 So, we'll start with the next talk. This is done by Winnja, a computer science student from Bern in Switzerland, and he used to work with Bitcoin and Ethereum and wrote his bachelor thesis about the search for information in the Bitcoin blockchain. And that, of course, therefore makes complete sense to have him give us an introduction to blockchains. A great applause, please, for Winnja. Great, nah, it just broke. There we are. So... Nah, the clicker thingy doesn't work. So I'll stay here and do it by hand. Probably you're jamming the Wi-Fi and 2.4 gigahertz is blocked. You said everything during the time where I worked on blockchain. I had the opportunity to learn a bunch of very interesting things and we'll pass some of that knowledge on to you. The topic is very complex and has a lot of complicated matters. So we'll start with something very simple. Normal systems for a presenting ownership. Starting from the point that we can represent all of these systems as state transition systems. That counts for financial systems to manage money or for systems managing real estate. The mapping usually works that we have a state saying who owns what. And each transition of state leads to a new state. For example, in a financial system, the state is the collection of all accounts saying which person owns how much money. And a transition is each transaction someone sending money to another account leading to another state. On this light you see that represented in real estate plots. Assuming Bob sells his plot number 42, the system makes a transition to a new state where this change is represented. In all of these systems, it's very important for all participants to have a consensus about the state of the system. If that is not possible, attacks on the system become possible, especially the so-called double spend attack. That is known and feared in the blockchain world. Double spend means if someone pays a certain amount twice, for example in money paying the same money twice, or in real estate selling the same plot twice, that's a criminal act and it should not happen. So let's say Mallory has a nice property, plot number 5, and Alice as well as Bob would like to buy this plot number 5. Now Mallory will try to sell the same plot to both others. First he meets Alice, as you can see number 5 is owned by Mallory. He meets Alice, he transitions that plot, he sells it to Alice, and in the new state that plot now belongs to Alice. Bob did not notice that change of state. Bob and Alice still don't know how to communicate securely with each other. So Bob doesn't know Alice bought the plot, he thinks Mallory still owns it. So Bob meets Mallory, they agree on a price and Mallory now pretends to sell the plot to Bob, and Bob is convinced that now he owns the plot, the state on the right is slight. Alice and Bob are now in disagreement as to who owns the plot. The whole system is broken because Bob and Alice cannot trade among each other, and if someone else would like to buy the property they are unsure whom to buy it from. In the world of property of real estate there is a plot management system basically. Registry of deeds that manages all changes of deeds, and each of these has to be processed by this registry of deeds. We will check if the change is acceptable, and if the seller actually owns the plot or the property, and can prevent double spend attacks. The same solution works just as well for financial systems, thinking of banks. If I have an account somewhere, the bank becomes the central authority. Each time I make a transaction, the bank will first check if I have the necessary amount of money, and my account balance will be debited after, so the bank holds all of the state. And that works surprisingly well. And if we want to have a system to process payments over the internet, and we'd like to be that system decentralized, because if we had a central authority, that central authority would be able to attack the system, it could censor the system, and could collect all data. As we've all seen, PayPal has been known to block accounts. We are going to need something better, a better solution for the internet age, and that system is of course the blockchain. Now that blockchain has a bunch of incredible points. It doesn't need a central authority to manage it. All the participants in the system do not have to trust each other. They do not even have to know each other. They don't even have to know how many people participate in the system. And even though all of these factors are true, they can always manage a joint state. I will explain the rules going by a very simple example of a blockchain without a proof of work. So this blockchain will be easily attackable. And in the next chapter, we'll be talking about what measures we can take to defend against such attacks. First, we start with a network. Let's say all of us, all of us people would like to transact money among each other. So first, we all agree on a consensus starting states that no one owns anything. Then we build a peer-to-peer network, and every time someone would like to transact with someone, they publish this transaction to the peer-to-peer network, and the network broadcasts this transaction to every participant in the network. That brings all sorts of problems along with it. The network is not always synchronized, and not all participants in the network might see all of the transaction on the networks. So there might be transactions that are incompatible among each other. There can be transactions that depend on conflicting transactions, and we get a huge amount of chaos. So we need a possibility to establish a consensus in that distributed network. And that method is the blockchain. So what we do is we define a couple of rules governing that blockchain. All of the transactions that were in the network we now group in block. The blocks depend on one another, and the consensus state in the network is the longest chain of blocks present in the network. So let's start with an empty state, the initial state. A block of transaction is completed on the network. So at the end of this block we have the current state. If I wish to check the current state of the network, I can start with the initial state, then apply all of the transactions in the block to that state, and at the end I get the current state at the end of this block. After the block, more transactions become part of the network. They are broadcast, and these transactions are not yet part of the state. Only after we introduce block number two and group all of the transactions into that block, the current state and it becomes the state after each of these transactions. Block two points to block one. Each block always points to the preceding block. Now let's say someone tries to add an incompatible transaction to the current network state. And at the point where a user groups these transactions into a block, we have a rule where whomever creates a block cannot group incompatible payments into the same block, and this block now is invalid and will not become part of the current state. So in order to create this block and to fulfill the rule of not having conflicting transactions in the block, whomever creates the block has to exclude one of the conflicting transactions from the block they have just now created, and they can at their own discretion decide which transactions to include. And so if, for example, someone should make a block four, that again holds this invalid transaction conflicting with the transaction from block number three, we have an additional rule preventing us from having transactions that conflict with transactions in previous blocks. Now what can happen is someone else might create an alternative block number three that conflicts with the first block number three we've talked about, and every participant of the network at that point has to decide which block number three they accept as their block number three. And in this example here you can see another participant creates block number four, and at that point because there is only one block number four pointing to the previous block number three, and the current state is determined by the longest chain of blocks. Now the blockchain I have just described does not have a proof of work and is very attackable to a double spend. Let's say Mallory wants to steal a bike, he goes to Alice's bike store, and the bike he wants to buy costs 1,000 euro. I change the display a little bit, the tiny squares down below are blocks. I will not display every transaction individually, and you see the state at the current end of the chain where Alice and Mallory have distinct balances. So Mallory heads to the store, he chooses his bike, he goes to the cashier, and he makes a transaction to Alice. This transaction is now distributed over the network to Alice, but because the transaction is only on a network and not part of a block, it's not valid yet. Now if someone creates the necessary block, the transaction becomes part of the current state, and Alice has in the state, as you can see, received the money, and Mallory receives his bike and drives away. Now Mallory can attack this chain, he can create an alternative transaction, sending the same money to himself instead of Alice, to another account of himself instead of Alice. He creates an alternative block containing these transactions, and then he creates a couple of extra blocks containing his transaction, until the alternative chain is longer than the original chain where he paid to Alice. So now his chain is longer than Alice's chain, and at this point his state in the chain where he stole the bike becomes the current consensus state. That has worked. So this we have to prevent, and the problem, how Mallory could do that, is because he could create too many blocks in too short a time. The problem is creating blocks is easy, and our solution is making it more difficult to create block. We define a new rule that for each, in order to create a block you need to solve a task, and to solve that task you have to invest computation power. The solution to this task we call the proof of work, and the process to create the proof of work we call mining, and in order to submit a complete block the proof of work has to be published, and only blocks containing a value proof of work are considered value blocks. Now things happen a bit differently. A block is now not just created, but a miner has to work on their block, and each miner will work by themselves to create a new block. You can see the drafting block there currently processing with a dashed line, and a bunch of transactions are added to the network, and before that point the miner can publish their block N plus one, and continue working on another block N plus two, and so on. The challenge we're using to make the creation of block harder has to be difficult to solve. It has to also be easy to check. So if I receive a block and the matching proof of work I need to be able to tell within milliseconds if that block is valid, if the proof of work is valid, and importantly the function needs to depend on the previous blocks and need to be only valid for the current block that I'm currently processing. If that weren't the case then Malroy could, over the period of weeks, prepare blocks and add them at the later point in time after causing a double spend. But if the block can only be published if it depends on the immediately preceding block, he has to start processing only after a block is published. Finally, the difficulty of the task should be variable, so the system can work as a stable financial system, because if I want to use it as a financial system, to me it's important to know how long a transaction might take until it becomes part of the published state. And if, for example, we add a lot of computational power, the whole system should not just start being faster. Okay, and now that mining is no longer difficult, we need to have a kind of incentive for people to do it, a kind of starting point. So the miner that manages to create a block will receive a reward, the block reward as it called, and we implement this by saying that the miner can insert a new transaction for him or herself into the block and with that transaction they assign or transfer some money to themselves out of thin air, or there are two popular ways of creating this money, these could be called transaction fees for the others, or you could say that this is newly created money and we have seen earlier, we have an empty state at the beginning, so money has to be created if it's to be spent by someone for anything. So this is a way of introducing money into the system and it's not controlled from a central point of authority and that's kind of fair. Another thing is that this extra transaction of course makes the block an individual block. The miner will try to transfer the money to themselves and the transaction created therefore will be different for each miner, so this will ensure that each person will be working on a different kind of problem and working on the very same problem in the very same way, then the person that had the most computing power would always win and that's not what we want because then a person would create all possible blocks but we want to have different blocks, so that is the problem, the problem on which block someone works is different for everyone, you can manage for someone to have, that has not as much computing power to actually find the solution which just works fairly well. We can say that about 20% of computing power is enough to assure about a fifth of the actual money and of course the miners also have to decide on which block they want to work on at which end of the chain, we've just seen that these chains can have more than one end but it's very simple because the miner will always want to have the reward and have the transaction part of the state, so I want to have it part of the longest chain, so it's the longest chain where this new block will be added to and that's where everyone will be working, so now I promise that we should be able to prevent double spend so let's see how that works, so Mara wants to steal that bike again and from Alice and the difference now is that the network has to work to create the blocks and it proceeds in the same way, Mara creates two transactions, one to transfer money to Alice, this transaction he publishes on the network and a second transaction to transfer the money to himself which he keeps secret for the time being, then the block is finished and immediately the network starts to create the next block the network, of course, contains the transaction from Mara to Alice that's the only transaction that the network knows so Mara is now working on this alternative block all on his own which the block that contains his own transaction but the network, of course, has more computing power than Mara alone has he doesn't have so many computers available so the network will always be faster to create the next block faster than Mara Mara's chain will never become part of the longest chain never become part of the accepted state so the attack was prevented successfully so the unique way, the only way in which Mara could win and succeed with his attack would be if he could create blocks faster than the network and that would only work for him if he has more than 50% of the computing power in the whole network so that would make the probability for him to find the next block higher than that for everyone else so that's why with Bitcoin and other cryptocurrencies we talk about the 50% attack so now there's a different kind of executing a double spend which is a more difficult kind of attack and that is connected to the way the peer-to-peer network works which we need to add into action to distribute the transaction now this attack is a bit more difficult Mara has to have something more valuable Mara goes to Bob to buy a car and he will try to steal it by controlling the connection that Bob has with the peer-to-peer network so we have these three peers that connect Bob to the network and we have now have two ways either Mara controls Bob's internet connection how realistic that is I don't want to discuss but in theory it could be imagined so Mara has a few interesting possibilities he could control which blocks and transactions Bob sees and Mara can skew from Bob which other blocks appear in the network and present him with transactions that are not seen by the rest of the network so that is the attack we see what the network sees on the left and what Bob sees on the right and initially of course the state is the same but now Mara goes to Bob and asks to buy that car, makes a transaction and in fact of course he does two transactions one to transfer the money to Bob which is the one he only sends to Bob and hides from the network and the second transaction with which he transfers the money to himself this transaction Mara publishes on the network now the network will work on creating a next block with the transaction from Mara to Maroi because that's the only one the network knows and Mara alone will work on creating a block in which the money is transferred to Bob now of course the network again has much more computing power it's much faster in creating new blocks so eventually Bob does manage to create a block and all the blocks that have been created on the network it has to be said that those Mara were concealed from Bob so all these new blocks are never seen by Bob which is why Bob will regard this block with Mara's transaction to him as the longest in the block so the transaction from Mara to Bob is part of Bob's state he gives the car to Maroi Maroi drives away he stops the attack and now Bob connects to the network in a normal way the chains are synchronized and eventually in the resulting chain Bob did not receive the money so Maroi has the car and he was successful in stealing it that's not good of course the fact that this kind of attack works so the attack was successful but Maroi has to work for it to be successful he has to create this block and that cost him a lot of time of course it costs him computing power, electricity to run his computer we don't want to go into that detail but just look at the time Maroi took time to create those blocks and this computer can only do one thing at a time either it creates this fake block for Bob or it creates the real block for the real chain he can't do both at once so that makes it very expensive to run this kind of attack now let's imagine that we'll make some assumptions about the network let's say the network let's assume that the computer power is 20% and the block reward is 1000 euro and 10 minutes is the time to create a block so Maroi on his own would create a block every 15 minutes so the power on Bob would need 50 minutes of time but if Maroi would be mining for 15 minutes instead of attacking Bob then in the same time on average he would be able to earn 1000 euros in rewards so he can either decide to attack Bob and steal the 23,000 euro car in our example or he could earn 1000 euros with fair mining in that case he would still like to steal the car but the mechanism to rectify this is simple we just say that Bob won't give the car to Maroi as soon as he receives money but he'll wait for a few more blocks I haven't drawn enough blocks because I didn't have the space but let's assume on the right side we'll see how the transactions has become part of the state and at that moment Bob does not yet give the car to Maroi but only a few blocks afterwards so for each subsequent block that Maroi would have to create to convince Bob that that really is the correct chain Maroi would have to spend another 50 minutes of time and each time that would also cost him 1000 euros so if Maroi says I'll wait another so many blocks then suddenly the attack becomes more expensive than the car is worth and this is how Bob can prevent the attack Maroi could surround the attack but it would simply no longer be interesting for Maroi to do this because he would be able to make more money in the same time by being honest so we've now talked a lot about the generic concept of blockchain now I would like to talk about the way that Bitcoin implements it at least some of these things so let's look at blocks you know in computer science we like to define bodies and headers and we do that everywhere in network protocols in news and file formats we say we have a body containing natural content and the header contains the metadata and the very same thing is what we do for the blockchains with Bitcoin the case is that the body contains all the transactions in an ordered way the miner has to stick to certain set of rules to create them which transaction depends on which other transaction if they have to be and if they're in the same block they have to keep in a certain order can't just put them anywhere and this order becomes important and the first transaction in the block is the so-called coin-based transactions with which the miner assigns himself transfers the reward to him or herself now to link this body with a header Bitcoin uses a Merkle tree this is a binary tree in which the each node is a hash of the concatenated values of the two child nodes and Bitcoin almost everywhere where it makes hashes or it uses a so-called D hash which is a double SHA256 hash of a hash which they use this is the way it looks we have these bodies down there and then we create for each transaction the double hash and then we start creating that tree for each node we concatenate the hash and do that for every level until we arrive at the Merkle root and that then is distributed as the block header and that contains a version information and an arbitrary number which is changed by the developers from time to time when they think it's time to do so and the previous block hash we've seen that every block links to the previous one which is solved by putting the hash of the previous block header into the new block header the double hash the Merkle root we've seen already and then the block header also contains a timestamp which is a fairly complicated thing the rules creating that are fairly complicated but it's not so important for us then there is the difficulty in expression how difficult it was to create or define and hence is a value that's used and the proof of work in Bitcoin is nothing but the hash of the block and that has to meet certain criteria the hash has to start with a certain number of zeros so we'll take the header of the block calculate the double hash and the first few bits of that hash have to be zero and how many bits it has to be is the variable difficulty if we need more zeros it is more difficult to create the proof of work and otherwise it's easier Mining works so that the miner takes the header calculates the double hash checks whether it matches the criterion the number of zeros so that way then the nonce is increased again the hash is calculated and checked and this is continued and the nonce is 32 bits long and the hash is 256 bits long so it's much larger so it could well be that by incrementing the nonce you can never find a match a usable hash in this instance the miner will change the coinbase transaction that's the one with the input which is for a normal transaction used to denote the source of the money the coinbase transaction does not have a source because it creates money from thin air so in that field the miner can freely insert any value and change the value yet again and that continues through the whole Merkle tree up to the Merkle route well that will then change the whole block header and the miner can start continue varying the header so that can be very easily checked as well whether it's a correct proof of work I will simply take the whole block header and calculate the hash and see if it's correct so the Bitcoin network tries for every ten minutes to create a new block and to take to have this block at this time span stable all 2016 blocks the difficulty is adjusted with an algorithm that has to determine how the difficulty has to be varied and the coinbase transaction with which the miner assigns money to themselves has two things for one the transaction fees for putting the money to the block and the new with the new Bitcoin system it would be 50 per block per block is now two and a half the amount halves every amount of time this summer it was halved for the last time so 12 and a half bitcoins is the current value okay this I've said before now we'll look at the way how we can build clients you can have a full node which saves the whole blockchain and that one checks every incoming transaction whether it's valid and it does something else too when it sees the blocks that it has and if someone comes and says I would like a certain block please then the client will hand out this this kind of work and then there are pruning clients they do much the same thing validate all incoming transactions and blocks but only stores parts if it finds that it doesn't need a certain block it will delete it to save storage space still needs a lot of computing power and bandwidth much not something you'd like to run on a smartphone so there are also so called light or SPV clients which are suitable to run on mobile devices and the way they work I'd like to talk about a bit an SPV client first down as the headers of all blocks we've seen how the proof of work is the hash of the block header so the proof of work to control the proof of work I don't need the full block the header is enough and the same applies to the linking of the blocks the information which one is the previous block is of course part of the header so for this function too I do not need to have the whole block bodies so in that way I can determine or create the longest chain within the network by just downloading the headers what I mean here is of course enormous there are about 450,000 blocks which need more than 95 gigabytes of space to store I think with some extra information it's about 110 gigabytes so this is stupid and far too much for a smartphone but just the headers concatenated from these 450,000 blocks need much less than 100 megabytes of space that's an ideal kind of value to store in a smartphone the second concept is the Merkle branch and that is the more interesting function that the Merkle tree has because with that we can prove that it's interaction it really is part of the accepted state the one opportunity is to build the Merkle branch or the Merkle tree is to download the block body and build the whole Merkle tree but if I only want to prove that a transaction is part of the state there is a much more efficient way to do it to prove that transaction 3 is part of the whole chain you don't have to download the whole transaction but only the transaction number 3 sorry that was wrong and the other hashes from each other level of the tree so that's the other information you need to just create this single node and prove that it's part of the actual block and of course that again has some advantages I don't have to download as much I can download hashes instead of transactions in the previous example it didn't give me so much but if you have a block with 1600 transactions which is a very common number these days then for validating I don't need 1600 transactions to download but one transaction and 11 hashes is all I need to calculate the Merkle branch and recreate it so that's how an SPV client works SPV means simple payment verification and we've seen as described in the Bitcoin white paper already everything that client has to do to prove that a transaction is part of the chain is download all the headers then rebuild the last longest branch from it and then retrieve a single transaction if I want to know I have received money and want to prove that I really have received that money to everyone the appropriate Merkle branch and I'm then able to show that this Merkle branch really is part of the longest chain of blocks and this way I have proved that the money really is mine so that's the way it works now we have a bit more time that I had hoped for so I will now continue explaining the Pune clients this is part of how Bitware transactions work so we assume that we have an account like on the bank and it never changes the user and it has some amount of money on it every time I change the make a transaction the amount of money on it changes and the amount changes in Bitcoins it's really significantly different I don't own an account but I own an transaction output and in this case Alice has these three unspent transaction outputs they all have the same owner and an amount on it and the amount cannot be changed it's fixed and Alice would create a transaction with Bob transmitting 42 Bitcoins she creates a transaction and says these 42 Bitcoins are supposed to go to Bob and I have to get it somewhere and she says I choose these three transaction outputs and the amount cannot be changed however Alice has to spend them all completely in one go and she takes these three transaction outputs they are a bit more than 42 Bitcoins so in this transaction there's too much money so she can also create addition has more transaction outputs than she transmits to Bob so she creates a second output in her transaction and here she transmits money to Alice back to her so a Bitcoin transaction can have an arbitrary number of inputs and outputs another important thing is there's still difference we put 44 Bitcoins into the transaction and just 43 out and the remaining Bitcoin is the transaction fee for the miner who mines this transaction he gets this transaction fee Alice has created new transaction outputs by sending this transaction one that's owned by Bob, one that's owned by Alice and we can get the chain for all these transaction outputs they are all transaction outputs of transactions who were previously existing there are two possible states of transaction output they can either be spent or they cannot be not spent and we can only spend those who were not spent previously so if I want to know how much money Alice owns we sum up all the transaction outputs that are not spent and we know how much money Alice has and we can do that for every person in the blockchain and we know how much they own and if I calculate all not spent transaction outputs I know I have the current state of the blockchain and exactly this mechanism is used by a pruning client a pruning client looks I don't need to save all the blockchain that's stupid because if there's a new transaction I want to know whether it's really valid I only have to check whether she spends an output that's already spent so if she spends an already spent transaction output and you can't spend the same money twice or if the transaction tries to create a transaction output that's not valid it does not exist it's also not valid and that's what a pruning client does where it says I'm creating a transaction with this transaction output it doesn't try and run through a complete blockchain for this transaction output that would be stupid but he takes a small database and the database contains all the transaction outputs and he says and it looks at this unspent transaction output and for every valid transaction she looks at the database and that's how the client keeps the state and the pruning client says hey, I don't need those blocks anymore I have the state and the database I delete the blocks or he doesn't has to be careful if there's a longer chain from somewhere in the back, he has to re-establish it so he usually keeps some more additional blocks but he can save a lot of storage space pruning client can still download every spent transaction and he has to verify all the blocks it still needs a lot of bandwidth and a lot of calculation power that's why they are not usually used on mobile devices as I said I said that Alice spends a transaction output in reality Bitcoin is quite complicated the transaction output is a piece of code in Bitcoin it's its own language the input also has to contain a piece of software and when they run after one another the output has to be 2 only in that case the output is spent correctly that's a quite complicated system it's its own programming language not completely truing complete but there are a lot of interesting rules I think you can find in over 80% of the cases is so called the rule says something like to spend this output you have to prove that you know the secret key to this public key of which sash is in here and the input says only this secret key and I prove that by publishing the public key and signing the transaction with the secret key and after that anybody who wants to verify that can take the public key checks whether it's appropriate to the hash and can verify this transaction that's the most common kind of transaction of how these transactions work in reality it's quite complicated and you can have your own talk about this so I'll stop at this point I've also created this great slide oops that's much too far back do you feel a fine edge? no, here so we have some more time for questions if you want to know anything else or you can reach me using the text telephone on congress you'll find this a handheld on the slides on the fapler and I will also publish the slides themselves and the source code for creating the slides will also be leaked that was Vimya there is still a bit of time left for questions so if you have any questions then please step up with the microphones if you're leaving now please do so quietly so we can get a Q&A going in a quiet manner door angels please don't let people enter the room for now and please leave quietly the first question from the signal angel about the man in the middle double spend attack couldn't Mallory run this attack at the same time with the same fake blockchain against ten different car dealers and use the very same effort steel 10 cars that of course would make it worthy again valuable if you have to spend more time on the single car good question I have never thought of that in this way and I guess I would have to reflect on it probably I think it should work but the workload would be a lot bigger to control all of these network nodes in order to have the system really secure that should not be an argument gut feeling I think yeah it should be possible alright continue with microphone 2 you said that with a 50% attack you could use the same the block chain now if a hypothetical government organization with lots and lots of computing power was there just imagine that such an organization would exist is there any thoughts about the probability of that existing well with usual computer power it will probably not be possible to calculate as many double SHA 256 hashes and the whole network altitude of the whole computing power that even all of the top 500 supercomputers they have there is a possibility of China we'd like to have the miners distributed all over the world and in practice currently most of that happens in big computation platforms in China where more than 50% of the computational power is concentrated so great our decentralized currency is now owned by China and even if that should not be enough all of the hardware needed to equip the necessary data centers is produced in China and China could just seize all of the hardware produced in China and then have enough hardware to run a 50% attack so it's possible microphone 1 so I'm interested in the computing power are there any approaches here for other electronic currencies to prevent the situation where the maximum computing power given the current state of technology isn't required at the time there have been several different attempts one possible way to do that has been that it's not limited to computational power but an attack should also need a lot of memory and that would make it a lot more difficult to build hardware that is built specifically to attack a currency but then you have the same problem I know that Ethereum works on a concept where they use proof of stake I'm not entirely sure how that works but in that case the probability of you creating a block depends on how much money how much stake you own in the whole network they do not have that problem that you need an incredible amount of power to create blocks and incredible amount of computational power they propose that in summer but I'm not up to date with the current state that is proof of stake and it's going to be implemented or working on it in Ethereum Ok, let's continue with background 4 I'll ask two questions the one public real estate dealers could become part of the blockchain surely and save administration a lot of power what is your opinion on smart contracts? the first question yes, people are working on that especially in Great Britain there are research groups working on finding out that blockchains could affect government especially property registers these companies are working on especially property registers these systems would need a lot of changes if someone were to steal a property and reflect that in the official blockchain how could one reverse that transaction? if we have a registry today they can change everything and we'd like not to have to place trust entirely in that blockchain and there should be a human override, a possible mechanism to override that blockchain and that is highly questionable because a person can still break the blockchain so it's not that simple to do things like that but I am convinced that especially property registries are a great chance to maintain blockchains and I think it's one of the first things we'll see implemented I also think there will be a hybrid model where there will be a public blockchain but at the end the determining factor will be whatever is registered at the property office sorry I forgot the second question okay if that answers the question and the question is not repeated we'll continue with Microfit 7 okay thanks you for this exciting interesting talk and I would be interested to know hear more about the topic of end of bitcoin as far as I know the amount of bitcoin is limited and how would creating new blocks be rewarded in the far future would this be further and further divided will you only get some minute parts of bitcoins as a reward that's a very good question that I asked myself this question where the block reward was halved but in the end the whole system continued without a hitch the mechanism that should reward the winner is the transaction fees but at the current point the transaction fees are so low that it would not be useful to mine blocks because the power usage is way too high just to mine for the transaction fees on the other hand transaction fees today are very high they can approach transaction fees that are paid for credit card payments which is ridiculously high and the blocks are very full so if the block limit and artificial limit that says how big a block can get and there's a big war in the community if that should be changed or not so if that limit is not increased then no more transactions can be stored in a block the miners is to increase the transaction fees and for participants it's not worth it to use bitcoin anymore in the next couple of years we still find bitcoins that you receive as a mining reward per block and then we'll have to see what happens and I think that will be a dynamic system where a lot of people will have good ideas I can just ask again the proof of work the direct bitcoin that I receive not the 12.5 bitcoins that I receive to create the block is not the proof of work no no the 12.5 bitcoins that you receive plus the transaction fees is your block reward not the proof of work the proof of work is your proof that you have taken the work upon yourself okay we'll continue in the balcony number 8 please yeah well the whole creating of blocks is based on the fact that transactions enter into the system now what would happen if no transactions would come in or would be available anymore would that then create would you then create empty blocks no you can see that the first couple of blocks that were created in the very beginning of bitcoin they didn't have any transactions in them so no one was transacting any money and in that case the block only contains the coin based transaction the miner will always run a coin based transaction to get their reward and that block will just contain this single coin based transaction okay we'll then continue in front with number 2 oh there was someone else first okay then we'll very fair of you number 4 please I had I've seen the topic of blockchain in many many different contexts become a real password IOT wherever could you in the context of your work perceive a certain trend which applications have really been proven it have proved themselves there are a couple of first applications you can pay for things in bitcoin but there's a thing one application I've seen and that I refuse to to accept is that banks try to use blockchains to set all transactions amongst each other themselves so that banks transact money among banks on bitcoin and banks are apparently investing a lot of time and money which is a very sad thing that this cool technology is used for such a purpose that is one possible application and there's cryptocurrencies like bitcoin to pay for things and ethereum which introduced smart contracts where it should become possible for third parties to set all things but whatever of these technology will be the first gaining widespread user can't tell you alright we are very close to the end but you can of course ask a question very short question also is there a protection against DDoS the network being bombed with false transactions and everything breaking together is there protection against that? I think there was an interesting case where the network was attacked about a year ago the community wasn't sure if that was a test or an attack and in effect it actually costs money to make a transaction you pay a transaction fee and the protection should be that it's too expensive to do that but apparently there is still enough bitcoin millionaires to just throw away their money I'm sure there is work being done on security mechanisms but I'm not sure what there is one thing that's out there is replaced by fee which is a technology where a transaction that you've issued before you can increase the transaction fee later to make sure that your transaction is still processed and to help miners understand the priority of your transaction basically but it's a very controversial technology and not accepted by a lot of miners all right then thanks Vimea for this great introduction to blockchain and thanks for listening to