init
90
hip2022/definitions.tex
Normal file
@ -0,0 +1,90 @@
|
||||
\newcommand{\blue}[1]{{\color{blue}#1}}
|
||||
\newcommand{\red}[1]{{\color{red}#1}}
|
||||
\newcommand{\Guardian}{\mathcal{G}}
|
||||
\newcommand{\Child}{\mathcal{C}}
|
||||
\newcommand{\Customer}{\mathcal{C}}
|
||||
\newcommand{\Merchant}{\mathcal{M}}
|
||||
\newcommand{\Exchange}{\mathcal{E}}
|
||||
|
||||
\newcommand{\Commit}{\mathsf{Commit}}
|
||||
\newcommand{\Attest}{\mathsf{Attest}}
|
||||
\newcommand{\Verify}{\mathsf{Verify}}
|
||||
\newcommand{\Derive}{\mathsf{Derive}}
|
||||
\newcommand{\DeriveCompare}{\mathsf{DeriveCompare_\kappa}}
|
||||
\newcommand{\Compare}{\mathsf{Compare}}
|
||||
\newcommand{\AgeVer}{\mathsf{AgeVer}}
|
||||
|
||||
\newcommand{\HashF}{\mathsf{H}}
|
||||
\newcommand{\Hash}{\mathsf{H}}
|
||||
\newcommand{\Block}{\mathbb{B}}
|
||||
\newcommand{\Pub}{\mathsf{Pub}}
|
||||
\newcommand{\Sign}{\mathsf{Sig}}
|
||||
\newcommand{\Ver}{\mathsf{Ver}}
|
||||
\newcommand{\Encoding}{\mathsf{Encoding}}
|
||||
\newcommand{\ECDSA}{\mathsf{ECDSA}}
|
||||
\newcommand{\Null}{\mathcal{O}}
|
||||
\newcommand{\EC}{\mathrm{ec}}
|
||||
\newcommand{\Curve}{\mathsf{Curve25519}}
|
||||
\newcommand{\SHA}{\mathsf{SHA256}}
|
||||
\newcommand{\SHAF}{\mathsf{SHA252}}
|
||||
\newcommand{\FDH}{\mathsf{FDH}}
|
||||
|
||||
\newcommand{\negl}{\epsilon}
|
||||
|
||||
\newcommand{\rand}{\mathsf{rand}}
|
||||
\newcommand{\age}{\mathsf{a}}
|
||||
\newcommand{\Age}{\mathsf{M}}
|
||||
\newcommand{\bage}{\mathsf{b}}
|
||||
\newcommand{\minage}{\mathsf{m}}
|
||||
\newcommand{\attest}{\mathsf{T}}
|
||||
\newcommand{\commitment}{\mathsf{Q}}
|
||||
\newcommand{\pruf}{\mathsf{P}}
|
||||
\newcommand{\Vcommitment}{\vec{\mathsf{Q}}}
|
||||
\newcommand{\Vpruf}{\vec{\mathsf{P}}}
|
||||
\newcommand{\blinding}{\beta}
|
||||
|
||||
\newcommand{\ZN}{\mathbb{Z}_N}
|
||||
\newcommand{\Z}{\mathbb{Z}}
|
||||
\newcommand{\N}{\mathbb{N}}
|
||||
\newcommand{\A}{\mathbb{A}}
|
||||
\newcommand{\E}{\mathbb{E}}
|
||||
\newcommand{\F}{\mathbb{F}}
|
||||
\newcommand{\seck}{\mathsf{s}}
|
||||
\newcommand{\pubk}{\mathsf{P}}
|
||||
\renewcommand{\H}{\mathbb{H}}
|
||||
\newcommand{\K}{\mathbb{K}}
|
||||
\newcommand{\Proofs}{\mathbb{P}}
|
||||
\newcommand{\Commitments}{\mathbb{O}}
|
||||
\newcommand{\Attests}{\mathbb{T}}
|
||||
\newcommand{\Blindings}{\mathbb{B}}
|
||||
\newcommand{\Nil}{\perp}
|
||||
|
||||
\newcommand{\p}{\mathsf{p}}
|
||||
\newcommand{\com}{\mathsf{com}}
|
||||
\newcommand{\prf}{\mathsf{prf}}
|
||||
|
||||
\newcommand{\Adv}{\mathcal{A}}
|
||||
\newcommand{\PPT}{\mathfrak{A}}
|
||||
\newcommand{\Probability}{\mathrm{Pr}}
|
||||
\newcommand{\Algorithm}{f}
|
||||
\renewcommand{\Game}[1]{G_\Adv^\mathsf{#1}}
|
||||
|
||||
\DeclareMathOperator{\Image}{Im}
|
||||
\DeclareMathOperator{\Mod}{mod}
|
||||
|
||||
\newcommand{\Encode}[1]{\overbracket[0.5pt][2pt]{\,#1\,}}
|
||||
\newcommand{\Decode}[1]{\underbracket[0.5pt][3pt]{\,#1\,}}
|
||||
\newcommand{\FDHg}[1]{[#1]_g\,}
|
||||
\newcommand{\logg}{{\breve{g}}}
|
||||
|
||||
|
||||
\newcommand{\drawfrom}{\xleftarrow{\$}}
|
||||
\newcommand\Exists{%
|
||||
\mathop{\lower0.75ex\hbox{\ensuremath{%
|
||||
\mathlarger{\mathlarger{\mathlarger{\mathlarger{\exists}}}}}}}%
|
||||
\limits}
|
||||
|
||||
\newcommand\Forall{%
|
||||
\mathop{\lower0.75ex\hbox{\ensuremath{%
|
||||
\mathlarger{\mathlarger{\mathlarger{\mathlarger{\forall}}}}}}}%
|
||||
\limits}
|
BIN
hip2022/hip2022.pdf
Normal file
845
hip2022/hip2022.tex
Normal file
@ -0,0 +1,845 @@
|
||||
%\pdfminorversion=3
|
||||
\documentclass[fleqn,xcolor={usenames,dvipsnames}]{beamer}
|
||||
\usepackage{appendixnumberbeamer}
|
||||
\usepackage{amsmath}
|
||||
\usepackage{multimedia}
|
||||
\usepackage[utf8]{inputenc}
|
||||
\usepackage{framed,color,ragged2e}
|
||||
\usepackage[absolute,overlay]{textpos}
|
||||
%\definecolor{shadecolor}{rgb}{0.8,0.8,0.8}
|
||||
\setbeamertemplate{navigation symbols}{}
|
||||
\usepackage{xcolor}
|
||||
\usepackage[normalem]{ulem}
|
||||
\usepackage{listings}
|
||||
\usepackage{adjustbox}
|
||||
\usepackage{array}
|
||||
\usepackage{bbding}
|
||||
\usepackage{relsize}
|
||||
\usepackage{graphicx}
|
||||
\usepackage{tikz,eurosym,calc}
|
||||
\usetikzlibrary{tikzmark}
|
||||
\usetikzlibrary{shapes,arrows,arrows.meta}
|
||||
\usetikzlibrary{positioning,patterns}
|
||||
\usetikzlibrary{calc}
|
||||
|
||||
\usetheme[progressbar=frametitle]{metropolis}
|
||||
\setbeamersize{description width=1em}
|
||||
\usepackage{fontspec}
|
||||
\setsansfont{IBM Plex Sans}
|
||||
|
||||
%\setbeamertemplate{footline}{
|
||||
% \hbox{%
|
||||
% \begin{beamercolorbox}[wd=\paperwidth,ht=3ex,dp=1.5ex,leftskip=2ex,rightskip=2ex]{page footer}%
|
||||
% \usebeamerfont{title in head/foot}%
|
||||
% \insertshorttitle \hfill
|
||||
% \insertsection \hfill
|
||||
% \insertframenumber{} / \inserttotalframenumber
|
||||
% \end{beamercolorbox}}%
|
||||
%}
|
||||
|
||||
\definecolor{blue}{rgb}{0,0.4,1}
|
||||
\newcommand{\orange}[1]{{\color{orange}#1}}
|
||||
\newcommand{\TODO}[1]{\orange{TODO: #1}}
|
||||
|
||||
|
||||
\input{definitions}
|
||||
|
||||
\title{Are you old enough to buy this?}
|
||||
\subtitle{Zero-Knowledge Age Restriction for GNU Taler}
|
||||
|
||||
\author{Özgür Kesim}
|
||||
\institute{FU Berlin}
|
||||
\date{December 29, 2022}
|
||||
|
||||
\titlegraphic{\centering\includegraphics[width=0.5\textwidth]{images/hip2022.jpg}}
|
||||
|
||||
|
||||
\begin{document}
|
||||
|
||||
\justifying
|
||||
|
||||
\begin{frame}
|
||||
\titlepage
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Chapters}
|
||||
\begin{enumerate}
|
||||
\item \TODO{something something}
|
||||
\end{enumerate}
|
||||
\end{frame}
|
||||
|
||||
\section{Introduction}
|
||||
|
||||
\begin{frame}{Who am I}
|
||||
\TODO{who am i}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Age restriction in E-commerce}
|
||||
|
||||
\begin{description}
|
||||
\item[Problem:]~\\[1em]
|
||||
Verification of minimum age requirements in e-commerce.\\[2em]
|
||||
|
||||
\item[Common solutions:]
|
||||
|
||||
\begin{tabular}{l<{\onslide<2->}c<{\onslide<3->}cr<{\onslide}}
|
||||
& \blue{Privacy} & \tikzmark{topau} \blue{Ext. authority}& \\[\medskipamount]
|
||||
1. ID Verification & bad & required & \\[\medskipamount]
|
||||
2. Restricted Accounts & bad & required & \\[\medskipamount]
|
||||
3. Attribute-based & good & required &\tikzmark{bottomau} \\[\medskipamount]
|
||||
\end{tabular}
|
||||
\end{description}
|
||||
|
||||
\uncover<4->{
|
||||
\begin{tikzpicture}[overlay,remember picture]
|
||||
\draw[orange,thick,rounded corners]
|
||||
($(pic cs:topau) +(0,0.5)$) rectangle ($(pic cs:bottomau) -(0.3, 0.2)$);
|
||||
\end{tikzpicture}
|
||||
\begin{center}
|
||||
\bf Principle of Subsidiarity is violated
|
||||
\end{center}
|
||||
}
|
||||
\end{frame}
|
||||
|
||||
|
||||
\begin{frame}{Principle of Subsidiarity}
|
||||
\begin{center} \Large
|
||||
Functions of government---such as granting and restricting
|
||||
rights---should be performed\\
|
||||
{\it at the lowest level of authority possible},\\
|
||||
as long as they can be performed {\it adequately}.
|
||||
\end{center}
|
||||
\vfill
|
||||
\uncover<2->{
|
||||
For age-restriction, the lowest level of authority is:\\
|
||||
\begin{center}\Large
|
||||
Parents, guardians and caretakers
|
||||
\end{center}
|
||||
}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Our contribution}
|
||||
Design and implementation of an age restriction scheme\\
|
||||
with the following goals:
|
||||
|
||||
\begin{enumerate}
|
||||
\item It ties age restriction to the \textbf{ability to pay} (not to ID's)
|
||||
\item maintains \textbf{anonymity of buyers}
|
||||
\item maintains \textbf{unlinkability of transactions}
|
||||
\item aligns with \textbf{principle of subsidiartiy}
|
||||
\item is \textbf{practical and efficient}
|
||||
\end{enumerate}
|
||||
|
||||
\end{frame}
|
||||
|
||||
|
||||
\section{Age Restriction}
|
||||
|
||||
\begin{frame}{Age restriction}
|
||||
\framesubtitle{Assumptions and scenario}
|
||||
|
||||
\begin{columns}
|
||||
\column{7.5cm}
|
||||
\begin{itemize}
|
||||
\item<1-> Assumption: Checking accounts are under control of eligible adults/guardians.
|
||||
\item<2-> \textit{Guardians} \textbf{commit} to an maximum age
|
||||
\item<3-> \textit{Minors} \textbf{attest} their adequate age
|
||||
\item<4-> \textit{Merchants} \textbf{verify} the attestations
|
||||
\item<5-> Minors \textbf{derive} age commitments from existing ones
|
||||
\item<6-> \textit{Exchanges} \textbf{compare} the derived age commitments
|
||||
\end{itemize}
|
||||
\column{5cm}
|
||||
\uncover<7->
|
||||
{
|
||||
\begin{center}
|
||||
\fontsize{7pt}{7pt}\selectfont
|
||||
\begin{tikzpicture}[scale=.5]
|
||||
\node[circle,minimum size=15pt,fill=black!15] at ( 60:4) (Exchange) {$\Exchange$};
|
||||
\node[circle,minimum size=15pt,fill=black!15] at ( 0:0) (Client) {$\Child$};
|
||||
\node[circle,minimum size=15pt,fill=black!15] at ( 0:4) (Merchant) {$\Merchant$};
|
||||
\node[circle,minimum size=15pt,fill=blue!15] at (140:3) (Guardian) {$\Guardian$};
|
||||
|
||||
\draw[->] (Guardian) to [out=50,in=130, loop] node[above]
|
||||
{$\Commit$} (Guardian);
|
||||
\draw[->,blue] (Client) to [out=-125,in=-190, loop] node[below,left]
|
||||
{\blue{$\Attest$}} (Client);
|
||||
\draw[->,blue] (Merchant) to [out=50,in=130, loop] node[above]
|
||||
{\blue{$\Verify$}} (Merchant);
|
||||
\draw[->,orange] (Client) to [out=-35,in=-100, loop] node[below]
|
||||
{\orange{$\Derive$}} (Client);
|
||||
\draw[->,orange] (Exchange) to [out=50,in=130, loop] node[above]
|
||||
{\orange{$\Compare$}} (Exchange);
|
||||
|
||||
\draw[orange,|->] (Client) to node[sloped,above,align=left]
|
||||
{\orange{\scriptsize }} (Exchange);
|
||||
\draw[blue,|->] (Client) to node[sloped, above]
|
||||
{\blue{\scriptsize }} (Merchant);
|
||||
\draw[,|->] (Guardian) to node[above,sloped,align=left]
|
||||
{{\scriptsize }} (Client);
|
||||
\end{tikzpicture}
|
||||
\end{center}
|
||||
}
|
||||
\end{columns}
|
||||
\vfill
|
||||
\uncover<7->{Note: Scheme is independent of payment service protocol.}
|
||||
\end{frame}
|
||||
|
||||
|
||||
\begin{frame}{Formal Function Signatures}
|
||||
\small
|
||||
Searching for functions \uncover<2->{with the following signatures}
|
||||
\begin{align*}
|
||||
&\bf \Commit\uncover<2->{:
|
||||
&(\age, \omega) &\mapsto (\commitment, \pruf)
|
||||
&\scriptstyle \N_\Age \times \Omega &\scriptstyle \to \Commitments\times\Proofs,
|
||||
}
|
||||
\\
|
||||
&\bf \Attest\uncover<3->{:
|
||||
&(\minage, \commitment, \pruf) &\mapsto \attest
|
||||
&\scriptstyle \N_\Age\times\Commitments\times\Proofs &\scriptstyle \to \Attests \cup \{\Nil\},
|
||||
}
|
||||
\\
|
||||
&\bf \Verify\uncover<4->{:
|
||||
&(\minage, \commitment, \attest) &\mapsto b
|
||||
&\scriptstyle \N_\Age\times\Commitments\times\Attests &\scriptstyle \to \Z_2,
|
||||
}
|
||||
\\
|
||||
&\bf \Derive\uncover<5->{:
|
||||
&(\commitment, \pruf, \omega) &\mapsto (\commitment', \pruf', \blinding)
|
||||
&\scriptstyle \Commitments\times\Proofs\times\Omega &\scriptstyle \to \Commitments\times\Proofs\times\Blindings,
|
||||
}
|
||||
\\
|
||||
&\bf \Compare\uncover<6->{:
|
||||
&(\commitment, \commitment', \blinding) &\mapsto b
|
||||
&\scriptstyle \Commitments\times\Commitments\times\Blindings &\scriptstyle \to \Z_2,
|
||||
}
|
||||
\end{align*}
|
||||
\uncover<7->{
|
||||
with $\Omega, \Proofs, \Commitments, \Attests, \Blindings$
|
||||
sufficiently large sets.\\[1em]
|
||||
Basic and security requirements are defined later.\\[2em]
|
||||
}
|
||||
|
||||
\scriptsize
|
||||
\uncover<2->{
|
||||
Mnemonics:\\
|
||||
$\Commitments=$ \textit{c$\Commitments$mmitments},
|
||||
$\commitment=$ \textit{Q-mitment} (commitment),
|
||||
$\Proofs=$ \textit{$\Proofs$roofs},
|
||||
}
|
||||
\uncover<3->{
|
||||
$\pruf=$ \textit{$\pruf$roof},\\
|
||||
$\Attests=$ \textit{a$\Attests$testations},
|
||||
$\attest=$ \textit{a$\attest$testation},
|
||||
}
|
||||
\uncover<5->{
|
||||
$\Blindings=$ \textit{$\Blindings$lindings},
|
||||
$\blinding=$ \textit{$\blinding$linding}.
|
||||
}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Age restriction}
|
||||
\framesubtitle{Naïve scheme}
|
||||
\begin{center}
|
||||
\begin{tikzpicture}[scale=.85]
|
||||
\node[circle,minimum size=20pt,fill=black!15] at ( 60:4) (Exchange) {$\Exchange$};
|
||||
\node[circle,minimum size=20pt,fill=black!15] at ( 0:0) (Client) {$\Child$};
|
||||
\node[circle,minimum size=20pt,fill=black!15] at ( 0:4) (Merchant) {$\Merchant$};
|
||||
\node[circle,minimum size=20pt,fill=blue!15] at (140:3) (Guardian) {$\Guardian$};
|
||||
|
||||
\draw[->] (Guardian) to [out=50,in=130, loop] node[above]
|
||||
{$\Commit$} (Guardian);
|
||||
\draw[->,blue] (Client) to [out=-125,in=-190, loop] node[below,left]
|
||||
{\blue{$\Attest$}} (Client);
|
||||
\draw[->,blue] (Merchant) to [out=50,in=130, loop] node[above]
|
||||
{\blue{$\Verify$}} (Merchant);
|
||||
\draw[->,orange] (Client) to [out=-35,in=-100, loop] node[below]
|
||||
{\orange{$\Derive$}} (Client);
|
||||
\draw[->,orange] (Exchange) to [out=50,in=130, loop] node[above]
|
||||
{\orange{$\Compare$}} (Exchange);
|
||||
|
||||
\draw[orange,|->] (Client) to node[sloped,above,align=left]
|
||||
{\orange{\scriptsize }} (Exchange);
|
||||
\draw[blue,|->] (Client) to node[sloped, above]
|
||||
{\blue{\scriptsize }} (Merchant);
|
||||
\draw[,|->] (Guardian) to node[above,sloped,align=left]
|
||||
{{\scriptsize }} (Client);
|
||||
\end{tikzpicture}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Achieving Unlinkability}
|
||||
\begin{columns}
|
||||
\column{3cm}
|
||||
\begin{center}
|
||||
\fontsize{8pt}{9pt}\selectfont
|
||||
\begin{tikzpicture}[scale=.65]
|
||||
\node[circle,minimum size=20pt,fill=black!15] at ( 60:4) (Exchange) {$\Exchange$};
|
||||
\node[circle,minimum size=20pt,fill=black!15] at ( 0:0) (Client) {$\Child$};
|
||||
|
||||
\draw[->,orange] (Client) to [out=-35,in=-100, loop] node[below]
|
||||
{\orange{$\footnotesize \Derive()$}} (Client);
|
||||
\draw[->,orange] (Exchange) to [out=50,in=130, loop] node[above]
|
||||
{\orange{$\footnotesize \Compare()$}} (Exchange);
|
||||
|
||||
\draw[orange,|->] (Client) to node[sloped,above,align=left]
|
||||
{\orange{\tiny \uncover<2->{$(\commitment_i,\commitment_{i+1})$}}} (Exchange);
|
||||
\end{tikzpicture}
|
||||
\end{center}
|
||||
|
||||
\column{9cm}
|
||||
Simple use of $\Derive()$ and $\Compare()$ is problematic.
|
||||
|
||||
\begin{itemize}
|
||||
\item<2-> Calling $\Derive()$ iteratively generates sequence
|
||||
$(\commitment_0, \commitment_1, \dots)$ of commitments.
|
||||
\item<2-> Exchange calls $\Compare(\commitment_i, \commitment_{i+1}, .)$
|
||||
\item[$\implies$]\uncover<3->{\bf Exchange identifies sequence}
|
||||
\item[$\implies$]\uncover<3->{\bf Unlinkability broken}
|
||||
\end{itemize}
|
||||
\end{columns}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Achieving Unlinkability}
|
||||
Define cut\&choose protocol \orange{$\DeriveCompare$},
|
||||
using $\Derive()$ and $\Compare()$.\\[0.5em]
|
||||
\uncover<2->{
|
||||
Sketch:
|
||||
\small
|
||||
\begin{enumerate}
|
||||
\item $\Child$ derives commitments $(\commitment_1,\dots,\commitment_\kappa)$
|
||||
from $\commitment_0$ \\
|
||||
by calling $\Derive()$ with blindings $(\beta_1,\dots,\beta_\kappa)$
|
||||
\item $\Child$ calculates $h_0:=H\left(H(\commitment_1, \beta_1)||\dots||H(\commitment_\kappa, \beta_\kappa)\right)$
|
||||
\item $\Child$ sends $\commitment_0$ and $h_0$ to $\Exchange$
|
||||
\item $\Exchange$ chooses $\gamma \in \{1,\dots,\kappa\}$ randomly
|
||||
\item $\Child$ reveals $h_\gamma:=H(\commitment_\gamma, \beta_\gamma)$ and all $(\commitment_i, \beta_i)$, except $(\commitment_\gamma, \beta_\gamma)$
|
||||
\item $\Exchange$ compares $h_0$ and
|
||||
$H\left(H(\commitment_1, \beta_1)||...||h_\gamma||...||H(\commitment_\kappa, \beta_\kappa)\right)$\\
|
||||
and evaluates $\Compare(\commitment_0, \commitment_i, \beta_i)$.
|
||||
\end{enumerate}
|
||||
\vfill
|
||||
Note: Scheme is similar to the {\it refresh} protocol in GNU Taler.
|
||||
}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Achieving Unlinkability}
|
||||
With \orange{$\DeriveCompare$}
|
||||
\begin{itemize}
|
||||
\item $\Exchange$ learns nothing about $\commitment_\gamma$,
|
||||
\item trusts outcome with $\frac{\kappa-1}{\kappa}$ certainty,
|
||||
\item i.e. $\Child$ has $\frac{1}{\kappa}$ chance to cheat.
|
||||
\end{itemize}
|
||||
\vfill
|
||||
Note: Still need Derive and Compare to be defined.
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Refined scheme}
|
||||
|
||||
\begin{tikzpicture}[scale=.8]
|
||||
\node[circle,minimum size=25pt,fill=black!15] at ( 0:0) (Client) {$\Child$};
|
||||
\node[circle,minimum size=25pt,fill=black!15] at ( 60:5) (Exchange) {$\Exchange$};
|
||||
\node[circle,minimum size=25pt,fill=black!15] at ( 0:5) (Merchant) {$\Merchant$};
|
||||
\node[circle,minimum size=25pt,fill=blue!15] at (130:3) (Guardian) {$\Guardian$};
|
||||
|
||||
\draw[orange,<->] (Client) to node[sloped,below,align=center]
|
||||
{\orange{$\DeriveCompare$}} (Exchange);
|
||||
\draw[blue,->] (Client) to node[sloped, below]
|
||||
{\blue{$(\attest_\minage, \commitment)$}} (Merchant);
|
||||
|
||||
\draw[->] (Guardian) to [out=150,in=70, loop] node[above]
|
||||
{$\Commit(\age)$} (Guardian);
|
||||
\draw[->] (Guardian) to node[below,sloped]
|
||||
{($\commitment$, $\pruf_\age$)} (Client);
|
||||
\draw[->,blue] (Client) to [out=-50,in=-130, loop] node[below]
|
||||
{\blue{$\Attest(\minage, \commitment, \pruf_{\age})$}} (Client);
|
||||
\draw[->,blue] (Merchant) to [out=-50,in=-130, loop] node[below]
|
||||
{\blue{$\Verify(\minage, \commitment, \attest_{\minage})$}} (Merchant);
|
||||
\end{tikzpicture}
|
||||
\end{frame}
|
||||
|
||||
% \begin{frame}{Achieving Unlinkability}
|
||||
% \scriptsize
|
||||
% $\DeriveCompare : \Commitments\times\Proofs\times\Omega \to \{0,1\}$\\
|
||||
% \vfill
|
||||
% $\DeriveCompare(\commitment, \pruf, \omega) =$
|
||||
% \begin{itemize}
|
||||
% \it
|
||||
% \itemsep0.5em
|
||||
% \item[$\Child$:]
|
||||
% \begin{enumerate}
|
||||
% \scriptsize
|
||||
% \itemsep0.3em
|
||||
% \item for all $i \in \{1,\dots,\kappa\}:
|
||||
% (\commitment_i,\pruf_i,\beta_i) \leftarrow \Derive(\commitment, \pruf, \omega + i)$
|
||||
% \item $h \leftarrow \Hash\big(\Hash(\commitment_1,\beta_1)\parallel\dots\parallel\Hash(\commitment_\kappa,\beta_\kappa) \big)$
|
||||
% \item send $(\commitment, h)$ to $\Exchange$
|
||||
% \end{enumerate}
|
||||
% \item[$\Exchange$:]
|
||||
% \begin{enumerate}
|
||||
% \setcounter{enumi}{4}
|
||||
% \scriptsize
|
||||
% \itemsep0.3em
|
||||
% \item save $(\commitment, h)$ \label{st:hash}
|
||||
% \item $\gamma \drawfrom \{1,\dots ,\kappa\}$
|
||||
% \item send $\gamma$ to $\Child$
|
||||
% \end{enumerate}
|
||||
% \item[$\Child$:]
|
||||
% \begin{enumerate}
|
||||
% \setcounter{enumi}{7}
|
||||
%
|
||||
% \scriptsize
|
||||
% \itemsep0.3em
|
||||
% \item $h'_\gamma \leftarrow \Hash(\commitment_\gamma, \beta_\gamma)$
|
||||
% \item $\mathbf{E}_\gamma \leftarrow \big[(\commitment_1,\beta_1),\dots,
|
||||
% (\commitment_{\gamma-1}, \beta_{\gamma-1}),
|
||||
% \Nil,
|
||||
% (\commitment_{\gamma+1}, \beta_{\gamma+1}),
|
||||
% \dots,(\commitment_\kappa, \beta_\kappa)\big]$
|
||||
% \item send $(\mathbf{E}_\gamma, h'_\gamma)$ to $\Exchange$
|
||||
% \end{enumerate}
|
||||
% \item[$\Exchange$:]
|
||||
% \begin{enumerate}
|
||||
% \setcounter{enumi}{10}
|
||||
% \scriptsize
|
||||
% \itemsep0.3em
|
||||
% \item for all $i \in \{1,\dots,\kappa\}\setminus\{\gamma\}: h_i \leftarrow \Hash(\mathbf{E}_\gamma[i])$
|
||||
% \item if $h \stackrel{?}{\neq} \HashF(h_1\|\dots\|h_{\gamma-1}\|h'_\gamma\|h_{\gamma+1}\|\dots\|h_{\kappa-1})$ return 0
|
||||
% \item for all $i \in \{1,\dots,\kappa\}\setminus\{\gamma\}$:
|
||||
% if $0 \stackrel{?}{=} \Compare(\commitment,\commitment_i, \beta_i)$ return $0$
|
||||
% \item return 1
|
||||
% \end{enumerate}
|
||||
% \end{itemize}
|
||||
% \end{frame}
|
||||
|
||||
\begin{frame}{Basic Requirements}
|
||||
|
||||
Candidate functions
|
||||
\[ (\Commit, \Attest, \Verify, \Derive, \Compare) \]
|
||||
must first meet \textit{basic} requirements:
|
||||
|
||||
\begin{itemize}
|
||||
\item Existence of attestations
|
||||
\item Efficacy of attestations
|
||||
\item Derivability of commitments and attestations
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Basic Requirements}
|
||||
\framesubtitle{Formal Details}
|
||||
|
||||
\begin{description}
|
||||
\item[Existence of attestations]
|
||||
{\scriptsize
|
||||
\begin{align*}
|
||||
\Forall_{\age\in\N_\Age \atop \omega \in \Omega}:
|
||||
\Commit(\age, \omega) =: (\commitment, \pruf)
|
||||
\implies
|
||||
\Attest(\minage, \commitment, \pruf) =
|
||||
\begin{cases}
|
||||
\attest \in \Attests, \text{ if } \minage \leq \age\\
|
||||
\Nil \text{ otherwise}
|
||||
\end{cases}
|
||||
\end{align*}}
|
||||
\item[Efficacy of attestations]
|
||||
{\scriptsize
|
||||
\begin{align*}
|
||||
\Verify(\minage, \commitment, \attest) = \
|
||||
\begin{cases}
|
||||
1, \text{if } \Exists_{\pruf \in \Proofs}: \Attest(\minage, \commitment, \pruf) = \attest\\
|
||||
0 \text{ otherwise}
|
||||
\end{cases}
|
||||
\end{align*}}
|
||||
|
||||
{\scriptsize
|
||||
\begin{align*}
|
||||
\forall_{n \leq \age}: \Verify\big(n, \commitment, \Attest(n, \commitment, \pruf)\big) = 1.
|
||||
\end{align*}}
|
||||
\item[etc.]
|
||||
\end{description}
|
||||
\end{frame}
|
||||
|
||||
%\begin{frame}{Requirements}
|
||||
% \framesubtitle{Details}
|
||||
%
|
||||
% \begin{description}
|
||||
% \item[Derivability of commitments and proofs:]~\\[0.1em]
|
||||
% {\scriptsize
|
||||
% Let \begin{align*}
|
||||
% \age & \in\N_\Age,\,\, \omega_0, \omega_1 \in\Omega\\
|
||||
% (\commitment_0, \pruf_0) & \leftarrow \Commit(\age, \omega_0),\\
|
||||
% (\commitment_1, \pruf_1, \blinding) & \leftarrow \Derive(\commitment_0, \pruf_0, \omega_1).
|
||||
% \end{align*}
|
||||
% We require
|
||||
% \begin{align*}
|
||||
% \Compare(\commitment_0, \commitment_1, \blinding) = 1 \label{req:comparity}
|
||||
% \end{align*}
|
||||
% and for all $n\leq\age$:
|
||||
% \begin{align*}
|
||||
% \Verify(n, \commitment_1, \Attest(n, \commitment_1, \pruf_1)) &%
|
||||
% =
|
||||
% \Verify(n, \commitment_0, \Attest(n, \commitment_0, \pruf_0))
|
||||
% \end{align*}}
|
||||
% \end{description}
|
||||
%\end{frame}
|
||||
|
||||
\begin{frame}{Security Requirements}
|
||||
Candidate functions must also meet \textit{security} requirements.
|
||||
Those are defined via security games:
|
||||
\begin{itemize}
|
||||
\item Game: Age disclosure by commitment or attestation
|
||||
\item[$\leftrightarrow$] Requirement: Non-disclosure of age
|
||||
\vfill
|
||||
|
||||
\item Game: Forging attestation
|
||||
\item[$\leftrightarrow$] Requirement: Unforgeability of
|
||||
minimum age
|
||||
\vfill
|
||||
|
||||
\item Game: Distinguishing derived commitments and attestations
|
||||
\item[$\leftrightarrow$] Requirement: Unlinkability of
|
||||
commitments and attestations
|
||||
|
||||
\end{itemize}
|
||||
\vfill
|
||||
|
||||
Meeting the security requirements means that adversaries can win
|
||||
those games only with negligible advantage.
|
||||
\vfill
|
||||
Adversaries are arbitrary polynomial-time algorithms, acting on all
|
||||
relevant input.
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Security Requirements}
|
||||
\framesubtitle{Simplified Example}
|
||||
|
||||
\begin{description}
|
||||
\item[Game $\Game{FA}(\lambda)$---Forging an attest:]~\\
|
||||
{\small
|
||||
\begin{enumerate}
|
||||
\item $ (\age, \omega) \drawfrom \N_{\Age-1}\times\Omega $
|
||||
\item $ (\commitment, \pruf) \leftarrow \Commit(\age, \omega) $
|
||||
\item $ (\minage, \attest) \leftarrow \Adv(\age, \commitment, \pruf)$
|
||||
\item Return 0 if $\minage \leq \age$
|
||||
\item Return $\Verify(\minage,\commitment,\attest)$
|
||||
\end{enumerate}
|
||||
}
|
||||
\vfill
|
||||
\item[Requirement: Unforgeability of minimum age]
|
||||
{\small
|
||||
\begin{equation*}
|
||||
\Forall_{\Adv\in\PPT(\N_\Age\times\Commitments\times\Proofs\to \N_\Age\times\Attests)}:
|
||||
\Probability\Big[\Game{FA}(\lambda) = 1\Big] \le \negl(\lambda)
|
||||
\end{equation*}
|
||||
}
|
||||
\end{description}
|
||||
\end{frame}
|
||||
|
||||
\section{Solution/Instantiation}
|
||||
|
||||
\begin{frame}{Solution: Instantiation with ECDSA}
|
||||
% \framesubtitle{Definition of Commit}
|
||||
|
||||
\begin{description}
|
||||
\item[To \blue{Commit} to age (group) $\age \in \{1,\dots,\Age\}$]~\\
|
||||
\begin{enumerate}
|
||||
\item<2-> Guardian generates ECDSA-keypairs, one per age (group):
|
||||
\[\langle(q_1, p_1),\dots,(q_\Age,p_\Age)\rangle\]
|
||||
\item<3-> Guardian then \textbf{drops} all private keys
|
||||
$p_i$ for $i > \age$:
|
||||
\[\Big \langle(q_1, p_1),\dots,
|
||||
(q_\age, p_\age),
|
||||
(q_{\age +1}, \red{\Nil}),\dots,
|
||||
(q_\Age, \red{\Nil})\Big\rangle\]
|
||||
|
||||
\begin{itemize}
|
||||
\item $\Vcommitment := (q_1, \dots, q_\Age)$ is the \textit{Commitment},
|
||||
\item $\Vpruf_\age := (p_1, \dots, p_\age, \Nil,\dots,\Nil)$ is the \textit{Proof}
|
||||
\end{itemize}
|
||||
\vfill
|
||||
\item<4-> Guardian gives child $\langle \Vcommitment, \Vpruf_\age \rangle$
|
||||
\vfill
|
||||
\end{enumerate}
|
||||
\end{description}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Instantiation with ECDSA}
|
||||
\framesubtitle{Definitions of Attest and Verify}
|
||||
|
||||
Child has
|
||||
\begin{itemize}
|
||||
\item ordered public-keys $\Vcommitment = (q_1, \dots, q_\Age) $,
|
||||
\item (some) private-keys $\Vpruf = (p_1, \dots, p_\age, \Nil, \dots, \Nil)$.
|
||||
\end{itemize}
|
||||
\begin{description}
|
||||
\item<2->[To \blue{Attest} a minimum age $\blue{\minage} \leq \age$:]~\\
|
||||
Sign a message with ECDSA using private key $p_\blue{\minage}$
|
||||
\end{description}
|
||||
|
||||
\vfill
|
||||
|
||||
\uncover<3->{
|
||||
Merchant gets
|
||||
\begin{itemize}
|
||||
\item ordered public-keys $\Vcommitment = (q_1, \dots, q_\Age) $
|
||||
\item Signature $\sigma$
|
||||
\end{itemize}
|
||||
\begin{description}
|
||||
\item<4->[To \blue{Verify} a minimum age $\minage$:]~\\
|
||||
Verify the ECDSA-Signature $\sigma$ with public key $q_\minage$.
|
||||
\end{description}
|
||||
}
|
||||
\vfill
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Instantiation with ECDSA}
|
||||
\framesubtitle{Definitions of Derive and Compare}
|
||||
Child has
|
||||
$\Vcommitment = (q_1, \dots, q_\Age) $ and
|
||||
$\Vpruf = (p_1, \dots, p_\age, \Nil, \dots, \Nil)$.
|
||||
\begin{description}
|
||||
\item<2->[To \blue{Derive} new $\Vcommitment'$ and $\Vpruf'$:]
|
||||
Choose random $\beta\in\Z_g$ and calculate
|
||||
\small
|
||||
\begin{align*}
|
||||
\Vcommitment' &:= \big(\beta * q_1,\ldots,\beta * q_\Age\big),\\
|
||||
\Vpruf' &:= \big(\beta p_1,\ldots,\beta p_\age,\Nil,\ldots,\Nil\big)
|
||||
\end{align*}
|
||||
Note: $ (\beta p_i)*G = \beta*(p_i*G) = \beta*q_i$\\
|
||||
\scriptsize $\beta*q_i$ is scalar multiplication on the elliptic curve.
|
||||
\end{description}
|
||||
|
||||
\vfill
|
||||
\uncover<3->{
|
||||
Exchange gets $\Vcommitment = (q_1,\dots,q_\Age)$, $\Vcommitment' = (q_1', \dots, q_\Age')$ and $\beta$
|
||||
\begin{description}
|
||||
\item[To \blue{Compare}, calculate:]
|
||||
\small
|
||||
$(\beta * q_1, \ldots , \beta * q_\Age) \stackrel{?}{=} (q'_1,\ldots, q'_\Age)$
|
||||
\end{description}
|
||||
\vfill
|
||||
}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Instantiation with ECDSA}
|
||||
|
||||
Functions
|
||||
(Commit, Attest, Verify, Derive, Compare)\\
|
||||
as defined in the instantiation with ECDSA\\[0.5em]
|
||||
\begin{itemize}
|
||||
\item meet the basic requirements,\\[0.5em]
|
||||
\item also meet all security requirements.\\
|
||||
Proofs by security reduction, details are in the paper.
|
||||
\end{itemize}
|
||||
|
||||
\end{frame}
|
||||
|
||||
|
||||
% \begin{frame}{Instantiation with ECDSA}
|
||||
% \framesubtitle{Full definitions}
|
||||
% \scriptsize
|
||||
%
|
||||
% \begin{align*}
|
||||
% \Commit_{E,\FDHg{\cdot}}(\age, \omega) &:= \Big\langle
|
||||
% \overbrace{(q_1,\ldots,q_\Age)}^{= \Vcommitment},\;
|
||||
% \overbrace{(p_1,\ldots,p_\age, \Nil,\ldots,\Nil)}^{= \Vpruf \text{, length }\Age}
|
||||
% \Big\rangle\\
|
||||
% \Attest_{E,\HashF}(\bage, \Vcommitment, \Vpruf) &:=
|
||||
% \begin{cases}
|
||||
% \attest_\bage := \Sign_{E,\HashF}\big(\bage,\Vpruf[\bage]\big) & \text{if } \Vpruf[\bage] \stackrel{?}{\neq} \Nil\\
|
||||
% \Nil & \text{otherwise}
|
||||
% \end{cases}\\
|
||||
% %
|
||||
% \Verify_{E,\HashF}(\bage, \Vcommitment, \attest) &:= \Ver_{E,\HashF}(\bage, \Vcommitment[\bage], \attest)\\
|
||||
% %
|
||||
% \Derive_{E, \FDHg{\cdot}}(\Vcommitment, \Vpruf, \omega) &:=
|
||||
% \Big\langle(\beta * q_1,\ldots,\beta * q_\Age),
|
||||
% (\beta p_1,\ldots,\beta p_\age,\Nil,\ldots,\Nil), \beta \Big\rangle \\
|
||||
% & \text{ with } \beta := \FDHg{\omega} \text{ and multiplication } \beta p_i \text{ modulo } g \nonumber\\
|
||||
% %
|
||||
% \Compare_E(\Vcommitment, \Vcommitment', \beta) &:=
|
||||
% \begin{cases}
|
||||
% 1 & \text{if } (\beta * q_1, \ldots , \beta * q_\Age) \stackrel{?}{=} (q'_1,\ldots, q'_\Age)\\
|
||||
% 0 & \text{otherwise}
|
||||
% \end{cases}
|
||||
% \end{align*}
|
||||
% \end{frame}
|
||||
|
||||
\section{Integration with GNU Taler}
|
||||
|
||||
\begin{frame}{GNU Taler}
|
||||
\framesubtitle{https://www.taler.net}
|
||||
\begin{columns}
|
||||
\column{4cm}
|
||||
\fontsize{8pt}{9pt}\selectfont
|
||||
\begin{tikzpicture}[scale=.55]
|
||||
\node[circle,fill=black!10] at (3, 4) (Exchange) {$\Exchange$};
|
||||
\node[circle,fill=black!10] at (0, 0) (Customer) {$\Customer$};
|
||||
\node[circle,fill=black!10] at (6, 0) (Merchant) {$\Merchant$};
|
||||
|
||||
\draw[<->] (Customer) to [out=65,in=220] node[sloped,above] {\sf withdraw} (Exchange);
|
||||
\draw[<->] (Customer) to [out=45,in=240] node[sloped,below] {\sf refresh} (Exchange);
|
||||
\draw[<->] (Customer) to node[sloped, below] {\sf purchase} (Merchant);
|
||||
\draw[<->] (Merchant) to node[sloped, above] {\sf deposit} (Exchange);
|
||||
\end{tikzpicture}
|
||||
\column{8cm}
|
||||
\begin{itemize}
|
||||
\item Protocol suite for online payment services
|
||||
\item Based on Chaum's blind signatures
|
||||
% \item Taxable, efficient, free software
|
||||
\item Allows for change and refund (F. Dold)
|
||||
\item Privacy preserving: anonymous and unlinkable payments
|
||||
\end{itemize}
|
||||
\end{columns}
|
||||
|
||||
\vfill
|
||||
\uncover<2->{
|
||||
\begin{itemize}
|
||||
\item Coins are public-/private key-pairs $(C_p, c_s)$.
|
||||
\item Exchange blindly signs $\FDH(C_p)$ with denomination key $d_p$
|
||||
\item Verification:
|
||||
\begin{eqnarray*}
|
||||
1 &\stackrel{?}{=}&
|
||||
\mathsf{SigCheck}\big(\FDH(C_p), D_p, \sigma_p\big)
|
||||
\end{eqnarray*}
|
||||
\scriptsize($D_p$ = public key of denomination and $\sigma_p$ = signature)
|
||||
|
||||
\end{itemize}
|
||||
}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Integration with GNU Taler}
|
||||
\framesubtitle{Binding age restriction to coins}
|
||||
|
||||
To bind an age commitment $\commitment$ to a coin $C_p$, instead of
|
||||
signing $\FDH(C_p)$, $\Exchange$ now blindly signs
|
||||
\begin{center}
|
||||
$\FDH(C_p, \orange{H(\commitment)})$
|
||||
\end{center}
|
||||
|
||||
\vfill
|
||||
Verfication of a coin now requires $H(\commitment)$, too:
|
||||
\begin{center}
|
||||
$1 \stackrel{?}{=}
|
||||
\mathsf{SigCheck}\big(\FDH(C_p, \orange{H(\commitment)}), D_p, \sigma_p\big)$
|
||||
\end{center}
|
||||
\vfill
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Integration with GNU Taler}
|
||||
\framesubtitle{Integrated schemes}
|
||||
\fontsize{8pt}{9pt}\selectfont
|
||||
\begin{tikzpicture}[scale=.9]
|
||||
\node[circle,minimum size=25pt,fill=black!15] at ( 0:0) (Client) {$\Child$};
|
||||
\node[circle,minimum size=25pt,fill=black!15] at ( 60:5) (Exchange) {$\Exchange$};
|
||||
\node[circle,minimum size=25pt,fill=black!15] at ( 0:5) (Merchant) {$\Merchant$};
|
||||
\node[circle,minimum size=25pt,fill=blue!15] at (130:3) (Guardian) {$\Guardian$};
|
||||
|
||||
\draw[<->] (Guardian) to node[sloped,above,align=center]
|
||||
{{\sf withdraw}\orange{, using}\\ $\FDH(C_p\orange{, H(\commitment)})$} (Exchange);
|
||||
\draw[<->] (Client) to node[sloped,below,align=center]
|
||||
{{\sf refresh} \orange{ + }\\ \orange{$\DeriveCompare$}} (Exchange);
|
||||
\draw[<->] (Client) to node[sloped, below]
|
||||
{{\sf purchase} \blue{+ $(\attest_\minage, \commitment)$}} (Merchant);
|
||||
\draw[<->] (Merchant) to node[sloped, above]
|
||||
{{\sf deposit} \orange{+ $H(\commitment)$}} (Exchange);
|
||||
|
||||
\draw[->] (Guardian) to [out=70,in=150, loop] node[above]
|
||||
{$\Commit(\age)$} (Guardian);
|
||||
\draw[->] (Guardian) to node[below,sloped]
|
||||
{($\commitment$, $\pruf_\age$)} (Client);
|
||||
\draw[->,blue] (Client) to [out=-50,in=-130, loop] node[below]
|
||||
{\blue{$\Attest(\minage, \commitment, \pruf_{\age})$}} (Client);
|
||||
\draw[->,blue] (Merchant) to [out=-50,in=-130, loop] node[below]
|
||||
{\blue{$\Verify(\minage, \commitment, \attest_{\minage})$}} (Merchant);
|
||||
\end{tikzpicture}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Instantiation with Edx25519}
|
||||
Paper also formally defines another signature scheme: Edx25519.\\[1em]
|
||||
|
||||
\begin{itemize}
|
||||
\item Scheme already in use in GNUnet,
|
||||
\item based on EdDSA (Bernstein et al.),
|
||||
\item generates compatible signatures and
|
||||
\item allows for key derivation from both, private and public keys, independently.
|
||||
\end{itemize}~\\[1em]
|
||||
|
||||
Current implementation of age restriction in GNU Taler uses Edx25519.
|
||||
\end{frame}
|
||||
|
||||
\section{Discussion, Related Work, Conclusion}
|
||||
|
||||
\begin{frame}{Discussion}
|
||||
\begin{itemize}
|
||||
\item Our solution can in principle be used with any token-based payment scheme
|
||||
\item GNU Taler best aligned with our design goals (security, privacy and efficiency)
|
||||
\item Subsidiarity requires bank accounts being owned by adults
|
||||
\begin{itemize}
|
||||
\item Scheme can be adapted to case where minors have bank accounts
|
||||
\begin{itemize}
|
||||
\item Assumption: banks provide minimum age
|
||||
information during bank
|
||||
transactions.
|
||||
\item Child and Exchange execute a variant of
|
||||
the cut\&choose protocol.
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\item Our scheme offers an alternative to identity management systems (IMS)
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
\begin{frame}{Related Work}
|
||||
\begin{itemize}
|
||||
\item Current privacy-perserving systems all based on attribute-based credentials (Koning et al., Schanzenbach et al., Camenisch et al., Au et al.)
|
||||
\item Attribute-based approach lacks support:
|
||||
\begin{itemize}
|
||||
\item Complex for consumers and retailers
|
||||
\item Requires trusted third authority
|
||||
\end{itemize}
|
||||
\vfill
|
||||
\item Other approaches tie age-restriction to ability to pay ("debit cards for kids")
|
||||
\begin{itemize}
|
||||
\item Advantage: mandatory to payment process
|
||||
\item Not privacy friendly
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Conclusion}
|
||||
Age restriction is a technical, ethical and legal challenge.
|
||||
|
||||
Existing solutions are
|
||||
\begin{itemize}
|
||||
\item without strong protection of privacy or
|
||||
\item based on identity management systems (IMS)
|
||||
\end{itemize}
|
||||
\vfill
|
||||
|
||||
Our scheme offers a solution that is
|
||||
\begin{itemize}
|
||||
\item based on subsidiarity
|
||||
\item privacy preserving
|
||||
\item efficient
|
||||
\item an alternative to IMS
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
|
||||
\begin{frame}{}
|
||||
\begin{center}
|
||||
\Huge \textbf{Thank you!}
|
||||
Questions?
|
||||
\end{center}
|
||||
|
||||
\begin{center}
|
||||
\texttt{oec-taler@kesim.org}\\
|
||||
\texttt{@oec@mathstodon.xyz}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\appendix
|
||||
|
||||
\begin{frame}{Nothing to see here}
|
||||
\end{frame}
|
||||
|
||||
\end{document}
|
BIN
hip2022/images/bfh.png
Normal file
After Width: | Height: | Size: 16 KiB |
BIN
hip2022/images/esorics2022.png
Normal file
After Width: | Height: | Size: 30 KiB |
BIN
hip2022/images/fraunhofer.png
Normal file
After Width: | Height: | Size: 2.2 KiB |
BIN
hip2022/images/fub.pdf
Normal file
BIN
hip2022/images/hip2022-color-inverted.jpg
Normal file
After Width: | Height: | Size: 24 KiB |
BIN
hip2022/images/hip2022-color.jpg
Normal file
After Width: | Height: | Size: 25 KiB |
BIN
hip2022/images/hip2022-mono-inverted.jpg
Normal file
After Width: | Height: | Size: 19 KiB |
BIN
hip2022/images/hip2022-mono.jpg
Normal file
After Width: | Height: | Size: 22 KiB |
BIN
hip2022/images/hip2022.jpg
Normal file
After Width: | Height: | Size: 25 KiB |
BIN
hip2022/images/taler-logo-2020.jpg
Normal file
After Width: | Height: | Size: 38 KiB |
20
hip2022/loop.sh
Executable file
@ -0,0 +1,20 @@
|
||||
#!/bin/sh
|
||||
|
||||
cleanup () {
|
||||
rm -f *.log *.aux *.toc
|
||||
exit $1
|
||||
}
|
||||
|
||||
trap cleanup HUP TERM INT
|
||||
|
||||
SRC=hip2022.tex
|
||||
|
||||
echo -ne "\e[;1H\e[2J"
|
||||
while true; do
|
||||
tectonic $SRC || echo
|
||||
FILES=$(echo *.tex)
|
||||
while inotifywait $FILES ; do
|
||||
echo -ne "\e[;1H\e[2J"
|
||||
tectonic $SRC || echo
|
||||
done
|
||||
done
|