taler/talks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

eipsi: update logo

Browse Source
This commit is contained in:
Özgür Kesim 2024-05-30 12:03:40 +02:00
parent e3bff6b326
commit 18789d4ead
Signed by: oec
GPG Key ID: F136A7F922D018D7
4 changed files with 33 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
eipsi2024/eipsi2024.tex
View File

@ -65,10 +65,10 @@
\subtitle{Zero-Knowledge Age Restriction for GNU Taler} \subtitle{Zero-Knowledge Age Restriction for GNU Taler}
\author{Özgür Kesim} \author{Özgür Kesim}
\institute{FU Berlin} \institute{Code Blau GmbH, FU Berlin, TU Dresden}
\date{December 29, 2022} \date{31 May 2024}
%TODO: \titlegraphic{\centering\includegraphics[width=0.5\textwidth]{images/hip2022.jpg}} \titlegraphic{\centering\vspace*{-0.5cm}\includegraphics[width=0.4\textwidth]{images/surveilance-logo.png}}
\begin{document} \begin{document}
@ -88,7 +88,7 @@
\item PhD candidate at FU Berlin, \item PhD candidate at FU Berlin,
\item member of GNU Taler dev-team. \item member of GNU Taler dev-team.
\end{itemize} \end{itemize}
\note{fnord}
\vfill \vfill
\url{oec-taler@kesim.org} \hfill \url{@oec@mathstodon.xyz} \hfill \url{oec-taler@kesim.org} \hfill \url{@oec@mathstodon.xyz} \hfill
@ -153,7 +153,7 @@
relation to content harmful to minors, \textbf{such as relation to content harmful to minors, \textbf{such as
age-verification systems}, ... age-verification systems}, ...
\end{quote} \end{quote}
\tiny \tiny
From the From the
\href{https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=0900001680645b44} \href{https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=0900001680645b44}
@ -245,7 +245,7 @@ with the following properties:
\item<9-> \textit{Exchanges} \textbf{compare} the derived age commitments \item<9-> \textit{Exchanges} \textbf{compare} the derived age commitments
\item<10-> \tikzmark{send}{\large \texttt{GOTO}} 2. \item<10-> \tikzmark{send}{\large \texttt{GOTO}} 2.
\begin{tikzpicture}[overlay, remember picture] \begin{tikzpicture}[overlay, remember picture]
\draw[line width=1pt,->] \draw[line width=1pt,->]
([shift=({-6mm, 1mm})]pic cs:send) to ([shift=({-6mm, 1mm})]pic cs:send) to
([shift=({-1cm, 1mm})]pic cs:send) to ([shift=({-1cm, 1mm})]pic cs:send) to
([shift=({-1cm, 1mm})]pic cs:sstart) to ([shift=({-1cm, 1mm})]pic cs:sstart) to
@ -299,7 +299,7 @@ with the following properties:
\begin{frame}{Specification of the Function Signatures} \begin{frame}{Specification of the Function Signatures}
\small \small
Searching for functions \uncover<2->{with the following signatures} Searching for functions \uncover<2->{with the following signatures}
\begin{align*} \begin{align*}
&\bf \Commit\uncover<2->{: &\bf \Commit\uncover<2->{:
@ -417,9 +417,9 @@ Searching for functions \uncover<2->{with the following signatures}
\pause \pause
\begin{itemize}[<+->] \begin{itemize}[<+->]
\item Calling $\Derive()$ iteratively generates sequence \item Calling $\Derive()$ iteratively generates sequence
$(\commitment_0, \commitment_1, \dots)$ of commitments. $(\commitment_0, \commitment_1, \dots)$ of commitments.
\item Exchange calls $\Compare(\commitment_i, \commitment_{i+1},~.~)$ \item Exchange calls $\Compare(\commitment_i, \commitment_{i+1},~.~)$
\item[$\implies$]Exchange identifies sequence \item[$\implies$]Exchange identifies sequence
\item[$\implies$]{\bf Unlinkability broken} \item[$\implies$]{\bf Unlinkability broken}
\end{itemize} \end{itemize}
@ -436,23 +436,23 @@ Searching for functions \uncover<2->{with the following signatures}
\begin{itemize}[<+->] \begin{itemize}[<+->]
\item[$\Child$:] \item[$\Child$:]
\begin{enumerate} \begin{enumerate}
\item generates $(\commitment_1,\dots,\commitment_\kappa)$ \item generates $(\commitment_1,\dots,\commitment_\kappa)$
and $(\beta_1,\dots,\beta_\kappa)$ from $\commitment_0$\\ and $(\beta_1,\dots,\beta_\kappa)$ from $\commitment_0$\\
by calling $\kappa$ times $\Derive(\commitment_0, \pruf_0, \omega_i)$ by calling $\kappa$ times $\Derive(\commitment_0, \pruf_0, \omega_i)$
\item calculates $h_0:=H\left(H(\commitment_1, \beta_1)\parallel \dots\parallel H(\commitment_\kappa, \beta_\kappa)\right)$ \item calculates $h_0:=H\left(H(\commitment_1, \beta_1)\parallel \dots\parallel H(\commitment_\kappa, \beta_\kappa)\right)$
\item sends $\commitment_0$ and $h_0$ to $\Exchange$ \item sends $\commitment_0$ and $h_0$ to $\Exchange$
\end{enumerate} \end{enumerate}
\item[$\Exchange$:] \item[$\Exchange$:]
\begin{enumerate} \begin{enumerate}
\item[4.] saves $\commitment_0$ and $h_0$ and sends $\Child$ random $\gamma \in \{1,\dots,\kappa\}$ \item[4.] saves $\commitment_0$ and $h_0$ and sends $\Child$ random $\gamma \in \{1,\dots,\kappa\}$
\end{enumerate} \end{enumerate}
\item[$\Child$:] \item[$\Child$:]
\begin{enumerate} \begin{enumerate}
\item[5.] reveals $h_\gamma:=H(\commitment_\gamma, \beta_\gamma)$ and all $(\commitment_i, \beta_i)$, except $(\commitment_\gamma, \beta_\gamma)$ \item[5.] reveals $h_\gamma:=H(\commitment_\gamma, \beta_\gamma)$ and all $(\commitment_i, \beta_i)$, except $(\commitment_\gamma, \beta_\gamma)$
\end{enumerate} \end{enumerate}
\item[$\Exchange$:] \item[$\Exchange$:]
\begin{enumerate} \begin{enumerate}
\item[6.] compares $h_0$ and \item[6.] compares $h_0$ and
$H\left(H(\commitment_1, \beta_1)\parallel ...\parallel h_\gamma\parallel ...\parallel H(\commitment_\kappa, \beta_\kappa)\right)$ $H\left(H(\commitment_1, \beta_1)\parallel ...\parallel h_\gamma\parallel ...\parallel H(\commitment_\kappa, \beta_\kappa)\right)$
\item[7.] evaluates $\Compare(\commitment_0, \commitment_i, \beta_i)$ for all $i \neq \gamma$. \item[7.] evaluates $\Compare(\commitment_0, \commitment_i, \beta_i)$ for all $i \neq \gamma$.
\end{enumerate} \end{enumerate}
@ -463,7 +463,7 @@ Searching for functions \uncover<2->{with the following signatures}
\end{frame} \end{frame}
\begin{frame}{Achieving Unlinkability}%{Certainty trade-off} \begin{frame}{Achieving Unlinkability}%{Certainty trade-off}
With \orange{$\DeriveCompare$} With \orange{$\DeriveCompare$}
\begin{itemize} \begin{itemize}
\item $\Exchange$ learns nothing about $\commitment_\gamma$ or $H(\commitment_\gamma)$, \item $\Exchange$ learns nothing about $\commitment_\gamma$ or $H(\commitment_\gamma)$,
@ -513,7 +513,7 @@ Searching for functions \uncover<2->{with the following signatures}
{\blue{$\Verify(\minage, \commitment, \attest_{\minage})$}} (Merchant); {\blue{$\Verify(\minage, \commitment, \attest_{\minage})$}} (Merchant);
} }
\uncover<7,8->{ \uncover<7,8->{
\draw[orange,<->] (Client) to \draw[orange,<->] (Client) to
node[sloped,below,align=center] {\orange{$\commitment \mapsto \commitment_\gamma$}} node[sloped,below,align=center] {\orange{$\commitment \mapsto \commitment_\gamma$}}
node[sloped,above,align=center] {\orange{$\DeriveCompare$}} (Exchange); node[sloped,above,align=center] {\orange{$\DeriveCompare$}} (Exchange);
} }
@ -562,7 +562,7 @@ Searching for functions \uncover<2->{with the following signatures}
% \item[$\Child$:] % \item[$\Child$:]
% \begin{enumerate} % \begin{enumerate}
% \setcounter{enumi}{7} % \setcounter{enumi}{7}
% %
% \scriptsize % \scriptsize
% \itemsep0.3em % \itemsep0.3em
% \item $h'_\gamma \leftarrow \Hash(\commitment_\gamma, \beta_\gamma)$ % \item $h'_\gamma \leftarrow \Hash(\commitment_\gamma, \beta_\gamma)$
@ -591,7 +591,7 @@ Searching for functions \uncover<2->{with the following signatures}
\begin{frame}{Basic Requirements} \begin{frame}{Basic Requirements}
\label{fr:basicRequirements} \label{fr:basicRequirements}
Candidate functions Candidate functions
\[ (\Commit, \Attest, \Verify, \Derive, \Compare) \] \[ (\Commit, \Attest, \Verify, \Derive, \Compare) \]
must meet \textit{basic requirements}: must meet \textit{basic requirements}:
@ -602,7 +602,7 @@ Searching for functions \uncover<2->{with the following signatures}
\end{itemize} \end{itemize}
\pause \pause
More details in the published paper and \hyperlink{fr:detailedBasicRequirements}{Appendix}. More details in the published paper and \hyperlink{fr:detailedBasicRequirements}{Appendix}.
\end{frame} \end{frame}
\begin{frame}{Security Requirements} \begin{frame}{Security Requirements}
Candidate functions must also meet \textit{security requirements}, Candidate functions must also meet \textit{security requirements},
@ -685,9 +685,9 @@ Searching for functions \uncover<2->{with the following signatures}
\[\langle(q_1, p_1),\dots,(q_\Age,p_\Age)\rangle\] \[\langle(q_1, p_1),\dots,(q_\Age,p_\Age)\rangle\]
\item Guardian then \textbf{drops} all private keys \item Guardian then \textbf{drops} all private keys
$p_i$ for $i > \age$: $p_i$ for $i > \age$:
\[\Big \langle(q_1, p_1),\dots, \[\Big \langle(q_1, p_1),\dots,
(q_\age, p_\age), (q_\age, p_\age),
(q_{\age +1}, \red{\Nil}),\dots, (q_{\age +1}, \red{\Nil}),\dots,
(q_\Age, \red{\Nil})\Big\rangle\] (q_\Age, \red{\Nil})\Big\rangle\]
\item[] then set \begin{itemize} \item[] then set \begin{itemize}
\setlength{\itemindent}{5em} \setlength{\itemindent}{5em}
@ -702,7 +702,7 @@ Searching for functions \uncover<2->{with the following signatures}
\end{frame} \end{frame}
\begin{frame}{Attest and Verify with ECDSA} \begin{frame}{Attest and Verify with ECDSA}
Child has Child has
\begin{itemize} \begin{itemize}
\item ordered public-keys $\Vcommitment = (q_1, \dots~\dots~\dots, q_\Age) $, \item ordered public-keys $\Vcommitment = (q_1, \dots~\dots~\dots, q_\Age) $,
\item (some) private-keys $\Vpruf = (p_1, \dots, p_\age, \Nil, \dots, \Nil)$. \item (some) private-keys $\Vpruf = (p_1, \dots, p_\age, \Nil, \dots, \Nil)$.
@ -717,7 +717,7 @@ Searching for functions \uncover<2->{with the following signatures}
\vfill \vfill
\uncover<3->{ \uncover<3->{
Merchant gets Merchant gets
\begin{itemize} \begin{itemize}
\item ordered public-keys $\Vcommitment = (q_1, \dots, q_\Age) $ \item ordered public-keys $\Vcommitment = (q_1, \dots, q_\Age) $
\item Signature $\sigma_\blue{\minage}$ \item Signature $\sigma_\blue{\minage}$
@ -731,8 +731,8 @@ Searching for functions \uncover<2->{with the following signatures}
\end{frame} \end{frame}
\begin{frame}{Derive and Compare with ECDSA} \begin{frame}{Derive and Compare with ECDSA}
Child has Child has
$\Vcommitment = (q_1, \dots, q_\Age) $ and $\Vcommitment = (q_1, \dots, q_\Age) $ and
$\Vpruf = (p_1, \dots, p_\age, \Nil, \dots, \Nil)$. $\Vpruf = (p_1, \dots, p_\age, \Nil, \dots, \Nil)$.
\begin{description} \begin{description}
\item<2->[To \blue{Derive} new $\Vcommitment'$ and $\Vpruf'$:] \item<2->[To \blue{Derive} new $\Vcommitment'$ and $\Vpruf'$:]
@ -820,7 +820,7 @@ Searching for functions \uncover<2->{with the following signatures}
\begin{itemize} \begin{itemize}
\item based on EdDSA (Bernstein et al.), \item based on EdDSA (Bernstein et al.),
\item generates compatible signatures, \item generates compatible signatures,
\item allows for key derivation from both, private and public keys, independently and \item allows for key derivation from both, private and public keys, independently and
\item is already in use in GNUnet. \item is already in use in GNUnet.
\end{itemize}~\\[1em] \end{itemize}~\\[1em]
@ -831,7 +831,7 @@ Searching for functions \uncover<2->{with the following signatures}
% \begin{frame}{Instantiation with ECDSA} % \begin{frame}{Instantiation with ECDSA}
% \framesubtitle{Full definitions} % \framesubtitle{Full definitions}
% \scriptsize % \scriptsize
% %
% \begin{align*} % \begin{align*}
% \Commit_{E,\FDHg{\cdot}}(\age, \omega) &:= \Big\langle % \Commit_{E,\FDHg{\cdot}}(\age, \omega) &:= \Big\langle
% \overbrace{(q_1,\ldots,q_\Age)}^{= \Vcommitment},\; % \overbrace{(q_1,\ldots,q_\Age)}^{= \Vcommitment},\;
@ -988,8 +988,8 @@ Searching for functions \uncover<2->{with the following signatures}
% \item Current privacy-perserving systems all based on % \item Current privacy-perserving systems all based on
% attribute-based credentials (Koning et al., % attribute-based credentials (Koning et al.,
% Schanzenbach et al., Camenisch et al., Au et al.) % Schanzenbach et al., Camenisch et al., Au et al.)
% %
% \item Attribute-based approach lacks support: % \item Attribute-based approach lacks support:
% \begin{itemize} % \begin{itemize}
% \item Complex for consumers and retailers % \item Complex for consumers and retailers
% \item Requires trusted third authority % \item Requires trusted third authority
@ -1060,7 +1060,7 @@ Searching for functions \uncover<2->{with the following signatures}
\begin{align*} \begin{align*}
\Forall_{\age\in\N_\Age \atop \omega \in \Omega}: \Forall_{\age\in\N_\Age \atop \omega \in \Omega}:
\Commit(\age, \omega) =: (\commitment, \pruf) \Commit(\age, \omega) =: (\commitment, \pruf)
\implies \implies
\Attest(\minage, \commitment, \pruf) = \Attest(\minage, \commitment, \pruf) =
\begin{cases} \begin{cases}
\attest \in \Attests, \text{ if } \minage \leq \age\\ \attest \in \Attests, \text{ if } \minage \leq \age\\
@ -1107,13 +1107,13 @@ Searching for functions \uncover<2->{with the following signatures}
\end{itemize} \end{itemize}
\item[B:] \item[B:]
\begin{itemize} \begin{itemize}
\item signs $m'$, by calculating \item signs $m'$, by calculating
$\sigma' := (m')^d \mod N$ {\hfill \scriptsize \textit{(B doesn't learn $m$)}} $\sigma' := (m')^d \mod N$ {\hfill \scriptsize \textit{(B doesn't learn $m$)}}
\item sends $\sigma'$ to A. \item sends $\sigma'$ to A.
\item[] \scriptsize Note: $(m')^d = (m*b^e)^d = m^d*b^{ed} = m^d*b \mod N$ \item[] \scriptsize Note: $(m')^d = (m*b^e)^d = m^d*b^{ed} = m^d*b \mod N$
\end{itemize} \end{itemize}
\item[A:]\begin{itemize} \item[A:]\begin{itemize}
\item unblinds $\sigma'$ by calculating \item unblinds $\sigma'$ by calculating
\[ \sigma := \sigma'*b^{-1} (= m^d) \] \[ \sigma := \sigma'*b^{-1} (= m^d) \]
\item[$\implies$]$\sigma$ is a valid RSA signature to message $m$. \item[$\implies$]$\sigma$ is a valid RSA signature to message $m$.
\end{itemize} \end{itemize}

BIN
eipsi2024/images/surveilance-logo.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 71 KiB

BIN
eipsi2024/images/surveilance-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 116 KiB

BIN
eipsi2024/images/surveilance-logo.xcf Normal file
View File

Binary file not shown.