In segment 4.4, we'll move on to talk about Online Wallets and Exchanges. Thus far, we've talked about ways in which you could store and manage your bitcoins yourself. Now we'll talk about ways in which you can use other people's services to help you do that. So the first thing you could do is to use an online wallet. An online wallet is kind of like a local wallet that you might manage yourself, except that the information is stored in the cloud and so you have some kind of say web based interface like this. This is from one called Block Chain, but there are plenty of other online wallet services. You might have a website that you use on your computer, you might have an app that you use on your phone. So it's like a local wallet but it's in the cloud. It might typically run in your browser which means the site sends the code that does all of the operations, the site will store your keys, at least, it will have the ability to access your keys. Ideally, the site will encrypt those keys under a password that only you know but of course, you have to trust them to do that. You have to trust their code to not leak that key or leak that password and then of course you would log in, in order to access the wallet, okay. So an online wallet has certain trade offs compared to doing things yourself. One of the big advantages is that it is convenient. You don't have to install anything on your computer in order to be able use an online wallet in your browser, on your phone you maybe just have to install an app once. It'll work across multiple devices. You can have one wallet that you access on your desktop, and on your phone and it will just work because the real wallet lives in the cloud, but there are security worries. If the site or the people who operate the site turn out to be malicious or are compromised somehow, now you have to worry about the information of yours that they're storing. You have to worry about the fact that they're supplying code, that has it's grubby fingers on your bitcoins, and there are things that can go wrong if there's a compromise or malice at the service provider. Ideally, you would hope that the site or the service is run by security professionals who are better trained or perhaps more diligent than you in protecting the security of things. And so you hope that they do a better job and that your coins are actually more secure, but at the end of the day, you have to trust them and you have to rely that they won't be compromised. Now another approach instead of an online wallet, is something that functions rather more like a bank in the real world. And to set context for this, let's talk about how banks or bank-like services operate in the traditional economy. So this is pretty simple, right? You give the bank some money, that's a deposit and then the bank in exchange, promises to give you back that money later. And of course crucially, the bank doesn't actually just take your money and put it in a box in the back room, all the bank does is promise that if you show up and ask for the money, they'll give it back. The bank will typically take that money, put it somewhere else. They'll invest it or something else like that. The bank will probably keep some money around in reserve in order to make sure that they can payout the demand for withdrawals that they'll face on a typical day or may be even an unusual day. Many banks typically use something called Fractional Reserve where they keep a certain fraction of all the demand deposits on reserve just in case. Now bitcoin exchanges are businesses that at least from a user interface standpoint, function in a way that are that's similar to banks, that is they accept deposits of bitcoins, you can transfer your bitcoins to an exchange and they will, just like a bank, promise you that they would give them back on demand later. You can also transfer fiat currency, that is, traditional currencies like dollars or Euros or similar into an exchange by doing a transfer from your bank account. And so you can make deposits of both of these sorts of things and they promise to pay back either or both of them on demand and what they then let you do is, again, various banking like things. They let you make and receive bitcoin payments, you can direct the exchange to pay out some bitcoins to a particular party, or you can ask someone else to deposit funds into a particular exchange on your behalf, put them into your account. And they also let you exchange bitcoins for fiat currency or viceversa. And typically, the way they do that is they find some customer who wants to buy bitcoins with dollars and some other customer who wants to sell bitcoins for dollars and they try to match them up. That is they try to find customer who are willing to take opposite positions in a transaction, so that there's a mutually acceptable price and then they will consummate that transaction. Now it's important to understand what happens if you buy or sell bitcoins in an Exchange. So suppose my account at some Exchange starts holding $5000 and three bitcoins. And I use the Exchange, I put in an order to buy two bitcoins for $580 each. And eventually, the Exchange finds someone who's willing to take the other side of that transaction and the transaction happens. So the result of that is that my account is different. Now I have five bitcoins instead of three, and I also have $3840, that is, that's my 5000 initial dollars minus $580 each times two bitcoins. That's $3840. So, now that what's in my account. But the important thing to note here is that when this transaction happened involving me and another customer of the same exchange, then no transaction actually happened on the bitcoin block chain because the exchange didn't need to go to the block chain in order to transfer from my account into that other person's account of dollars or in the other direction, some bit coins. So all that happens in this transaction is that the exchange is now making a different promise to me than they were making before. Before they said we'll give you $5000 and three bit coins. Now they are saying, we'll give you $3840 and five bit coins. It's just the change in their promise, no actual movement of money through the dollar economy or through the bitcoin blotching. And of course the other person has had their exchanges promised to them change in the corresponding opposite way. Now there are pros and cons to using exchanges. One of the big pros is that exchanges help to connect the bitcoin economy, and the flows of bitcoins with the fiat currency economy; the dollar, and euro, and other national currency economy so that it is easy to transfer value back and forth. If I have an account in an exchange and a bunch of dollars and a bunch of bitcoins, I can trade back and forth between dollars and bitcoins pretty easily and that's really helpful. The con is risk that because an exchange functions in some ways like a bank, that is that it is accepting demand deposits, that it's accepting payments of money to it in exchange for a promise to pay money back later, that you have the same kinds of risks that you face with banks. And those risks really fall into three categories. The first risk is the risk of a bank run. This of course, is a famous scene from the movie, It's a Wonderful Life. Jimmy Stewart is running a credit union, another bank-like business, and all of these people have shown up and they want their money back. This is a bank run. And Jimmy Stewart explains to them, I don't have your money in the back room, I lent out your money to Fred so he could open his hardware store, and so on. So one of the risks is that even if the bank is solvent on paper, that you might show up and want your money back, and the bank might be unable to produce it. And there's a danger of a kind of panic behaviour where once the rumour starts to get around that a bank or exchange might be in trouble and they might be getting close to not honouring withdrawals, then people stampede in to try to withdraw their money ahead of the crowd, and you get a kind of avalanche and that's what Jimmy Stewart was able to stave off with his eloquence in the movie. The second risk is that the owners of the banks just might be crooks. This is Charles Ponzi, inventor of the Ponzi scheme. A Ponzi scheme is a scheme where he would get people to give him money in exchange for wonderful, wonderful profits in the future. Only he would actually take their money and use them to pay out the wonderful, wonderful profits to people who bought previously. And so his schemes were always insolvent and were doomed to eventually fail and lose a lot of people a lot of money which is why he went to prison. And so there's the risk that the people who run the exchange are just crooks. The third risk is the risk of a cyber attack, the risk that someone will manage to penetrate the security of the exchange. Exchanges have large numbers of bitcoins. That means that they store key information that controls large numbers of bitcoins and they need to be really careful about their procedures and how they manage their cold and hot storage and all of that. And if something goes wrong, if that key information is compromised, if a suitable quorum of employees is compromised, then your money could get stolen from the Exchange. And all of these things have happened. We've seen exchanges that fail due to the equivalent of a bank run. We've seen exchanges that fail due to the operators of the exchange being crooks, and we've seen exchanges that fail due to break ins. And in fact, the studies on this are not encouraging. The best study I think shows that, at least as of the time of the study, something like 45% of bitcoin exchanges had ended up closing due to some failure, some inability to pay out the money that the Exchange had promised to pay out. The most famous example of this of course, is Mt.Gox. Mt.Gox was at one time, the largest bitcoin exchange and it eventually found itself insolvent, that is unable to pay out the money that it owed. And Mt.Gox was a Japanese company and it ended up declaring bankruptcy, leaving a lot of people wondering where their money had gone. Right now, Mt.Gox and the bankruptcy of Mt.Gox is tangled up in Japanese and American courts and it's gonna be a while I think before we know exactly where the money went. The one thing we know is that there's a lot of it and Mt.Gox doesn't have it anymore. So, this is a cautionary tale about the use of exchanges. Now connecting this back to banks, we don't see a 45% failure rate for banks in most developed countries and the reason for that partly is because of regulation. For traditional banks, government regulates in various ways. The first thing that governments do is they often impose a minimum reserve requirement. In the U.S., this is typically 3 to 10% of demand deposits a bank is required to have in liquid form so that it can deal with a surge of withdrawals if that happens. Second, the regulators often regulate the types of investments and money management methods that banks can use to make sure that the bank's assets are invested in places that are relatively low risk because those are really the assets of the depositors in some sense. Now in exchange for these forms of regulation, governments typically do things to help banks, or at least protect their depositors. First, governments will issue deposit insurance, that is that they'll tell depositors that if you deposit your money in a bank that follows these rules, then we the government guarantee that if the bank goes under, we will make good on at least part of those deposits for you. And the other thing that governments sometimes do is act as a lender of last resort and what that means is that if a bank gets itself into a tough spot, but is basically solvent, that the government may step in and loan that bank money in order to tide it over until it can move money around as necessary to get itself out of the woods. So tradition banks are regulated in this way, bitcoin exchanges are not. The question of whether or how bitcoin exchanges or other bitcoin businesses should be regulated is a topic that we'll come back to in lecture seven. Now there is one interesting thing that a bitcoin exchange or somebody else who holds bitcoins can do which relies on some cryptographic tricks to give users or customers some amount of comfort about where the money went or where the money is that those people deposited into the bitcoin business and that's what's called a Proof of Reserve. So let me explain how that works. The goal here is that a bitcoin exchange, or some other business that's holding bitcoins can prove that it has a fractional reserve, it can prove that we have at least, let's say 25% or maybe we have 100% of the deposits that people have made with us available and under our control if need be. And so the way that Proof of Reserve works is you break the problem into two pieces. First you prove how much reserve you're holding, that's the relatively easy part. So the company publishes a valid payment to self transaction of that amount, that is, if they claim to have 100,000 bitcoins, they create a transaction in which they pay 100,000 bitcoins to themselves and show that that transaction is valid. Then they sign some challenge string, that is some random string of bits that was generated by some impartial party and they sign that challenge string with the very same private key that was used to validate that payment-to-self transaction. That proves that someone who knew that private key was participating in this proof of reserve. Now strictly speaking, that's not a proof that the party who's claiming to own the reserve owns it, all this proves is that whoever does own that 100,000 bitcoins is willing to cooperate in this process. But nonetheless, this looks like a proof. This looks something like a proof that somebody controls or knows someone who controls the given amount of money. So the first piece is to prove how much reserve you have, and the second piece is to prove how many demand deposits the group holds. And if you can prove those two things, then somebody can simply divide those two numbers and that is what your fractional reserve is. One more thing to note before we go on and talk about how you prove how many demand deposits you hold, that is the tricky part, is that in proving how much reserve you are holding, you could under claim. That is the organization might have 150,000 bitcoins, but choose to make a payment to self of only a 100,000. And so this proof of reserve doesn't prove that this is all you have, but it does prove that you have at least that much, okay. Now how do you prove how many demand deposits you hold? In order to do, that we're going to use a trick that relates to the Merkle trees that we talked about in lecture one. And if you recall, a Merkle tree is a binary tree that's built with hash pointers so that each one of these pointers not only says where we can get a piece of information, but also what the cryptographic hash of that information is. Now we're going to add to each one of these hashpointers another a field or attribute. So we're gonna add to each hashpointer a total value, that is a total monetary value in bitcoins of all of the things that are underneath that hash pointer in the trees. So for example, this hashpointer here would be tagged with the total value in this entire left sub-tree. Now down here at the bottom, we're going to have one item for each user, for each user's or customer's account and we're gonna combine these up the tree so that each node, the hashpointer coming out of it will be labelled with the sum of the values on the two hashpointers down below. So that will be a valid total for the subtree. So that's so we could construct that structure and then the exchange that wants to do the proof of reserve can cryptographically sign the root hashpointer here, which is making a claim that this is a valid tree and that everybody is down here, okay. Now each customer can then go to the organization and they say okay, prove it to me if this is proof that my account is included in your tree. And so I can go to the Exchange, I can make that demand, and they can show me this partial tree. I can see that up here that the hashpointer is the same hashpointer that they've assigned, I can see that the hash pointers are consistent all the way down, and that the hash stored in this hash pointer actually is the hash of this cryptographic hash of this node, and so on for each hash pointer all the way down. And so just like with the Merkel tree, that proves that my account here was in the tree that they initially committed to. I also am going to verify that the amounts in the hashpointers add up all the way down. So for example the amount, the total value in this hashpointer adds up to the same total as this hashpointer plus this hashpointer, which is included in this node. And I make sure that on this path down to my account, that the totals add up all the way. Now if you think about it, if everybody does this, if everybody makes a demand to see their own account, then every branch of this tree is going to get explored and someone is going to verify that for every node in the tree, that the value of the hashpointer pointing to that node is equal to the sum of the value on these two children. And so if everyone does this, then they will collectively prove over the whole tree that the values are added correctly going up the tree. Okay, so this is scheme that first the exchange builds a tree like this that includes all their customers accounts at the bottom and sums the total values going up the top, then all customers, or really realistically those customers who are willing to go to the trouble, demand to see the partial subtree that includes their account and verify that everything adds up. And if that works, then we can believe that the organization is correctly reporting all of the accounts that they have or actually to be a little bit more precise, they can claim to have more accounts than they really have. All they're proving is that every actual account appears somewhere in the tree. Now let's review. So first they've proven that they have at least X amount of reserve currency by doing a self transaction of X amount. Then they've proven that their customers have utmost, an amount Y deposited and of course, they can claim that in the other direction as well. So what that means is that the reserve fraction is if they report it exactly accurately, it's X over Y. If in fact X is larger, then the reserve fraction is larger than they're claiming or if Y is smaller, then the reserve fraction also because it is in the denominator, is also larger than they are claiming. And so when they prove an X and prove a Y this way, you can guarantee that the actual reserve fraction that they're holding is at least as big as what they are claiming and therefore, they can prove a reserve to you. And what that means is that if a bitcoin exchange wants to prove that they hold 25% reserves on all deposits, or 100%, they can do that in a way that's independently verifiable by anybody, and no central regulator is required. So that's an aspect of regulation that bitcoin exchanges can prove voluntarily but other aspects of regulation, as we'll see in a later lecture, are harder to guarantee.