 I have quite a lot to tell you, so let's go straight to a rather short, but hopefully deep dive into the Python and blockchain matter. Most of you know that Bitcoin is a cryptocurrency. It's fast, reliable and most of all it works without central authority. Why is this a good thing to work without central authority? Central authority like a government or a bank. It's good because a bank, you know, it offers a single point of failure. It can go down or the database of a bank can go down and then that poses a huge failure and costs a lot. So to work around this, we have to distribute what the bank or the central authority made to every computer. And this is the reason of the blockchain. It's a distributed ledger. It's a peer-to-peer network. But of course, if we distribute the ledger, this comes with other problems. The first problem is transaction forgery. If you work in a distributed environment, each transaction has to be announced publicly. And in a simple approach, transaction in the form Alice transfers a coin to Bob can be replayed. And such a replay is ambiguous. It could mean either Alice wants to transfer a second coin to Bob or it can mean Alice wants to fool Bob or it can mean Bob replace the transaction to get multiple coins from Alice's account. To get around this problem, we have to add an identification. For example, a serial number to every coin in the system. But this poses another problem. It's called the double-spending problem. Now we have a transaction in the form Alice's transfers coin with the ID 42 to Bob. But this transaction can be duplicated by Alice transfers coin 42 to Charlie. And if the transaction to Bob is announced before the transaction to Charlie, this is not a problem. But in a distributed network, we have to deal with network latency. We have to deal with the undesirable period between issuing a transaction and having everyone informed about it. To work around this problem of double-spending, we let the whole network verify the legitimacy of a transaction. But with such a solution, we come to the last problem. It's called a civil attack. An attacker in such an approach can install false identities. And if the attacker has installed enough such false identities, then he will be able to win and to double-spend. Effectively double-spend the transaction. So the solution is that we have to create to make creation of false identities expensive. To do this, the mining node has to perform some work and thereby the ability to verify transaction depends on the computing power and not on the number of identities. And this principle, this idea is called a proof of work. So with these workarounds, we've come to the basic principles of the Bitcoin blockchain. Transactions are verified in a distributed manner and registered in blocks. And these blocks form a chain, the famous Bitcoin blockchain. Blocks are created using a proof of work and new blocks are created mined on the longest chain. We have to now take a closer look to the blockchain header to understand how the proof of work works. The blockchain header consists of six input information. The first is the version number of the blockchain protocol. This is a fixed value. Then a timestamp. And this timestamp changes every second, second. Then there's a difficulty, the zero bits, which a mined block header has to match. Then a reference to the previous blocks hash. And this is also a fixed value, of course. Then the root of the Merkle tree goes into the block header. And the Merkle tree is the registrations of all transactions that are processed by the block. And the sixth input value is the nonce. And this nonce can be freely chosen. A valid block consists of these parts. A valid block consists of the following parts. On the one side, it's the block header. And on the second side, it's the registered transactions. And the third is the block hash, which is calculated from the heading information. To calculate the block's hash, two pieces of information are fundamental. It's the difficulty and the nonce. If we calculate a hash, you know it. It's a rather simple procedure. But the outcome is unexpected. But with the difficulty, we say that the created block hash has to match a distinct form. The difficulty says that the created block hash has to start with a certain amount of zero bits. So if we see that the block hash is created of some fixed values, then the outcome is exactly defined. And we don't have some freedom to vary until it's the point where the nonce comes in. This nonce can be freely chosen. And the proof of work consists on varying the nonce until the created hash matches the difficulty. That's how the proof of work works. So the distributed blockchain consists of thousands of nodes which try to create blocks and they're spending their computer power to create blocks and make the blockchain alive. Why does anyone use this, provide this computing power? Because it consumes energy and the energy has to be paid. So there must be an incentive that block miners contribute to the blockchain. And one of the incentives is that the mining node that was able to create a new block with the matching block hash gets some bitcoins, the so-called Coinbase. At the moment, each created block is rewarded by 12.5 bitcoins and that's about US$30,000. In addition, the participant that created the new block gets all the transaction fees. So there's a very interesting idea that if the block reward, on the one hand, it's the incentive for the block miners and on the other hand, it's that with this step, new bitcoins get contributed, get introduced to the system. At the beginning, the block reward started by 50 bitcoins and every 2140, every 210,000 blocks, this reward is halved. So the mining reward is continuously sinking. At the end, around 2140, the Bitcoin system will contain exactly 21 million bitcoins. So we can recapitulate what we learned until now. Transactions are achieved in the blocks and we can think of blocks as pages of a distributed ledger. Blocks are formed to achieve to give a complete order of the transaction history. Blocks are created solving a cryptographical puzzle, the proof of work, and this is to prevent civil attacks. New blocks are mined on the longest chain to prevent forks. And the mine of the new block is rewarded by a certain amount of bitcoins. I've made a short animation for recapitulation. Here we have a system consisting of three mining nodes and we see each node is hashing independently. The hashes are displayed on the right of each... Oh, sorry. So we have three nodes in this system and the orange points are transactions. Getting into the system, the triangle beyond the nodes symbolize the merkle tree and the transactions are validated and dispatched. If we look at the block header, the six input information, the first is the version, actually it's version two. Then the time, this information changes every second. The difficulty in this example is six and the real world is, of course, much higher. The nonce, this is the information, the input that can be freely chosen. The previous block, which has to match the difficulty and the transactions, which are here in the form of the root of the merkle tree. Eventually, one of the blocks finds a hash that matches the difficulty and the new block is dispatched. The other blocks in the network have to validate not only the block, but also the transaction each transaction registered in the block. Now we have to look at the transaction, because the transaction is the most important thing in cryptocurrency. We have to prove that the ownership of the coins in the network is guaranteed. Transaction has the following structure. In yellow, the transaction ID, which, of course, is a hash, then some descriptors and metadata, then an input, this is the pink area and an output, the green area. To understand how the transaction works, we have to know the axioms, which rule a transaction. There are four axioms. Any Bitcoin amount is sent to an address. Any Bitcoin amount received is locked to the receiving address and addresses are managed by a wallet. Anytime we spend Bitcoin, the amount we spend will always come from funds previously received and currently present in our wallet. Addresses receive Bitcoin, but they do not send Bitcoin. Bitcoin is sent from a wallet. What is an address? An address is nothing else than the hashed public key of the receiver. So this is the... we have here to deal with public and private key. A wallet starts from a private key and generates the public key and the address from the public key. Here is an example starting from the transaction where Alice sends Bob some amount, this example 0.5 Bitcoins. To do so, she creates a transaction record which has as output the amount and a script public key. This is a script with a special name and this script contains the public key hashed from Bob's wallet. And this is nothing else than the address. At this time, the output is unspent. Each output remains unspent as long as this output is not used as an input in another transaction. So let's now spend this amount by creating another transaction. In this transaction Bob sends Charlie 0.4 Bitcoins. This transaction consists of an input and the input has references, the ID of the former transaction coming from Alice and the signature script. And this signature script consists of Bob's public key and the signature created by Bob's private key. And of course, this transaction has also an output which includes Charlie's public key in hashed form. The red area on this slide combines the output of the previous transaction and the input of the current transaction. How do we verify transactions? Mining nodes have to validate every incoming transaction. First to do so, first they retrieve the referenced preceding transaction. The amount to transfer in the current transaction has to be less than the amount of the transaction referenced in the input. And of course, such an input has to be unspent. As next step, the signature script in the input is combined with the output script of the referenced transaction. And in the second line I have combined these two scripts. In the most common script transaction is called pay to public key hash. The Bitcoin blockchain uses a for-flike stack-based scripting system for transaction validation. The scripting system is not during complete. That means it's stateless and has neither loops nor jumps. So, because it's rather simple, we can animate and look for how this works. First, the data is put on the stack and then some operations are put on the stack. Then the next public key is put and the quality is verified. The next operation checks the signature and if the signature is OK, then the OK indicator is left on the stack. And this indicator, the true marker, shows that the transaction is valid. And the important thing to remember is that the public key is to duplicate and then this combines the previous script, the previous transaction, the actual transaction. The public key hash is the most simple and most common script in the Bitcoin world. But there are some other contracts thinkable and possible, for example, to implement escrow and arbitration. There's the possibility to create a multi-signature script. In such a script, the participants, the two participants agree that a third party is also integrated and the transaction is valid if two of the three parties sign the contract. And with this knowledge, now we can perfectly understand the abstract of the famous paper Nakamoto published in 2008. But I will not read, but this is a very lucid abstract. I will publish my slides and then you can read if you want. There are some problems with the Bitcoin blockchain. First, the transaction volume is limited. The limitation is caused by the size of a Bitcoin block which is limited to one megabyte. The other limitation is the block creation rate which is set with Bitcoin is set to 10 minutes. But the more significant problem is the high energy consumption which is used for block mining. So the people concerned with blockchains are looking for alternative and there are alternative consensus protocols, for example, the proof of stake or the practical Byzantine fault tolerance. There are alternatives to the Bitcoin blockchain. First, there are some folks of the Bitcoin blockchain like Litecoin or Dogecoin. If you look at the comparison, Litecoin has lessened the block interval to 2.5 minutes and Dogecoin is on one minute. So these folks have higher transaction rates. The most prominent rival of the Bitcoin blockchain is Ethereum. Ethereum has a known blockchain and has another scripting language. The Ethereum scripting language is fully during-complete and thus allows for more complicated, complicated for so-called smart contracts. And there is also an alternative with a hyperledger, the IBM blockchain. So what are the blockchain use cases? First of all, it's, of course, the cryptocurrencies which is becoming more and more interesting and not only in developed countries but more so in failing states like Venezuela where they have to live with hyperinflation and the real good alternative there is Bitcoin. Use cases based on Ethereum is just shortly last week announced the city of Zürich in the Swiss Silicon Valley announced that they are storing digital IDs providing digital IDs which are stored in the Ethereum blockchain. So I hope I gave you a little introduction into the Bitcoin blockchain and thank you very much for your attention.