diff --git a/hip2022/hip2022.tex b/hip2022/hip2022.tex index 03a8288..a79a76c 100644 --- a/hip2022/hip2022.tex +++ b/hip2022/hip2022.tex @@ -7,7 +7,7 @@ \usepackage{framed,color,ragged2e} \usepackage[absolute,overlay]{textpos} \usetheme[progressbar=frametitle]{metropolis} -\setbeamertemplate{navigation symbols}{\insertframenumber/\inserttotalframenumber} +%\setbeamertemplate{navigation symbols}{\insertframenumber/\inserttotalframenumber} \setbeamersize{description width=1em} \setbeamertemplate{section in toc}[sections] \setbeamertemplate{footline}{} @@ -98,26 +98,20 @@ \begin{frame}{What to expect} \small \begin{description} - \item<1->[Goals]~\\ - Presentation of - \begin{itemize} - \item our solution for age restriction and - \item its integration into GNU Taler. - \end{itemize} + \item<1->[Deliverable]~\\ + Present a solution to age restriction and its integration in GNU Taler. \vfill - \item<2->[Meta-goals]~\\ - Present examples from cryptography for - \begin{itemize} - \item a zero-knowledge protocol, - \item a security game, - \item a security proof. - \end{itemize} - This will be technical and math-heavy. + \item<2->[Side-Channel]~\\ + Show concepts from cryptography by example: + + Zero-Knowledge protocol, Security Game and Security Proof + + This will be technical. \vfill \item<3->[Non-goals]~\\ \begin{itemize} - \item \underline{Rigorous} introduction into GNU Taler - \item Demos + \item[] \underline{Rigorous} introduction into GNU Taler + \item[] Demos \end{itemize} \end{description} \end{frame} @@ -228,6 +222,10 @@ with the following properties: \end{frame} +\begin{frame}{Teaser} + \centering \includegraphics[height=0.9\textheight]{images/wallet-age.png} +\end{frame} + \Section{The quest for a solution to age restriction}{A journey through cryptic territory} \begin{frame}{Basic assumption and ideas} @@ -807,7 +805,7 @@ Searching for functions \uncover<2->{with the following signatures} \item That means: $\sigma$ was a valid ECDSA-signature, validated with $q_m$. \item But adversary does not have the private key $p_m$ to $q_m$. \item[$\implies$] So winning this game would require to existentially forge - the ECDSA private key, which is negligible. + the signature, which is negligible. \end{enumerate} \end{columns} @@ -862,8 +860,8 @@ Searching for functions \uncover<2->{with the following signatures} \section{Integration with GNU Taler} -\begin{frame}{GNU Taler} - \framesubtitle{https://www.taler.net} +\begin{frame}{GNU Taler}{https://www.taler.net} + \label{fr:GnuTaler} \begin{columns} \column{4cm} \fontsize{8pt}{9pt}\selectfont @@ -880,8 +878,8 @@ Searching for functions \uncover<2->{with the following signatures} \column{8cm} \begin{itemize} \item Protocol suite for online payment services - \item Based on Chaum's blind signatures - % \item Taxable, efficient, free software + \item Based on Chaum's \hyperlink{fr:reminderBlindSignature}{blindly signs} + \item Taxable, efficient, free software \item Allows for change and refund \item Privacy preserving: anonymous and unlinkable payments \end{itemize} @@ -891,7 +889,7 @@ Searching for functions \uncover<2->{with the following signatures} \uncover<2->{ \begin{itemize} \item Coins are public-/private key-pairs $(C_p, c_s)$. - \item Exchange blindly signs $H(C_p)$ with denomination key $d_p$ + \item Exchange \hyperlink{fr:reminderBlindSignature}{blindly signs} $H(C_p)$ with denomination key $d_p$ \item Verification: \begin{eqnarray*} 1 &\stackrel{?}{=}& @@ -903,11 +901,11 @@ Searching for functions \uncover<2->{with the following signatures} } \end{frame} -\begin{frame}{Integration with GNU Taler} - \framesubtitle{Binding age restriction to coins} +\begin{frame}{Integration with GNU Taler}{Binding age restriction to coins} + \label{fr:bindingToCoins} To bind an age commitment $\commitment$ to a coin $C_p$, instead of - signing $H(C_p)$, $\Exchange$ now blindly signs + signing $H(C_p)$, $\Exchange$ now \hyperlink{fr:reminderBlindSignature}{blindly signs} \begin{center} $H(C_p, \orange{H(\commitment)})$ \end{center} @@ -950,48 +948,66 @@ Searching for functions \uncover<2->{with the following signatures} \end{tikzpicture} \end{frame} +\begin{frame}{Age restriction in the wallet} + \centering \includegraphics[height=0.9\textheight]{images/wallet-age.png} +\end{frame} + \include{gnu} -\section{Discussion, Related Work, Conclusion} +\begin{frame}{Interested in GNU Taler?} + We are looking for developers, testers, users! + + \begin{description} + \item[Intro:] \url{https://taler.net} + \item[Learn:] \url{https://docs.taler.net} + \item[Develop:] \url{https://git.taler.net}, \url{https://bugs.taler.net} + \end{description} +\end{frame} + +\section{Discussion \& Conclusion} \begin{frame}{Discussion} - \begin{itemize} + \begin{itemize}[<+->] \item Our solution can in principle be used with any token-based payment scheme - \item GNU Taler best aligned with our design goals (security, privacy and efficiency) - \item Subsidiarity requires bank accounts being owned by adults + \item[] However, GNU Taler best aligned with our design goals + (security, privacy and efficiency). + + \item Subsidiarity requires bank accounts being owned by adults. + \item[] However, scheme can be adapted to cases of \begin{itemize} - \item Scheme can be adapted to case where minors have bank accounts - \begin{itemize} - \item Assumption: banks provide minimum age - information during bank - transactions. - \item Child and Exchange execute a variant of - the cut\&choose protocol. - \end{itemize} + \item minors have bank accounts + \item peer-to-peer payments + \item[] Hint: Know-Your-Customer (KYC) and adapted + withdraw protocol. \end{itemize} \item Our scheme offers an alternative to identity management systems (IMS) \end{itemize} \end{frame} -\begin{frame}{Related Work} - \begin{itemize} - \item Current privacy-perserving systems all based on attribute-based credentials (Koning et al., Schanzenbach et al., Camenisch et al., Au et al.) - \item Attribute-based approach lacks support: - \begin{itemize} - \item Complex for consumers and retailers - \item Requires trusted third authority - \end{itemize} - \vfill - \item Other approaches tie age-restriction to ability to pay ("debit cards for kids") - \begin{itemize} - \item Advantage: mandatory to payment process - \item Not privacy friendly - \end{itemize} - \end{itemize} -\end{frame} + +% \begin{frame}{Related Work} +% \begin{itemize} +% \item Current privacy-perserving systems all based on +% attribute-based credentials (Koning et al., +% Schanzenbach et al., Camenisch et al., Au et al.) +% +% \item Attribute-based approach lacks support: +% \begin{itemize} +% \item Complex for consumers and retailers +% \item Requires trusted third authority +% \end{itemize} +% \vfill +% \item Other approaches tie age-restriction to ability to pay ("debit cards for kids") +% \begin{itemize} +% \item Advantage: mandatory to payment process +% \item Not privacy friendly +% \end{itemize} +% \end{itemize} +% \end{frame} \begin{frame}{Conclusion} Age restriction is a technical, ethical and legal challenge. + \pause Existing solutions are \begin{itemize} \item without strong protection of privacy or @@ -999,32 +1015,43 @@ Searching for functions \uncover<2->{with the following signatures} \end{itemize} \vfill - Our scheme offers a solution that is + \pause + Our scheme offers a solution that \begin{itemize} - \item based on subsidiarity - \item privacy preserving - \item efficient - \item an alternative to IMS + \item aligns with subsidiarity + \item preserves privacy + \item is efficient + \item and an alternative to IMS \end{itemize} \end{frame} \begin{frame}{} + \large \begin{center} - \Huge \textbf{Thank you!}\\ + {\Huge \textbf{Thank you!}}\\ Questions? \end{center} \begin{center} \texttt{oec-taler@kesim.org}\\ \texttt{@oec@mathstodon.xyz} + \vfill + {Interested in GNU Taler?} + \begin{description} + \item[Intro:] \url{https://taler.net} + \item[Learn:] \url{https://docs.taler.net} + \item[Develop:] \url{https://git.taler.net}, \url{https://bugs.taler.net} + \end{description} \end{center} - \large - Interested in GNU Taler? $~\longrightarrow~$ \url{https://taler.net}\\ \end{frame} \appendix +\begin{frame}{Taler Overview} + \hspace*{-3em}\includegraphics[width=\paperwidth]{images/taler-overview-blue.png} +\end{frame} + \begin{frame}{Basic Requirements - Details} \label{fr:detailedBasicRequirements} {\scriptsize \it back to \hyperlink{fr:basicRequirements}{Basic Requirements}} @@ -1064,6 +1091,36 @@ Searching for functions \uncover<2->{with the following signatures} More details in the published paper. \end{frame} +\begin{frame}{Reminder: RSA blind signature} + \label{fr:reminderBlindSignature} + \small + In RSA, a public key $(e, N)$ and private key $(d, N)$ have the property + \[ x^{ed} = x \mod N \] + + \pause + Bob (B) creates a blind signature of a message $m$ for Alice (A): + \begin{itemize}[<+->] + \item[A:] + \begin{itemize} + \item chooses random integer $b$ + \item calculates $m' := m*b^e$ {\hfill \scriptsize \textit{(blinding)}} + \item sends $m'$ to B. + \end{itemize} + \item[B:] + \begin{itemize} + \item signs $m'$ by $\sigma' := m'^d \mod N$ {\hfill \scriptsize \textit{(B doesn't know $m$)}} + \item sends $\sigma'$ to A. + \item[] \scriptsize Note: $m'^d = (m*b^e)^d = m^d*b^{ed} = m^d*b \mod N$ + \end{itemize} + \item[A:]\begin{itemize} + \item unblinds $\sigma'$ by calculating + \[ \sigma := \sigma'*b^{-1} (= m^d) \] + \item[]$\sigma$ is a valid RSA signature to message $m$. + \end{itemize} + \end{itemize} + \hfill \tiny back to \hyperlink{fr:GnuTaler}{\textit{taler}} or \hyperlink{fr:bindingToCoins}{\textit{binding}} +\end{frame} + %\begin{frame}{Requirements} % \framesubtitle{Details} % diff --git a/hip2022/images/taler-overview-blue.png b/hip2022/images/taler-overview-blue.png new file mode 100644 index 0000000..1456e45 Binary files /dev/null and b/hip2022/images/taler-overview-blue.png differ diff --git a/hip2022/images/wallet-age.png b/hip2022/images/wallet-age.png new file mode 100644 index 0000000..89f15de Binary files /dev/null and b/hip2022/images/wallet-age.png differ