你的比特币交易安全吗？与基思·加德纳一起探讨 | SLP723

我通常认为，我们越能让比特币、闪电网络、Arc变得更安全，就能消除越多的焦虑，这对整个行业来说是一件好事。

I generally think the safer we can make Bitcoin, Lightning, Arc, the more anxiety we can remove is a is a good thing for the industry.

大家好，欢迎回到斯蒂芬·洛韦拉的播客。

Hi, everyone, and welcome back to Stefan Lovera podcast.

今天，我们将讨论比特币支付，以及如何验证地址，确保我们在人工智能、深度伪造、恶意软件等技术盛行的时代保持安全。

Today, we're gonna be talking about Bitcoin payments and how to verify the addresses and how do we make sure we're secure in this age of AI and deepfakes and malware and all this.

今天重返节目的是来自Branta团队的基思。

So rejoining me on the show today is Keith from the team at Branta.

基思，欢迎再次来到节目。

Keith, welcome back to the show.

能来到这里真是太好了。

Oh, it's great to be here.

谢谢，斯蒂芬。

Thanks, Stephan.

那么，基思，给我们讲讲最新的情况吧。

So, Keith, give us the latest.

我知道你们最近签订了一些合作伙伴关系或协议。

I know you guys had some recent partnerships or deals signed.

我想你们还和AmBoss合作了一次。

I think you did one with AmBoss as well.

是的。

Yeah.

是的。

Yeah.

最近发生了好多事情。

There's been a a lot going on.

我想我们上一次交谈是在2024年。

I think we last spoke in 2024.

是的，为了听众们，我叫基思。

Yeah, just for the audience, I'm Keith.

我于2023年创立了Bronton。

I founded Bronton 2023.

目标是让人们在以为自己把比特币发送给某个交易对手时，永远不会丢失比特币。

The goal is to have people never lose their Bitcoin when they think they're sending it to a certain counterparty.

但确实，自2024年以来，发生了许多事情。

But yeah, since 2024, there's been a lot of action.

关于BTC支付服务器、ZapRite，昨天还宣布了AmBOS——一家非洲的汇款公司。

Around BTC pay server, around ZapRite, AmBOS was announced yesterday, remittance company in Africa.

是的，从那以后发生了许多事情。

Yeah, there's been a lot happening since then.

是的，现在让我们回到起点。

Yeah, now I guess let's take it back to the start.

所以对大多数人来说，你知道，先讲讲基础。

So for most people, you know, just basics.

当你发送比特币时，通常的体验是：你可能会复制粘贴一个地址，然后将其输入到你的钱包中，如果是在线钱包界面，比如Electrum、Sparrow、Blockstream等等。

When you go to send Bitcoin, the experience typically is you you might be copy pasting an address and putting that into your wallet if it's an online wallet interface like whatever, Electrum and Sparrow and so on or Blockstream or whatever.

或者你可能在手机上复制粘贴地址，或者习惯于扫描的体验。

Or you may be copy pasting it on your phone, or you may be used to the kind of scanning experience.

但我们在这里探讨的问题是，有哪些可能出错的地方，或者人们可能被欺骗的方式？

But the question that we're exploring here is more like, what are the ways that can fall down or where are the ways you can be tricked?

因为确实存在多种方式让人上当受骗。

Because there are various ways you can be tricked there.

你想从这里开始讲吗？

Do you wanna just take it from there?

是的。

Yeah.

我们来深入谈谈。

Let's go into it.

实际上，我想是上周，斯蒂芬。

So actually, I think it was last week, Stephane.

斯蒂芬和霍德尔先生在推特上发了一个很棒的帖子。

There was quite the the nice thread on Twitter with mister Hoddle.

对。

Yeah.

我跟他在这个问题上反复讨论过。

I was going back and forth with him on that.

是的。

Yeah.

是的，没错，你确实和他反复讨论过，我觉得有些误解需要澄清，但让我们先退一步说。

Yeah, no, you were going back and forth with him and so I think there's some misunderstanding to clear up, but backing way up.

比特币与法币不同，因为当你发送比特币时，我们会通过发现来完成结算。

Bitcoin is different than fiat because when you send Bitcoin, we settle with find out.

对，这很美妙，因为这是一种像现金一样的避险工具。

Right, and this is beautiful because this is a bear instrument like cash.

现在，信用卡可能不太受你们观众欢迎，但信用卡正是我们想要的用户体验。

Now with credit cards, maybe this isn't popular with your audience, but credit cards are kind of the UX we're aiming for.

一个普通美国人平均有多少张信用卡， versus 平均有多少个Sparrow安装？

Like how many credit cards does the average American have versus how many Sparrow installations does the average American have?

因此，我们在比特币支付方面还有很多工作要做，我们真正希望做到的是，在发送比特币之前，以零知识的方式验证交易对手的地址。

So we have work to do with Bitcoin payments and what we really want to be able to do is verify the counterparty address in a zero knowledge way before I send my Bitcoin.

现在，这对我在家支付账单意味着什么，无论金额大小，如果我愿意，我可以核实收款方地址是否正确且已确认，避免被钓鱼、中间人攻击或地址被替换。

Now, what that means for me at home, whether I'm paying a bill that's large or small, if I so choose, I can check that the recipient is actually correct and confirmed and I'm not getting fished, man in the middle, address swapped.

所有这些糟糕的情况虽然属于小概率事件，但确实发生得太频繁了。

Any of this nasty stuff that is a tail risk but does happen too much.

是的，我明白了。

Yeah, I see.

所以现在的问题是，当然有一些最佳实践，比如检查地址。通常人们给出的建议是：当你准备转账时，核对一下你硬件钱包上显示的地址是否与屏幕上的地址一致。

And so the issue is now, yes, there's certain best practices that of course check the address on the so a typical piece of advice people give is when you're about to send money, check the address that's listed on your hardware wallet that you're about to send to is the address on your screen.

但事情远不止这么简单。

But the it it gets deeper than that.

对吧？

Right?

因为，没错，这确实是最佳实践。

Because, yes, yes, that's best practice.

这很好，这一点不会改变。

That is a good that that doesn't change.

这仍然是正确的。

That's still correct.

但仍然存在其他我们可能在毫不知情的情况下被攻破的方式。

But there are still other ways that we can be pwned without even knowing.

我认为我们正在讨论的是，我看了一下。

And I think what we're talking about and I look.

我同情哈德尔先生，因为我觉得他并没有完全理解那个风险究竟是什么。

I sympathy for mister Huddl because I think he doesn't quite he didn't quite understand what was what was the that risk.

在那之后的讨论中，他稍微明白了一些。

And then after that thread, he sort of got it a bit better.

但重点是，并不是每个人只是偶尔才进行一笔交易。

But the point being, not everyone is just sort of only periodically doing a transaction.

对吧？

Right?

比如，如果你只是在定期定额投资，偶尔花一点钱，或者在交易所卖出一点法币，诸如此类的情况。

Like, if you're just kinda DCA ing and every now and again, you're spending a little bit or maybe you're selling a bit of fiat on the exchange, this kind of thing.

但如果是一家企业，经常进行定期付款，不断接收发票，那就是另一种情况了。

Well, that's a different case to imagine if you're a business and you're doing, like, regular payments and you're just kinda receiving invoices all the time.

你怎么确认那个比特币地址确实属于你认为的交易对手，而不是黑客发送的恶意发票，或者你的浏览器被植入了恶意软件，实施了所谓的地址替换攻击？

How do you verify that that Bitcoin address is truly belonging to the actual counterparty who you think and is not like a hacker who has sent you a malicious invoice or that your browser that you go on hasn't had some kind of malware to add do what's called an address replacement attack.

所以我认为，这可能是关键风险，或者至少是关键风险之一，对吧？

So I think that's, probably the key or at least one of the key risks, right?

是的，完全正确。

Yeah, that's exactly right.

所以，我认为霍德尔先生

So yeah, I think Mr.

正陷入一个陷阱：硬件设备和屏幕固然很好，但攻击发生在更上游的地方。

Hoddleman's kind of falling into the trap that the hardware device in that screen is great, but Bronta's upstream of that.

而且攻击也发生在更上游的位置。

And the attack is also upstream of that.

因此，Branta的产品定位正是攻击会发生的地方。

So that's why Branta's product placement is where the attack will happen.

仅仅将屏幕上的地址与硬件钱包进行匹配，即使你使用了硬件钱包，实际上也是在将一个错误的地址与另一个错误的地址进行匹配。

And the pitfall with just matching the address on the screen to your hardware wallet, if you're even using a hardware wallet, is you're actually matching a bad address to a bad address.

没错。

Right.

在你开始这个流程之前，你已经被攻陷了。

You were already pwned before you even started that process.

没错。

Exactly.

你在意识到之前就已经被攻陷了。

You were pwned before you realized it.

明白了。

Okay.

那么请你详细讲讲，Branta 是如何运作的，具体是如何阻止这种情况发生的呢？

So talk me through how does Branta work in terms of making, like stopping that, right?

据我理解，你们使用了零知识证明验证。

As I understand you have like a ZK verification.

给我们详细讲讲这个过程。

Talk us through that process.

是的。

Yeah.

这是个很好的观点。

So that's a good point.

我们也许应该再多谈一点这一点。

We should probably touch on that a bit more too.

当 Branta 刚推出时，我们的愿景始终是完全私密的。

So when Bronta initially launched, our vision was always be completely private.

我们不想成为中间人。

We don't want to be a middleman.

我们不想成为任何数据收集的可行目标。

We don't want to be viable for any data period.

我们从一开始就有一个不错的设计，但现在我们已将其完全实现为零知识验证。

And we had a good design from the beginning, but we made it fully zero knowledge now.

所以，Bronta 可以验证你发送的地址，而无需看到该地址的明文形式。

So we can Branta can verify the address that you sent to without ever seeing that plain text address.

是的。

Yeah.

你之前问的是什么来着？

And what was your what was your question before that?

关于零知识验证这一部分，Bronta 是如何防止地址替换或污染这类攻击的？

So around the ZK verifying aspect, like how is Branta working to stop the the these attacks like address replacement or poisoning?

对。

Right.

本质上，Bronta 为你和交易对手之间开辟了另一个通道，我们称之为‘防护栏’，因为这是一个比较形象的说法。

So essentially what Branta does is open up another channel from you to the counterparty and we call the product guardrail because it's just kind of a nice term.

你不希望你的车驶离道路，也不希望你的比特币被转给攻击者。

You don't want your car to drive off the road or your Bitcoin to go to an attacker.

所以今天，如果我要发送比特币，无论是通过多重机构托管系统，还是直接通过 Zapra 发票——Zapra 已经采用了 Bronta，因此这个问题已经不存在了。

And so today, if I go to send Bitcoin to whether it's a multi institution custody setup, whether it's literally a Zapra invoice, Well, Zapra has adopted Bronta, so that's not a problem there anymore.

但这是一个单通道的问题所在。

But that's one channel where the single channel is the issue.

如果我们再往上游看，我们实际上讨论的是计算机科学中的一个概念，叫做中间人攻击。

And really what we're talking about if we go even more upstream is a computer science concept called the man in the middle.

这是一种非常严重的攻击，因为在计算机系统中存在许多许多层，你可能能列出任意一个通道中使用的上百个独立层级。

And it's a very bad attack because in computer systems there's many, many layers like you could probably list a 100 discrete layers that are used in any given channel.

让我们再暂停一下，重新审视一下‘通道’这个词。

And let's just pause on the channel word again.

所以，如果这是我付给你午餐的钱，斯蒂芬，也许Signal就足够了，Signal就是一个通道。

So if this is me paying you back for lunch, Stefan, maybe signal suffices, signal's a channel.

但那里会发生什么？

But what happens there?

有Wi-Fi，有我的iPhone操作系统，有屏幕，有UI渲染组件，有互联网服务提供商，有电信运营商。

There's WiFi, there's my iPhone operating system, there's the screen, there's the UI rendering components, there's the ISPs, there's the telecom.

在你的屏幕和我粘贴到我屏幕上的内容之间，存在着如此多的基础设施，才能到达你那里。

There's so much infrastructure in between your screen and what I paste into my screen to get to you.

而所有这些都容易受到单通道中间人攻击，这并不理想。

And that's all susceptible to a man in the middle over one channel, which is not great.

以前的解决方案已经存在，比如你可以在链上发送一笔测试交易。

Now previous solutions have been around, maybe you send a test transaction on chain.

好的，不错。

Okay, cool.

也许手续费很低。

Maybe fees are low.

但速度仍然很慢。

It's still slow though.

如果我们声称拥有有史以来最好的货币，为什么还要在链上发送交易呢？

Like if we claim to have the best money ever, why are we sending on chain transactions?

我们真的要在这完美的抵押品、完美的货币上，继续用测试交易再过十年吗？

Like are we really gonna stay with on, sorry, with test transactions for the next ten years with this pristine collateral, this perfect money?

这并不是说测试交易不好，它们没问题。

It's not a knock on test transactions, they're fine.

你最终会得到一个可用的地址。

You do end up with address for use.

另一种方式，你知道，比如通过闪电网络，或者你第一次用Venmo给别人转账一美元，原理是一样的。

The other way, you know, maybe over Lightning or if you've ever Venmoed somebody for the first time is to send a $1 payment, it's the same concept.

但不管怎样，我们回到中间人攻击以及Bronta是如何解决这个问题的。

But anyways, back to the man in the middle and how Bronta solves this.

这会有点抽象，但基本概念是：如果你的交易对手拥有他们想要接收资金的正确地址，他们可以加密该地址，然后将其复制到Bronta中。

This will be a bit abstract, but the base concept is, if your counterparty has the good address that they want to receive at, they can encrypt and then duplicate that address into Bronta.

所以现在他们保留了密钥，我们看不到密钥。

So now this And they keep the key, we don't see the key.

因此，交易对手已经复制了正确的信息，这是第一步。

So the counterparty has duplicated the good information, that's the first step.

所以复制正确的信息后，对于最终用户来说，现在又多了一个跨空间的通道。

So duplicate the good information and then for the end user, there's now another channel like across space.

因此，这里有兩個要素：时间和空间。

So there's two elements, the time and the space.

所以从时间上，你复制了正确的地址，然后通过不同的空间通道，用户可以进行验证。

So temporally you duplicate the good address and then across different spatial channels, the user can verify.

这正在被嵌入到钱包中，你可以在网页浏览器或移动设备上完成，我就先说到这里。

This is being embedded in wallets, you can do it over web browser or mobile and I'll pause there.

是的，好的，明白了。

Yeah, okay, gotcha.

所以举个例子，比如一个大型交易所，你知道的，随便哪个都行。

So let's just as an example, just make a example, you know, big exchange, you know, whatever.

Kraken 或 Coinbase 之类的。

Kraken or Coinbase or whatever.

想象一下，一个大型交易所对你说：嘿，Stefan。

Just imagine a big exchange is like, hey, Stefan.

这是你的存款地址。

Here is your deposit address.

就在这里。

There it is.

然后我作为客户，就会想，好吧。

And then I, the customer, I'm like, okay.

我想，比如说，我把一些比特币存到交易所，因为我需要卖了来付账单之类的。

I wanna, you know, let's say I wanna put some Bitcoin on the exchange because I need to sell to pay my bills, whatever.

这时候，你所说的例子中，假设这个交易所已经与Branta合作了。

At that point, what you're saying is, in this example, let's say this exchange has signed up with Branta.

他们后台也复制了这个地址，并且他们正在做某种验证，那么当我现在付款时，这个证明是在哪里进行的呢？

They have in the background also duplicated that address, and they have, you know, they're doing that way, we're doing a bit of a proof there such that when I go to pay now how where is the proof taking place?

验证是在哪里发生的？我想这就是问题所在。

Where is the verification taking place is, I guess, is the question.

对吧？

Right?

因为作为该交易所的客户，我怎么知道这确实是Kraken的地址、Coinbase的地址，或者任何其他交易所的地址呢？

Because how do I, the customer of that exchange, know that, yes, that is truly Kraken's address or Coinbase's address or whatever whatever exchange?

是的。

Yeah.

所以是的。

So yeah.

所以第一个问题，你正在使用一个交易所，你想把比特币发送到交易所。

So first part of the question, you're using an an exchange and you wanna send Bitcoin to the exchange.

交易所会给你一个地址。

The exchange shows you an address.

目前实现Branta的典型方式，就像早期的信用卡支付中使用的TLS、SSL和HTTPS一样。

Now the kind of canonical way to implement Bronto right now is much like, you know, in early credit card payments, there was TLS, there was SSL, there was HTTPS.

而现在，这已经成为一种标准，且通常在后台运行。

And now this is just a standard and it's kind of in the background.

所以就像那样，当你看到这个地址时，BrantaLink的验证功能就会出现。

So much like that, when you see that address, a verify with BrontoLink will be there.

现在，你可以点击它进行验证。

Now what that does, you want to click that, you can.

这也表明，某些钱包可以通过我们的网页应用进行扫描，你可以在不同设备上验证该地址是否正确。

That also indicates to you that certain wallets, you can also scan with our web app, you can verify across different devices that that address is correct.

那就是那就是

That's that's

跟我讲讲那个按钮吧，比如说我正在使用大交易所的网页界面，我点击那个按钮，背后会发生什么？

Talk for to me about that add that that button, like, let's say I'm using the web interface for Big Exchange, I click that button, what's happening in there when I do that?

是的

Yeah.

所以具体来说，当你点击那个链接时，它会连接到Bronta，URL的路径部分包含一个密文块，基本上就是一堆加密后的乱码。

So what's happening there, this will be a bit technical, but you click the link and the link links to Bronta and in the slug of the URL is a ciphertext blob, just like an encrypted blob of gibberish basically.

一个关键点是我们不希望这个系统能被链上内存池抓取。

So one key point is we don't want to be scrapable against the mempool.

我们不希望Bronta变成像Chainalysis或其他这类工具那样的大规模KYC查询系统。

We don't want Bronta to be a massive KYC lookup like Chainalysis or any of these other tools.

它实际上更加短暂且经过加密，因此无法被抓取。

It's actually much more ephemeral and it's encrypted so there's no way to scrape this.

当你点击链接时，非常重要的一点是，你必须在同一个浏览器中完成这个操作。

And what happens when you click the link, it's very important that you can do this in the same browser.

我现在用的是Brave浏览器，只需一键点击链接，加载时间只需一百毫秒，我就能看到地址被原样返回给我。

So I'm on Brave right now and I can just one click link, it takes one hundred milliseconds to load and I see the address mirrored back to me.

这证明了交易所已与Bronta合作，且这段加密文本已使用密钥成功解密。

And that attests that the exchange has partnered with Bronta and this encrypted text has been decrypted with the key.

这很棒，因为整个过程零摩擦，无需登录，也不需要下载任何东西。

And this is great because it's no friction, there's no log and there's no download.

作为用户，如果我想发送资金，我可以在任何计算设备上验证同一个链接，比如任何安卓手机、GraphQL设备等。

And if I want as the user going to send, I can check that same link from any computational device, like any Android, GraphQL Right, on a phone

或者在另一台电脑上，类似的情况。

or on another computer or this kind of thing.

所以帮我理解一下这部分。

So help me understand this part.

你可以把它想象成一种一键弹窗验证机制，用来确认这个地址确实是交易所的地址，而不是黑客的地址。

So it's like think of it like a one click pop up verify sort of thing to make sure this address is truly exchange address and not the hacker's address kind of thing.

举个例子，如果我点击后显示的是另一个地址，那警报就应该立刻响起，提醒我：‘等等，不对劲。’

So as an example, if I click that and it shows a different address, then alarm bell should be going off and being like, woah.

等一下。

Hold on.

等一下。

Hold on.

我可能是恶意软件。

I might be malware.

有人可能对我进行了地址替换或地址污染攻击。

Someone might have, like, done an address replacement or address poisoning attack on me.

我应该现在停止。

I should stop now.

是的。

Yeah.

没错。

Exactly.

没错。

Exactly.

明白了。

Gotcha.

这在价值交易的情况下尤其重要，比如，显而易见，当你在链上进行大额交易时。

And this would be especially important in the cases of, you know, like, obviously, value transactions.

假设你正在进行大额交易，比如在链上转账数百万美元，或许你在进行某种大额交易、贷款，或者处理抵押品之类的操作。

So let's say if you're, you know, you're doing big boy transactions, you're transacting, you know, millions of dollars on chain, maybe you're doing, like, whatever, some big transaction or a loan or, something, and you're transacting the collateral or you're whatever.

在发送大额资金之前，你显然需要验证一下。

You wanna obviously verify that before you send a large amount.

正如你所说，历史上很多人会做测试交易，但用户体验差、速度慢，还存在地址复用等问题，背后有很多不合理的做法。

And historically, as you said, a lot of people have done these test transactions, but, again, bad UX, slow, you know, address reuse, like there's lots of bad reasoning around that.

现在我猜人们可能会问另一个问题：那在手机上怎么办？

Now I guess the other question people will have is, what about on the phone?

所以，我想像一下，比如我要去交易所。

So, you know, we like, I guess I was imagining let's say I'm going to the exchange.

我正在用笔记本电脑或台式机上的网页浏览器查看网站界面。

I'm looking at the website interface on the web browser on my laptop or my desktop.

那我在手机界面时呢？

What about when I'm on a phone interface?

比如，我正在使用一个大型交易所的手机应用。

Like, let's say I'm using a big exchange phone app.

Branto 在这种情况下做了什么？当使用手机用户体验时，它是如何工作的？

Is there something Branto is doing there or how does it work when it's a phone UX?

是的。

Yeah.

对。

Yeah.

手机也是我们的一个重点方向。

Phones are a huge focus point for us as well.

我的意思是，本质上同样的原理也适用，因为你仍然有一个连接到互联网的屏幕，有键盘，可以点击和操作。

So, I mean, essentially the same thing applies because you still have a screen that's connected to the internet and you have a keyboard and you can click and point.

所以，链接机制在手机上也同样适用。

So the link thing still applies there.

这是第一件事，但真正酷的是，如果钱包采用Branta，让你可以从钱包中进行实时的零知识检查，比如对二维码进行私密查询。

That's the first thing, but looking for what's really cool is if wallets adopt Branta so that from your wallet you can do a real time zero knowledge check, like a private lookup of the QR code.

这是一个非常荒谬的例子，但一种常见的攻击是，如果你曾经去过加油站，给你的车加油，无论你开什么车，对吧，加油机上都有一个二维码。

This is a really kind of silly example, but one attack that happens is if you've ever been to a gas station and you're filling up your car, whatever you drive, right, there's a QR code on the little pump.

但发生的情况是，一些骗子过来，直接贴上了正确的。

But what happened was some scammer came along and just bam, they slapped up Right.

旧的

Old

地址替换。

school address replacement.

是的。

Yeah.

有趣。

Interesting.

是的。

Yeah.

这就像非常老派的做法。

It's like very old school.

这就像一个卡通场景，在这种情况下，你可能像你说的那样使用手机。

It's like a it's like a cartoon and in that case maybe you're using your mobile like you said.

如果你扫描了它，然后你知道这是像Sonoco或Golf之类的加油站，钱包可以实时进行私密查询，说：嘿，是的，这个地址确实属于Golf。

And if you scan that and then you know this is like Sonoco or Golf or whatever gas station, the wallet can do a private lookup in real time and say, hey, yeah, this address checks out to golf.

是的。

Yeah.

这真的很酷，因为这样完全没有摩擦，而且实现了端到端的完整流程。

That's that's really cool because then there's really no friction and it's fully end to end.

明白了。

And Gotcha.

最终目标是

Ultimate goal is

所以我想你想要表达的是，最终这会集成到我们使用的钱包中。

for So I guess the point you're making is eventually this will be built into the wallets we use.

举个例子，现在Sparrow里面就有一个类似mempool.space的小功能。

And so as an example, you know, nowadays, Sparrow has like a little mempool dot space thing in there.

比如，Zeus会直接给你提供mempool.space的费用估算。

Like, it's already just kinda built in or like Zeus will give you like the mempool.space estimates.

它其实就是向mempool.space发起一个API调用来获取这些信息。

It's just like doing some kind of API call out to mempool.space to give you that.

所以，你们Branta以及你们的竞争对手，未来也可能以API服务的形式内置这种功能，实现自动验证。

So it's a similar kind of thing like you guys, Branta, and maybe competitors of you guys will get built in as an API service to verify kind of automatically.

比如在我的想象中，这有点类似我用安卓手机从Google Play商店下载应用时，系统已经内置了一些检查机制。

Like, I guess in my mind, I'm making a loose parallel, but let's say when I use my my Android phone and I download an app on Google Play Store or whatever, there are certain checks built in already.

系统会自动验证安卓应用开发者是否用他们的密钥对应用进行了签名，以确保我不会下载到恶意软件。

Like, it's already doing certain checks to make sure that the Android app developer has signed that app with his key so that I'm not getting a malware app kind of thing.

这些自动检查机制已经内置在系统里了。

And there's kind of automatic checks built in.

所以我想我们想表达的是，这种地址验证和密码学验证功能，未来会逐步集成到我们的钱包、交易所和服务中。

So I guess what you're what we're getting at here is this kind of address verification check and the cryptographic check will get built into our wallets and our exchanges and our services over time.

是的。

Yeah.

完全正确。

That's exactly right.

我的意思是，Branta 也非常具体。

I mean, you know, Bronta is like very specific too.

而且，如果我们目标是实现信用卡那样的用户体验，想想信用卡，它们无处不在，交易量巨大，非常稳定，还能退款。

And, ultimately if we're aiming for a credit card UX, if you think about credit cards, they're everywhere, they're super high volume, they're robust, you can do charge backs.

所以你的信用卡真的可能被偷。

So you can literally get your credit card stolen.

但你完全不用负责。

It's like zero responsibility.

但在我们让比特币钱包和支付体验达到甚至超越信用卡和现金的水平之前——这正是我们的口号之一：我们要实现比信用卡和现金高出十倍的用户体验。

But until we get Bitcoin wallets and spending like close to that or ideally 10x the UX, it's kind of one of our slogans, it's like we want a 10x the UX of credit cards and cash.

在我们真正解决这些复杂问题、让它们变得隐形之前，我们还有很多工作要做，这正是我们的理念。

And until we get there and really obfuscate all these gnarly issues that can come up, you know, we have work to do and that's our that's our mindset.

明白了。

Gotcha.

到目前为止，我们主要讨论了链上场景。

Now we've spoken mostly about on chain.

让我们聊聊闪电网络、ARC以及其他一些二层解决方案。

Let's talk about Lightning and ARC and other, you know, other l twos and things like that.

Branta 和地址的 ZK 验证在闪电网络或二层网络环境中是如何工作的？

How how does Branta and the ZK verification of addresses work in a Lightning or an L2 context?

是的，根据闪电网络的网络拓扑结构，有几种不同的设计可能，但核心原则是一样的：你在屏幕上看到的内容，是否真的属于交易对手？

Yeah, mean there's a couple of different designs possible just based on like the network topology of Lightning, but generally the same exact principle applies of like what do you see on your screen, does it belong to the counterparty?

就这么简单。

Simple as that.

当我们谈到钱包集成时。

So when we talk about wallets integrating.

所以在 AmBOS 二层方案的例子中，我猜你指的是闪电网络。

So in the AmBOS L two example, I presume, you know, it's Lightning.

那么在闪电网络这一侧，你们是如何进行验证的？

So how are you verifying on the Lightning side of things?

是的。

Yeah.

闪电网络的工作原理完全相同：你看到一串字母数字字符串，需要确认它确实属于交易对手。

So Lightning works the same exact way in the sense of you see an alphanumeric string and you want to be sure that belongs to the counterparty.

关于Branta，有一个非常重要的点需要注意：我们不会接触您的X文件，不获取私钥或助记词，甚至不会干预已发送的交易。

Now one very important thing to note with Bront is we don't touch your X files, we don't want private keys, seed phrases and we don't even touch the transaction once it's in flight.

这纯粹是一个预支付层级。

This is purely like a prepayment sort of layer.

对的。

Yeah.

所以基本上，用户体验或流程是相似的，只不过不是针对链上地址，而是针对闪电网络地址进行验证。

So basically, it's a similar UX or flow and instead of doing it for the on chain address, you're also doing it for the Lightning address.

是的。

Yeah.

没错。

Exactly.

这适用吗？

Does that apply?

更准确地说，是闪电网络发票。

Well, Lightning invoice to be more, let's say, technically precise.

是的。

Yeah.

ARC 也是如此。

Same applies to ARC as well.

比如，如果你去 Amboss 并想为你的闪电网络通道获取流动性，你可以通过 Amboss 的 BTC 支付服务器用比特币购买，实时验证：如果你通过 Magma 购买大量流动性，你可以确认你确实是在向 Amboss 支付。

So like if you go to AmBOS and you want liquidity for your Lightning channels, you can buy that with Bitcoin through Amboss's BTC pay server and in real time you can just verify like if you're buying a ton of liquidity through Magma, you can verify that you're actually paying Amboss.

这只是一个非常简单的检查，但非常重要。

So it's a very simple check but it is a very important check.

好的。

Okay.

那么在Amboss这边，他们是否使用了零知识证明？也就是说，他们向最终客户展示发票的同时，还创建了该发票的第二份副本，并生成零知识证明发送给Branta。

And so on the AmBOS side, are they doing like a ZK like they're they're doing a like they are presenting the invoice to the end customer, but also creating a second copy of that invoice and doing a ZK proof and showing that to Branta.

是这种情况，还是类似的情况？

Is that what's happening there or something similar?

是的。

Yeah.

正是这样发生的。

That's exactly what's happening.

对于Amboss的集成，这是通过BTC支付服务器基础设施实现的。

So for the AmBOS integration, this is through the BTC pay server infrastructure.

而且实际上，这个插件在Branta的GitHub上是开源的。

And actually the plugin is open source on Branta's GitHub.

所以任何人都可以查看。

So anybody's welcome to check it out.

在Branta接收数据之前，数据已经在插件中被加密了。

And what happens is before Bronte ever receives data, the data's encrypted in the plugin.

这是一个算法，因此我们从一开始就看不到明文数据。

It's an algorithm and so we don't ever see the plain text in the first place.

明白了。

Gotcha.

很多构建者和开发者都在听，你能介绍一下Branta的收费情况吗？

A lot of builders and developers are listening usually, so can you give an idea on the cost that Branta charges?

是的。

Yeah.

一般来说，我们还没有公布公开的定价。

So I mean the general cost, we haven't published like public public pricing yet.

通用的模式是按月收费。

The general model is monthly.

你可以支付一笔固定费用，然后根据你的使用量享受不同的阶梯价格。

You can pay us like a flat fee and then volume tiers above that depending on yeah.

根据你的使用量。

Depending on your volume.

明白了。

Gotcha.

再宏观一点看，我们接下来要走向哪里？

And just kinda zooming out a little bit, where are we going?

显然，AI现在是最热门的话题。

Like, obviously, AI is, like, the super hot thing.

大家都在谈论AI。

Everyone's talking about AI.

大家都在使用AI。

Everyone's using AI.

AI会不会催生新的诈骗手段？

Are there going to be new scamming vectors enabled by AI?

你们作为Branta，如何应对这个问题？

How do you as Branta help with that?

是的，我认为这个问题总体上属于消费者的焦虑。

Yeah, I think this question generally falls under like consumer anxiety.

对吧？

Right?

我们不希望比特币引发焦虑、不安和恐惧这样的情绪，因为情绪是非常持久的，而这正是现在正在发生的事。

Like what we don't want is for Bitcoin to induce like emotional feelings of anxiety and apprehension and fear because emotions are very sticky and that's actually what's happening today.

所以，如果你问街上普通人，他们对Coinbase或者加密赌场有什么看法？

So like if you asked an average person on the street, like what do they think of maybe Coinbase or the crypto casinos?

嗯，

Well,

超级碗广告就是一个明显的例子，对吧？

Well, Super Bowl ad was a clear example, right?

这确实是个明显的例子，说明我们做得还不够好。

It was a clear example, like we're we're not doing good enough.

我们没有好好服务那些想使用比特币、却不是极客、不写代码、不做PGP校验的普通家庭用户。

Like we are not catering to people at home that wanna use this that are not cypher punks and writing code and doing PGP checksums and all of this.

所以，总的来说，我认为让比特币、闪电网络、Arc变得更安全，能减少更多焦虑，这对整个行业是好事。

So, I generally think the safer we can make Bitcoin, Lightning, Arc, the less the more anxiety we can remove is good thing for the industry.

对吧？

Right?

因为是的，我们可以在行业内互相推销，但我们真正希望的是非加密用户，也就是潜在用户，能进来使用这种最好的货币。

Because yes, we can keep selling to each other in the industry, but what we really want is no coiners, rather pre coiners to come in and use this best money.

我对行业的挑战是，如果我们真的声称拥有有史以来最好的货币，那为什么每个人还没有采用它？

And my kind of challenge to the industry is that if we really claim to have the best money ever, well, why hasn't everybody adopted it?

它必须好到让我能像拿起一把瑞士军刀、福特F-150或初代苹果iPhone那样轻松上手。

It has to be so good that I can pick it up like a Swiss Army knife or a Ford F-one 150 or the original Apple iPhone.

它必须拥有如此出色的产品设计，让人觉得理所当然：我当然想要这个。

It has to be product design that is so good, it's just like, duh, of course I want this.

我会为它腾出预算。

Like I will make room in my budget.

我会为它腾出一周的时间，只为了安装钱包，开始在使用Bronta的优秀企业中消费。

I will make room in my week to just install the wallet and start spending at these great businesses that are using Bronta.

所以我真的呼吁行业回头审视产品设计，思考我们该如何满足潜在用户。

So I really challenged the industry to look back at the product design and figure out how can we meet pre quitters.

是的。

Yeah.

对。

Yeah.

完全正确。

Totally.

而且我觉得这很有道理。

And I think that it makes a lot of sense.

显然，听我们讲话的人可能是开发者、程序员，或者对学术感兴趣，又或者只是出于智力上的好奇。

Obviously, the people listening are you know, they're trying to they might be builders or developers or, you know, academically interested or just kinda intellectually interested.

但真正关键的是，当你试图让非币圈人士，甚至那些刚接触比特币的人，真正迈出下一步——比如，一个只使用托管式比特币或比特币ETF的人，真正决定深入下去，说：‘我想亲自使用它。’

But, of course, rubber meets the road is when you're trying to get precoiners and or even people who have just started with Bitcoin to actually so as an example, someone who only uses custodial Bitcoin or ETF Bitcoin to actually go further down that rabbit hole of, yeah, I wanna actually use it myself for real.

另一个我很好奇的例子是：既然我们目前主要从B2B或商业用途的角度讨论，Branta现在是否有可能被用于消费者端的收款场景？

Now another example I'm curious, is it possible that Branta will be built now we've been talking mainly from a sort of like a b to b sense or almost like business uses.

Branta在接收端会有面向消费者的用途吗？

Are there going to be consumer uses of Branta on the receiving side?

比如说，我是一个日常使用比特币的人，拥有一个比特币钱包。

Like, will it ever be the case that I let's say, I'm a everyday Bitcoiner with a Bitcoin wallet.

当我想要接收朋友转来的比特币时，我会使用Branta吗？

Would I ever be using Branta when I am trying to receive from my friends?

是的。

Yeah.

你会用的。

You you will.

可能不会是这个版本。

It probably won't be this.

不会是2026年第二季度，但这个趋势正在到来。

It won't be like Q2 twenty twenty six, but it's coming.

那里真正的挑战，斯蒂芬，是我们必须非常小心地避免增加摩擦。

The real challenge there, Stefan, is like we have to be very careful of adding friction.

所以，我们整体的市场策略、路线图以及我们解决这个问题的方式，是如何能立即触达大众？

So like our general go to market and our roadmap and the way we've approached this problem is how do we reach the masses like instantly?

同时也要让公司实现盈利。

And also make revenue as a company.

而通过触达接受比特币的企业，是实现大众化并盈利的最简单方式。

And the easiest way to do that by reaching the masses is just going to businesses that accept Bitcoin.

企业不希望出现中间人，消费者也不应该被迫面对中间人，Branta就是这样。

Now the business doesn't wanna get man in the middle, the consumer shouldn't have to ever get man in the middle, Branta.

这非常简单。

It's super simple.

它只是无缝融入其中。

It just fits in.

是的。

Yeah.

根本不可能出现点对点的问题，真的就是不可能。

And there's no way for point, like, it's really like no.

很少有人会自己管理钱包。

Very few individuals are doing their own wallet.

对吧？

Right?

实际上，技术需要被集成到企业或比特币用户日常使用的钱包中。

Like, really, it's more like Branta, the technology needs to be built into, let's say, businesses or the wallets that everyday, you know, Bitcoiners are using.

因此，你的互动更多是面向企业的。

And so, really, your interactions are more to the businesses.

从某种意义上说，你是在向企业销售你的产品，但显然是为了最终用户的利益。

And so in a way, you're selling your product to the businesses, but for the benefit of the end user, obviously.

所以，最终用户根本不需要关心或思考这些事情。

So it's kind of end users should not even have to care or think about this stuff.

它应该只是在后台被内置，就像我之前举的例子，谷歌应用商店或苹果应用商店，很少有用户会想：哦，是的。

It should just be built into the background and, you know, the like, the same way my example earlier about the Google Play Store or the Apple App Store, very few users are thinking, oh, yeah.

谷歌应用商店有没有验证这个APK的开发者签名之类的？

Did did Google Play verify the the developer signature on this APK or whatever?

没有。

No.

他们根本就不会去想这些。

Like, they're just not thinking about that.

他们只是想，我要下载这个应用。

They're just like, I wanna download the app.

我要使用这个应用。

I wanna use the app.

道理是一样的。

It's the same thing.

我想发送一笔支付，或者我想接收一笔比特币支付。

Like, I wanna send a payment or I wanna receive a payment in Bitcoin.

是的。

Yeah.

它必须简单到极致。

It has to be dead easy.

这正是面向消费者或家庭终端用户时面临的特定挑战。

And that is the specific challenge with B2C or with end users at home.

我们已经将Core推出，这是一款采用MIT许可证的开源软件，你可以运行。

We already have brought to Core, which is it's MIT licensed software you can run.

它也在GitHub上作为开源项目发布。

It's open source under GitHub as well.

这让你能够实时收到关于剪贴板内容的通知，我想我们上次聊过这个，但它能让你实时了解剪贴板里有什么。

And that gives you I think we spoke about this last time, but it gives you real time notifications about what's in your clipboard.

所以这本质上是对你自己系统内部的监控。

So that's kind of like your like that's internally looking on your own system.

还有一种解决方案，虽然我们尚未正式公布，但它适用于个人接收比特币。

There's also a solution that is it's not we don't we haven't announced it yet, but it's a solution for receiving Bitcoin as an individual.

我们之前主要讨论了企业收款端，但另一端是企业向用户发送比特币的情况。

So we've really talked about business deposit side, but the other side is like you know, businesses sending Bitcoin to a user.

是的。

So yeah.

你之前提到过BTCPay，能不能详细讲讲这一部分是如何运作的？

Well, you touched on this before around BTCPay, but just talk me through how that part works.