WBD303 Audio Transcription

Bitcoin Tech #1 - UTXOs with Shinobi

Interview date: Tuesday 26th January

Note: the following is a transcription of my interview with Shinobi. I have reviewed the transcription but if you find any mistakes, please feel free to email me. You can listen to the original recording here.

In this interview, I talk to Shinobi, the host of Block Digest. We discuss UTXOs, what they do, how they work and the implications for both privacy and transaction fees.

“There is no such thing as a balance; Bitcoin is not a bank account… its actually a collection of UTXOs.”

— Shinobi

What Bitcoin Did · Bitcoin Tech #1 - UTXOs with Shinobi

Interview Transcription

Peter McCormack: Shinobi, man, how are you?

Shinobi: Just sitting here wondering when I'm going to get shipped off to the Gulag.

Peter McCormack: Oh, man, everything's freedom or Gulag, right?

Shinobi: It seems to be these days.

Peter McCormack: I've got a feeling you know where to hide out. I think you're one of the people I'd least be worried about. And funny actually, have you got an iPhone? No, you probably haven't; you've probably got some secret underground bunker phone. But, on the iPhone, it does this thing now where it shows you photos. I've got a photo of you and me and it just appeared the other day. You see these little memories, and that one time we met.

Shinobi: Remember when you got yelled at for posting that? Like, I would have been completely unable to stop that photo from being taken if I could.

Peter McCormack: Yeah, well, you do have a beard in it, so it's hard to actually. You could sit opposite me on a train and I probably wouldn't recognise you.

Shinobi: I just find that funny that so many people ran to my defence, like I couldn't have been, "No, Peter, I don't want a photo", if I could!

Peter McCormack: All right, man, well listen; time for me to get a bit more technical. You were kind enough to invite me on your podcast the other day, which was good. I really enjoyed that and we had a little chat about UTXOs and the interesting thing about that conversation is, I was surprised how much I knew about UTXOs, seeing as I've never really directly used them. Like, I'm kind of aware of a little bit; I think I've picked up some by osmosis.

There are certain things, like for example when I'm checking the block explorers, I see certain bits of information, I'm like, "Well, that doesn't make sense because I sent that much Bitcoin in, and what are all these other bits here?" and I think I'm getting a slight grip of them. But, let's set the scene. This is how I use Bitcoin. I use a wallet and when I want to send Bitcoin, I plug it in, I set the amount and I press send. I don't do anything with regards to looking at my coin selection or anything. That is me; very basic user. I imagine most people are, but there are going to be a number of people like you who really care about this, and actually I'm interested in it.

So, what we'll do, we'll work through it and then I'll summarise at the end what I think my use case is and how I might use it in future. But, are you ready for this?

Shinobi: Yeah. So, I guess the first place to start would be analogies.

Peter McCormack: No, I think we start even before there. Knowing my audience and the DMs and emails I get, I actually think we need to start with, what actually is a UTXO and why should I care; because there will be, I guarantee, there'll be some people who listen to this episode, Shinobi, and they'll be like, "I've never of a UTXO"; I promise you.

Shinobi: Well, a UTXO is what your actual Bitcoin is. You know, like you said, you just kind of open up a wallet and you see an amount of Bitcoins there and you hit send. Well, that is a gross overgeneralisation of what actually happens under the hood. There is no such thing as a balance. Bitcoin is not a bank account. There isn't just an account number that has this much money in it.

It's actually a collection of individual UTXOs, or outputs that are created with transactions, and a collection of those. So, when you see a balance, what your wallet's actually doing is looking at this unspent output, and all the unspent outputs in your wallet, and it's adding up how much of them are worth together. That balance is kind of an illusion put there to not overload users' heads.

Peter McCormack: So, a bit like my daughter's piggybank, right; there's no balance, just inside there is a number of coins, pound coins, 50 pences, 20 pences, 10 pences, 5 pences, 2 pences, 1 pences, and even some notes.

Shinobi: Exactly.

Peter McCormack: There's no balance. The way we get the balance is we empty it out once a year and we count it up and see how much money she's got and that tells us the balance. What you're saying is the wallet is exactly the same, but the wallet does the job of the counting for us?

Shinobi: Exactly, right on point.

Peter McCormack: Cool, okay. Well, listen, I like your analogy where you talk about, let's talk about how bank accounts and cash work, so I'm going to hand it over to you.

Shinobi: All right, so UTXOs are kind of like a weird mix of how cash works and how a bank account works, and you kind of break that down, you know, you want to look at really how do those two things work? If you were walking into a corner store and you were trying to buy your eggs and milk to pay breakfast, you're going to pay with cash a lot of the time. So, think about what actually happens.

You open your wallet; you have a bunch of discrete separate bills or coins worth some amount of money; and, you pull one out that is at least as much as the price of what you're buying; and, you just give that entire note to somebody. And then, they take out of the cash register entirely different notes and coins to give you your change back. There's an actual exchange and a breakdown there. You're not getting some piece of what you gave him back; you're getting an entirely different thing. Each of those cash bills is the discrete separate thing, just like the coins in the piggybank.

Now, let's think about that when you're using a debit card or a credit card instead. You just have a number in your bank account of how much money you have. There are no separate bills, separate coins; there are just $220.05 in your account. When you go to pay, you just swipe that card; the store talks to your bank and tells them how much that bill was; and, that amount is subtracted from your account. There is no change breaking, there is no exchange of separate things; there's just that number gets updated.

Now, try to think of a UTXO as a cash note that can be worth any arbitrary amount, kind of like an account. And, just think of that process as, let's go through the store analogy again.

Peter McCormack: Well, are you basically saying, like, in my daughter's piggy bank, rather than having these set coins of 1, 2, 5, 10, 20, 50, £1; it could be any number. There could be a 57p; there could be a £1.84; there could be a £285; it could be any number?

Shinobi: Exactly.

Peter McCormack: Yeah.

Shinobi: So, let's say you walk into the store and you have your magic cash note that works like Bitcoin. Let's say there's $72.05 on it. Well, you're going to go hand that cash note to the guy at the counter and metaphorically, what's going to happen here is that cash note gets wiped clean. It's worth zero dollars now.

That store clerk is going to take one cash note and make that worth whatever you're buying is and the cost of that, and he's going to make another cash note that is all the leftover money you're not spending, and hand that back to you. It's kind of like a blurring of cash and that bank account and how those things work into one thing.

Peter McCormack: Okay. For the sake of understanding this, I'm going to imagine you're the cash clerk, I've come to buy a pair of sneakers off you and they are $75. In my pocket, I have two $50 -- maybe, let's not say that. Let's say I've got a $55 cash note and a $35 cash note and I need both of them, because I need to be over the total amount. I'm going to give you those two and then you're going to hand me back, because they add up to $90, the shoes are $75; you're going to give me one back for $25?

Shinobi: Actually, that would be $15, but yeah!

Peter McCormack: Oh, yeah, sorry!

Shinobi: But, the core point though is, instead of you just giving me those notes and I give you one back, I actually wipe those notes clean. They are worth zero dollars now; they are useless. And, I take two blank notes worth nothing and I make one of them worth $15 and give it back to you and I make another one worth $75 and I keep that. So, it's not just the change making like cash; I'm actually deleting the value on notes and then assigning the value to blank notes.

Peter McCormack: So, this is quite a neat thing that it sounds like is happening there, that it kind of cleans up the UTXOs a bit as well; because, I can imagine if I had a wallet full of lots of smaller ones, I can use all those to pay you for something and, if there's any change back, it kind of clears it up for me; but also for you, it only creates a single one for you. So, I guess it sounds like a way of just keeping things a little bit cleaner as well, rather than you then suddenly having all these UTXOs and then over time, as they get split up, you get lots and lots of smaller ones?

Shinobi: Yeah. I mean, another analogy you can use to kind of think about this, maybe a little cleaner, before we go back to using the bank note example would be, imagine gold coins instead. What's happening is you take your gold coins and kind of throw them in the melting pot, and that cashier casts new gold coins worth whatever he needs to keep and give back to you.

Peter McCormack: Yeah, that makes sense. So, that was kind of interesting because I explained this to my son the other day. He was asking a little bit about Bitcoin and I was talking to him about UTXOs and I said to him, "What actually happens is, you send an amount over to the person and they send you back the change" and he was like, "What if they don't send you back the change; what if they just keep the whole amount?"

Shinobi: Well, that's not really possible, thanks to the way that Bitcoin transactions work, because in the analogy, you're just handing things back and forth between people. But, when you actually make a Bitcoin transaction, all of those things have to happen at once. When you make a transaction, you put your UTXOs that you have into that transaction and then use the transaction to create new ones.

So, when that store clerk gets the money that he's owed, that confirms at the same time and in the same transaction that you get your money back. So, there is no way for you to not get your change back. The only way you don't get change back is if the person you're paying never gets the money because that transaction didn't confirm. Then, you still have all your money. It's either the person gets paid and you get your change back; or, that person doesn't get paid.

Peter McCormack: It kind of clears up with the block explorers as well because, like I say, I used to use them. I used to actually just take a little look at them sometimes when I'd got a transaction going in. I didn't really understand what all these inputs and outputs were, because the numbers didn't always add up to what I thought they would. But, I kind of get it now; it kind of makes a lot more sense.

Shinobi: And there's a lot of things that, if you don't understand this is what's going on under the hood, can go wrong, can cost you money, can lead to you making decisions you don't understand the consequences of. And really, I think is kind of the most important thing to understand about Bitcoin for any user that has gone past Cash App or Coinbase. Like, if you are managing your own coins, I really think if you are to understand anything about how Bitcoin works under the hood, this should be it.

Peter McCormack: Yeah, because I think there are multiple layers to this and different people will have a different need or a different benefit from them. I think there is, and correct me if I'm wrong here, but there is the efficiency of spending your UTXOs in terms of not overpaying fees; I think there is also consideration for privacy.

And the fee thing's quite interesting as well, because my fees have always been, you know, rarely spent more than $5 on a transaction. And then sometimes, you'll see somebody put something on Twitter, some kind of whale alert; somebody has moved $500 million of Bitcoin and they've paid $38 in fee. And I was always like, why is it $38 for them and it's $5 for me, but that's down to how the transaction is compiled, right, and how much data is used?

Shinobi: Yeah. Fees in Bitcoin have absolutely nothing to do with how much money you're moving. It's how many UTXOs you are using to input into a transaction and spend, and how many UTXOs that you're newly creating in that transaction. That could be $100 million worth; you could be playing with $10; but, the fee has nothing to do with that. It's just the number of inputs and the number of outputs.

Peter McCormack: So, could theoretically a $10 transaction have higher fees than a $100 million transaction?

Shinobi: Yes, absolutely. And, if you scrolled through the blockchain, that probably happens a couple of times every week. That's definitely something you would see on there if you started scrolling through a block explorer.

Peter McCormack: Right, so let's deal with fees first, because that is something that I can immediately benefit from; that I can immediately start doing and thinking about. Actually, there was a third one, because I said fees and privacy.

Actually, I think there's a third one in terms of tax obligation. If you're somebody who does pay their taxes when they sell Bitcoin, you might want to think carefully about which coins you're selling because, depending on which one you're selling, there'll be a different tax implication, because usually capital gains is calculated on how much profit you've made on that coin, right? So, that's something certainly some people will have to think about?

Shinobi: Yeah. I mean, I think we can do privacy first. I mean, that's really, I think, the easiest way for people to screw up handling Bitcoin, if they don't understand how a UTXO works. And, that goes far beyond taxes, but that is definitely a good example. Let's say you buy coins on Cash App and you pull them off, you let them sit there for a while, and you go to sell them at Cash App.

Now, the way Cash App specifically works, and this is going to be different between different exchanges, they are going to report to the IRS that you sold Bitcoin. Now, they might not report when you bought it, because if they don't have a guarantee that they're reporting that correctly, they will just not fill that in and that's on you to do that. But, yeah, that UTXO is going to be reported.

Now, imagine if you swept a bunch of UTXOs together and then that was reported as a sale, and let's say you tried to lie and say that you bought them all at the most recent price that you bought at; nothing may come of that right away, tomorrow or this tax year. But, the information to put together that you lied about when you bought those Bitcoin and how much you owe in tax; that is sitting there in Cash App's database. And, everything needed to tie that together on chain, leaving Cash App and coming back, that is all out there; that is there to put together.

If the IRS was to knock on Cash App's door and go, "Tell me every address that you've sent Bitcoin to for this person and tell me every Bitcoin they've sent back", they will be able to pull all of that together and say, "Hey, this guy lied about the price that he bought Bitcoin at. He actually owes us more money". And, the reason is because of how UTXOs work on Bitcoin. When you make one transaction and tie all of those UTXOs together to send them to Cash App, you're telling the whole world all of these UTXOs belong to the same person. And Cash App, given that they KYC you, actually know who you are.

Peter McCormack: Okay, let's think at wallet level, rather than at exchange level right now. So, I use something like -- I've got three different wallets; I've got Ledger, I've got Trezor and I've got Coldcard. I've got all three I use at different points for different reasons. Do you know if I can do coin selection in those wallets?

Shinobi: Trezor, with their web app, I'm not sure. I think I saw something a bit ago about them implementing that. I think Ledger did recently. But, the reality is that a lot of the wallets out there that are kind of built and designed for the non-technical person, the newbies, they generally don't even show you what a UTXO is, or give you a way to control the UTXO, or pick which ones you're spending. They kind of just hide all of that for you and do it for you.

But the thing is, none of those wallets have really any way to know you, Peter, don't want to spend these two UTXOs together because, let's say hypothetically, you pay bills with one and you buy weed off the dark net market with another. So, you don't want to tie those together.

Peter McCormack: Right, so we're coming to the privacy option which I do want to cover with you. Just before we get to that, what kind of wallet allows me to do this; is it something like Electrum?

Shinobi: Yeah, Electrum has UTXO control; I think Specter Sparrow Wallet, like a lot of the new multisig wallets, lets you do this; Wasabi Wallet does; Samourai Wallet does.

Peter McCormack: Because, I think if I was going to use this, what I would imagine is that I would want some kind of table that lists the UTXOs; when they were bought, because I'd obviously want to then know the price at which I bought them; and the value. And, I'd probably want to be able to arrange them in terms of date bought and the value, the size of each one.

Shinobi: Yeah, actually Electrum and Wasabi, I know for a fact, both have kind of a labelling system where you can kind of take notes of where this coin came from, where you're spending it. In Wasabi's case, they actually force you to use that; they will not let you kind of spend a coin or receive a coin without making a note of where did this come from; who knows about this UTXO?

Peter McCormack: Right, and can you group coins around specific labels; so for example, if I knew I wanted to have two sets of coins, like one would be my private transactions and one would be my not so private? So for example, hypothetically speaking, there's things like I want to buy weed, porn, bibles, all the things I just don't want anyone to ever attach to me, potentially they could all be labelled as private; and then other things I'm not so worried about, I could have labelled separately and I would just know.

Can you do that and group them together, or would you be better off consolidating them into different wallets or addresses?

Shinobi: I don't know if anything or any wallet out there with label support lets you kind of separate them by groups like that, but you could have the specific labels so that you know which group things are in. Honestly, I'm personally not sure whether splitting up into separate wallets would make things easier or more difficult, depending on how technically competent you are; but, it would definitely make it a lot harder to screw those kinds of things up.

Peter McCormack: Okay, because again, I'm going to imagine my use; it's like the trade-off, right? It's a lot of work to do this, new wallets needed, need to label all coins incoming, probably need to CoinJoin them as well; that would be an idea as well to protect privacy. It's a lot of work coming in for the protection of privacy, and I'm not saying people shouldn't care about privacy; but for me, I've got a slight higher priority probably around right now, just thinking about taxes and if I ever do sell Bitcoin, I really want to know which ones I'm going to sell.

I think that's an easy win for someone like me just to be able to select the right coin to sell, rather than the privacy, because there are so many layers to the privacy that I have to have in place first. It's stuff that probably comes natural to you, but for me is just a bigger step. Does that make sense?

Shinobi: Yeah, I mean I'd say I absolutely would love to see people use privacy tools in this space more often, but this is the perfect starting point. This is pretty much how I have managed my Bitcoin 90% of the time I've been in the space. Privacy tools like CoinJoin, CoinSwap, even Lightning are very good tools, but you have to kind of start first by recognising what those tools are for, and that's managing the connections that get made between all the different UTXOs you have.

So, if you try to use those tools without understanding what they're doing first, and the things you have to do as a user to not negate all the benefit from those, you need to get that foundation set first.

Peter McCormack: And, just a final question from somebody who uses something like Casa to protect myself, all my Bitcoin that goes in there just goes in as a pile, right. Would I want to label them before they go in there and then put them into Casa, and would those labels be maintained; or is it a case of, at the point I want to ever use those coins out of Casa, I take them out of Casa, put them into something like Wasabi or Electrum and at that point, it's almost like my liquid cash; I manage those ones?

Shinobi: Well honestly, I've never used Casa, so I have no idea if they support labelling. They should if they don't. But, it just really comes down to no matter what wallet you're in, whether there's a labelling system or not, everything is still UTXOs and all of these consequences can still happen due to bad management and selection, and you still need to be aware of that, whether the software gives you the ability to label and make that easier or not.

Peter McCormack: Okay, that's fair. I think it's going to be baby steps then. I think the first step is just playing around and understanding coin selection.

Let's talk about privacy though, because it is important, and the mistakes that people will make; and, this is the stuff that you really care about that we talked about on your podcast.

Shinobi: I mean, pretty much when you make a Bitcoin transaction, not only is that showing the entire world watching the blockchain what's going on with that transaction, you're showing the person you're sending money to all of that information as well; except in that case, it's a lot more likely they're actually going to know who you are. It's a kind of -- really make an extreme example to kind of show people the worst case scenario that could happen here.

Let's say you're just walking along on the street and for some reason, you have all of your Bitcoin on your phone, which you should never do, and it's all one big UTXO. And, you strike up a conversation with some guy, he notices you have a Bitcoin shirt on, so you start talking about Bitcoin. And you go, "Hey, you know how; pull out your phone and download this wallet and I'm going to give you $20 in Bitcoin".

When you send that transaction, because you just have all your money in one giant UTXO, let's say you have 50 Bitcoin; when that money, when that $20 or whatever shows up in that person's wallet, he's going to see, "Hey, this guy has 50 Bitcoin. Maybe I'm going to follow him, maybe I'm going to go see where he lives. Hell, 50 Bitcoin; that's more than $1 million these days. I think I'm going to rob that guy" because, in giving him $20 just because, "Oh, I can show this guy about Bitcoin", you just gave away the fact that you're a millionaire to this random person on the street.

Peter McCormack: Because anyone can trace it back and see the balance? So, you can see the balance of any UTXO that a coin comes from?

Shinobi: Yeah, and you can trace that all the way back transaction by transaction by transaction. And, when that guy sees his output for $20 and then he sees that other 50 Bitcoin output that's going back to you, he knows how much money you have.

Peter McCormack: Let's say I didn't do that. Let's say I had 50 Bitcoin in a single UTXO on a Trezor and then I send, I don't know, 0.5 Bitcoin to another wallet, say a mobile wallet, and I meet the same guy, I hang out with him and I send him $20; he can see, he can follow the hops back to the 50 Bitcoin wallet, but he can't automatically assume that's mine at that point, right?

Shinobi: I mean in theory, no; but in practice, he's going to look back at one transaction that just sent 0.5 Bitcoin somewhere and the rest somewhere else, and then he's going to see you send him money from that 0.5 Bitcoin and he's going to go, "99% odds that that 49.5 Bitcoin is Peter's too".

Peter McCormack: But, could it not have been the case of, it's your wallet, Shinobi, you sent it to me, that 0.5 Bitcoin; and then I, from that 0.5 Bitcoin… You know, he's got to assume, he's got to make that assumption; there's no actual proof?

Shinobi: Yeah, but you know, what do you think the odds are? And this is kind of the sticky thing. Somebody might assume, just because they make that one hop, they're safe and that connection is broken right now, but that's not how this works. You have companies like Chainalysis, like Elliptic, all of these chain analytics companies; and when people transact, there are patterns that just show up in the number of inputs and outputs in a transaction, how those connect to each other. And those patterns are how these companies are able to kind of figure out where Bitcoin is going and what's going on with them.

So, just thinking, like I just make this one extra transaction and I'm safe; that's ignoring all of these patterns that show up that somebody could use to go, "You know what? No, that probably is Peter's giant stash of Bitcoin".

Peter McCormack: So, what do we do about that, if I am sat there with this one UTXO with 50 Bitcoin; what do I do about that?

Shinobi: Well, realistically at this point in time, there are only really two ways to do that, or deal with that. One: peel some off of that and CoinJoin it so that after it tumbles through the CoinJoin and you go to pay somebody, there's a bunch of interference and a breaking of those patterns, so that somebody can't just follow it back to that original 50 Bitcoin output.

Or, peel some off and put it into a Lightning channel and make your payments over Lightning because, you know, on Lightning people don't see all these connections to UTXOs; they just see somebody's zapped me something across the Lightning network and that's in my channel now.

Peter McCormack: So, basically, you want to break the hop?

Shinobi: Yeah.

Peter McCormack: Okay. That makes sense. Okay, so what other reasons, because we talked a lot about this on your show in terms of, what are the other reasons that we should really care about this? There's the security one there in terms of, somebody might link that 50 Bitcoin to me and say, "Okay, I might pay Peter a visit at 11.00 at night with a $5 wrench and ask him about that Bitcoin; but, there are other reasons, yeah?

Shinobi: Well, another big one would be fees.

Peter McCormack: No, I mean, sorry, on the privacy side, because you want to separate -- like, you talked to me before about not wanting people to link transactions. For example, if you were sending Bitcoin to your mum, you wouldn't want her to be able to track it back and see you've also spent Bitcoin at Pornhub?

Shinobi: Yeah, so that kind of comes down to one of those patterns that Chainalysis companies use. So, we've already kind of gone over the basic structure of a transaction; so, you take the UTXOs that you need to spend as inputs and make new ones with outputs. Well, you know, you just have a Bitcoin UTXO and I'm assuming that when you spend money on something, you're not spending all of your Bitcoin at once. So, you're going to have however many inputs that you needed to make a payment, and then you're going to have one output that actually makes that payment; and then, another output that sends the rest of your money back.

Well, if you spend Bitcoin a lot, that's going to create a big chain, and it will pretty much be that UTXO going into a transaction and then making a payment output, and the change output back to you. And then, that change output will go into another transaction and make a payment output, and another change output back to you. And, it will just kind of be a long chain of these transactions where there's always one output going back to you and another one peeling off and going to whoever you're paying. This is called a "peeling chain".

So, if you're spending Bitcoin a lot, there is just this long connection of your coins in all these separate transactions, and you can see that this is likely one person spending their money, because every time it's the same thing. Some change comes back and that payment peels off and goes wherever it goes on the blockchain, wherever the person you paid wants to send it. And you can kind of see because those payment outputs never come back to your change output; they always peel away from it.

Like, if I were to get paid by you, for any random thing, and you keep using that UTXO for payments, I can just look at every transaction that comes before or after the one you made to me and I can go, "Peter paid somebody else again. Oh, there he is buying something else; I wonder what that is?"

Peter McCormack: So, do I then need to CoinJoin every change?

Shinobi: I would say, no; that would get very expensive very quickly. But, you kind of have to think about what you are buying with this UTXO and what are you going to buy in future with that same UTXO; and, do you want a record of a connection between those things to exist.

Peter McCormack: That's a lot to think about and manage over time, which is why I said to you before, perhaps I need different UTXOs for different purposes; so, the stuff I don't mind being linked and the stuff I definitely don't want linked? It's just a lot of work, right, but it's not to say you shouldn't. But I think, as you can't do it for every transaction, you just need to really think about them.

For example, I run part of my business now on Bitcoin. I get paid in Bitcoin and I pay people in Bitcoin. I'm less worried about people linking those together so much, because it's a public company. But, I definitely would want to separate that perhaps. If it was personal stuff, I think it's a slightly different story.

Shinobi: I mean honestly, in the long term, the only solution to this, I think, is just get payments for daily, regular things off chain; that needs to move to the Lightning Network. Because really, thinking about all of these things for every individual payment you make, it's not really tenable for most people. I mean, it's even as obnoxious as hell for somebody like me. I don't want to sit here and think about this every time I make a payment to something. And, it gets to be more and more difficult as time goes on because, without things like a CoinJoin, once I use a UTXO to make a payment, I can't undo that. So, I always have to think about the past payments I've made with that UTXO every time I make a new one.

Even for advanced technical users, that's an obnoxious, time-consuming thing. And really, the only way to deal with that is stop making those payments on chain. Get that onto the Lightning Network, where these payments can be obscured in off-chain channels and you don't see this data for every single payment.

Peter McCormack: So, where are we at with Lightning in terms of capacity, the size of transactions that we can do, because I think we're pretty comfortable with Bitcoin at any size; people are sending hundreds of millions? But, I know with the Lightning Network, there are concerns over certain size transactions. Where are we at with that?

Shinobi: Well, there's a lot of progress being made these days. Like, maybe a year ago, every payment on the Lightning Network had to go through one singular route, but nowadays you can actually break a payment up and split it through multiple channels if one of them doesn't have enough money to route the whole thing together.

From experience, I run a small online shirt store and we take payments over Lightning. I'd say the vast majority of payments in Bitcoin instead of fiat are coming over the Lightning Network. It's nowhere near as obnoxious and, "Your payment failed", as it was a year ago. And really, the higher the Bitcoin price goes, the more transactions Lightning can process. You don't even have to add new liquidity or channels; it's just the price goes up, that can process more dollar turn transactions.

Peter McCormack: Is there a certain kind of size at the moment you feel comfortable around? Could you do a $1,000 transaction quite comfortably?

Shinobi: I think that might probably present some issues, but like $50, $100-something transactions, I have not seen issues with that any time lately.

Peter McCormack: Right, so we're good for a small bag of weed, but if you want to buy a kilo of cocaine, we've got a slight problem?!

Shinobi: Yeah!

Peter McCormack: But, that capacity will come?

Shinobi: Yeah. I mean, that's really just a matter of time and letting the devs work out the kinks that are problem points for users.

Peter McCormack: Right, okay. What else do I need to know with UTXOs?

Shinobi: Well, fees are definitely a really big point.

Peter McCormack: Okay.

Shinobi: Two things, I think, that users really need to think about here. One: when you withdraw money that you bought on an exchange. Everybody's obsessed these days with stacking sats; the new way to talk about dollar cost averaging. That can present a lot of long-term problems, especially for people who are just putting a little bit of their paycheque in every week.

Peter McCormack: Yeah, if you're doing like $50?

Shinobi: Yeah. I mean, imagine every week you put $50 into Bitcoin and then you immediately withdraw that and make a $50 UTXO. And, imagine you do that every week for a year. Now you have 52 $50 UTXOs. Really think about that in the long term.

Let's say this person isn't really interested in censorship resistant payments. They're not here because they want to see the money of the internet; they're just investing in something. This is just somebody going, "I can turn my financial situation around", and they're just planning on selling all of that at some point.

Peter McCormack: Let me ask you something, Shinobi, quickly? In terms of building a transaction, your fees are based on data. I'm going to try and articulate this as best I can. How much of that data is a standard amount of stuff that has to go into a transaction; and how much does each UTXO incrementally increase the size of that data?

For example, if it's one UTXO; is two UTXOs essentially doubling the amount of data, or is there a standard base amount of data that builds the transaction and each UTXO adds like 10% more or something?

Shinobi: Well actually, that's a little complicated. We can get into that in a minute.

Peter McCormack: Okay.

Shinobi: To go back to the hypothetical sat-stacker. He is just investing; he is planning on selling this all at a higher price; and he's bought $50 every week and withdrawn that and made a new UTXO. Well, let's say he did that for a year and he wants to sell everything now. Now he has 50 UTXOs that he has to put into a single transaction to send back to the exchange to sell it.

Like we went over earlier, the fees have absolutely nothing to do with how much money he's moving; it's how many inputs there are; how many outputs. So, that person's fee is going to be way larger than if he only pulled it off every month and only had 12 UTXOs. So, that is a really important thing to think about in my mind. For somebody who is just investing in this space, look at what happened in 2017 with fees. That's only a preview of things to come.

So, how much of that person's, like what percentage of all that Bitcoin they have, are they going to have to pay in network fees just to move it back to the exchange to sell it? It's going to be a pretty big fee. But if you only did it once a month though, that would be -- like, 52 weeks in a year, he has 52 UTXOs, because he withdrew every week. If he only did it once a month, that's only 12, so he has a fourth of that.

Peter McCormack: And I guess they could still buy every week on the exchange and then do the withdrawal once a month. And, I know we talk about not your keys, not your Bitcoin, but that exchange risk, they're only ever risking up to three weeks at a time which I would say, these days, is pretty low risk?

Shinobi: Yeah, that's kind of the major point. Yeah, you should absolutely custody your own Bitcoin, you should store them on your own keys, but you shouldn't take that to the extreme of every time you buy $5 of Bitcoin, you're instantly withdrawing it; because, depending on why you're here in Bitcoin…

If you're actually here to use this as money long term, to hold onto it, maybe that won't be such of an issue, you know, if that $5 UTXO is worth $100 in a couple of years and you're just going to spend them one by one. But, if you're here investing in things just to sell later, that's going to add up to a massive cost that's going to cut into the profit that you made.

Peter McCormack: But, can we try and contextualise that, because like I say, when I create transactions and my fees change, I've really got no idea how many outputs go in; and like I say, if I was to make it of one or five, how much of an impact that would have on the fees? If the fee was $10, would it be $11 with two, or would it be $15 with two; I've just got not idea? I know you say it's complicated, but is there any way of simplifying it?

Shinobi: Well, the simplest way to think about this would be, think about the type of address you're using. You have the old legacy addresses that start with 1; then you have the old multisigs that start with 3; you have your bech32 SegWit stuff. Each of these are pretty much different script types.

So, we kind of started this off talking about, think of a UTXO as a programmable bank note, kind of like that blurring between a cash note and a bank account. Well, the interesting thing is there, you can add kind of locking conditions there. A UTXO isn't just handed to somebody; you have to unlock that. And, the most basic kind of lock is the signature that you make with a private key.

So, when you look at non-SegWit versus SegWit, there are differences in the fees that you pay for those signatures, because you have to remember inputs and outputs; that's the basic way to look at a transaction. But, those inputs also have to have the proof that you unlocked the transaction. So, you have to have that signature attached to that input. And because of that, inputs are actually bigger than the outputs in a transaction.

With just the simple Legacy versus SegWit, there's actually a discount in the fee for the signature data with SegWit. So, just something as simple as using a SegWit address instead of a Legacy address, you're going to pay less in fees because you get that signature discount for the data size by using a SegWit signature instead of a normal one.

Peter McCormack: Right, okay. I know you get this stuff and I understand there are different addresses, and I even see in some of the wallets, maybe it's on the blockstream explorer, they say, "If you'd used a SegWit address, you would have saved 52% on fees", or something or other; I've seen some of this stuff. But, let's just go with SegWit addresses for now. Is there any way of contextualising one output versus 50 outputs, how much more you potentially could pay in fees?

Shinobi: Well, I mean it's just, think of one input with a signature as one fee unit. The maths here is nowhere near this simple in reality, but just for a user thinking about it; every input you add, add another fee unit. And so, it's kind of like per byte of data, is the real way to think about that. You're paying a fee for each byte of data you include, and that data is counting the outputs, the inputs and the signatures that you are attaching to the inputs to prove you can actually spend those.

So, let's say you want to add new outputs to a transaction. For arbitrary argument, let's say that's only half a fee unit, so each new output that you add adds half of a fee unit that you have to pay for this transaction. But for the input, because you have to attach a signature to it, that adds a whole fee unit. So, the more inputs you have versus outputs, that's going to have a larger effect on raising the fee.

Peter McCormack: Okay, I'm going to push you a little bit on this. Okay, I'm sending $50 of Bitcoin and my fee is, say, $5. Sorry, I'm sending a single, what is that, about $2,600 of Bitcoin, which is a single UTXO; or, I'm sending the same transaction built up of 52 $50. Have you any idea how much that would increase the fee? Does it take it from -- even a guesstimate; are we talking about, it will increase it by $1?

I'm just trying to contextualise how much, because I think a lot of people will listen to this and they will take that onboard, "Okay, that's something I can do straightaway. If I'm dollar cost averaging, I should definitely do it once a month as a withdrawal from the exchange whilst buying weekly". But, I still can't contextualise how much the fee will increase by having those 52 different transactions. I don't know if it's another $1 on a $10 fee, or if it's another $20?

Shinobi: Well, that's kind of the thing, it doesn't really have anything to do with dollars; it has to do with the data. So let's say this input is 100 bytes, somewhere around there, and the fee for that is $1. Well, you have to remember the outputs are part of that too. So, let's say the fee just for that input is 50 cents. If you add another input, you're going to pay another 50 cents and if you add another input, you're going to add another 50 cents and so on and so forth.

But, if you look at the output, let's say you want to make multiple payments in a single transaction. Well, let's say the fee for the output is only a quarter. So, every new output you add is going to add another quarter to the fee.

Peter McCormack: And, whilst this is not the hugest issue right now, you're also thinking long term. If you've held on to these for five years, we could get to a stage where transactions are actually quite expensive. We've had $50 transactions before. But also, I'm quite aware that the speed of what you want the transaction impacts the fee, right. I know the next block could be an $8 to $10 fee, but you could have something there, if you didn't mind it taking about a week, your fee could be quite low.

Does it make sense therefore to sometimes consolidate UTXOs, but be quite happy if it takes a week, two weeks to happen?

Shinobi: Absolutely, but the thing you have to think about there is then the privacy, because you know, that really low fee and condensing UTXOs; that could wind up saving you money in the long term when fees go even higher, but you have to make sure you think here, "Do I care about tying these UTXOs together?" So, you kind of have to balance saving money versus maintaining your privacy.

Peter McCormack: So, I guess a lot of this comes down to just getting in the habit of looking at your UTXOs, trying to manage your UTXOs and I guess this will be a learning exercise. Like, the first time you do it, you'll just look at them; the second time you'll be, "Okay, I now know, for example, I don't want these ones tied together; but this group, my dollar cost average group, I'm happy to consolidate these". But, it sounds to me this just comes down to the experience of using them, and that's something that will come over time?

Shinobi: Yeah, but it's a really important thing to just understand. And, I think if I've answered the fee issues to your satisfaction, there's kind of one more major aspect of this I want to get into?

Peter McCormack: Okay.

Shinobi: So, your UTXOs all have a lock on them. And like I said, the simplest lock is just a signature from a private key. So, another important thing to consider here is, what data do you have to keep safe to be able to one, be able to find the UTXOs that are yours; and two, spend them.

Now, in the case of just a normal one address key setup, like a single-sig address, all you have to keep is your word seed; that's it. You keep your word seed, you can find your coins; you can spend your coins; that's all good. But, there are a lot more complicated locks that you can put on a UTXO than just, give me a signature from one private key.

Peter McCormack: Hold on. Can I just jump in there a second? If you, say, lost your wallet and had to restore it from a private key, would you lose all your labels?

Shinobi: Yes, if you did not keep the wallet file that was on.

Peter McCormack: Okay, so that's another thing; you have to keep the wallet file. So, if you kept a backup of the wallet file itself somewhere offline, can somebody ever access and steal your Bitcoin with that wallet file, or is it more just a file that relabels all of your UTXOs?

Shinobi: Well, that depends. Did you make a wallet file that has private keys on that computer; or, did you use something like a hardware wallet and then just import the public keys, like a watch-only wallet that just lets you find your balances?

Peter McCormack: No idea.

Shinobi: Well I'm saying, the difference between, like, if you open up Electrum and just make an Electrum wallet and that's it, then yes, that wallet has your private keys and you need to keep that safe. But if you, say, made a wallet on a Coldcard and then imported that file off the Coldcard into Electrum, your private keys are not in that file. All it has is your addresses, so the worst that could happen is that somebody compromises that and then knows how many coins you have; which coins are yours.

That really comes down to how you generated your private key and whether you're using the software on your computer to just watch your coins, or if you're using that to actually sign transactions.

Peter McCormack: We're definitely in the field of advanced stuff here, where it would be easy for people to make mistakes. I guess, over time, wallets will improve and get easier to use and a lot of this stuff will be done for you or explained to you as you use it; but, I would be, myself, quite nervous about this level of complexity.

Shinobi: Well, that's kind of what I was trying to get at before the question. With a single-sig address, all you need is your word seed. But, look at something like multisig, which is getting more and more popular; that word seed, unless you have all of the word seeds in that wallet, is not enough. You actually have to have the public keys for each word seed in that multisig, otherwise you will not be able to find those coins. You might have enough keys in the multisig to sign for them, but if you don't have all the public keys that make that multisig address, you can't even find those coins; you can't put together the lock script for that UTXO to even be able to sign it with the keys you still have.

So, this is a really, really important thing going forward long term, for anybody who starts doing anything more advanced than just a single-sig address, because people are just used to, all I need is that seed. Well, if you have a two-of-three multisig and you lose one of those seeds and you did not save the public address for that seed, you just lost your coins, because you will never be able to reconstruct that locking script and then prove that you can unlock it, because you don't have all the parts of that unlocking script.

Peter McCormack: That's what quite neat about Casa. So, say if you've got the three-of-five multisig, you don't have to back up the seeds; but, if you lose one, you can restore a new key and, using three of the other four, you can move that one into the new wallet, into the new address. It's quite an interesting thing because obviously, backing up seeds is a security risk itself in some ways, and they actually encourage you not to back up your seeds because of this, because you don't need them. I don't know if you were aware of this?

Shinobi: Yeah, I'm aware of the setup. Honestly, I am personally not very fond of that, but I understand why it's set up that way to make things easier for people. It's kind of part of why Casa is set up that way, because you move from a single-sig address to a multisig and now you have this other thing that you have to worry about besides, just keep the word seed safe. And, Casa is entirely set up to kind of hold your hand and safeguard you there.

But, there are a lot of people starting to do multisig on their own, and that's becoming a really popular thing these days, and that's really important to understand. And, the more we go on in time and the more complicated things that Bitcoin is upgraded to do, the more users are going to have to think about this type of stuff. Like, that word seed might not be enough to safeguard your coins. There might be other data that you have to keep track of; other data that you have to have around to go spend those coins later. And, a lot of that data is not something that you can just regenerate from one word seed.

Like, Taproot would be an example. There's a lot of talk of using Taproot for things like a security recovery, even things like inheritance. And, all of those extra kinds of spending conditions or unlock scripts that are hidden in Taproot, if you start making complex UTXO scripts like that, you can't just regenerate the recovery path for your inheritance from a word seed; you actually have to save that information. And, if you lose it, then you lose the ability to ever spend those coins with this hidden inheritance path. Like, it goes back to, you can only spend this with the plain key that you can publicly see.

Peter McCormack: Yeah. I think that it just gets into the realm of some of this stuff being too complicated, which is why I think there are different levels. There are certain people who are only going to get as far as using someone like Casa and it will suit them; there are going to be other people like yourself who can manage their own multisigs, or other more technical people who can.

Casa, I think, is that good halfway house for certain people. But, there are always these trade-offs, right?

Shinobi: And, there's really no way round that.

Peter McCormack: Is there anything else on UTXOs?

Shinobi: I think we've got through pretty much most of it.

Peter McCormack: So I would say for me, the summary of this is that UTXOs are something I've ignored previously. I kind of know what they are, what they were, and had a mild understanding of them, but why would I ever need to care because I use my wallet; I choose to send Shinobi some Bitcoin; it just does it all for me?

But actually, this thing in terms of fees, there are a couple of interesting things for me, definitely to think about, that are worth thinking about. That dollar cost averaging; I've done it occasionally where I've just bought $100 of Bitcoin here or there just for whatever reason. It's not crossed my mind, that future situation, whereby I might have lots of these in a wallet; so, that's going to be interesting.

I'm interested just to have a look at the UTXOs in my wallet; I think that will be super interesting. Also, like I said to you, in terms of tax purposes, if I ever have to sell Bitcoin, I would want to be careful about which ones I sold because of cap gains, if I was living in a country where I had cap gains. And then, I think, those are a couple of really important things.

I think the next step is for me to have a play with something like, I think I'm going to have a play with Specter, because I've heard so much about it; I think I'm going to have a play with that and see how I get on.

Shinobi: Yeah, I haven't personally used it yet, but I've dived through the docs and all the features. That is a really solid, flexible wallet, especially if anybody wants to start playing around with multisig themselves instead of a service around that; that definitely looks like a good place to start.

Peter McCormack: All right, man. Well, listen, this has been very helpful. I think people will get a lot from this. I'm interested to see what we're going to do next month now! Okay, listen, as ever, tell people how to find out more; tell them where your shop is.

Shinobi: Well, the shop you can find at bitcoinshirt.co, if you want to send some sats over for some Bitcoin swag. You can find me on Twitter @brian_trollz. And, I also do a small podcast with my co-host, Janine; you can find that at Block Digest if you feel like diving very deeply into the technical side of things.

Peter McCormack: Nice. All right, man. Well listen, appreciate this. Very helpful, very useful for me, and, see you next month, man.

Shinobi: Looking forward to it.