[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] Protecting coins (was Re: Taler and UBI)

From: Özgür Kesim
Subject: Re: [Taler] Protecting coins (was Re: Taler and UBI)
Date: Fri, 14 Oct 2022 13:10:50 +0200


after talking to Christian and thinking some more, it is now clear to me
that my idea below is not the best tool to protect the coins in the
wallet: Simply encrypting the data in the wallet with standard
mechanisms should do the job.

I was seeing the FDH(C_p, somethingsomething) mechanism as a hammer, and
now every problem looks like a nail :)

Idea retracted.


Thus spake Özgür Kesim (oec-taler@kesim.org):

> Thus spake Özgür Kesim (oec-taler@kesim.org):
> > Thus spake Christian Grothoff (grothoff@gnunet.org):
> > 
> > > OTOH, assuming every individual's wallet is somehow registered as eligible
> > > for UBI, it should be trivial to distribute UBI to Taler wallets, and then
> > > one could spend that with privacy.
> > 
> > That being said, it would change the threat model for the wallet
> > significantly.  So far we operate under the assumption that the usual
> > amounts people will carry in their Taler wallets are small and losses of
> > wallets are bearable.
> That made me think of the following idea:
> We could optionally protect individual coins from abuse by theft by
> binding a coin to a secret PIN (or fingerprint), which must not be saved
> by the Taler wallet.  Using the coin for purchase or refresh would
> require the PIN/fingerprint to be entered.
> Technically, we can bind the PIN to the coin the same way we bind age
> commitment to a coin.  But here we would use something like 
>       P := HMAC(coin_priv, PIN)
> as the (coin-individual) commitment and let the exchange blindly sign
>       FDH(C_p, P).
> Here, C_p is the public key of the coin.
> However, in contrast to age restriction, there would not be any
> cut-and-choose protocol involved for this feature during a refresh - it
> is completely up to the owner of the wallet to decide to enable
> protection or continue to protect a coin during refresh.  Also, we could
> easily make this compatible with age restriction.
> If I'm not mistaken, this would give us the following benefits:
>  - lost or stolen coins can be restored via Anastasis and 
>  - a thief or finder of a wallet could not use the coins without
>    knowledge of the PIN,
>  - anonymity and unlinkability of purchases are still preserved,
>  - the user experience should be still acceptible as one would only need
>    to enter the PIN/fingerprint once for a transaction.
> Cheers,
>   oec

reply via email to

[Prev in Thread] Current Thread [Next in Thread]