taler/talks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ready

Browse Source
This commit is contained in:
Özgür Kesim 2022-12-29 13:25:36 +01:00
parent 355c899279
commit 95907445c0
3 changed files with 119 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

181
hip2022/hip2022.tex
View File

@ -7,7 +7,7 @@
\usepackage{framed,color,ragged2e} \usepackage{framed,color,ragged2e}
\usepackage[absolute,overlay]{textpos} \usepackage[absolute,overlay]{textpos}
\usetheme[progressbar=frametitle]{metropolis} \usetheme[progressbar=frametitle]{metropolis}
\setbeamertemplate{navigation symbols}{\insertframenumber/\inserttotalframenumber} %\setbeamertemplate{navigation symbols}{\insertframenumber/\inserttotalframenumber}
\setbeamersize{description width=1em} \setbeamersize{description width=1em}
\setbeamertemplate{section in toc}[sections] \setbeamertemplate{section in toc}[sections]
\setbeamertemplate{footline}{} \setbeamertemplate{footline}{}
@ -98,26 +98,20 @@
\begin{frame}{What to expect} \begin{frame}{What to expect}
\small \small
\begin{description} \begin{description}
\item<1->[Goals]~\\ \item<1->[Deliverable]~\\
Presentation of Present a solution to age restriction and its integration in GNU Taler.
\begin{itemize}
\item our solution for age restriction and
\item its integration into GNU Taler.
\end{itemize}
\vfill \vfill
\item<2->[Meta-goals]~\\ \item<2->[Side-Channel]~\\
Present examples from cryptography for Show concepts from cryptography by example:
\begin{itemize}
\item a zero-knowledge protocol, Zero-Knowledge protocol, Security Game and Security Proof
\item a security game,
\item a security proof. This will be technical.
\end{itemize}
This will be technical and math-heavy.
\vfill \vfill
\item<3->[Non-goals]~\\ \item<3->[Non-goals]~\\
\begin{itemize} \begin{itemize}
\item \underline{Rigorous} introduction into GNU Taler \item[] \underline{Rigorous} introduction into GNU Taler
\item Demos \item[] Demos
\end{itemize} \end{itemize}
\end{description} \end{description}
\end{frame} \end{frame}
@ -228,6 +222,10 @@ with the following properties:
\end{frame} \end{frame}
\begin{frame}{Teaser}
\centering \includegraphics[height=0.9\textheight]{images/wallet-age.png}
\end{frame}
\Section{The quest for a solution to age restriction}{A journey through cryptic territory} \Section{The quest for a solution to age restriction}{A journey through cryptic territory}
\begin{frame}{Basic assumption and ideas} \begin{frame}{Basic assumption and ideas}
@ -807,7 +805,7 @@ Searching for functions \uncover<2->{with the following signatures}
\item That means: $\sigma$ was a valid ECDSA-signature, validated with $q_m$. \item That means: $\sigma$ was a valid ECDSA-signature, validated with $q_m$.
\item But adversary does not have the private key $p_m$ to $q_m$. \item But adversary does not have the private key $p_m$ to $q_m$.
\item[$\implies$] So winning this game would require to existentially forge \item[$\implies$] So winning this game would require to existentially forge
the ECDSA private key, which is negligible. the signature, which is negligible.
\end{enumerate} \end{enumerate}
\end{columns} \end{columns}
@ -862,8 +860,8 @@ Searching for functions \uncover<2->{with the following signatures}
\section{Integration with GNU Taler} \section{Integration with GNU Taler}
\begin{frame}{GNU Taler} \begin{frame}{GNU Taler}{https://www.taler.net}
\framesubtitle{https://www.taler.net} \label{fr:GnuTaler}
\begin{columns} \begin{columns}
\column{4cm} \column{4cm}
\fontsize{8pt}{9pt}\selectfont \fontsize{8pt}{9pt}\selectfont
@ -880,8 +878,8 @@ Searching for functions \uncover<2->{with the following signatures}
\column{8cm} \column{8cm}
\begin{itemize} \begin{itemize}
\item Protocol suite for online payment services \item Protocol suite for online payment services
\item Based on Chaum's blind signatures \item Based on Chaum's \hyperlink{fr:reminderBlindSignature}{blindly signs}
% \item Taxable, efficient, free software \item Taxable, efficient, free software
\item Allows for change and refund \item Allows for change and refund
\item Privacy preserving: anonymous and unlinkable payments \item Privacy preserving: anonymous and unlinkable payments
\end{itemize} \end{itemize}
@ -891,7 +889,7 @@ Searching for functions \uncover<2->{with the following signatures}
\uncover<2->{ \uncover<2->{
\begin{itemize} \begin{itemize}
\item Coins are public-/private key-pairs $(C_p, c_s)$. \item Coins are public-/private key-pairs $(C_p, c_s)$.
\item Exchange blindly signs $H(C_p)$ with denomination key $d_p$ \item Exchange \hyperlink{fr:reminderBlindSignature}{blindly signs} $H(C_p)$ with denomination key $d_p$
\item Verification: \item Verification:
\begin{eqnarray*} \begin{eqnarray*}
1 &\stackrel{?}{=}& 1 &\stackrel{?}{=}&
@ -903,11 +901,11 @@ Searching for functions \uncover<2->{with the following signatures}
} }
\end{frame} \end{frame}
\begin{frame}{Integration with GNU Taler} \begin{frame}{Integration with GNU Taler}{Binding age restriction to coins}
\framesubtitle{Binding age restriction to coins} \label{fr:bindingToCoins}
To bind an age commitment $\commitment$ to a coin $C_p$, instead of To bind an age commitment $\commitment$ to a coin $C_p$, instead of
signing $H(C_p)$, $\Exchange$ now blindly signs signing $H(C_p)$, $\Exchange$ now \hyperlink{fr:reminderBlindSignature}{blindly signs}
\begin{center} \begin{center}
$H(C_p, \orange{H(\commitment)})$ $H(C_p, \orange{H(\commitment)})$
\end{center} \end{center}
@ -950,48 +948,66 @@ Searching for functions \uncover<2->{with the following signatures}
\end{tikzpicture} \end{tikzpicture}
\end{frame} \end{frame}
\begin{frame}{Age restriction in the wallet}
\centering \includegraphics[height=0.9\textheight]{images/wallet-age.png}
\end{frame}
\include{gnu} \include{gnu}
\section{Discussion, Related Work, Conclusion} \begin{frame}{Interested in GNU Taler?}
We are looking for developers, testers, users!
\begin{description}
\item[Intro:] \url{https://taler.net}
\item[Learn:] \url{https://docs.taler.net}
\item[Develop:] \url{https://git.taler.net}, \url{https://bugs.taler.net}
\end{description}
\end{frame}
\section{Discussion \& Conclusion}
\begin{frame}{Discussion} \begin{frame}{Discussion}
\begin{itemize} \begin{itemize}[<+->]
\item Our solution can in principle be used with any token-based payment scheme \item Our solution can in principle be used with any token-based payment scheme
\item GNU Taler best aligned with our design goals (security, privacy and efficiency) \item[] However, GNU Taler best aligned with our design goals
\item Subsidiarity requires bank accounts being owned by adults (security, privacy and efficiency).
\item Subsidiarity requires bank accounts being owned by adults.
\item[] However, scheme can be adapted to cases of
\begin{itemize} \begin{itemize}
\item Scheme can be adapted to case where minors have bank accounts \item minors have bank accounts
\begin{itemize} \item peer-to-peer payments
\item Assumption: banks provide minimum age \item[] Hint: Know-Your-Customer (KYC) and adapted
information during bank withdraw protocol.
transactions.
\item Child and Exchange execute a variant of
the cut\&choose protocol.
\end{itemize}
\end{itemize} \end{itemize}
\item Our scheme offers an alternative to identity management systems (IMS) \item Our scheme offers an alternative to identity management systems (IMS)
\end{itemize} \end{itemize}
\end{frame} \end{frame}
\begin{frame}{Related Work}
\begin{itemize} % \begin{frame}{Related Work}
\item Current privacy-perserving systems all based on attribute-based credentials (Koning et al., Schanzenbach et al., Camenisch et al., Au et al.) % \begin{itemize}
\item Attribute-based approach lacks support: % \item Current privacy-perserving systems all based on
\begin{itemize} % attribute-based credentials (Koning et al.,
\item Complex for consumers and retailers % Schanzenbach et al., Camenisch et al., Au et al.)
\item Requires trusted third authority %
\end{itemize} % \item Attribute-based approach lacks support:
\vfill % \begin{itemize}
\item Other approaches tie age-restriction to ability to pay ("debit cards for kids") % \item Complex for consumers and retailers
\begin{itemize} % \item Requires trusted third authority
\item Advantage: mandatory to payment process % \end{itemize}
\item Not privacy friendly % \vfill
\end{itemize} % \item Other approaches tie age-restriction to ability to pay ("debit cards for kids")
\end{itemize} % \begin{itemize}
\end{frame} % \item Advantage: mandatory to payment process
% \item Not privacy friendly
% \end{itemize}
% \end{itemize}
% \end{frame}
\begin{frame}{Conclusion} \begin{frame}{Conclusion}
Age restriction is a technical, ethical and legal challenge. Age restriction is a technical, ethical and legal challenge.
\pause
Existing solutions are Existing solutions are
\begin{itemize} \begin{itemize}
\item without strong protection of privacy or \item without strong protection of privacy or
@ -999,32 +1015,43 @@ Searching for functions \uncover<2->{with the following signatures}
\end{itemize} \end{itemize}
\vfill \vfill
Our scheme offers a solution that is \pause
Our scheme offers a solution that
\begin{itemize} \begin{itemize}
\item based on subsidiarity \item aligns with subsidiarity
\item privacy preserving \item preserves privacy
\item efficient \item is efficient
\item an alternative to IMS \item and an alternative to IMS
\end{itemize} \end{itemize}
\end{frame} \end{frame}
\begin{frame}{} \begin{frame}{}
\large
\begin{center} \begin{center}
\Huge \textbf{Thank you!}\\ {\Huge \textbf{Thank you!}}\\
Questions? Questions?
\end{center} \end{center}
\begin{center} \begin{center}
\texttt{oec-taler@kesim.org}\\ \texttt{oec-taler@kesim.org}\\
\texttt{@oec@mathstodon.xyz} \texttt{@oec@mathstodon.xyz}
\vfill
{Interested in GNU Taler?}
\begin{description}
\item[Intro:] \url{https://taler.net}
\item[Learn:] \url{https://docs.taler.net}
\item[Develop:] \url{https://git.taler.net}, \url{https://bugs.taler.net}
\end{description}
\end{center} \end{center}
\large
Interested in GNU Taler? $~\longrightarrow~$ \url{https://taler.net}\\
\end{frame} \end{frame}
\appendix \appendix
\begin{frame}{Taler Overview}
\hspace*{-3em}\includegraphics[width=\paperwidth]{images/taler-overview-blue.png}
\end{frame}
\begin{frame}{Basic Requirements - Details} \begin{frame}{Basic Requirements - Details}
\label{fr:detailedBasicRequirements} \label{fr:detailedBasicRequirements}
{\scriptsize \it back to \hyperlink{fr:basicRequirements}{Basic Requirements}} {\scriptsize \it back to \hyperlink{fr:basicRequirements}{Basic Requirements}}
@ -1064,6 +1091,36 @@ Searching for functions \uncover<2->{with the following signatures}
More details in the published paper. More details in the published paper.
\end{frame} \end{frame}
\begin{frame}{Reminder: RSA blind signature}
\label{fr:reminderBlindSignature}
\small
In RSA, a public key $(e, N)$ and private key $(d, N)$ have the property
\[ x^{ed} = x \mod N \]
\pause
Bob (B) creates a blind signature of a message $m$ for Alice (A):
\begin{itemize}[<+->]
\item[A:]
\begin{itemize}
\item chooses random integer $b$
\item calculates $m' := m*b^e$ {\hfill \scriptsize \textit{(blinding)}}
\item sends $m'$ to B.
\end{itemize}
\item[B:]
\begin{itemize}
\item signs $m'$ by $\sigma' := m'^d \mod N$ {\hfill \scriptsize \textit{(B doesn't know $m$)}}
\item sends $\sigma'$ to A.
\item[] \scriptsize Note: $m'^d = (m*b^e)^d = m^d*b^{ed} = m^d*b \mod N$
\end{itemize}
\item[A:]\begin{itemize}
\item unblinds $\sigma'$ by calculating
\[ \sigma := \sigma'*b^{-1} (= m^d) \]
\item[]$\sigma$ is a valid RSA signature to message $m$.
\end{itemize}
\end{itemize}
\hfill \tiny back to \hyperlink{fr:GnuTaler}{\textit{taler}} or \hyperlink{fr:bindingToCoins}{\textit{binding}}
\end{frame}
%\begin{frame}{Requirements} %\begin{frame}{Requirements}
% \framesubtitle{Details} % \framesubtitle{Details}
% %

BIN
hip2022/images/taler-overview-blue.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 216 KiB

BIN
hip2022/images/wallet-age.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 44 KiB