[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-marketing] branch master updated: oenb slides
|
From: |
gnunet |
|
Subject: |
[taler-marketing] branch master updated: oenb slides |
|
Date: |
Mon, 04 Oct 2021 16:40:07 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository marketing.
The following commit(s) were added to refs/heads/master by this push:
new 96c9dd5 oenb slides
96c9dd5 is described below
commit 96c9dd5dc76bd17bc74198932fafbc86969bd3e3
Author: Christian Grothoff <grothoff@gnunet.org>
AuthorDate: Mon Oct 4 16:40:05 2021 +0200
oenb slides
---
presentations/2021-cb/oenb.tex | 1227 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 1227 insertions(+)
diff --git a/presentations/2021-cb/oenb.tex b/presentations/2021-cb/oenb.tex
new file mode 100644
index 0000000..370d24b
--- /dev/null
+++ b/presentations/2021-cb/oenb.tex
@@ -0,0 +1,1227 @@
+\pdfminorversion=3
+\documentclass[fleqn,xcolor={usenames,dvipsnames}]{beamer}
+\usepackage{amsmath}
+\usepackage{multimedia}
+\usepackage[utf8]{inputenc}
+\usepackage{framed,color,ragged2e}
+\usepackage[absolute,overlay]{textpos}
+\definecolor{shadecolor}{rgb}{0.8,0.8,0.8}
+\usetheme{boxes}
+\setbeamertemplate{navigation symbols}{}
+\usepackage{xcolor}
+\usepackage{tikz,eurosym}
+\usepackage[normalem]{ulem}
+\usepackage{listings}
+\usepackage{adjustbox}
+
+% CSS
+\lstdefinelanguage{CSS}{
+ basicstyle=\ttfamily\scriptsize,
+
keywords={color,background-image:,margin,padding,font,weight,display,position,top,left,right,bottom,list,style,border,size,white,space,min,width,
transition:, transform:, transition-property, transition-duration,
transition-timing-function},
+ sensitive=true,
+ morecomment=[l]{//},
+ morecomment=[s]{/*}{*/},
+ morestring=[b]',
+ morestring=[b]",
+ alsoletter={:},
+ alsodigit={-}
+}
+
+% JavaScript
+\lstdefinelanguage{JavaScript}{
+ basicstyle=\ttfamily\scriptsize,
+ morekeywords={typeof, new, true, false, catch, function, return, null,
catch, switch, var, if, in, while, do, else, case, break},
+ morecomment=[s]{/*}{*/},
+ morecomment=[l]//,
+ morestring=[b]",
+ morestring=[b]'
+}
+
+\lstdefinelanguage{HTML5}{
+ basicstyle=\ttfamily\scriptsize,
+ language=html,
+ sensitive=true,
+ alsoletter={<>=-},
+ morecomment=[s]{<!-}{-->},
+ tag=[s],
+ otherkeywords={
+ % General
+ >,
+ % Standard tags
+ <!DOCTYPE,
+ </html, <html, <head, <title, </title, <style, </style, <link, </head,
<meta, />,
+ % body
+ </body, <body,
+ % Divs
+ </div, <div, </div>,
+ % Paragraphs
+ </p, <p, </p>,
+ % scripts
+ </script, <script,
+ % More tags...
+ <canvas, /canvas>, <svg, <rect, <animateTransform, </rect>, </svg>, <video,
<source, <iframe, </iframe>, </video>, <image, </image>
+ },
+ ndkeywords={
+ % General
+ =,
+ % HTML attributes
+ charset=, src=, id=, width=, height=, style=, type=, rel=, href=,
+ % SVG attributes
+ fill=, attributeName=, begin=, dur=, from=, to=, poster=, controls=, x=, y=,
repeatCount=, xlink:href=,
+ % CSS properties
+ margin:, padding:, background-image:, border:, top:, left:, position:,
width:, height:,
+ % CSS3 properties
+ transform:, -moz-transform:, -webkit-transform:,
+ animation:, -webkit-animation:,
+ transition:, transition-duration:, transition-property:,
transition-timing-function:,
+ }
+}
+
+\lstdefinelanguage{JavaScript}{
+ basicstyle=\ttfamily\scriptsize,
+ keywords={typeof, new, true, false, catch, function, return, null, catch,
switch, var, if, in, while, do, else, case, break, for},
+ keywordstyle=\color{blue}\bfseries,
+ ndkeywords={class, export, boolean, throw, implements, import, this},
+ ndkeywordstyle=\color{darkgray}\bfseries,
+ identifierstyle=\color{black},
+ sensitive=false,
+ comment=[l]{//},
+ morecomment=[s]{/*}{*/},
+ commentstyle=\color{purple}\ttfamily,
+ stringstyle=\color{red}\ttfamily,
+ morestring=[b]',
+ morestring=[b]"
+}
+
+\usetikzlibrary{shapes,arrows}
+\usetikzlibrary{positioning}
+\usetikzlibrary{calc}
+
+\title{GNU Taler as a Retail CBDC}
+%\subtitle{}
+
+\setbeamertemplate{navigation symbols}{\includegraphics[width=1cm]{inria.pdf}
\includegraphics[width=2.3cm]{bfh.png} \includegraphics[width=1.6cm]{fub.pdf}
\includegraphics[width=0.4cm]{ashoka.png}
\includegraphics[width=0.4cm]{gnu.png}
\includegraphics[width=1cm]{logo-2020.jpg} \hfill}
+%\setbeamercovered{transparent=1}
+
+\author[C. Grothoff]{{\bf C. Grothoff}}
+\date{15.10.2021}
+\institute{Taler Systems SA}
+
+
+\begin{document}
+
+\justifying
+
+\begin{frame}
+ \begin{center}
+ \LARGE {\bf GNU}
+
+ \vfill
+% \includegraphics[width=0.66\textwidth]{logo-2017-fr.pdf}
+ \includegraphics[width=0.66\textwidth]{logo-2020.jpg}
+
+ as a Retail CBDC
+ \vfill
+ \end{center}
+\begin{textblock*}{6cm}(.5cm,7.7cm) % {block width} (coords)
+ {\Large {\bf \href{https://taler.net/}{taler.net}} \\
+ \href{https://twitter.com/taler}{taler@twitter} \\
+ \href{https://taler-systems.com/}{taler-systems.com}}
+\end{textblock*}
+
+% Substitute based on who is giving the talk!
+ \begin{textblock*}{6cm}(6.7cm,7.7cm) % {block width} (coords)
+ {%\hfill {\Large {\bf Florian Dold \&} \\
+ \hfill {\bf Christian Grothoff} \\
+ \hfill grothoff@taler.net }
+\end{textblock*}
+
+\end{frame}
+
+\section{Introduction}
+
+\begin{frame}{Main Points}
+ \framesubtitle{https://taler.net/}
+Our CBDC:
+\begin{itemize}
+\item is token-based (no accounts), centrally issued (not DLT); as efficient
and cost-effective
+as modern real-time gross settlement (RTGS) systems operated by central banks;
+\item is designed to provide an electronic equivalent to banknotes, therefore
no material
+impact on monetary policy and/or financial stability expected;
+\item guarantees privacy for the payer, combined with KYC/AML/CFT compliance
and
+income transparency to promote tax compliance;
+\item is implemented as Free/Libre and Open Source Software (FLOSS) to provide
+transparency, accountability, and security (part of the GNU project).
+\end{itemize}
+\end{frame}
+
+
+\begin{frame}{Payment Systems: Accounts vs. Tokens}
+Two types of payment systems:
+\begin{enumerate}
+\item {\bf account-based system}: transfer occurs by charging the payer’s
account and crediting
+the payee’s account (e.g., bank deposits)
+\item {\bf token-based (value-based) system}: transfer occurs by transferring
the value itself, or a
+token that represents the monetary asset (e.g., banknotes)
+\end{enumerate}
+Key Difference is the information carried by the information asset:
+\begin{itemize}
+\item account (assets): associated with a transaction history
+\item token (assets): carry information about value and entity that issued the
token
+\end{itemize}
+Bitcoin, and Distributed Ledger Technologies (DLTs) in general, are
account-based systems!
+Novelty is that the ledger is distributed (decentralized).
+\end{frame}
+
+
+\begin{frame}{Simplistic CBDC Designs}
+\begin{itemize}
+\item Account-based CBDC (e.g., Bindseil 2020, Berentsen and Schär 2018):
+\begin{itemize}
+\item simplest solution: central bank account for all
+\item responsibility to perform KYC and ensure AML/CFT (could be outsourced);
+\item potential for mass-surveillance (threat to CB independence);
+\item in direct competition with commercial banks
+\end{itemize}
+\item Token-based CBDC:
+\begin{itemize}
+\item requires a system to ensure that electronic tokens are not easily copied
+(hardware-based or software-based) $\rightarrow$ double-spending problem
+\item KYC and AML/CFT compliance?
+\end{itemize}
+\end{itemize}
+\end{frame}
+
+
+\section{What is Taler?}
+\begin{frame}{What is Taler?}
+ \begin{center}
+Taler is an electronic instant payment system based on tokens.
+ \end{center}
+ \begin{itemize}
+ \item Uses electronic coins stored in {\bf wallets} on customer's device
+ \item Like {\bf cash}
+ \item Pay in {\bf existing currencies} (i.e. CHF, EUR, USD)
+ \end{itemize}
+ \vfill
+ \pause
+ \noindent
+ However, Taler is
+ \begin{itemize}
+ \item \emph{not} a currency
+ \item \emph{not} a long-term store of value
+ \item \emph{not} a network or instance of a system
+ \item \emph{not} decentralized
+ \item \emph{not} based on proof-of-work or proof-of-stake
+ \item \emph{not} a speculative asset / ``get-rich-quick scheme''
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}{Some of the people behind GNU Taler}
+{\tiny
+\begin{itemize}
+ \item Prof. David Chaum (original research)
+ \item Dr. Florian Dold (cryptography, systems engineering)
+ \item Dr. Belen Pena (UX design, accessibility)
+ \item Prof. Christian Grothoff (research \& development)
+ \item Prof. Andreas Habegger (research, hardware)
+ \item Dr. Thomas Moser (marketing)
+ \item Dr. Richard Stallman (advisory)
+ \item Leon Schumacher, MBA (business)
+ \item Prof. Hansj\"urg Wenger (research, deployment)
+ \item Dr. Michael Widmer, MBA (legal)
+ \item Jonathan (iOS wallet)
+ \item Marcello (bank integration)
+ \item Marco (scalability, snack machine)
+ \item \"Ozg\"ur (security audit, age restrictions)
+ \item Sebastian (Web interface)
+ \item Stefan (documentation, project management)
+ \item Torsten (Andorid wallet)
+\end{itemize}
+}
+\end{frame}
+
+
+\begin{frame}{Design Principles}
+ \framesubtitle{https://taler.net/en/principles.html}
+GNU Taler must ...
+\begin{enumerate}
+ \item {... be implemented as {\bf free software}.}
+ \item {... protect the {\bf privacy of buyers}.}
+ \item {... must enable the state to {\bf tax income} and crack down on
+ illegal business activities.}
+ \item {... prevent payment fraud.}
+ \item {... only {\bf disclose the minimal amount of information
+ necessary}.}
+ \item {... be usable.}
+ \item {... be efficient.}
+ \item {... avoid single points of failure.}
+ \item {... foster {\bf competition}.}
+\end{enumerate}
+\end{frame}
+
+
+\begin{frame}{The Big Picture}
+\begin{center}
+\includegraphics[width=0.8\textwidth]{bp.png}
+\end{center}
+\end{frame}
+
+
+\begin{frame}{Taler: Unique Regulatory Features for CBs}
+
\framesubtitle{\url{https://www.snb.ch/en/mmr/papers/id/working_paper_2021_03}}
+ \begin{itemize}
+ \item Central bank issues digital coins equivalent to issuing cash \\
+ $\Rightarrow$ monetary policy remains under CB control
+ \item Architecture with consumer accounts at commercial banks \\
+ $\Rightarrow$ no competition for commercial banking (S\&L) \\
+ $\Rightarrow$ CB does not have to manage KYC, customer support
+ \item Withdrawal limits and denomination expiration \\
+ $\Rightarrow$ protects against bank runs and hoarding
+ \item Income transparency and possibility to set fees \\
+ $\Rightarrow$ additional insights into economy and new policy options
+ \item Revocation protocols and loss limitations \\
+ $\Rightarrow$ exit strategy and handles catastrophic security
incidents
+ \item Privacy by cryptographic design not organizational compliance \\
+ $\Rightarrow$ CB cannot be forced to facilitate mass-surveillance
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+\frametitle{Taler Core Components}
+ \framesubtitle{\url{https://taler.net/en/docs.html}}
+\begin{center}
+\scalebox{0.2}{
+\begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 5em and 6.5em, inner sep=1em, outer
sep=.3em];
+ \node (origin) at (0,0) {};
+ \node (exchange) [def,above=of origin,draw]{Exchange};
+ \node (customer) [def, draw, below left=of origin] {Customer};
+ \node (merchant) [def, draw, below right=of origin] {Merchant};
+ \node (auditor) [def, draw, above right=of origin]{Auditor};
+% \node (regulator) [def, draw, above=of auditor]{CSSF};
+
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (customer) -- (exchange) node [midway, above, sloped]
(TextNode) {withdraw coins};
+ \draw [<-, C] (exchange) -- (merchant) node [midway, above, sloped]
(TextNode) {deposit coins};
+ \draw [<-, C] (merchant) -- (customer) node [midway, above, sloped]
(TextNode) {spend coins};
+ \draw [<-, C] (exchange) -- (auditor) node [midway, above, sloped] (TextNode)
{verify};
+% \draw [<-, C] (regulator) -- (auditor) node [midway, above, sloped]
(TextNode) {report};
+
+\end{tikzpicture}
+}
+\end{center}
+{%\tiny
+ \begin{itemize}
+ \item {\bf Exchange:} Service provider for digital cash
+ \begin{itemize}
+ \item Core exchange software (cryptography, database)
+ \item Air-gapped key management, real-time {\bf auditing}
+ \end{itemize}
+ \item {\bf Merchant:} Integration service for existing businesses
+ \begin{itemize}
+ \item Core merchant backend software (cryptography, database)
+ \item Back-office interface for staff
+ \item Frontend integration (E-commerce, Point-of-sale)
+ \end{itemize}
+ \item {\bf Wallet:} Consumer-controlled applications for e-cash
+ \begin{itemize}
+ \item Multi-platform wallet software (for browsers \& mobile phones)
+ \item Wallet backup storage providers
+ \end{itemize}
+ \end{itemize}
+}
+\end{frame}
+
+
+\begin{frame}{Usability of Taler}
+ \vfill
+ \begin{center}
+ \url{https://demo.taler.net/}
+ \end{center}
+ \begin{enumerate}
+ \item Install browser extension.
+ \item Visit the {\tt bank.demo.taler.net} to withdraw coins.
+ \item Visit the {\tt shop.demo.taler.net} to spend coins.
+ \end{enumerate}
+ \vfill
+\end{frame}
+
+
+
+\begin{frame}{How does it work?}
+ \framesubtitle{\url{https://taler.net/papers/thesis-dold-phd-2019.pdf}}
+ We use a few ancient constructions:
+ \begin{itemize}
+ \item Cryptographic hash function (1989)
+ \item Blind signature (1983)
+ \item Schnorr signature (1989)
+ \item Diffie-Hellman key exchange (1976)
+ \item Cut-and-choose zero-knowledge proof (1985)
+ \end{itemize}
+But of course we use modern instantiations.
+\end{frame}
+
+
+\begin{frame}{Definition: Taxability}
+ We say Taler is taxable because:
+ \begin{itemize}
+ \item Merchant's income is visible from deposits.
+ \item Hash of contract is part of deposit data.
+ \item State can trace income and enforce taxation.
+ \end{itemize}\pause
+ Limitations:
+ \begin{itemize}
+ \item withdraw loophole
+ \item {\em sharing} coins among family and friends
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}{Exchange setup: Create a denomination key (RSA)}
+ \begin{minipage}{6cm}
+ \begin{enumerate}
+ \item Pick random primes $p,q$.
+ \item Compute $n := pq$, $\phi(n) = (p-1)(q-1)$
+ \item Pick small $e < \phi(n)$ such that
+ $d := e^{-1} \mod \phi(n)$ exists.
+ \item Publish public key $(e,n)$.
+ \end{enumerate}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance=1em and 1em, inner sep=0em, outer sep=.3em];
+ \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}};
+ \node (primes) [draw=none, below = of origin] at (0,0) {$(p, q)$};
+ \node (seal) [def, draw=none, below left=of
primes]{\includegraphics[width=0.15\textwidth]{seal.pdf}};
+ \node (hammer) [def, draw=none, below right=of
primes]{\includegraphics[width=0.15\textwidth]{hammer.pdf}};
+
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (primes) -- (origin) node [midway, above, sloped] (TextNode)
{};
+ \draw [<-, C] (seal) -- (primes) node [midway, above, sloped] (TextNode)
{};
+ \draw [<-, C] (hammer) -- (primes) node [midway, above, sloped] (TextNode)
{};
+ \end{tikzpicture}
+% \includegraphics[width=0.4\textwidth]{seal.pdf}
+ \end{minipage}
+\end{frame}
+
+
+\begin{frame}{Merchant: Create a signing key (EdDSA)}
+ \begin{minipage}{6cm}
+ \begin{itemize}
+ \item pick random $m \mod o$ as private key
+ \item $M = mG$ public key
+ \end{itemize}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer
sep=.3em];
+ \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}};
+ \node (m) [draw=none, below = of origin] at (0,0) {$m$};
+ \node (seal) [draw=none, below=of m]{M};
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (m) -- (origin) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (seal) -- (primes) node [midway, above, sloped] (TextNode)
{};
+ \end{tikzpicture}
+ \end{minipage}
+ \parbox[t]{3cm}{{\bf Capability:} $m \Rightarrow$ }
+
\raisebox{\dimexpr-\height+\baselineskip}{\includegraphics[width=0.1\textwidth]{merchant-sign.pdf}}
+\end{frame}
+
+
+\begin{frame}{Customer: Create a planchet (EdDSA)}
+ \begin{minipage}{8cm}
+ \begin{itemize}
+ \item Pick random $c \mod o$ private key
+ \item $C = cG$ public key
+ \end{itemize}
+ \end{minipage}
+ \begin{minipage}{4cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer
sep=.3em];
+ \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}};
+ \node (c) [draw=none, below = of origin] at (0,0) {$c$};
+ \node (planchet) [draw=none, below=of
c]{\includegraphics[width=0.4\textwidth]{planchet.pdf}};
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (c) -- (origin) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (planchet) -- (c) node [midway, above, sloped] (TextNode) {};
+ \end{tikzpicture}
+ \end{minipage}
+ \parbox[t]{3cm}{{\bf Capability:} $c \Rightarrow$ }
+
\raisebox{\dimexpr-\height+\baselineskip}{\includegraphics[width=0.1\textwidth]{planchet-sign.pdf}}
+\end{frame}
+
+
+\begin{frame}{Customer: Blind planchet (RSA)}
+ \begin{minipage}{6cm}
+ \begin{enumerate}
+ \item Obtain public key $(e,n)$
+ \item Compute $f := FDH(C)$, $f < n$.
+ \item Pick blinding factor $b \in \mathbb Z_n$
+ \item Transmit $f' := f b^e \mod n$
+ \end{enumerate}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer
sep=.3em];
+ \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}};
+ \node (b) [def, draw=none, below = of origin] at (0,-0.2) {$b$};
+ \node (blinded) [def, draw=none, below right=of
b]{\includegraphics[width=0.2\textwidth]{blinded.pdf}};
+ \node (planchet) [def, draw=none, above right=of
blinded]{\includegraphics[width=0.15\textwidth]{planchet.pdf}};
+ \node (exchange) [node distance=4em and 0.5em, draw, below =of
blinded]{Exchange};
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (b) -- (origin) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (blinded) -- (planchet) node [midway, above, sloped]
(TextNode) {};
+ \draw [<-, C] (blinded) -- (b) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped]
(TextNode) {{\small transmit}};
+ \end{tikzpicture}
+ \end{minipage}
+\end{frame}
+
+
+\begin{frame}{Exchange: Blind sign (RSA)}
+ \begin{minipage}{6cm}
+ \begin{enumerate}
+ \item Receive $f'$.
+ \item Compute $s' := f'^d \mod n$.
+ \item Send signature $s'$.
+ \end{enumerate}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer
sep=.3em];
+ \node (hammer) [def, draw=none] at (0,0)
{\includegraphics[width=0.15\textwidth]{hammer.pdf}};
+ \node (signed) [def, draw=none, below left=of
hammer]{\includegraphics[width=0.2\textwidth]{sign.pdf}};
+ \node (blinded) [def, draw=none, above left=of
signed]{\includegraphics[width=0.15\textwidth]{blinded.pdf}};
+ \node (customer) [node distance=4em and 0.5em, draw, below =of
signed]{Customer};
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (signed) -- (hammer) node [midway, above, sloped] (TextNode)
{};
+ \draw [<-, C] (signed) -- (blinded) node [midway, above, sloped]
(TextNode) {};
+ \draw [<-, C] (customer) -- (signed) node [midway, above, sloped]
(TextNode) {{\small transmit}};
+ \end{tikzpicture}
+ \end{minipage}
+\end{frame}
+
+
+\begin{frame}{Customer: Unblind coin (RSA)}
+ \begin{minipage}{6cm}
+ \begin{enumerate}
+ \item Receive $s'$.
+ \item Compute $s := s' b^{-1} \mod n$ % \\
+ % ($(f')^d = (f b^e)^d = f^d b$).
+ \end{enumerate}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer
sep=.3em];
+ \node (b) [def, draw=none] at (0,0) {$b$};
+ \node (coin) [def, draw=none, below left=of
b]{\includegraphics[width=0.2\textwidth]{coin.pdf}};
+ \node (signed) [def, draw=none, above left=of
coin]{\includegraphics[width=0.15\textwidth]{sign.pdf}};
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (coin) -- (b) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (coin) -- (signed) node [midway, above, sloped] (TextNode)
{};
+ \end{tikzpicture}
+ \end{minipage}
+\end{frame}
+
+\begin{frame}{Withdrawing coins on the Web}
+ \begin{center}
+ \includegraphics[height=0.9\textheight]{figs/taler-withdraw.pdf}
+ \end{center}
+\end{frame}
+
+
+\begin{frame}{Customer: Build shopping cart}
+ \begin{center}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer
sep=.3em];
+ \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{shop.pdf}};
+ \node (cart) [draw=none, below=of
m]{\includegraphics[width=0.2\textwidth]{cart.pdf}};
+ \node (merchant) [node distance=4em and 0.5em, draw, below =of
cart]{Merchant};
+ \tikzstyle{C} = [color=black, line width=1pt];
+ \draw [<-, C] (cart) -- (origin) node [midway, above, sloped] (TextNode)
{};
+ \draw [<-, C] (merchant) -- (cart) node [midway, above, sloped] (TextNode)
{{\small transmit}};
+ \end{tikzpicture}
+ \end{center}
+\end{frame}
+
+
+\begin{frame}{Merchant Integration: Payment Request}
+% \begin{figure}[p!]
+ \lstset{language=HTML5}
+ \lstinputlisting{figs/taler-402.html}
+% \caption{Sample HTTP response to prompt the wallet to show an offer.}
+% \label{listing:http-contract}
+\end{frame}
+
+% \begin{figure*}[p!]
+% \lstset{language=HTML5}
+% \lstinputlisting{figs/taler-contract.html}
+% \caption{Sample JavaScript code to prompt the wallet to show an offer.
+% Here, the contract is fetched on-demand from the server.
+% The {\tt taler\_pay()} function needs to be invoked
+% when the user triggers the checkout.}
+% \label{listing:contract}
+% \end{figure*}
+%\end{frame}
+
+
+%\begin{frame}{Merchant Integration: Contract}
+ % \begin{figure*}[t!]
+% {\tiny
+% \lstset{language=JavaScript}
+% \lstinputlisting{figs/taler-contract.json}
+% \caption{Minimal Taler contract over a digital article with a value of
\EUR{0.10}. The merchant will pay transaction fees up to \EUR{0.01}. The hash
over the wire transfer information was truncated to make it fit to the page.}
+% \label{listing:json-contract}
+ % \end{figure*}
+% }
+%\end{frame}
+
+
+\begin{frame}{Merchant: Propose contract (EdDSA)}
+ \begin{minipage}{6cm}
+ \begin{enumerate}
+ \item Complete proposal $D$.
+ \item Send $D$, $EdDSA_m(D)$
+ \end{enumerate}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance=2em and 0.5em, inner sep=0em, outer
sep=.3em];
+ \node (cart) [def, draw=none] at (0,0)
{\includegraphics[width=0.15\textwidth]{cart.pdf}};
+ \node (proposal) [def, draw=none, below right=of
cart]{\includegraphics[width=0.5\textwidth]{merchant_propose.pdf}};
+ \node (customer) [node distance=4em and 0.5em, draw, below =of
proposal]{Customer};
+ \tikzstyle{C} = [color=black, line width=1pt];
+ \node (sign) [def, draw=none, above right=of proposal] {$m$};
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (proposal) -- (sign) node [midway, above, sloped] (TextNode)
{};
+ \draw [<-, C] (proposal) -- (cart) node [midway, above, sloped] (TextNode)
{};
+ \draw [<-, C] (customer) -- (proposal) node [midway, above, sloped]
(TextNode) {{\small transmit}};
+ \end{tikzpicture}
+ \end{minipage}
+\end{frame}
+
+
+\begin{frame}{Customer: Spend coin (EdDSA)}
+ \begin{minipage}{6cm}
+ \begin{enumerate}
+ \item Receive proposal $D$, $EdDSA_m(D)$.
+ \item Send $s$, $C$, $EdDSA_c(D)$
+ \end{enumerate}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance=2em and 0.4em, inner sep=0em, outer
sep=.3em];
+ \node (proposal) [def, draw=none] at (0,0)
{\includegraphics[width=0.15\textwidth]{merchant_propose.pdf}};
+ \node (contract) [def, draw=none, below right=of
cart]{\includegraphics[width=0.3\textwidth]{contract.pdf}};
+ \node (c) [def, draw=none, above=of contract] {$c$};
+ \node (merchant) [node distance=4em and 0.5em, draw, below=of
contract]{Merchant};
+ \node (coin) [def, draw=none, right=of
contract]{\includegraphics[width=0.2\textwidth]{coin.pdf}};
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (contract) -- (c) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (contract) -- (proposal) node [midway, above, sloped]
(TextNode) {};
+ \draw [<-, C] (merchant) -- (contract) node [midway, above, sloped]
(TextNode) {{\small transmit}};
+ \draw [<-, C] (merchant) -- (coin) node [midway, below, sloped] (TextNode)
{{\small transmit}};
+ \end{tikzpicture}
+ \end{minipage}
+\end{frame}
+
+
+\begin{frame}{Merchant and Exchange: Verify coin (RSA)}
+ \begin{minipage}{6cm}
+ \begin{equation*}
+ s^e \stackrel{?}{\equiv} FDH(C) \mod n
+ \end{equation*}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{minipage}{0.2\textwidth}
+ \includegraphics[width=\textwidth]{coin.pdf}
+ \end{minipage}
+ $\stackrel{?}{\Leftrightarrow}$
+ \begin{minipage}{0.2\textwidth}
+ \includegraphics[width=\textwidth]{seal.pdf}
+ \end{minipage}
+ \end{minipage}
+ \vfill
+ The exchange does not only verify the signature, but also
+ checks that the coin was not double-spent.
+ \vfill
+ \pause
+ \begin{center}
+ {\bf Taler is an online payment system.}
+ \end{center}
+ \vfill
+\end{frame}
+
+
+\begin{frame}{Requirements: Online vs. Offline Digital Currencies}
+\framesubtitle{\url{https://taler.net/papers/euro-bearer-online-2021.pdf}}
+\begin{itemize}
+ \item Offline capabilities are sometimes cited as a requirement for
digital payment solutions
+ \item All implementations must either use restrictive hardware elements
and/or introduce
+ counterparty risk.
+ \item[$\Rightarrow$] Permanent offline features weaken a digital payment
solution (privacy, security)
+ \item[$\Rightarrow$] Introduces unwarranted competition for physical cash
(endangers emergency-preparedness).
+ \end{itemize}
+ We recommend a tiered approach:
+ \begin{enumerate}
+ \item Online-first, bearer-based digital currency with Taler
+ \item (Optional:) Limited offline mode for network outages
+ \item Physical cash for emergencies (power outage, catastrophic cyber
incidents)
+ \end{enumerate}
+\end{frame}
+
+
+\begin{frame}{Payment processing with Taler}
+ \begin{center}
+ \includegraphics[height=0.9\textheight]{figs/taler-pay.pdf}
+ \end{center}
+\end{frame}
+
+
+\begin{frame}{Giving change}
+ It would be inefficient to pay EUR 100 with 1 cent coins!
+ \begin{itemize}
+ \item Denomination key represents value of a coin.
+ \item Exchange may offer various denominations for coins.
+ \item Wallet may not have exact change!
+ \item Usability requires ability to pay given sufficient total funds.
+ \end{itemize}\pause
+ Key goals:
+ \begin{itemize}
+ \item maintain unlinkability
+ \item maintain taxability of transactions
+ \end{itemize}\pause
+ Method:
+ \begin{itemize}
+ \item Contract can specify to only pay {\em partial value} of a coin.
+ \item Exchange allows wallet to obtain {\em unlinkable change}
+ for remaining coin value.
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}{Diffie-Hellman (ECDH)}
+ \begin{minipage}{8cm}
+ \begin{enumerate}
+ \item Create private keys $c,t \mod o$
+ \item Define $C = cG$
+ \item Define $T = tG$
+ \item Compute DH \\ $cT = c(tG) = t(cG) = tC$
+ \end{enumerate}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer
sep=.3em];
+ \node (t) [def, draw=none] at (0,0) {$t$};
+ \node (ct) [def, draw=none, below left=of
b]{\includegraphics[width=0.2\textwidth]{dh.pdf}};
+ \node (c) [def, draw=none, above left= of ct] {$c$};
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (ct) -- (c) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (ct) -- (t) node [midway, above, sloped] (TextNode) {};
+ \end{tikzpicture}
+ \end{minipage}
+\end{frame}
+
+
+\begin{frame}{Strawman solution}
+ \begin{minipage}{8cm}
+ Given partially spent private coin key $c_{old}$:
+ \begin{enumerate}
+% \item Let $C_{old} := c_{old}G$ (as before)
+ \item Pick random $c_{new} \mod o$ private key
+ \item $C_{new} = c_{new}G$ public key
+ \item Pick random $b_{new}$
+ \item Compute $f_{new} := FDH(C_{new})$, $m < n$.
+ \item Transmit $f'_{new} := f_{new} b_{new}^e \mod n$
+ \end{enumerate}
+ ... and sign request for change with $c_{old}$.
+ \end{minipage}
+ \begin{minipage}{4cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer
sep=.3em];
+ \node (blinded) [def,
draw=none]{\includegraphics[width=0.15\textwidth]{blinded.pdf}};
+ \node (planchet) [def, draw=none, above left= of blinded]
{\includegraphics[width=0.15\textwidth]{planchet.pdf}};
+ \node (cnew) [def, draw=none, above= of planchet] {$c_{new}$};
+ \node (bnew) [def, draw=none, above right= of blinded] {$b_{new}$};
+ \node (dice1) [def, draw=none, above = of
cnew]{\includegraphics[width=0.2\textwidth]{dice.pdf}};
+ \node (dice2) [def, draw=none, above = of
bnew]{\includegraphics[width=0.2\textwidth]{dice.pdf}};
+ \node (exchange) [node distance=4em and 0.5em, draw, below =of
blinded]{Exchange};
+
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (cnew) -- (dice1) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (planchet) -- (cnew) node [midway, above, sloped] (TextNode)
{};
+ \draw [<-, C] (bnew) -- (dice2) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (blinded) -- (planchet) node [midway, above, sloped]
(TextNode) {};
+ \draw [<-, C] (blinded) -- (bnew) node [midway, above, sloped] (TextNode)
{};
+ \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped]
(TextNode) {{\small transmit}};
+ \end{tikzpicture}
+ \end{minipage}
+ \pause
+ \vfill
+ {\bf Problem: Owner of $c_{new}$ may differ from owner of $c_{old}$!}
+\end{frame}
+
+
+\begin{frame}{Customer: Transfer key setup (ECDH)}
+ \begin{minipage}{8cm}
+ Given partially spent private coin key $c_{old}$:
+ \begin{enumerate}
+ \item Let $C_{old} := c_{old}G$ (as before)
+ \item Create random private transfer key $t \mod o$
+ \item Compute $T := tG$
+ \item Compute $X := c_{old}(tG) = t(c_{old}G) = tC_{old}$
+ \item Derive $c_{new}$ and $b_{new}$ from $X$
+ \item Compute $C_{new} := c_{new}G$
+ \item Compute $f_{new} := FDH(C_{new})$
+ \item Transmit $f_{new}' := f_{new} b_{new}^e$
+ \end{enumerate}
+ \end{minipage}
+ \begin{minipage}{4cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer
sep=.3em];
+ \node (t) [def, draw=none] at (0,0) {$t$};
+ \node (dice) [def, draw=none, above = of
t]{\includegraphics[width=0.2\textwidth]{dice.pdf}};
+ \node (dh) [def, draw=none, below left=of
b]{\includegraphics[width=0.2\textwidth]{ct.pdf}};
+ \node (d) [def, draw=none, above left= of dh] {$c_{old}$};
+ \node (cp) [def, draw=none, below left= of dh] {$c_{new}$};
+ \node (bp) [def, draw=none, below right= of dh] {$b_{new}$};
+ \node (blinded) [def, draw=none, below right=of
cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}};
+ \node (exchange) [node distance=4em and 0.5em, draw, below =of
blinded]{Exchange};
+
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (dh) -- (t) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (t) -- (dice) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped]
(TextNode) {{\small transmit}};
+ \end{tikzpicture}
+ \end{minipage}
+\end{frame}
+
+
+\begin{frame}{Cut-and-Choose}
+ \begin{minipage}{4cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer
sep=.3em];
+ \node (t) [def, draw=none] at (0,0) {$t_1$};
+ \node (dice) [def, draw=none, above = of
t]{\includegraphics[width=0.2\textwidth]{dice.pdf}};
+ \node (dh) [def, draw=none, below left=of
b]{\includegraphics[width=0.2\textwidth]{ct.pdf}};
+ \node (d) [def, draw=none, above left= of dh] {$c_{old}$};
+ \node (cp) [def, draw=none, below left= of dh] {$c_{new,1}$};
+ \node (bp) [def, draw=none, below right= of dh] {$b_{new,1}$};
+ \node (blinded) [def, draw=none, below right=of
cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}};
+ \node (exchange) [node distance=4em and 0.5em, draw, below =of
blinded]{Exchange};
+
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (t) -- (dice) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (dh) -- (t) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped]
(TextNode) {{\small transmit}};
+ \end{tikzpicture}
+ \end{minipage}
+ \begin{minipage}{4cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer
sep=.3em];
+ \node (t) [def, draw=none] at (0,0) {$t_2$};
+ \node (dice) [def, draw=none, above = of
t]{\includegraphics[width=0.2\textwidth]{dice.pdf}};
+ \node (dh) [def, draw=none, below left=of
b]{\includegraphics[width=0.2\textwidth]{ct.pdf}};
+ \node (d) [def, draw=none, above left= of dh] {$c_{old}$};
+ \node (cp) [def, draw=none, below left= of dh] {$c_{new,2}$};
+ \node (bp) [def, draw=none, below right= of dh] {$b_{new,2}$};
+ \node (blinded) [def, draw=none, below right=of
cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}};
+ \node (exchange) [node distance=4em and 0.5em, draw, below =of
blinded]{Exchange};
+
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (t) -- (dice) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (dh) -- (t) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped]
(TextNode) {{\small transmit}};
+ \end{tikzpicture}
+ \end{minipage}
+ \begin{minipage}{4cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer
sep=.3em];
+ \node (t) [def, draw=none] at (0,0) {$t_3$};
+ \node (dice) [def, draw=none, above = of
t]{\includegraphics[width=0.2\textwidth]{dice.pdf}};
+ \node (dh) [def, draw=none, below left=of
b]{\includegraphics[width=0.2\textwidth]{ct.pdf}};
+ \node (d) [def, draw=none, above left= of dh] {$c_{old}$};
+ \node (cp) [def, draw=none, below left= of dh] {$c_{new,3}$};
+ \node (bp) [def, draw=none, below right= of dh] {$b_{new,3}$};
+ \node (blinded) [def, draw=none, below right=of
cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}};
+ \node (exchange) [node distance=4em and 0.5em, draw, below =of
blinded]{Exchange};
+
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (t) -- (dice) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (dh) -- (t) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped]
(TextNode) {{\small transmit}};
+ \end{tikzpicture}
+ \end{minipage}
+\end{frame}
+
+
+\begin{frame}{Exchange: Choose!}
+ \begin{center}
+ \item Exchange sends back random $\gamma \in \{ 1, 2, 3 \}$ to the
customer.
+ \end{center}
+\end{frame}
+
+
+\begin{frame}{Customer: Reveal}
+ \begin{enumerate}
+ \item If $\gamma = 1$, send $t_2$, $t_3$ to exchange
+ \item If $\gamma = 2$, send $t_1$, $t_3$ to exchange
+ \item If $\gamma = 3$, send $t_1$, $t_2$ to exchange
+ \end{enumerate}
+\end{frame}
+
+
+\begin{frame}{Exchange: Verify ($\gamma = 2$)}
+ \begin{minipage}{4cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer
sep=.3em];
+ \node (h) [def, draw=none] at (0,0) {$t_1$};
+ \node (dh) [def, draw=none, below left=of
b]{\includegraphics[width=0.2\textwidth]{ct.pdf}};
+ \node (d) [def, draw=none, above left= of dh] {$C_{old}$};
+ \node (cp) [def, draw=none, below left= of dh] {$c_{new,1}$};
+ \node (bp) [def, draw=none, below right= of dh] {$b_{new,1}$};
+ \node (blinded) [def, draw=none, below right=of
cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}};
+
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (dh) -- (h) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {};
+ \end{tikzpicture}
+ \end{minipage}
+ \begin{minipage}{4cm}
+ \
+ \end{minipage}
+ \begin{minipage}{4cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer
sep=.3em];
+ \node (h) [def, draw=none] at (0,0) {$t_3$};
+ \node (dh) [def, draw=none, below left=of
b]{\includegraphics[width=0.2\textwidth]{ct.pdf}};
+ \node (d) [def, draw=none, above left= of dh] {$C_{old}$};
+ \node (cp) [def, draw=none, below left= of dh] {$c_{new,3}$};
+ \node (bp) [def, draw=none, below right= of dh] {$b_{new,3}$};
+ \node (blinded) [def, draw=none, below right=of
cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}};
+
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (dh) -- (h) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {};
+ \end{tikzpicture}
+ \end{minipage}
+\end{frame}
+
+
+\begin{frame}{Exchange: Blind sign change (RSA)}
+ \begin{minipage}{6cm}
+ \begin{enumerate}
+ \item Take $f_{new,\gamma}'$.
+ \item Compute $s' := f_{new,\gamma}'^d \mod n$.
+ \item Send signature $s'$.
+ \end{enumerate}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer
sep=.3em];
+ \node (hammer) [def, draw=none] at (0,0)
{\includegraphics[width=0.15\textwidth]{hammer.pdf}};
+ \node (signed) [def, draw=none, below left=of
hammer]{\includegraphics[width=0.2\textwidth]{sign.pdf}};
+ \node (blinded) [def, draw=none, above left=of
signed]{\includegraphics[width=0.15\textwidth]{blinded.pdf}};
+ \node (customer) [node distance=4em and 0.5em, draw, below =of
signed]{Customer};
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (signed) -- (hammer) node [midway, above, sloped] (TextNode)
{};
+ \draw [<-, C] (signed) -- (blinded) node [midway, above, sloped]
(TextNode) {};
+ \draw [<-, C] (customer) -- (signed) node [midway, above, sloped]
(TextNode) {{\small transmit}};
+ \end{tikzpicture}
+ \end{minipage}
+\end{frame}
+
+
+\begin{frame}{Customer: Unblind change (RSA)}
+ \begin{minipage}{6cm}
+ \begin{enumerate}
+ \item Receive $s'$.
+ \item Compute $s := s' b_{new,\gamma}^{-1} \mod n$.
+ \end{enumerate}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer
sep=.3em];
+ \node (b) [def, draw=none] at (0,0) {$b_{new,\gamma}$};
+ \node (coin) [def, draw=none, below left=of
b]{\includegraphics[width=0.2\textwidth]{coin.pdf}};
+ \node (signed) [def, draw=none, above left=of
coin]{\includegraphics[width=0.15\textwidth]{sign.pdf}};
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (coin) -- (b) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (coin) -- (signed) node [midway, above, sloped] (TextNode)
{};
+ \end{tikzpicture}
+ \end{minipage}
+\end{frame}
+
+
+\begin{frame}{Exchange: Allow linking change}
+ \begin{minipage}{7cm}
+ \begin{center}
+ Given $C_{old}$
+
+ \vspace{1cm}
+
+ return $T_\gamma$, $s := s' b_{new,\gamma}^{-1} \mod n$.
+ \end{center}
+ \end{minipage}
+ \begin{minipage}{5cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 3em and 0.5em, inner sep=0.5em, outer
sep=.3em];
+ \node (co) [def, draw=none] at (0,0) {$C_{old}$};
+ \node (T) [def, draw=none, below left=of co]{$T_\gamma$};
+ \node (sign) [def, draw=none, below right=of
co]{\includegraphics[width=0.15\textwidth]{sign.pdf}};
+ \node (customer) [def, draw, below right=of T] {Customer};
+
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (T) -- (co) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (sign) -- (co) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (customer) -- (T) node [midway, above, sloped] (TextNode)
{link};
+ \draw [<-, C] (customer) -- (sign) node [midway, above, sloped] (TextNode)
{link};
+ \end{tikzpicture}
+ \end{minipage}
+\end{frame}
+
+
+\begin{frame}{Customer: Link (threat!)}
+ \begin{minipage}{6.3cm}
+ \begin{enumerate}
+ \item Have $c_{old}$.
+ \item Obtain $T_\gamma$, $s$ from exchange
+ \item Compute $X_\gamma = c_{old}T_\gamma$
+ \item Derive $c_{new,\gamma}$ and $b_{new,\gamma}$ from $X_\gamma$
+ \item Unblind $s := s' b_{new,\gamma}^{-1} \mod n$
+ \end{enumerate}
+
+ \end{minipage}
+ \begin{minipage}{5.7cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer
sep=.3em];
+ \node (T) [def, draw=none] at (0,0) {$T_\gamma$};
+ \node (exchange) [def, inner sep=0.5em, draw, above left=of T] {Exchange};
+ \node (signed) [def, draw=none, below left=of
T]{\includegraphics[width=0.15\textwidth]{sign.pdf}};
+ \node (dh) [def, draw=none, below right=of
T]{\includegraphics[width=0.2\textwidth]{ct.pdf}};
+ \node (bp) [def, draw=none, below left= of dh] {$b_{new,\gamma}$};
+ \node (co) [def, draw=none, above right= of dh] {$c_{old}$};
+ \node (cp) [def, draw=none, below= of dh] {$c_{new,\gamma}$};
+ \node (coin) [def, draw=none, below left = of
bp]{\includegraphics[width=0.2\textwidth]{coin.pdf}};
+ \node (psign) [def, node distance=2.5em and 0em, draw=none, below = of
cp]{\includegraphics[width=0.2\textwidth]{planchet-sign.pdf}};
+
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (dh) -- (co) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (dh) -- (T) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (coin) -- (signed) node [midway, above, sloped] (TextNode)
{};
+ \draw [<-, C] (coin) -- (bp) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (T) -- (exchange) node [midway, above, sloped] (TextNode)
{link};
+ \draw [<-, C] (signed) -- (exchange) node [midway, below, sloped]
(TextNode) {link};
+ \draw [<-, C, double] (psign) -- (cp) node [midway, below, sloped]
(TextNode) {};
+ \end{tikzpicture}
+ \end{minipage}
+\end{frame}
+
+
+\begin{frame}{Refresh protocol summary}
+ \begin{itemize}
+ \item Customer asks exchange to convert old coin to new coin
+ \item Protocol ensures new coins can be recovered from old coin
+ \item[$\Rightarrow$] New coins are owned by the same entity!
+ \end{itemize}
+ Thus, the refresh protocol allows:
+ \begin{itemize}
+ \item To give unlinkable change.
+ \item To give refunds to an anonymous customer.
+ \item To expire old keys and migrate coins to new ones.
+ \item To handle protocol aborts.
+ \end{itemize}
+ \noindent
+ \begin{center}
+ \bf
+ Transactions via refresh are equivalent to {\em sharing} a wallet.
+\end{center}
+\end{frame}
+
+
+\begin{frame}{Requirements: Online vs. Offline Digital Currencies}
+\framesubtitle{\url{https://taler.net/papers/euro-bearer-online-2021.pdf}}
+\begin{itemize}
+ \item Offline capabilities are sometimes cited as a requirement for
digital payment solutions
+ \item All implementations must either use restrictive hardware elements
and/or introduce
+ counterparty risk.
+ \item[$\Rightarrow$] Permanent offline features weaken a digital payment
solution (privacy, security)
+ \item[$\Rightarrow$] Introduces unwarranted competition for physical cash
(endangers emergency-preparedness).
+ \end{itemize}
+ We recommend a tiered approach:
+ \begin{enumerate}
+ \item Online-first, bearer-based digital currency with Taler
+% \item (Optional:) Limited offline mode for network outages
+ \item Physical cash for emergencies (power outage, catastrophic cyber
incidents)
+ \end{enumerate}
+\end{frame}
+
+
+\begin{frame}{Scalability}
+On paper, the design scales linearly with computing resources:
+\begin{itemize}
+\item Front-end logic at the central bank only needs to perform a few
signature operations, a
+single CPU core can typically do a few thousands per second.
+\item Front-end servers need to talk to a database to prevent double-spending.
A single database server can handle tens of thousands of such operations per
second.
+\item All operations are easily split across multiple database servers by
simply assigning
+each database server a range of values.
+\item The frontends need to talk to the backends using an interconnect. The
size of an
+individual transaction is typically about 1–10 kilobytes. Modern interconnects
+can support millions of such transactions per second.
+\item To securely store 1-10 kilobytes per transaction, using AWS pricing, the
cost of the
+system (storage, bandwidth, computation) at scale would be 0.0001 USD per
transaction.
+\end{itemize}
+\end{frame}
+
+
+\begin{frame}{Scalability in numbers}
+On a {\bf single desktop system}, we measured:
+\begin{itemize}
+\item {\bf 1k+} withdraws\&deposits/second (client and server doing 2048-bit
RSA)
+\item {\bf 50k+} import inbound wire transfers per second (to RTGS)
+\item {\bf 33k+} transactions aggregated/second
+\item {\bf 62k+} export outbound wire transfers per second (to RTGS)
+\end{itemize}
+We are now configuring the Grid5000 for larger-scale experiments.
+\end{frame}
+
+
+\begin{frame}{Taler: Project Status}
+\framesubtitle{\url{https://docs.taler.net/}}
+\begin{itemize}
+ \item Cryptographic protocols and core exchange component are stable
+ \item Current focus: KYC process at commercial bank, scalability
evaluation, age-restricted payments, P2P payments
+ \item Internal alpha deployment with a commercial bank in progress
+ \item Pilot project at Bern University of Applied Sciences cafeteria
+ \end{itemize}
+\begin{center}
+\includegraphics[width=0.7\textwidth]{taler-in-use.png}
+ \end{center}
+\end{frame}
+
+
+\section{Competitor comparison}
+\begin{frame}{Competitor comparison}
+ \begin{center} \small
+ \begin{tabular}{l||c|c|c|c|c}
+ & Cash & DLT & HW-Token & CB-Account & GNU Taler \\
\hline \hline
+ Online &$-$$-$$-$ & + & $-$ & ++ & +++ \\
\hline
+ Offline & +++ & $-$$-$$-$ & $+$ & $-$$-$ & $-$$-$ \\
\hline
+ Cost & $-$ & $-$$-$$-$ & $-$ & + & ++ \\
\hline
+ Speed & + & $-$$-$$-$ & $+$ & o & ++ \\
\hline
+ Taxation & $-$ & +++ & $-$$-$ & +++ & +++ \\
\hline
+ Payer-anon & ++ & $-$$-$ & ??? & $-$$-$ & +++ \\
\hline
+ Payee-anon & ++ & $-$$-$ & ??? & $-$$-$ & $-$$-$$-$ \\
\hline
+ Security & $-$ & ??? & $-$$-$ & o & ++ \\
\hline
+ Migration & +++ & $-$$-$$-$ & $-$$-$$-$& o & + \\
\hline
+ Libre & $-$ & ??? & $-$$-$$-$& N/A & +++ \\
+ \end{tabular}
+ \end{center}
+\end{frame}
+
+
+\begin{frame}{The Future: System Integration and Partnerships}
+ Pilots with banking organizations could:
+ \begin{itemize}
+ \item Share knowledge on Taler deployment
+ \item Study integration with the underlying RTGS layer:
+ \begin{itemize}
+ \item Develop standardized operational procedures
+ \item Perform cost analysis in banking environment
+ \item Assess effort for integration with commercial banks
+ \end{itemize}
+ \item Analyze regulatory considerations for different legislations
+ \item Perform independent security audits of Taler components
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+\frametitle{Do you have any questions?}
+\vfill
+References:
+{\tiny
+ \begin{enumerate}
+ \item{David Chaum, Christian Grothoff and Thomas Moser.
+ {\em How to issue a central bank digital currency}.
+ {\bf SNB Working Papers, 2021}.}
+ \item{Christian Grothoff, Bart Polot and Carlo von Loesch.
+ {\em The Internet is broken: Idealistic Ideas for Building a GNU
Network}.
+ {\bf W3C/IAB Workshop on Strengthening the Internet Against Pervasive
Monitoring (STRINT)}, 2014.}
+ \item{Jeffrey Burdges, Florian Dold, Christian Grothoff and Marcello Stanisci.
+ {\em Enabling Secure Web Payments with GNU Taler}.
+ {\bf SPACE 2016}.}
+ \item{Florian Dold, Sree Harsha Totakura, Benedikt M\"uller, Jeffrey Burdges
and Christian Grothoff.
+ {\em Taler: Taxable Anonymous Libre Electronic Reserves}.
+ Available upon request. 2016.}
+ \item{Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian
Miers, Eran Tromer and Madars Virza.
+ {\em Zerocash: Decentralized Anonymous Payments from Bitcoin}.
+ {\bf IEEE Symposium on Security \& Privacy, 2016}.}
+ \item{David Chaum, Amos Fiat and Moni Naor.
+ {\em Untraceable electronic cash}.
+ {\bf Proceedings on Advances in Cryptology, 1990}.}
+ \item{Phillip Rogaway.
+ {\em The Moral Character of Cryptographic Work}.
+ {\bf Asiacrypt}, 2015.} \label{bib:rogaway}
+\end{enumerate}
+}
+\end{frame}
+
+
+\end{document}
+
+
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-marketing] branch master updated: oenb slides,
gnunet <=