We have answered the question “Where?”with the concept of decentralisation and open source system . But now we have to answer the question “Who?”, in particular, in a file sharing system like BitTorrent, it is not important who has modified the files, who is sending us a song, who is sending us a video, it is completely irrelevant If each of us keeps some pieces of information, it is not important to know who is the author of the changes in this information, we are not interested in knowing that a film was actually uploaded on the network by this or that person. However, in a computer system that has to manage the exchange of value and the exchange of money, the issue is not so simple. The question “Who?” becomes fundamental, in particular, it is very important to know that who updated the database, the financial ledger, perhaps taking money from the account that corresponds to me, and adding money to the account that corresponds to them, did so under my supervision and my authorisation. Otherwise in a system like BitTorrent, where everyone keeps part of the data, but where there is no way to certify who has the authority to change that data, who has the authority to update the financial register, in such a system, anybody could basically take anyone’s money. With physical gold for example, we can’t simply decide that a certain nugget, or a certain ingot, or a certain coin, travels from one hand and arrives in our hands with a single move Whereas with a distributed ledger, where there is no central control, anyone could propagate a manipulated, altered, different copy of the ledger, where the value has been moved from one person to another. This is where bitcoin introduces a new technology, it is not yet the so-called blockchain technology, it is a much older technology that has been around since the 80’s, maybe even a little earlier, it is the so-called Digital Signature. Basically, what happens is that every time a person wants to change the content of the bitcoin financial ledger, that person must also sign the alteration with a process that is called digital signature, which is a little different from the physical signature that we do on documents, but has more or less the same purpose. The idea is that the signature is easy to verify for anyone and difficult to replicate for those who do not have, for example, my handwriting. In the case of digital signature we use a technology called asymmetric cryptography, there are basically two large numbers, one of these numbers is called private, secret or cryptographic key, and it is a number that we must keep protected and absolutely private. And then there is another number, called public key, which is a sort of, let’s say, public address. Even if it is not a correct metaphor, we could say that the public key is a bit like the IBAN of a bank account or the email address of an email box. This public number must be known to anyone who wants to send us value. Whereas the private number, the secret key, is the only thing that allows to move that value. How? There is a mathematical relationship between these two numbers that works in such a way as to allow any of us who are in possession of the private key to take a statement, a text or a message, and to sign it. This applies a mathematical function which is done on the basis of the secret key and that produces something that in cryptography is called a witness, which is a signature that can be verified by anyone who has the text and our public key at their disposal but without sharing with them our private key. This means that we can hold a secret key, associated with our public address, which allows us to change to whom and what we are sending within bitcoin’s financial ledger, but without there being a central party. With PayPal, VISA or Venmo, there is absolutely no need for this type of advanced technology. PayPal has a central server that decides who can transfer and when they can transfer, and we connect by providing our username and password, but there is no need for 2-key encryption. This is a requirement that has been implemented not only in the bitcoin system, but also in systems before bitcoin, for example, in 1990 Ecash was created as a value exchange system based on public key cryptography. So it’s nothing new, not invented by Satoshi Nakamoto in 2008, it’s something pre-existing and very important. This is where we understand that the term blockchain is not the only important term in the technology that underlies bitcoin. The digital signature is equally important and is a fundamental part that answers the question “Who can transfer bitcoin?” It is interesting to note that the answer to the question “Where?” provides for a substantial opening, a sharing, that is, everyone must have the information of all since decentralisation and open source are characteristics that allow everyone to publish and share information. Whereas the answer to the question “Who?” foresees the need to keep a certain information very secret, it is the opposite of open source, decentralisation and file sharing. The security of bitcoin depends both on the distribution of the bitcoin program, its source, its data and its financial ledger, as well as on the absolute secrecy and security of the individual users’ private keys. We have said that these private keys are connected by a unidirectional mathematical function to the public bitcoin address, however, the address is not really a public key, the bitcoin address is so to speak the cryptographic fingerprint of a public key, and we can not really say that a bitcoin address resembles the IBAN of a bank, because a bank’s IBAN is used repeatedly, whereas, for security reasons, bitcoin addresses must be used only once. They are given to the payer to pay, and then are forgotten until they are spent and the next time a new address is used to request more bitcoins. So, to make things easier, these cryptographic traces of the public key are like single-use IBANs. However, this implies that it is necessary to move from subjects such as those we have dealt with in the first videos, related to the history of currency, economics, finance, politics, to very technical matters related to computer security. In order to be able to use bitcoin safely, or to allow their users to use bitcoin safely, individuals or companies that are making bitcoin products and services, must learn about cyber-security, that is, all those techniques and strategies that allow to keep this key hidden. If someone has your private key, that someone can move your bitcoins, claiming to be you, without anyone stopping them because there is no legal name associated with a single bitcoin address and there is no document request before moving bitcoins. Anyone, by their very nature, can write on this decentralised ledger. Only those who have the key can move value, this means that if you lose your key, because you hid it too well, so well that even you can no longer find it, you can no longer move your bitcoins. There is no customer service to call, there is no emergency security question, if you no longer have that key then your bitcoins can no longer be moved. A bit like if you lose a golden nugget, you can’t claim it back from anyone, you lost it, you don’t have it anymore, almost like a physical object. Similarly, if you leave a gold nugget on the bar counter and move away, most likely you will not find that gold nugget when you return. If you think about it, this is very different from a banking system or a centralised online payment system. In those cases you can always ask for help, there’s backup if you lose the key, or you can always ask to cancel a transaction if someone has stolen your credit card for example. Bitcoin guarantees a lot of freedom but this freedom comes at the price of a lot of responsibility, basically the user must learn to manage their keys. It’s a kind of competence that is required even by electronics devices called hardware wallets, which are devices that try to reduce the area of attack through which external entities can learn about our private keys.