No.

Peter McCormack: But is there any way, if you wanted to, you can't go in there and have a look at that key there?

Nicholas Gregory: No, we can't.  I mean, look, there are stories of HSMs being broken and that's well-known, but that's the way custodial systems work, they have these HSMs so you can't really take the key out.  But there could be a side channel attack, there could be an attack on the HSM where the key was stolen.

Peter McCormack: And is everything you've done open source; all been reviewed?

Nicholas Gregory: Yeah, 100%.  I mean, we try and get the community looking at it, but it's all open source, yeah.

Peter McCormack: And the thing is, I could collude to try and steal my Bitcoin back, but why would I do that to you?

Danny Knowles: Well, the other thing is, it could be a hacker presumably.  But I mean Mercury have no incentive, I guess, because their business is over at that point?

Nicholas Gregory: Yeah, and you've got that three-month window.  So, there'd have to be a lot of things going wrong; it's not just one attack vector, there's quite a view. 

Peter McCormack: Let's see this.  I think I've used Mercury Wallet a long time -- how long's Mercury Wallet been around?

Nicholas Gregory: I think we only really went live in February.  I mean, we've been talked about for a couple of years.

Danny Knowles: We don't need this bit.

Peter McCormack: Okay, so that's it creating the wallet, "Connecting to swaps"; is that what you call it?

Nicholas Gregory: Swaps is basically if you want to meet with a group of people and swap your coins.

Peter McCormack: I mean, can I call it what I think it is?!  It's like if I went down the pub with Danny and we all had £20 notes and we swapped them around.

Nicholas Gregory: Yeah, and put them in a jar and shake it.  I mean, it's blinded, so you don't know who you've swapped with, you just know you've swapped with someone the same denomination.

Peter McCormack: Oaky.

Nicholas Gregory: And that was really to get a first use case out of statechains.  There's been quite a few white elephants in Bitcoin, technology that's built but no one found a use case.

Peter McCormack: Hold on, so does swaps use the same technology?

Nicholas Gregory: Yes.  So, the reason we built swaps, it was just pure timing.  At the time we decided to go with statechains, Coinswaps had been around for a while.  The idea, I think it was done in 2013.  It just so happens at the time when we decided to build statechains, Chris Belcher made some announcements about Coinswaps.  So we thought, "Well, we're taking these private keys off-chain, why don't we see a way of swapping them, and that's --"

Peter McCormack: Hold on, is this it?

Nicholas Gregory: Yeah.

Peter McCormack: Okay, can you go back a step?  Right, so are we seeing it within the swap?

Nicholas Gregory: Yeah.

Peter McCormack: Okay, so a swap is a group of people to blindly --

Nicholas Gregory: Swap, yeah.  It's like a CoinJoin, but it's not creating that kind of uber CoinJoin.

Peter McCormack: I know.  I want to talk about this statecoin thing though.  So, I wanted to create my Opendime just to send to Danny, or is it only possible to do it in this scenario?

Nicholas Gregory: It's only possible to do it in this wallet.

Peter McCormack: Okay, so I can't actually just go and create one and choose to send it to Danny, I can only go and join a group who are doing --

Nicholas Gregory: Oh, no, you can send to Danny.  That's why you've got the "send" and "receive" buttons on the right side.

Danny Knowles: So, this is like the privacy tool part aspect of it, right?

Nicholas Gregory: Well, every send is private, because it's off-chain, there's no history.  I mean, we do have a history of transactions, which is available on the block explorer, which everyone can see; that's public.

Peter McCormack: Okay, so come back a second.  So, I'm in this wallet as a normal Bitcoin user.  When I think of "send", I think I'm just going to put in Danny's address and send him some Bitcoin.

Nicholas Gregory: Yes, and that's essentially what you're doing.

Peter McCormack: That is what I'm doing?

Nicholas Gregory: Yeah.

Peter McCormack: So, where am I creating the statecoin?

Nicholas Gregory: So, when you want to deposit, the "deposit" button on the left, that allows you to create the statecoin.  The "withdrawal" button on the left allows you to take it back onto to the Bitcoin mainchain.

Peter McCormack: So, this only operates as statecoins?

Nicholas Gregory: Correct, yeah.

Peter McCormack: So, it's a bit like Fedimint in that way, presumably?

Nicholas Gregory: Yeah.

Peter McCormack: But am I right in saying there are only certain denominations in this?

Nicholas Gregory: We support only -- you can create your own denomination though, you could create a random one; but yeah, we have pre-set denominations.

Peter McCormack: Okay, so I'm just getting my head around this.  If I was a very basic user of Bitcoin and I didn't know the difference between Mercury Wallet and another wallet and I just used this, do I use it in exactly the same way and I'm using statecoins without even knowing?

Nicholas Gregory: Yeah, I mean there are some differences.  But this is not a Bitcoin wallet, this is a statecoin wallet.

Peter McCormack: No, I understand, but somebody might get confused.  If I go in and click send and I'm just like, "Danny, I'm going to send you some Bitcoin", and he gives me his Bech32 address, can I just put it in and it will go to him?

Nicholas Gregory: No, it wouldn't recognise it.  It needs a specific statecoin address.

Peter McCormack: So, it needs to know.  Okay, that's fine.  So, this is purely for statecoins?

Nicholas Gregory: Yeah.  The deposit function creates a statecoin address.  So, you choose your denomination, like a 0.1 or a 1 Bitcoin, and then that address allows you to put the Bitcoin in.

Peter McCormack: And every time I deposit, does it create a new statecoin and then I have a list of them?

Nicholas Gregory: Yes.

Peter McCormack: So, I actually am creating bearer instruments?

Nicholas Gregory: Yeah.

Peter McCormack: I've got UX ideas separately to this.

Nicholas Gregory: Great, we're all for it!

Peter McCormack: But I think one of the complications is, the language is exactly the same as a normal wallet, but you're doing something slightly different.

Nicholas Gregory: Yes, we're doing something slightly different, yeah.  And we've had to change it obviously.  We've confused people.  I think "statecoin", some people love it, some people see it as a joke to CBDCs!  You're from a marketing background, you tell us?

Peter McCormack: No, I mean for me, I would have, "Create new statecoin" as a button, and then you deposit into that.  In my mind, that would be…

Nicholas Gregory: Okay.

Peter McCormack: That's very cool.  Danny, can you just go to the next bit.  Sorry, for anyone listening, it's worth checking out the video.  Okay, so this is it.  "Statecoin Value", because I put 0.001 in; that's the statecoin address, that's the UTXO.  I mean, this is very good UX, it literally tells you.

Nicholas Gregory: We did have someone else design it.  If my team had designed it, it would have been a nightmare!

Peter McCormack: "Privacy score: Swap set".  So, it does a swap before it sends?

Nicholas Gregory: This is how many times you've swapped.  So here, the swap set of 97 means that he's swapped 97 times.

Peter McCormack: That coin?

Nicholas Gregory: This statecoin he has has been swapped 97 times.

Peter McCormack: So, when I do it, it does the swap first before I send it to Danny?

Nicholas Gregory: No, this is the swap function.  So, if you go to click on the "swap" button, you can see a bunch of guys wanting to swap.

Peter McCormack: Oh, so this isn't from clicking "deposit"?

Nicholas Gregory: No.

Peter McCormack: Oh, I understand, okay.

Danny Knowles: So, that would be the equivalent of 97 of you go to the pub, put £20 in, shake it up and take one out?

Nicholas Gregory: Yeah, and put it back 96 times!

Peter McCormack: Okay, it's kind of cool, man.

Nicholas Gregory: Thank you.

Peter McCormack: Okay, what are the criticisms you've had?

Nicholas Gregory: Some people don't like the fact that we have this hardware security module, because they think it's a risk.  We agree that there is risk with hardware security modules, and that's the reason we put this three-month limit.  So, if we were to turn rogue and become bad guys, you still have that three months where nothing can be taken.

Peter McCormack: So, I guess over a period of time, if there were enough coins in state coins -- hold on, let me go back.  If I send it to Danny, has he got three months to then sweep it?

Nicholas Gregory: Yeah, I mean we do decrement it by eight hours, so that three months goes down by eight hours every swap, and that's just the way the protocol works from a security point of view, so that we can still ensure that no previous owner takes the funds.  But I mean, we say we're non-custodial, some people say, "Well, ish".  But I think a good balance with some of the bitcoiners I've spoken to, Bitcoin devs, it's proactively non-custodial in that we can't steal the funds. 

But there is an element if we were to be bad, the HSM got corrupted, the three months expired, we could work with a previous owner.  But the statechain entity does not have the funds and can't actively steal the funds by itself.

Peter McCormack: It seems like we're moving into the world of people wanting to use services that have a little more trust with it, like Fedimint has a certain amount of trust with it?

Nicholas Gregory: Well, every layer 2 is going to have reductions in trust really, compromises.  That's why they're called layer 2s.

Peter McCormack: Reductions in trust or increases in trust?

Nicholas Gregory: I mean, no, every layer 2 is going to have weaknesses that are not as strong as the base layer, whether it's a side chain and you have to trust the federation; whether it's Lightning.  They all have weaknesses, it's just where you're comfortable.  I think with a statechain, you do know them upfront, and there are a lot of trade-offs that have been built into the API.

You may not like the three month -- ideally, these coins would be live forever, they would never expire.  But then we would have to have watchtowers.  The problem is, if you take out the watchtowers, if you co-opt them, I wouldn't trust that.  At least with the three months, I can do whatever I want and then only worry about it after the three months has expired.

Peter McCormack: Would it not be better that it auto-sweeps?  So that when Danny creates his, he has to put the sweep address in; so, as soon as it's sent, it immediately sweeps to the new address?

Nicholas Gregory: When you mean sweeps…?

Peter McCormack: So, when I'm sending the statecoin, I transfer ownership to him.  He then has to sweep that into a Bitcoin address to take it out, right?

Nicholas Gregory: Yeah, but I don't know if Danny doesn't want to send it to me.  But if his wallet just sits there and does nothing, the wallet would automatically sweep it to a Bitcoin address owned by his private key, so it's acting like a watchtower.  So it basically says, "If Danny leaves his wallet on and the three months expires, I think within the ten-day period, or seven-day period, it will broadcast it back to the Bitcoin blockchain to a private key owned by that wallet.  So, it does kind of do that when you get in that danger period.

Peter McCormack: On the regulatory side of things, where are you considering the product you've created, because some may argue that you're offering a sort of mixing service?

Nicholas Gregory: Well, yeah, it's a complicated question.  You speak to five lawyers, you get five different views.  We've just tried to copy what other people are doing.  We're an alternative to like a sidechain.  The only real production version is Liquid, in that we don't have custody; we don't charge for swaps; we only charge for people using the statechain entity, so you couldn't say that we're making money.

Danny Knowles: What does that mean, you only charge for people using the statechain?

Nicholas Gregory: At the moment, and we are changing this, which I can go into, when you create a statecoin address, that's free.  When you smooth it around, that's free.  But when you peg out, we take a fee, 0.05%.

Danny Knowles: I see, right.

Nicholas Gregory: But if you want to swap in the pub or do that, we don't take a fee.  We can't take a fee because of the nature of the protocol; it's blinded.  We don't know who's swapping with anyone, so we don't take a fee there.  I mean, there is no current regulation on this stuff.  FinCEN wrote a well-known report in 2019 saying that custodial mixers are bad and they're going to be shut down; non-custodial privacy tools, things like Wasabi and Samourai are fine.  That could change next week though, and I'm open to that.  We've got things in plan to protect ourselves, but eventually they may stop everything; you can't predict it.

Peter McCormack: It feels like there's a growing lens on the ideas, I know it's mad to say it, these motherfuckers, but there is this growing lens on anything where somebody's trying to give yourself privacy, which by the way is a human right, that they don't want this.

Nicholas Gregory: Yeah, I mean it's confusing at the moment.  I never thought they would sanction a smart contract; I also thought they sanctioned humans!  But it's like they've decided to -- I guess we're talking about the Tornado Cash stuff?

Peter McCormack: Yeah.

Nicholas Gregory: I mean, the fact that they've sanctioned a smart contract's an odd one, and probably going to create more problems than solutions.

Peter McCormack: Well, they've arrested somebody for writing a smart contract.

Nicholas Gregory: I don't think that's related, from the last I checked.

Peter McCormack: Is it not, Danny?

Danny Knowles: I would guess it is, even if they're saying it's to do with money laundering outside of it.  I think he put a target on his back and they found something to get him for.  But that might be me having a conspiracy --

Peter McCormack: For anyone who's not looked into Tornado Cash, can you explain what happened?

Danny Knowles: I can try.  It's basically a mixing service on Ethereum, smart contract, that anyone who's interacted with that is now blacklisted from using almost every application on Ethereum.  But really, it's a smart contract, so I don't know how -- they can't stop it.

Peter McCormack: But if you've got a wallet or an address, that's what they're blocking.

Danny Knowles: An address that's touched it.

Nicholas Gregory: It's got worse than that.  So say, you know in Ethereum, they had those kind of ENS names, like petermccormack.eth; if you were to own that, I could go to Tornado, do some mixing, then send you --

Peter McCormack: Didn't somebody do that?

Nicholas Gregory: They've done that to a lot of celebrities, well-known people.  Brianarmstrong.eth got --

Peter McCormack: Are they all people who are now on a blacklist?

Danny Knowles: Well, they will be.  There's nothing they can do about it.  And it's like how many hops away from that you go until you're okay?  I don't know if anyone knows the answer to that.  Like, if you do three hops, are you far enough removed from Tornado Cash?  It's so stupid on so many levels.  But I think the fact that he was arrested is no coincidence.  Whether they're saying it's about something else, I don't think that that…

Peter McCormack: What's been said?

Danny Knowles: That this is money laundering, and I don't know, it's all like --

Peter McCormack: Look it up, let's see what it is, because we don't want you to get arrested, Nick!

Nicholas Gregory: We're building layer 2 solutions.  I mean, look, we fit in the same layer of like a Lightning, a Liquid.  We're an alternative to layer 2.

Peter McCormack: Whereas Tornado Cash is purely a mixing service.

Nicholas Gregory: It's not one.

Peter McCormack: All right.

Danny Knowles: They were saying that it was…

Peter McCormack: "The Dutch financial crimes agency that last week arrested a 29-year-old developer in connection with cryptocurrency mixer, Tornado Cash, said that, 'He is suspected of involvement in concealing criminal financial flows and facilitating money laundering'.  The DeFi Education Fund, a policy nonprofit that advocates for decentralised finance, published the responses it said it received from the Fiscal Information and Investigation Service on Twitter".  Okay, keep going.

"Tornado Cash is an app that obscures Ethereum addresses, which has made it popular with traders who want to maintain their privacy".  So, how is that different?  Isn't that just a layer 2 service?

Nicholas Gregory: It wasn't a layer 2, it was a base layer.  It also was -- it's kind of hard to explain, because it's non-custodial in that no one controlled it, but it did have one address in it which had considerable amounts of funds, and there was a DAO behind it as well.  It's an odd one, but you know, I think we're a layer 2 solution just like -- but you have layer 2 solutions in Ethereum now.  You had the whole ZK-rollup stuff.  People are going to use those things.

Peter McCormack: Yeah.  "Tornado Cash Sanctions Shake Crypto Industry.  The app's native token, TORN, took its first big tumble…" okay.  "Since last week, a growing number of crypto advocacy groups have pushed back on the US Treasury Department's decision to sanction Tornado Cash.  The Electronic Frontier Foundation said, 'There are clear First Amendment implications whenever the government inhibits the publication of computer code on a public website'".  I mean, this reminds me a little bit of when you go to the back story of what happened with PGP, right?

Danny Knowles: In what way?

Peter McCormack: Well, what was the whole story with the guy, Phil Zimmermann?

Danny Knowles: That's a little bit different, because they were saying that the cryptography that he had written was equivalent to exporting missiles and stuff.

Peter McCormack: But the defence is that this is code and code is speech.

Danny Knowles: Yes.  And one of the ways he got around that was printing a book, along with MIT, and making it like part of just free speech; is that the First Amendment?

Peter McCormack: First Amendment is free speech, yeah.

Danny Knowles: But I mean, this seems to me like a clear attack on privacy tools.

Peter McCormack: Yeah, it is.  But we've seen attacks on privacy tools in Bitcoin before.  The CEO of DropBit was arrested for running a mixer.

Danny Knowles: That was a custodial mixer.

Peter McCormack: Yeah.  But fundamentally, what is the difference between a custodial and non-custodial mixer; it's still doing the same job?

Nicholas Gregory: One's a tool, one has control of the funds, and that's a big difference.  Because, when you have control of the funds, you need a money transfer licence.  So, if I was to give you money via Danny, and Danny was to hold it and be in a position to steal it, he needs a money transfer licence to do it.

Peter McCormack: Oh, no, I get all that, but in the eyes of the people who are -- they're not pissed off that somebody's transferring money, they're pissed off that people are able to create privacy for people.  That's what they want, they want access to everything, they want to know every transaction that everyone is doing, who you're sending it to and why; they want complete view and control over everything we do.  Let's just be honest about that.  They might have some legislation they can use to punish people, but the issue of this is a war on privacy, and they don't like these tools because they offer privacy.

Nicholas Gregory: True, but not all privacy's nefarious.

Peter McCormack: No, I'm not disagreeing with you.  What I'm saying is the decisions of the people doing this, the state-based agencies that are upset that people have privacy tools, they're not upset that people don't have a money transfer licence, because anyway they would just fine them.

Nicholas Gregory: Sure, but we always talk about when the institutions are coming.  When I was still working at banks, one of the biggest criticisms of Bitcoin was its lack of privacy!  Banks need privacy, everyone needs privacy.  Also, if I'm honest, if MI6 were to call me to basically help them go after the bad guys with software, I would want privacy tools like Tornado Cash to look at pattern analysis, timing analysis to be able to go after the bad guys.

By taking this thing out, they're kind of putting it all over the Ethereum blockchain.  It's going to be harder to come after people, it's going to make it much messier.  And I think this is a battle -- one of my pet peeves is the whole KYC AML; it doesn't solve any problem.

Peter McCormack: Actually, it makes everything more dangerous.

Nicholas Gregory: It makes it worse.  I think we can all safely say, it's very easy to get fake IDs on the dark web.  Every week, I hear about some company's personal data has been hacked.  That data ends up on the dark web, so basically people can go to centralised exchanges with stolen IDs and do nefarious things.

Peter McCormack: Well, you can find out.  Where's that website, Danny, where you can search up if you've had your data compromised?

Danny Knowles: Yeah, "Have I Been Pwned?"

Peter McCormack: Yeah, look that up.  We'll put my details in.

Nicholas Gregory: We're not solving the problem, we're not helping the bad guys. 

Peter McCormack: No, but we are governed by incompetent idiots.

Nicholas Gregory: I'm hoping that the Tornado Cash thing becomes such a mess.

Danny Knowles: 28 data breaches!

Peter McCormack: 28.  So, what have we got in here?  Ledger; Adobe; Apollo; BTC; Porn Hub, no I'm only kidding!  Disqus, Dropbox.  I mean, these are major services.  Houzz; Mashable; Last.fm; MySpace.  I mean, these are huge companies.  Zynga.  So, it's happening with everyone, every major service can be under attack, many have been under attack, lots of my data is out there because of that, because we don't have privacy, which has introduced risk in life to me, my family and my friends to the point where now, I expect my data to be everywhere, I expect people to be able to find me and get access to me.  I can't live like Jameson Lopp.  So, what I'm saying to you is, I'm with you, we should have privacy.

Danny Knowles: Just shoutout to the best tweet ever in response to the Tornado Cash thing!

Peter McCormack: "Thankfully I have never used Tornado Cash to launder money.  I use Deutsche Bank like a normal person".  That's fucking brilliant; that is brilliant!  That is the greatest tweet in the history of tweets!  But I still think they're going to come after these services, and that's why I'm wondering what the next step is and the next step is.

Nicholas Gregory: To be honest, I thought they were going to come after mining next.  I thought they were going to force OFAC-compliant blocks and stuff like that.  I thought that was the next attack vector.  So, I was a bit surprised by the way they came after Tornado Cash.  But there's big questions here like, "What happens to Lightning?"  Lightning has an element of privacy to it.

Peter McCormack: As it should, yeah.  I just think it's a war on privacy and I don't know how we win it.

Nicholas Gregory: Well, I'm hoping that the Tornado Cash incident creates such a mess for exchanges' compliance departments that they realise it's a mistake.  I mean, at the moment, everyone who uses Ethereum is in trouble.  I mean, in the early days of Bitcoin, you used to have, do you remember something called "dust attacks"?

Peter McCormack: Yeah, I do.

Nicholas Gregory: Essentially, that's what's happening to the Ethereum space.  People are taking Tornado Cash Ethereum and spraying it across everybody.

Peter McCormack: Didn't that happen with the OFAC addresses though as well?

Nicholas Gregory: Yeah!  This is just making a nightmare for compliance departments at your central exchanges.  It's going to make the system unusable.  I mean, I think there's noise this week about Aave having issues and all the DeFi protocols having issues.  I'm hoping this creates such a mess that people are going to say, "Look, this is not working.  We're not using the technology the way it should be".

Peter McCormack: I wonder if that Gemini thing that went out yesterday is related to this?

Danny Knowles: I would imagine so.

Peter McCormack: Yeah.  It's like everybody is now being exposed to this who's touched Ethereum.

Danny Knowles: But that's a good way of fighting it, I guess.  Just make sure everyone's tainted!

Peter McCormack: Just make it ridiculous!

Nicholas Gregory: We all become dirty!

Peter McCormack: Yeah, we're all criminals.

Nicholas Gregory: We're all pigs playing in the mud essentially.

Peter McCormack: How similar are you to Fedimint?

Nicholas Gregory: I do know Obi, and we have actually spoken a lot.  We're different, very different.  Fedimint is more like Liquid in the back end, in terms of having a federation.  Obviously, they're a dynamic federation.  They can choose -- the whole thing's supposed to be dynamic.  We're fixed UTXOs, so one of the limitations of statecoins, you can only send the statecoin you have.  So, if you have a Bitcoin of 0.142, that's all you can send; you can't break it into little pieces.  So, we're very different.

I think we complement Lightning quite well.  One of the issues of Lightning is the liquidity lockup you need in the Lightning Network to send funds; we obviously don't have that.  Our biggest issue is that we can't send micropayments or small denominations.  So, if you see us as a kind of -- I think eventually, statechains will fit somewhere in the Lightning ecosystem.  Our next release, which is hopefully coming out in November, is to be very much integrated with Lightning.  You'll be able to pay for statecoin with a Lightning payment.

As I said, we send around UTXOs.  At the moment, those UTXOs are Bitcoin; they could be Lightning channels.  Now, there's a lot of complexity there, but I think that's where we're going to go, where you'll be able to move around Lightning channels, and that's like swapping around your chequing account.  But I think that's where it's going to fit in, and that's where it's going to get really interesting.

Peter McCormack: If you were approached by a regulator and said, "To continue this service, you need to put in place KYC AML requirements", does that end what you do?

Nicholas Gregory: It's not.  What we try and do is make things more blinded, so we don't know people who use us, we don't know people who swap.  I think that's the only thing you can do, but already in the US, you do have KYCd Lightning services; I think Strike is.  We'd have to see if there's a product fit for that.  If we're forced, I mean I'm not leaving the UK, I'm not moving to Dubai or anything.  But if we're forced to, we'd have to see.  But I think if they were to come to us, it would be the whole Lightning ecosystem and the whole sidechain ecosystem as well.  But, you know, stupider things have happened.

Danny Knowles: I know that obviously these transactions don't touch the chain so there's no footprint, so anyone looking from the outside in, they can't see anything.  But how much can you see, as the coordinator?

Nicholas Gregory: At the moment, we see the transactions, and we publish them.  So, we have an explorer, explorer.mercury.com.  When we go fully blinded though, that will be seeing a lot less, because we'll basically be using, similar to the way Fedimint with blinded signatures, we'll be signing essentially anything; we don't know what we're signing.  But everything we have, we broadcast, it's on the block explorer.

Danny Knowles: So, someone couldn't be in your area being like, "Keep this going, but just tell us what's going on"?

Nicholas Gregory: There's nothing that we don't have.  It's all public, and that's the best way to be.  So, if a three-letter-word agency from the US wanted to monitor us, they wouldn't be seeing -- there's nothing that we have that's not on the block explorer.

Peter McCormack: Well, I would imagine someone like Chainalysis is already looking at you.

Nicholas Gregory: They're probably not, but that's probably more to the fact that we're quite small.  If we had the volumes of Wasabi and Samourai, I'm sure we would be.

Danny Knowles: Do you work with them at the moment at all?

Nicholas Gregory: No.  I mean, we do blacklist, and we have to blacklist, because things like Samourai and Wasabi, if you participate in one of their CoinJoins and misbehave, like constantly fail to close it, you're a form of DDoS, you can basically stop them from ever doing a CoinJoin.  So, if you were to permanently join a swap group and then not allow the swap to complete, like switch off your wallet just at the point of completion, that wrecks the swapping process, so of course we would blacklist that.

The way, when we're fully blinded, we wouldn't be able to blacklist an address, we just blacklist a form of token; not an Ethereum token.  But when you create a statecoin, we basically create a token to represent that statecoin, which is basically a hash, nothing to do with the Bitcoin blockchain, just what we show to the outside world and what we see in the inside world.

Peter McCormack: Can you punish that user?

Nicholas Gregory: Yes, we have to, because otherwise we'd be DDoSd.  DDoS is always a big problem on any public service.

Peter McCormack: How much are they punished for; the entire wallet, or just a percentage of it?

Nicholas Gregory: Well, we don't know how many statecoins they have, we only see the individuals.  So, that statecoin, I think we block for two minutes; that's configurable, we could block it for longer.

Peter McCormack: Interesting.

Nicholas Gregory: I think it goes up incrementally.  First, you're blocked for two minutes, then four.

Peter McCormack: A bit like when you forget your password on your phone, and it's like eight days!

Nicholas Gregory: Yeah, and look, one of the hardest things when we went live is Tor, and I'm sure you said you'd had the Wasabi guys say that they've had the same problems.  Tor is quite unreliable and you are working over unreliable internet that blocks, that jams.  A lot of the times, we block people and it's not because they've done anything wrong.  It's just that Tor is potentially being DDoSd itself.

Peter McCormack: How much are you growing; how much interest is there?  Are there any numbers you can give that are public?

Nicholas Gregory: All our numbers are public.

Peter McCormack: Okay, so what kind of usage are you seeing?

Nicholas Gregory: I think we've had about 17, 16 Bitcoins go through.  We have a small community.  I mean, I guess on Twitter a lot of people talk about us to merge with Lightning, and a lot of hardcore people like the technology, it's quite interesting, there's a lot of funky cryptography.  As I said, we didn't really market in the early days, because the wallet was a lot buggier, and it's very hard to build something like this and then go public, because you don't know how people are going to use it.  I mean, I guess our average user is quite strong technically, but they use wallets in different ways.

Peter McCormack: Yeah.  Well, I mean it's a good model.

Nicholas Gregory: Yeah, and we're hoping for use cases.  So for example, we spoke at Bitcoin Miami to Chris Stewart, the SuredBits guy.  He's tweeted about using statecoins for DLCs, Discreet Log Contracts.  It's more about getting the use case for different kinds of things you can now do, because you're essentially turning Bitcoin into $1 bill or a $10 bill, which I was a fan of Opendimes, I think they were one of the cool things.

Peter McCormack: Opendimes are very cool.

Nicholas Gregory: So, we've kind of made them virtual, and I think there are use cases that probably we won't think about that others will.

Danny Knowles: What do you think the future use case is?  So for example, with Obi and Fedimint, he's got quite a bold bid and he thinks he's going to try and get 1 billion people onto Bitcoin, or onto Fedimint, or using Fedimint.  But I get the privacy aspect of this, but what's the scaling aspect; how do you think people will be using it in five years' time?

Nicholas Gregory: I like to think we're going to be a way to onboard Lightning users.  So, people can come in, swap their Lightning channels.  Basically, one of the problems with Lightning is the zero-conf.  Maybe people come via statecoin and that's your first Lightning channel.

Danny Knowles: So, you can swap Lightning channels?

Nicholas Gregory: We can't do that yet, but most of the team is working on Lightning as we speak.  So, being part of the Lighting ecosystem.  I mean, when we first started building this, I'll be the first to admit, I thought Lightning was going nowhere, it didn't look like it had much activity, and it has built up in the last year to something I got wrong.  And I think we have an opportunity to be part of the Lightning system to allow people to swap Lightning channels, work with DLCs.  For people that have an empty Lightning channel, maybe they create an empty statecoin Lightning, it's a way of onboarding people more, and I think that's where it gets interesting.

Danny Knowles: So, it allows people to swap Lightning channels without having to pay to open a Lightning channel?

Nicholas Gregory: Yeah, stuff like that.  I think that's where --

Danny Knowles: That's quite cool.

Peter McCormack: That's very cool.  And why would somebody use you over, say, Wasabi; what's the advantage you have?

Nicholas Gregory: Well, privacy is not a button, so in some ways we're better privacy, in some ways we're worse.  So, when you use Wasabi, Samourai or a CoinJoin, they essentially generate one large transaction.  The issue with that is that exchanges can look for a CoinJoin transaction and say, "You've done a CoinJoin, you're bad".  We're not doing any form of CoinJoin, we're doing Coinswaps, so that means the exchanges can't see anything.  The issue there is you may get a dirty coin, because you're doing a swap.  So, you may come in with your perfect clean coin and you end up with, I don't know, North Korea coin!

Peter McCormack: Is there any way to look that up and see if it's --

Nicholas Gregory: Well, what we've done on our explorer, all the swaps are broadcasted.  So, if the police ever came to you to visit you and say, "Why have you got a North Korea coin?"  "Well, I did a Coinswap on this day", and that's attested to the Bitcoin Network, so we take that hash of all our swaps and put it in the Bitcoin Network.  So if you're ever caught with a dirty coin, you can say, "Well, I'm not dirty, I've done a Coinswap".

Peter McCormack: I mean, I got this £20 note and I'm not responsible for the history of it.

Nicholas Gregory: Exactly, so it's a different type of privacy.  I mean, we really want this to be seen as a layer 2 solution, but just like Liquid has confidential transactions, there is a privacy element here; because I think if it's just seen as privacy, I think that's kind of limited and don't really want to be reading OFAC lists all day long.  I didn't expect you to go so deep into Mercury Wallet, so I'm quite happy!

Peter McCormack: No, it's very cool.  I mean, I'm really interested in this area at the moment, especially with those motherfuckers who go round attacking people who just want privacy in their lives, which we absolutely deserve, and not the risk that's been presented to our lives by these onerous regulations that have achieved close to nothing.

Nicholas Gregory: Well, when I went to Bitcoin Miami, the first user that came up to me was a bodybuilder, big stocky guy, and he sells bodybuilding products.  He says, "I use privacy products, because I buy my ingredients from the Chinese, and they're always trying to screw me.  If they knew how much Bitcoin they were, the price would go up ten times!" and I think people sometimes forget about that.

Peter McCormack: Yeah.  Well, look, we just deserve it.  I mean, it's a human right, and one of the foundational pillars, as David Chaum said, it's one of the foundational pillars of democracy, is having privacy.  If you don't have privacy, you don't have democracy.  So, I absolutely support what you're doing.  I hope you get a lot more interest out of it after coming on the show, I hope a lot of people go and check it out.  I'm definitely going to be checking it out, it's very cool, and congratulations on it.

Nicholas Gregory: Thanks.

Peter McCormack: Tell people where to go to find out more information.

Nicholas Gregory: Yeah, mercurywallet.com.  On our Twitter account, we have a demonstration video, and we want feedback, because once again, my team is a bunch of engineers, may not do the branding the best, the UI may be designed for engineers, so we do like feedback on making it easier for people to use.  And even technical people have come to us and they want it done differently, and that's the hard thing to get right.

Peter McCormack: Okay, awesome, man.  Well listen, good luck with this, stay in touch, and we're not far from each other; we can have a beer in London at some point.

Nicholas Gregory: For sure, sounds good.

Peter McCormack: All right, man, take care.

Nicholas Gregory: Thanks.