1
00:00:07,770 --> 00:00:18,400
35c3 preroll music
2
00:00:18,400 --> 00:00:24,270
Herald: I'm very happy to be allowed to
announce the following talk. It's called
3
00:00:24,270 --> 00:00:31,490
"A Blockchain Picture Book" and it's held by
Alex. Blockchain is a topic we hear
4
00:00:31,490 --> 00:00:36,890
constantly everywhere in the media. It's
sold as a solution for everybody and for
5
00:00:36,890 --> 00:00:45,000
everything. Doesn't matter what. But how
it really works and what it really is...
6
00:00:45,000 --> 00:00:50,140
...most people don't really have an idea. So,
today we got a beginner's introduction
7
00:00:50,140 --> 00:00:56,304
with pictures. So, please welcome Alex on
stage with a big round of applause.
8
00:00:56,304 --> 00:01:03,480
Applause
9
00:01:03,480 --> 00:01:10,570
Alex: Hi. Yeah. My name is Alex and I'm
from the Technical University of
10
00:01:10,570 --> 00:01:16,030
Brunswick. I'm working in the Institute of
application security. I suppose you're
11
00:01:16,030 --> 00:01:23,329
here to see my blockchain picture book,
right? But right from the start, this talk
12
00:01:23,329 --> 00:01:29,780
is not about the newest cryptocurrencies
out there and it's also not about in which
13
00:01:29,780 --> 00:01:34,611
ICO should invest in. I'm absolutely
clueless about that topic. Sorry to
14
00:01:34,611 --> 00:01:42,770
disappoint you, maybe. I'm here to give you
a very rough introduction to the idea and
15
00:01:42,770 --> 00:01:48,939
the basics of this blockchain thing out
there. So, maybe you can judge by your own.
16
00:01:48,939 --> 00:01:56,047
So. I hope there are no blockchain experts
in the audience, maybe. So this is a
17
00:01:56,047 --> 00:02:00,609
foundation talk. That means I do not
expect any technical or mathematical
18
00:02:00,609 --> 00:02:08,869
backgrounds at all. So, let's just give it
a try. Imagine the following situation.
19
00:02:08,869 --> 00:02:16,170
Once upon a time, there were two people.
Let's call them "Mary", on the left, and "Alex",
20
00:02:16,170 --> 00:02:23,280
on the right. They wanted to trade with
each other. Mary she wants to buy a house
21
00:02:23,280 --> 00:02:30,110
from Alex. Thus , she brings the agreed
amount of money. And Alex – on the picture –
22
00:02:30,110 --> 00:02:36,746
brings the keys for this house that
should be sold to Mary. But, since Mary and
23
00:02:36,746 --> 00:02:44,290
Alex do not know each other, they do not
trust each other, as well. So, they set up a
24
00:02:44,290 --> 00:02:50,030
contract for this trade. Just to be on the
safe side. Here on the right, you can see a
25
00:02:50,030 --> 00:02:55,780
typical contract for trade, and it consists
of some important informations like a
26
00:02:55,780 --> 00:03:00,290
description of the object that should be
sold: The house of Alex, maybe the address,
27
00:03:00,290 --> 00:03:06,271
what's inside and stuff. the agreed amount
of money – let's say the house costs half a
28
00:03:06,271 --> 00:03:11,900
million, whatever. The persons who are
involved in this trade – in this case Mary
29
00:03:11,900 --> 00:03:19,480
and Alex. And of course the signatures. As
a final step, this contract must be
30
00:03:19,480 --> 00:03:26,680
timestamp for being valid. So, nowadays
those kind of contracts usually exist as
31
00:03:26,680 --> 00:03:34,410
digital documents. But for both the
digital and the analog document, if an evil
32
00:03:34,410 --> 00:03:39,640
party gets hands on all copies of this
contract, he can modify it in a malicious
33
00:03:39,640 --> 00:03:47,796
way. Let's say, removing the timestamp.
This can void the contract and thus make
34
00:03:47,796 --> 00:03:54,790
the trade invalid. By the way, the evil
party can also be one of the persons
35
00:03:54,790 --> 00:04:01,740
involved in this trade. So, let's say our
Alex – the evil one – he wants to take the
36
00:04:01,740 --> 00:04:10,106
money from Marry but also keep the house.
Okay? This is our initial situation. So in
37
00:04:10,106 --> 00:04:15,090
1990 Haber and Stornetta proposed in a
scientific paper a cryptographical
38
00:04:15,090 --> 00:04:23,699
solution for binding a time stamp undevisably
to a digital document. What does
39
00:04:23,699 --> 00:04:28,840
it mean? They both – the timestamp and the
digital document – are merged into a new
40
00:04:28,840 --> 00:04:37,169
document and can't be separated from each
other without being damaged. So, we'll see
41
00:04:37,169 --> 00:04:41,979
later how this exactly works. For now,
let's pretend this block, which you can see
42
00:04:41,979 --> 00:04:48,309
here, contains our digital document and the
timestamp. And both are binded by some
43
00:04:48,309 --> 00:04:55,270
mystical fancy cryptographic technique
which is represented by this blue frame.
44
00:04:55,270 --> 00:05:04,330
Okay? So, unfortunately, we still face a
problem: That's our evil party – remember
45
00:05:04,330 --> 00:05:10,150
Alex is the evil party? – He can just make
this contract and all copies disappear and
46
00:05:10,150 --> 00:05:19,210
claim they never existed before. So, to
tackle this problem, Haber and Stornetta
47
00:05:19,210 --> 00:05:24,099
and their paper further proposes a
chaining technique for those blocks. All
48
00:05:24,099 --> 00:05:29,717
of which contains of course a different
contracts. So, the result is a chain of
49
00:05:29,717 --> 00:05:36,400
blocks: The blockchain. Here we are. Hey!
And since this is a chain, it's not
50
00:05:36,400 --> 00:05:41,300
possible to remove one of the blocks.
Removing a block from the inside of the
51
00:05:41,300 --> 00:05:46,059
chain, will just break it completely, in a
way that you can't put it together anymore
52
00:05:46,059 --> 00:05:55,800
without damaging it, as we will see later.
Okay? So, this doesn't prevent that anyone can
53
00:05:55,800 --> 00:06:03,270
just make this whole chain disappear.
Maybe. So, but the longer the chain gets,
54
00:06:03,270 --> 00:06:08,069
the more people are involved in this chain,
the higher the risk for evil parties
55
00:06:08,069 --> 00:06:21,680
malicious task is discovered. OK? Clear so
far? Right. But the problem remains: This
56
00:06:21,680 --> 00:06:26,650
chain has to be stored somewhere. You
remember it's digital? So let's say
57
00:06:26,650 --> 00:06:36,139
another trusted party gets this task. So,
here we are. This is our trusted party
58
00:06:36,139 --> 00:06:43,589
which is in charge for blockchain. But, the
thing is this trusted party can also fail
59
00:06:43,589 --> 00:06:49,059
or become untrusted. And it doesn't have
to be malicious at all. It also may happen
60
00:06:49,059 --> 00:06:56,419
that the storage for blockchain fails or
crashes or any data may be destroyed due to
61
00:06:56,419 --> 00:07:04,923
any hardware failure, maybe, or a trusted
party just deleted accidentally. Maybe. So,
62
00:07:04,923 --> 00:07:10,119
it's like with every centralized service
you have to trust. So, imagine your e-mail
63
00:07:10,119 --> 00:07:14,639
provider just disappears tomorrow. How
many services are you using which depends
64
00:07:14,639 --> 00:07:24,120
on the e-mail address? OK. So, for that
reason, the paper suggests to distribute
65
00:07:24,120 --> 00:07:32,280
copies of our blockchain to a lot of other
parties. So, here we are. Here you see a
66
00:07:32,280 --> 00:07:39,002
lot of other parties – whoever they are – who
owns a copy, an exact copy, of a blockchain.
67
00:07:39,002 --> 00:07:47,119
Remember, this blue color represents
something cryptographical. OK. So, you can
68
00:07:47,119 --> 00:07:51,770
see there is no centralized storage
anymore. Instead we have a large number of
69
00:07:51,770 --> 00:07:58,620
participants which we can rely on. So,
let's call this a decentralized network.
70
00:07:58,620 --> 00:08:05,039
Remember this term. It will get important
later. So, for now, even if some of those
71
00:08:05,039 --> 00:08:10,749
parties fail, as long as the majority
stores are valid and of course the same
72
00:08:10,749 --> 00:08:25,499
copy of a blockchain, we can keep going.
OK. You're still with me? Right. OK. So, the
73
00:08:25,499 --> 00:08:34,950
question remains: How does mystical
cryptography thing, stuff, whatever works.
74
00:08:34,950 --> 00:08:38,050
laughs
75
00:08:38,050 --> 00:08:42,460
This is how such a block actually looks
like. And in fact, this is the first
76
00:08:42,460 --> 00:08:48,460
blockchain block ever created. But, I
suppose you're not really interested in a
77
00:08:48,460 --> 00:08:55,530
math lecture. OK. So, as I promised, let's
keep the mathematical details and stay
78
00:08:55,530 --> 00:09:02,090
visual. But just for information: This
is a block. Okay. Let's pretend, we observe
79
00:09:02,090 --> 00:09:09,640
another trade. Alice and Bob are doing a
trade and we can see, Alice wants to sell her
80
00:09:09,640 --> 00:09:18,300
smartphone or whatever to Bob. So, do you
remember those polaroid cameras, where you
81
00:09:18,300 --> 00:09:23,700
could take a picture and it was printed
instantly? You know them? I think they're
82
00:09:23,700 --> 00:09:30,800
back in fashion now. So, while we observe the
situation, we take a polaroid picture of
83
00:09:30,800 --> 00:09:37,000
it. It's printed, and this picture attests
this trade. So, we take this picture and
84
00:09:37,000 --> 00:09:47,830
put it on a blackboard. Like this here. So,
let's say, this picture represents a block.
85
00:09:47,830 --> 00:09:58,620
You remember these blue framed blocks like
we saw them before? OK. Somewhat later,
86
00:09:58,620 --> 00:10:08,910
we observe another trade. Here, Charlie
wants to sell his car to Peter. And again,
87
00:10:08,910 --> 00:10:14,530
we take a picture. But this time, we hold
the picture from before – the one, which is
88
00:10:14,530 --> 00:10:22,270
already on the blackboard – into the
background of the situation. Like here. So,
89
00:10:22,270 --> 00:10:34,340
now, we take the new Polaroid picture and
put it back to our blackboard. OK? So, what
90
00:10:34,340 --> 00:10:42,320
do we see now? The first picture, which is
our first block, appears in the background
91
00:10:42,320 --> 00:10:51,300
of the second picture, which is our second
block. So, let's say the second block is
92
00:10:51,300 --> 00:10:58,650
chained to the first block. So, if someone
evil wants to change the content of the
93
00:10:58,650 --> 00:11:04,630
first block, he must also change the
content of the second block. Which means
94
00:11:04,630 --> 00:11:20,920
more effort for this evil party. Ok? So, of
course let's keep doing the same. And add
95
00:11:20,920 --> 00:11:26,300
the third picture to the board. Here we
can see Eve and Alex, another Alex, trading
96
00:11:26,300 --> 00:11:33,920
some goods. And in addition again we can
see the second picture. It's in the
97
00:11:33,920 --> 00:11:41,160
background of this third picture, so it's
the same thing. The third is chained to the
98
00:11:41,160 --> 00:11:51,941
second. OK. You're with me? Nice. And of
course for the sake of completeness we add
99
00:11:51,941 --> 00:11:58,240
the fourth block where Armin and Ed are
trading. And this house is more expensive
100
00:11:58,240 --> 00:12:03,940
this time. So again, we'll see the content
of the third block in the fourth block.
101
00:12:03,940 --> 00:12:11,410
That's their chain. So now we can see the
big picture here. So if our evil party now
102
00:12:11,410 --> 00:12:17,890
wants to change something on this first
trade on the first picture, that means he
103
00:12:17,890 --> 00:12:26,500
must change the second and the third and
the fourth picture as well. Else this
104
00:12:26,500 --> 00:12:35,490
modification is detectable. You agree? OK.
So one can say we created our very special
105
00:12:35,490 --> 00:12:41,230
kind of blockchain here, consisting of
polaroid pictures, which represents blocks
106
00:12:41,230 --> 00:12:55,160
of course. OK, so this effort can bring us
some fancy properties. And at this point
107
00:12:55,160 --> 00:13:01,090
it's important to say that some of these
properties are optional. There are
108
00:13:01,090 --> 00:13:06,300
different kinds of blockchain systems out
there and most of the properties depends
109
00:13:06,300 --> 00:13:12,560
on what kind of blockchain is in use and of
course the use case. But let's just take a
110
00:13:12,560 --> 00:13:18,420
look on some of the important properties,
in my opinion. So return to our blackboard
111
00:13:18,420 --> 00:13:25,920
here, which we constructed earlier. So we
already observed this chaining mechanism.
112
00:13:25,920 --> 00:13:30,620
This picture in a picture thing. You
remember. So this mechanism makes our
113
00:13:30,620 --> 00:13:36,430
blocks immutable and thus the contracts
inside these blocks are immutable as well,
114
00:13:36,430 --> 00:13:46,080
of course. So they can only be modified if
the complete chain is also modified. So
115
00:13:46,080 --> 00:13:51,390
let's take our board and place it anywhere
in the public. This gives all the people
116
00:13:51,390 --> 00:13:56,900
walking around the possibility to keep an
eye on everything happening on our chain
117
00:13:56,900 --> 00:14:04,290
on the board, and maybe detect any
anomalies. So we can say, well, blockchain
118
00:14:04,290 --> 00:14:13,950
is the coolest open source software,
maybe. Other parties who make up our
119
00:14:13,950 --> 00:14:19,010
distributed network - you remember we
talked about that before - creates an exact
120
00:14:19,010 --> 00:14:25,790
copy of our blackboard, and the updates,
they copy every time something new
121
00:14:25,790 --> 00:14:31,690
is appended to the chain. So if the original
blockchain on this board becomes invalid
122
00:14:31,690 --> 00:14:36,530
or disappears, or whatever, we can ask our
distributed network for the last valid
123
00:14:36,530 --> 00:14:47,870
copy of this chain and put it back on the
board. But even if some of those parties
124
00:14:47,870 --> 00:14:53,070
becomes malicious, as long as the majority
of all parties is honest and own valid
125
00:14:53,070 --> 00:15:03,270
copy of our block chain we could prevent
fraud in it. And at least it's possible to
126
00:15:03,270 --> 00:15:09,000
ensure anonymity for all involved parties.
Parties of our distributed network, as well
127
00:15:09,000 --> 00:15:18,350
as the parties involved in the contracts
inside the blocks. OK, so in summary we can
128
00:15:18,350 --> 00:15:23,660
say the contracts in our blockchain are
immutable. The control over the blockchain
129
00:15:23,660 --> 00:15:28,582
is decentralized and it's really hard to
get the majority of the network to the bad
130
00:15:28,582 --> 00:15:35,300
side, I suppose. Our block, our board and
thus the blockchain and side are exposed
131
00:15:35,300 --> 00:15:41,260
to public scrutiny and it's not possible
to remove one of the blocks from inside
132
00:15:41,260 --> 00:15:47,350
the chain without breaking it completely.
We can provide anonymity to our distributed
133
00:15:47,350 --> 00:15:50,440
network and the parties
involved in the transactions or the
134
00:15:50,440 --> 00:15:56,050
contracts inside the chain and at least we
don't have to be at the mercy of a single
135
00:15:56,050 --> 00:16:04,670
institution, like a bank or government or
whatever. Okay, so looks like some fancy
136
00:16:04,670 --> 00:16:12,180
properties. This are just some of a lot of
properties which we can achieve. So let's
137
00:16:12,180 --> 00:16:18,670
take a closer look on a common blockchain
application. I suppose most of you here
138
00:16:18,670 --> 00:16:24,860
heard of the so-called cryptocurrency
stuff, especially bitcoin. Maybe some of
139
00:16:24,860 --> 00:16:30,130
you own some bitcoin. Of course there are
many more cryptocurrencies out there:
140
00:16:30,130 --> 00:16:37,390
Woppercoin, OneCoin(?)... stuff. But
let's talk about financial transaction on
141
00:16:37,390 --> 00:16:49,400
a blockchain in general. So this is a
classic German bank transfer form. Before
142
00:16:49,400 --> 00:16:54,400
the times of online banking, this form was
used to transfer money from one bank
143
00:16:54,400 --> 00:17:00,029
account to another. Maybe some of you
still remembered, you had to write
144
00:17:00,029 --> 00:17:06,919
extremely clear - it was horrible - and you
filled out this form, gave it to your bank
145
00:17:06,919 --> 00:17:14,440
and they take care of everything else. So
you can see some fields here: These are
146
00:17:14,440 --> 00:17:20,290
the names of the sender and receiver of
the money. The sender is on the bottom.
147
00:17:20,290 --> 00:17:27,750
Here you can see the account numbers. This
is the bank ID, and in this case you can
148
00:17:27,750 --> 00:17:35,570
see it's the same bank. Of course the
amount of money and the signature of the
149
00:17:35,570 --> 00:17:42,870
sender, as well as the date. So for
financial transactions via
150
00:17:42,870 --> 00:17:50,100
cryptocurrencies like Bitcoin whatever, we
don't need that much information. The only
151
00:17:50,100 --> 00:17:57,100
information we need here, are the sender's
and receiver's public keys. They are used
152
00:17:57,100 --> 00:18:01,910
the same way as the account numbers, but
they're much longer, more cryptical.
153
00:18:01,910 --> 00:18:06,570
Of course, still we need the amount of
money and the sender signature, which
154
00:18:06,570 --> 00:18:13,840
also contains the timestamp. Remember this
stuff is digital. So back in the good old
155
00:18:13,840 --> 00:18:17,860
days we just fill out this form, put it
into a special letter box in the bank and
156
00:18:17,860 --> 00:18:26,570
forget about it. In cryptocurrencies, very
simply said, all commission transactions
157
00:18:26,570 --> 00:18:34,040
like this here are collected by our
distributed network. So let's say our
158
00:18:34,040 --> 00:18:41,600
distributed network collected seven
pending transactions. So, but these
159
00:18:41,600 --> 00:18:45,256
transactions are not in our blockchain
yet. Let's get back to our blockchain.
160
00:18:45,256 --> 00:18:52,170
We have five blocks currently with any
contracts or transactions inside. So now
161
00:18:52,170 --> 00:18:58,880
we face the question which of those
transactions shall form our sixth block in
162
00:18:58,880 --> 00:19:07,020
this chain. OK, you agree on this question.
Maybe some of you would say: Hey, we have
163
00:19:07,020 --> 00:19:12,180
some timestamps in the transaction. Why
can't we use them. The thing is that our
164
00:19:12,180 --> 00:19:18,970
distributor network is in different time
zones and, I don't know, network delays
165
00:19:18,970 --> 00:19:26,430
and all this stuff. So we need another
solution for this question. I suppose some
166
00:19:26,430 --> 00:19:33,750
of you already have an idea how to use
this. So if all involved parties follows a
167
00:19:33,750 --> 00:19:39,750
rule on how to find an agreement on
something, whatever, we can call this a
168
00:19:39,750 --> 00:19:49,930
consensus protocol. So maybe some of you
heard this term before. Okay, so remember
169
00:19:49,930 --> 00:19:56,610
it. Let's replace transactions and
contracts with something much simpler.
170
00:19:56,610 --> 00:20:01,890
Let's say some fancy symbols have been
proposed as candidates for our next block,
171
00:20:01,890 --> 00:20:06,850
the red one in the chain. So our
distributed network, consisting of some
172
00:20:06,850 --> 00:20:11,790
participants, now face the question. Which
of those symbols shall form the next
173
00:20:11,790 --> 00:20:21,120
block. And there are different ways to
achieve this goal. So let's talk about the
174
00:20:21,120 --> 00:20:27,370
best known consensus protocols. Maybe one
of the most popular used by the bitcoin
175
00:20:27,370 --> 00:20:35,809
network, it's the proof of work protocol.
I see some people laughing. OK. So what
176
00:20:35,809 --> 00:20:41,350
does it got to do with competition. Back
to our initial question, which of the
177
00:20:41,350 --> 00:20:49,550
symbols shall form the next block. So very
simply said each time a new block shall be
178
00:20:49,550 --> 00:20:53,840
created. And this means as long as there
are pending transactions we'll need new
179
00:20:53,840 --> 00:21:02,850
blocks. Our network holds the public race
and everyone can take part in this race.
180
00:21:02,850 --> 00:21:10,840
So the winner of the race can decide which
symbol gets into the new block. Looks
181
00:21:10,840 --> 00:21:16,010
simply. And in this race we can see that
the winner party selects the heart symbol
182
00:21:16,010 --> 00:21:25,750
for the next block. So it appears there.
So the outcome of this race is known to
183
00:21:25,750 --> 00:21:33,559
our distributed network. So each of those
parties in this network appends the new
184
00:21:33,559 --> 00:21:43,710
block into their own local blockchain copy
holding this heart symbol inside. OK?
185
00:21:43,710 --> 00:21:53,140
Right. Unfortunately, as some of you may
know, this protocol has some drawbacks and
186
00:21:53,140 --> 00:22:00,080
the most serious of these is probably the
negative impact on the environment. That
187
00:22:00,080 --> 00:22:06,260
means holding such races consumes many
resources. And of course in reality not
188
00:22:06,350 --> 00:22:11,580
motorcycles, but a very large number of
highly specialized, high performance
189
00:22:11,580 --> 00:22:19,610
computers take part in these races. And of
course they need of a huge amount of power
190
00:22:19,610 --> 00:22:26,179
which is not really great for environment.
So for last year it was estimated that the
191
00:22:26,179 --> 00:22:31,350
bitcoin network needed, at annual rate, as
much power as the whole country of Denmark,
192
00:22:31,350 --> 00:22:43,450
which is a lot. OK, so you don't like this
protocol. Let's take a look on another
193
00:22:43,450 --> 00:22:49,940
one. So this protocol depends on the vote
of participants in the group. We call it
194
00:22:49,940 --> 00:22:55,650
the consortium vote. This is one of the
names for this protocol. Back to our
195
00:22:55,650 --> 00:23:00,230
initial question with the fancy symbols.
Which of them shall form the next block in
196
00:23:00,230 --> 00:23:07,540
our chain? So instead of a huge network of
unknown participants driving motorcycles
197
00:23:07,540 --> 00:23:15,010
and holding races, this time we invited
some parties in a fixed group. We called
198
00:23:15,010 --> 00:23:24,070
this group consortium. So each time a new
block shall be created, the participants
199
00:23:24,070 --> 00:23:35,360
of this consortium hold a vote. It's
similar to a democratic election. So the
200
00:23:35,360 --> 00:23:41,010
symbol most parties voted for wins. It'
that simple. So in this round we can see
201
00:23:41,010 --> 00:23:45,030
two parties voted for the circle two
parties voted for the heart and three
202
00:23:45,030 --> 00:23:50,609
parties voted for a star symbol. So the
star is selected by the will of the people
203
00:23:50,609 --> 00:24:02,630
and thus appears in the next block. You
agree? OK, so the outcome of this vote is
204
00:24:02,630 --> 00:24:10,300
visible again to our distributed network
which holds copies of our blockchain. So
205
00:24:10,300 --> 00:24:15,390
each party in a distributed network
appends a new block into their own local
206
00:24:15,390 --> 00:24:21,549
copy holding the star symbol inside. So,
great, we see no environmental drawbacks
207
00:24:21,549 --> 00:24:34,370
here. Maybe this is the best solution. OK,
some of you disagree. Yeah. Well the
208
00:24:34,370 --> 00:24:39,590
topic here is the formation of the
consortium. This is one of the drawbacks.
209
00:24:39,590 --> 00:24:44,110
We can't ensure that the invited parties
or participants of our consortium are
210
00:24:44,110 --> 00:24:52,910
unbiased. Here we see a very huge doorman
and this doorman only allows participants
211
00:24:52,910 --> 00:24:57,790
to our consortium party who promises to
vote for this circle symbol and nothing
212
00:24:57,790 --> 00:25:06,820
else. So we can say he's kind of a filter.
So since there are only participants who
213
00:25:06,820 --> 00:25:12,830
refers the circle symbol and a consortium
they also vote for it eventually. As you
214
00:25:12,830 --> 00:25:20,490
can see here. So among all the drawbacks,
this protocol may be misused for
215
00:25:20,490 --> 00:25:32,220
corruption or whatever. OK, you're still
with me? Nice. Okay let's check the last
216
00:25:32,220 --> 00:25:37,860
consensus protocol, may we have more
success here. So this one depends on the
217
00:25:37,860 --> 00:25:46,260
share or stake of the system that everyone
owns. This consensus protocol will be
218
00:25:46,260 --> 00:25:55,000
called Proof of Stake. But what does it
have to do with randomness? Maybe you ask.
219
00:25:55,000 --> 00:26:00,290
So one last time we repeat our question,
which of the symbols shall form the next
220
00:26:00,290 --> 00:26:08,740
block in our chain? So let's pretend we
have any system, let's say all existing
221
00:26:08,740 --> 00:26:15,510
symbols in this world form our system. We
can see the system. This is the circle on
222
00:26:15,510 --> 00:26:21,320
the right side. And the whole system
belongs to five parties, which are on the
223
00:26:21,320 --> 00:26:29,620
bottom left. This five color parties. So
this colored circle represents the stake
224
00:26:29,620 --> 00:26:36,670
of each party on the system. So each round
these parties vote on which symbol shall
225
00:26:36,670 --> 00:26:43,570
form the next block. But this time the
decision for who is the winner is made
226
00:26:43,570 --> 00:26:52,280
randomly, taking into account the stake of
each party. So we can call this a weighted
227
00:26:52,280 --> 00:27:03,240
randomness. OK, so how does this exactly
work? Let's imagine this roulette wheel. I
228
00:27:03,240 --> 00:27:10,370
hope some of you know this kind of game.
OK. Usually you spin the wheel, you throw
229
00:27:10,370 --> 00:27:15,950
a ball on it and some time the wheel stops
turning and the ball lands on any number
230
00:27:15,950 --> 00:27:21,610
on this wheel and this number is the
winner then. But instead of numbers this
231
00:27:21,610 --> 00:27:28,689
time we distribute the symbol candidates
on the wheel according of the stake of its
232
00:27:28,689 --> 00:27:42,610
holder. OK, so let's play the game. That's
how our wheel looks like and we spin it
233
00:27:42,610 --> 00:27:50,679
and throw a ball on it. It keeps rolling
and rolling and it stops at some point on
234
00:27:50,679 --> 00:28:00,600
a symbol. Here it landed on the triangle.
So the triangle is the winner symbol for
235
00:28:00,600 --> 00:28:04,965
our next block and appears there
eventually as you can see on the top
236
00:28:04,965 --> 00:28:16,800
right. Okay? You're with me. All right. So
what happens when the stake of one of
237
00:28:16,800 --> 00:28:24,006
these parties is significantly larger
than the stake of others? Here, our red
238
00:28:24,006 --> 00:28:32,848
stakeholder is a very rich man and holds
the majority of the system, so as you can
239
00:28:32,848 --> 00:28:37,760
imagine even if our system chooses
randomly, since this randomness is
240
00:28:37,760 --> 00:28:43,248
weighted, his chance to be chosen is
significantly larger than the chance of
241
00:28:43,248 --> 00:28:57,042
others. So, of course, there are even more
consensus protocols out there and you can
242
00:28:57,042 --> 00:29:02,820
spend a few hours talking about them. But
to get to the point, every effort to reach
243
00:29:02,820 --> 00:29:07,634
a fair consensus seems to come with
drawbacks and depending on our use case
244
00:29:07,634 --> 00:29:13,504
and the blockchain system which we are
using those drawbacks can have negative
245
00:29:13,504 --> 00:29:18,887
impacts. So why are we still putting all
this effort into this blockchain science,
246
00:29:18,887 --> 00:29:25,690
you may ask. Let's get back to our initial
situation, where Mary and Alex traded and
247
00:29:25,690 --> 00:29:31,210
Mary wanted to buy a house from Alex. You
remember? So here Mary has to trust Alex,
248
00:29:31,210 --> 00:29:37,720
that the house he sells to her is really
his own property and that he won't revoke
249
00:29:37,720 --> 00:29:46,369
the trade afterwards. On the other hand
Alex has to trust Mary that she gives him
250
00:29:46,369 --> 00:29:53,958
the promised amount of money for this
house. So if a bank is involved in this
251
00:29:53,958 --> 00:29:59,142
trade they both, Mary and Alex, have to
trust this bank for transferring the money
252
00:29:59,142 --> 00:30:04,400
safely from Mary to Alex, and of course
the right amount of money and right
253
00:30:04,400 --> 00:30:13,210
currency. And in big trades like house
selling, usually a notary is involved.
254
00:30:13,210 --> 00:30:21,520
Mary and Alex have to trust this
notary to be impartial.
255
00:30:21,520 --> 00:30:29,830
So we see, traditionally such
trades involves a lot of trust and
256
00:30:29,830 --> 00:30:35,080
trusting in such things as trades is not
really popular as there has been a lot of
257
00:30:35,080 --> 00:30:41,799
disappointments in the past. As you may
know. And all this blockchain science is
258
00:30:41,799 --> 00:30:49,410
the most promising approach for mitigating
the need of this trust so far. But I think
259
00:30:49,410 --> 00:30:55,040
we're still a long way from reaching this
goal. So let's see what the future may
260
00:30:55,040 --> 00:31:09,125
bring us. Thanks for attention.
applause
261
00:31:09,125 --> 00:31:14,059
Herald: Thank you very much for this nice
introduction. If you have questions please
262
00:31:14,059 --> 00:31:25,250
go to the mics. There's three simple
rules to follow now. First, if you want to
263
00:31:25,250 --> 00:31:30,429
ask a question, a question is normally one
sentence ended by a question mark. Nothing
264
00:31:30,429 --> 00:31:36,380
else. Second if you speak into mic keep it
close to your mouth just like you would
265
00:31:36,380 --> 00:31:41,830
like to bite into it. But please don't do
so. And third for everybody who is leaving
266
00:31:41,830 --> 00:31:49,360
now, please do this quietly. Thank you very
much. So let's start with a question from
267
00:31:49,360 --> 00:31:53,910
the Internet.
Q: Hi. There is a question from IoC. So
268
00:31:53,910 --> 00:31:58,840
you talked about how blockchains provide
anonymity and could you explain what that
269
00:31:58,840 --> 00:32:02,630
means in the context of a blockchain,
because after all it's like real people
270
00:32:02,630 --> 00:32:07,640
having a transaction. So what is the
definition of anonymity in this context?
271
00:32:07,640 --> 00:32:12,470
A: This is a very technical question, I
suppose. For the technical people
272
00:32:12,470 --> 00:32:17,090
anonymity means we don't have names like
we've seen on the German bank transfer
273
00:32:17,090 --> 00:32:20,850
form, where we can exactly see Mary and
Alex are trading. So you have the names
274
00:32:20,850 --> 00:32:25,400
and you exactly know who those people are.
In the technical case, that means we use
275
00:32:25,400 --> 00:32:29,710
public keys. And of course we can create
public keys without seeing the person
276
00:32:29,710 --> 00:32:36,320
behind it. So in this case it's possible
to ensure anonymity, but as some of you may
277
00:32:36,320 --> 00:32:41,440
know, comes some drawbacks. It's,
yeah, technical.
278
00:32:41,440 --> 00:32:48,340
Herald: Microphone number three.
M3: You showed us different ways of
279
00:32:48,340 --> 00:33:00,439
choosing which transaction is next. But I
don't know if there is a possibility that
280
00:33:00,439 --> 00:33:09,649
some transaction will be lost? Like, you
know, it doesn't take -
281
00:33:09,649 --> 00:33:14,360
A: You mean like one of the transactions
just disappears from this cloud thing?
282
00:33:14,360 --> 00:33:18,960
M3: Yeah, because all others are chosen
before it.
283
00:33:18,960 --> 00:33:22,049
Like - or how long does it take to do the
vote?
284
00:33:22,049 --> 00:33:26,250
A: Oh that really depends on the protocol
as some of you may know in case of
285
00:33:26,250 --> 00:33:32,470
blockchain which has this time minute
stuff. That means I think every 10 minutes
286
00:33:32,470 --> 00:33:36,309
we'll do a new round because of this
cryptographical hash whatever, but it
287
00:33:36,309 --> 00:33:41,210
absolutely depends on the protocol. As
this voting protocol works completely
288
00:33:41,210 --> 00:33:46,510
different. So that's the reason why I
didn't want to go into details, because it
289
00:33:46,510 --> 00:33:51,450
depends on the protocol. So we can talk
about it later if you want to but I think
290
00:33:51,450 --> 00:33:56,880
this is out of scope here.
Herald: Microphone number two, please.
291
00:33:56,880 --> 00:34:01,049
M2: Thanks for the talk. A lot of the
examples I see on blockchain are
292
00:34:01,049 --> 00:34:05,290
basically database owned by one company.
So it doesn't really. So what is it for
293
00:34:05,290 --> 00:34:09,429
you the most exciting usage of blockchain
that you see today?
294
00:34:09,429 --> 00:34:17,460
A: I cannot answer this question because I
don't truly know what kind of solutions
295
00:34:17,460 --> 00:34:23,840
are there. Of course I know the popular
stuff like hyper legend whatever. For me
296
00:34:23,840 --> 00:34:29,120
personally the current solution are not
really cool, but because of technical
297
00:34:29,120 --> 00:34:34,490
backgrounds. But I can imagine that the
distributed computing protocols behind
298
00:34:34,490 --> 00:34:39,840
this blockchain thing can lead us to some
very cool stuff. But we need to put much
299
00:34:39,840 --> 00:34:45,277
more science inside it and that means,
really science.
300
00:34:45,277 --> 00:34:49,619
applause
301
00:34:49,619 --> 00:34:52,629
Herald: We have another question at
microphone number two.
302
00:34:52,629 --> 00:34:58,830
M2: Great talk. Yeah. For distributed
computation, there was already a lot of
303
00:34:58,830 --> 00:35:01,100
work.
Herald: Sorry, can you go a bit closer to
304
00:35:01,100 --> 00:35:04,369
the mic please?
M2: Sorry. If one of the most interesting
305
00:35:04,369 --> 00:35:09,050
usage is distributed computation, there
was city at home there is a bunch of bla
306
00:35:09,050 --> 00:35:15,310
bla bla at home so I'm not sure. Then
again, what's the competitive advantage
307
00:35:15,310 --> 00:35:21,599
let's say of blockchain to those previous
distributed computation protocols?
308
00:35:21,599 --> 00:35:27,820
A: I'm not sure if I understand your
question but do you ask, what exactly is
309
00:35:27,820 --> 00:35:29,700
new about all
this thing?
310
00:35:29,700 --> 00:35:36,780
M2: If the advantage is distributed
computation, that was done before. And I'm
311
00:35:36,780 --> 00:35:41,970
not sure what's the advantage of doing it
by a blockchain.
312
00:35:41,970 --> 00:35:48,220
A: Technically a blockchain is absolutely
nothing new. So distributed computing is a
313
00:35:48,220 --> 00:35:52,570
quite old topic it's nothing else than
just a distributed database in fact with
314
00:35:52,570 --> 00:35:57,950
some other properties which can be
combined. So that means blockchain is a
315
00:35:57,950 --> 00:36:05,010
combination, for me personally, of a lot
of techniques. So I think we just should
316
00:36:05,010 --> 00:36:11,730
use many more distributed computing
solutions for stuff like financial
317
00:36:11,730 --> 00:36:17,370
transactions or smart contract stuff
whatever. So this blockchain term you must
318
00:36:17,370 --> 00:36:24,710
be really careful with it.
Herald: That's a very nice warning. So
319
00:36:24,710 --> 00:36:28,310
please give a warm round of applause for
Alex.
320
00:36:28,310 --> 00:36:34,764
Applause
321
00:36:34,764 --> 00:36:37,432
35c3 music
322
00:36:37,432 --> 00:36:57,000
subtitles created by c3subtitles.de
in the year 2020. Join, and help us!