[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-docs] 01/03: Initial upload of the age-restriction design documen
|
From: |
gnunet |
|
Subject: |
[taler-docs] 01/03: Initial upload of the age-restriction design document |
|
Date: |
Wed, 13 Oct 2021 10:36:28 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository docs.
commit e8847d5e268d52cfad6958bb7e79461fef56d7b3
Author: Özgür Kesim <oec@codeblau.de>
AuthorDate: Tue Oct 12 16:14:45 2021 +0200
Initial upload of the age-restriction design document
---
design-documents/024-age-restriction.rst | 192 +++++++++++++++++++++++++++++++
design-documents/index.rst | 1 +
2 files changed, 193 insertions(+)
diff --git a/design-documents/024-age-restriction.rst
b/design-documents/024-age-restriction.rst
new file mode 100644
index 0000000..b6ce168
--- /dev/null
+++ b/design-documents/024-age-restriction.rst
@@ -0,0 +1,192 @@
+DD 024: Anonymous Age Restriction Extension for GNU Taler
+#########################################################
+
+Summary
+=======
+
+This document presents and discusses an extension to GNU Taler that provides
+anonymous age-restriction.
+
+Motivation
+==========
+
+Merchants are legally obliged to perform age verification of customers when
+they buy certain goods and services. Current mechanisms for age verification
+are either ID-based or require the usage of credit/debit cards. In all cases
+sensitive private information is disclosed.
+
+We want to offer a better mechanism for age-restriction with GNU Taler that
+
+* ensures anonymity and unlinkability of purchases
+* can be set to particular age groups by parents/wardens at withdrawal
+* is bound to particular coins/tokens
+* can be verified by the merchant at purchase time
+* persists even after refresh
+
+The mechanism is presented as an 'extension' to GNU Taler, that is, as an
+optional feature that can be switched on by the exchange operator.
+
+Requirements
+============
+
+TODO
+
+* legal requirements for merchants must allow for this kind of mechanism
+
+
+Proposed Solution
+=================
+
+We propose an extension to GNU Taler for age-restriction that can be enabled
+optionally by an Exchange¹).
+
+Once enabled, coins with age restrictions can be withdrawn by parents/warden
+who can choose to **commit** the coins to a certain maximum age out of a
+predefined list of age groups.
+
+The minors/wards receive those coins and can now **attest** a required minimum
+age (provided that age is less or equal to the committed age of the coins) to
+merchants, who can **verify** the minimum age.
+
+For the rest values (change) after an transaction, the minor/ward can
+**derive** new age-restricted coins. The exchange can **compare** the equality
+of the age-restriction of the old coin with the new coin (in a zero-knowledge
+protocol, that gives the minor/ward a 1/κ chance to raise the minimum age for
+the new coin).
+
+The proposed solution maintains the guarantees of GNU Taler with respect to
+anonymity and unlinkability. (TODO: refer to the paper, once published)
+
+¹) Once the feature is enabled and the age groups are defined, the exchange has
+to stick to that decision until the support for age groups are disabled. We
+might reconsider this design decision at some point.
+
+
+Building Blocks
+^^^^^^^^^^^^^^^
+
+TODO: Summarize the design based on the five functions ``Commit()``,
+``Attest()``, ``Verify()``, ``Derive()``, ``Compare()``.
+
+
+Changes in the Exchange
+^^^^^^^^^^^^^^^^^^^^^^^
+
+The necessary changes in the exchange involve
+
+* indication of support for age restriction
+* modification of the refresh protocol (both, commit and reveal phase)
+* modification of the deposit protocol
+
+
+Support for Age Restriction
+---------------------------
+
+The exchange indicates support for age-restriction in response to ``/keys`` in
+an optional field ``'age_restriction`` with new type ``AgeRestriction``:
+
+.. ts:def:: AgeRestriction
+
+ interface AgeRestriction {
+ // Representation of the age groups as comma separated edges: Increasing
+ // from left to right, the values mark the begining of an age group up
+ // to, but not including the next value. The initial age group starts at
+ // 0 and is not listed. Example: "8:10:12:14:16:18:21".
+ // This field is mandatory and binding in the sense that its hash value
+ // is taken into consideration when signing the denominations below.
+ age_groups: string;
+
+ // List of denominations that support age-restriction with the age groups
+ // given in ``age_groups``. The data structure is the same as for the
+ // denominations in ``ExchangeKeysResponse.denoms``.
+ // **However**, the following differences apply for each denomination in
+ // the list:
+ //
+ // 1. The value of ``TALER_DenominationKeyValidityPS.denom_hash``
+ // is taken over the public key of the denomination __and__ the
+ // string in ``age_groups``.
+ //
+ // 2. The value of ``TALER_DenominationKeyValidityPS.purpose`` is set to
+ // TALER_SIGNATURE_MASTER_AGE_RESTRICTED_DENOMINATION_KEY_VALIDITY
+ denoms: Denom[];
+
+ // Same role as ``ExchangeKeysResponse.eddsa_sig``, but only for the
+ // denominations listed in ``denoms`` above for age restriction. The
public
+ // EdDSA key of the exchange that was used to generate the signature is
the
+ // same as ``ExchangeKeysResponse.eddsa_pub``.
+ eddsa_sig: EddsaSignature;
+ }
+
+
+Refresh
+-------
+
+TODO: Extension of the cut'n-choose-protocol.
+
+
+Deposit
+-------
+
+TODO: Add opaque hash value of the commitments to the protocol
+
+Changes in the Merchant
+^^^^^^^^^^^^^^^^^^^^^^^
+
+TODO
+
+* Spending protocol
+
+
+Changes in the Wallet
+^^^^^^^^^^^^^^^^^^^^^
+
+TODO.
+
+* choosing age-restriction during withdrawal coins from denominations with
+ support for age restriction.
+* Define protocol to pass denominations to child/ward.
+
+
+
+Alternatives
+============
+
+TODO.
+
+* ID-based systems
+* credit/debit card based systems
+
+
+Drawbacks
+=========
+
+TODO.
+
+* age groups, once defined, are set permanently
+* age restricted coins are basically shared between ward and warden.
+
+Also discuss:
+* storage overhead
+* computational overhead
+* bandwidth overhead
+* legal issues?
+
+Discussion / Q&A
+================
+
+We had some very engaged discussions on the GNU Taler mailing list
+`<mailto:taler@gnu.org>`:
+
+* Money with capabilities
+ `<https://lists.gnu.org/archive/html/taler/2021-08/msg00005.html>`_
+
+
+* On age-restriction (was: online games in China)
+ `<https://lists.gnu.org/archive/html/taler/2021-09/msg00006.html>`_
+
+* Age-restriction is about coins, not currencies
+ `<https://lists.gnu.org/archive/html/taler/2021-09/msg00021.html>`_
+
+
+The upcoming paper on anonymous age-restriction for GNU Taler from Özgür Kesim
+and Christian Grothoff will be cited here, once it is published.
diff --git a/design-documents/index.rst b/design-documents/index.rst
index f97117e..e5cd09e 100644
--- a/design-documents/index.rst
+++ b/design-documents/index.rst
@@ -31,4 +31,5 @@ and protocol.
021-exchange-key-continuity
022-wallet-auditor-reports
023-taler-kyc
+ 024-age-restriction
999-template
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.