ready

hip2022/hip2022.tex

@@ -7,7 +7,7 @@
 \usepackage{framed,color,ragged2e}
 \usepackage[absolute,overlay]{textpos}
 \usetheme[progressbar=frametitle]{metropolis}
-\setbeamertemplate{navigation symbols}{\insertframenumber/\inserttotalframenumber}
+%\setbeamertemplate{navigation symbols}{\insertframenumber/\inserttotalframenumber}
 \setbeamersize{description width=1em}
 \setbeamertemplate{section in toc}[sections]
 \setbeamertemplate{footline}{}
@@ -98,26 +98,20 @@
 \begin{frame}{What to expect}
 	\small
 	\begin{description}
-		\item<1->[Goals]~\\
-			Presentation of
-			\begin{itemize}
-				\item our solution for age restriction and 
-				\item its integration into GNU Taler.
-			\end{itemize}
+		\item<1->[Deliverable]~\\
+			Present a solution to age restriction and its integration in GNU Taler.
 			\vfill
-		\item<2->[Meta-goals]~\\
-			Present examples from cryptography for
-			\begin{itemize}
-				\item a zero-knowledge protocol,
-				\item a security game,
-				\item a security proof.
-			\end{itemize}
-			This will be technical and math-heavy.
+		\item<2->[Side-Channel]~\\
+			Show concepts from cryptography by example:
+
+			Zero-Knowledge protocol, Security Game and Security Proof
+
+			This will be technical.
 			\vfill
 		\item<3->[Non-goals]~\\
 			\begin{itemize}
-				\item \underline{Rigorous} introduction into GNU Taler
-				\item Demos
+				\item[] \underline{Rigorous} introduction into GNU Taler
+				\item[] Demos
 			\end{itemize}
 	\end{description}
 \end{frame}
@@ -228,6 +222,10 @@ with the following properties:
 
 \end{frame}
 
+\begin{frame}{Teaser}
+	\centering \includegraphics[height=0.9\textheight]{images/wallet-age.png}
+\end{frame}
+
 \Section{The quest for a solution to age restriction}{A journey through cryptic territory}
 
 \begin{frame}{Basic assumption and ideas}
@@ -807,7 +805,7 @@ Searching for functions \uncover<2->{with the following signatures}
 			\item That means: $\sigma$ was a valid ECDSA-signature, validated with $q_m$.
 			\item But adversary does not have the private key $p_m$ to $q_m$.
 			\item[$\implies$] So winning this game would require to existentially forge
-				the ECDSA private key, which is negligible.
+				the signature, which is negligible.
 		\end{enumerate}
 
 	\end{columns}
@@ -862,8 +860,8 @@ Searching for functions \uncover<2->{with the following signatures}
 
 \section{Integration with GNU Taler}
 
-\begin{frame}{GNU Taler}
-	\framesubtitle{https://www.taler.net}
+\begin{frame}{GNU Taler}{https://www.taler.net}
+	\label{fr:GnuTaler}
 	\begin{columns}
 		\column{4cm}
 		\fontsize{8pt}{9pt}\selectfont
@@ -880,8 +878,8 @@ Searching for functions \uncover<2->{with the following signatures}
 		\column{8cm}
 		\begin{itemize}
 			\item Protocol suite for online payment services
-			\item Based on Chaum's blind signatures
-			% \item Taxable, efficient, free software
+			\item Based on Chaum's \hyperlink{fr:reminderBlindSignature}{blindly signs}
+			\item Taxable, efficient, free software
 			\item Allows for change and refund
 			\item Privacy preserving: anonymous and unlinkable payments
 		\end{itemize}
@@ -891,7 +889,7 @@ Searching for functions \uncover<2->{with the following signatures}
 	\uncover<2->{
 	\begin{itemize}
 		\item Coins are public-/private key-pairs $(C_p, c_s)$.
-		\item Exchange blindly signs $H(C_p)$ with denomination key $d_p$
+		\item Exchange \hyperlink{fr:reminderBlindSignature}{blindly signs} $H(C_p)$ with denomination key $d_p$
 		\item Verification:
 		\begin{eqnarray*}
 			1  &\stackrel{?}{=}&
@@ -903,11 +901,11 @@ Searching for functions \uncover<2->{with the following signatures}
 	}
 \end{frame}
 
-\begin{frame}{Integration with GNU Taler}
-	\framesubtitle{Binding age restriction to coins}
+\begin{frame}{Integration with GNU Taler}{Binding age restriction to coins}
+	\label{fr:bindingToCoins}
 
 	To bind an age commitment $\commitment$ to a coin $C_p$, instead of
-	signing $H(C_p)$, $\Exchange$ now blindly signs 
+	signing $H(C_p)$, $\Exchange$ now \hyperlink{fr:reminderBlindSignature}{blindly signs}
 	\begin{center}
 		$H(C_p, \orange{H(\commitment)})$
 	\end{center}
@@ -950,48 +948,66 @@ Searching for functions \uncover<2->{with the following signatures}
 	\end{tikzpicture}
 \end{frame}
 
+\begin{frame}{Age restriction in the wallet}
+	\centering \includegraphics[height=0.9\textheight]{images/wallet-age.png}
+\end{frame}
+
 \include{gnu}
 
-\section{Discussion, Related Work, Conclusion}
+\begin{frame}{Interested in GNU Taler?}
+	We are looking for developers, testers, users!
+
+	\begin{description}
+		\item[Intro:] \url{https://taler.net}
+		\item[Learn:] \url{https://docs.taler.net}
+		\item[Develop:] \url{https://git.taler.net}, \url{https://bugs.taler.net}
+	\end{description}
+\end{frame}
+
+\section{Discussion \& Conclusion}
 
 \begin{frame}{Discussion}
-	\begin{itemize}
+	\begin{itemize}[<+->]
 		\item Our solution can in principle be used with any token-based payment scheme
-		\item GNU Taler best aligned with our design goals (security, privacy and efficiency)
-		\item Subsidiarity requires bank accounts being owned by adults
+		\item[] However, GNU Taler best aligned with our design goals
+			(security, privacy and efficiency).
+
+		\item Subsidiarity requires bank accounts being owned by adults.
+		\item[] However, scheme can be adapted to cases of
 			\begin{itemize}
-			\item Scheme can be adapted to case where minors have bank accounts
-				\begin{itemize}
-					\item Assumption: banks provide minimum age
-						information during bank
-						transactions.
-					\item Child and Exchange execute a variant of
-						the cut\&choose protocol.
-				\end{itemize}
+			\item minors have bank accounts
+			\item peer-to-peer payments
+			\item[] Hint: Know-Your-Customer (KYC) and adapted
+				withdraw protocol.
 			\end{itemize}
 		\item Our scheme offers an alternative to identity management systems (IMS)
 	\end{itemize}
 \end{frame}
-\begin{frame}{Related Work}
-	\begin{itemize}
-		\item Current privacy-perserving systems all based on attribute-based credentials (Koning et al., Schanzenbach et al., Camenisch et al., Au et al.)
-		\item Attribute-based approach lacks support: 
-			\begin{itemize}
-				\item Complex for consumers and retailers
-				\item Requires trusted third authority
-			\end{itemize}
-		\vfill
-		\item Other approaches tie age-restriction to ability to pay ("debit cards for kids")
-			\begin{itemize}
-				\item Advantage: mandatory to payment process
-				\item Not privacy friendly
-			\end{itemize}
-	\end{itemize}
-\end{frame}
+
+% \begin{frame}{Related Work}
+% 	\begin{itemize}
+% 		\item Current privacy-perserving systems all based on
+% 			attribute-based credentials (Koning et al.,
+% 			Schanzenbach et al., Camenisch et al., Au et al.)
+% 
+% 		\item Attribute-based approach lacks support: 
+% 			\begin{itemize}
+% 				\item Complex for consumers and retailers
+% 				\item Requires trusted third authority
+% 			\end{itemize}
+% 		\vfill
+% 		\item Other approaches tie age-restriction to ability to pay ("debit cards for kids")
+% 			\begin{itemize}
+% 				\item Advantage: mandatory to payment process
+% 				\item Not privacy friendly
+% 			\end{itemize}
+% 	\end{itemize}
+% \end{frame}
 
 \begin{frame}{Conclusion}
 	Age restriction is a technical, ethical and legal challenge.
 
+	\pause
 	Existing solutions are
 	\begin{itemize}
 		\item without strong protection of privacy or
@@ -999,32 +1015,43 @@ Searching for functions \uncover<2->{with the following signatures}
 	\end{itemize}
 	\vfill
 
-	Our scheme offers a solution that is
+	\pause
+	Our scheme offers a solution that
 	\begin{itemize}
-		\item based on subsidiarity
-		\item privacy preserving
-		\item efficient
-		\item an alternative to IMS
+		\item aligns with subsidiarity
+		\item preserves privacy
+		\item is efficient
+		\item and an alternative to IMS
 	\end{itemize}
 \end{frame}
 
 
 \begin{frame}{}
+	\large
 	\begin{center}
-	\Huge \textbf{Thank you!}\\
+		{\Huge \textbf{Thank you!}}\\
 	Questions?
 	\end{center}
 
 	\begin{center}
 		\texttt{oec-taler@kesim.org}\\
 		\texttt{@oec@mathstodon.xyz}
+	\vfill
+	{Interested in GNU Taler?}
+	\begin{description}
+		\item[Intro:] \url{https://taler.net}
+		\item[Learn:] \url{https://docs.taler.net}
+		\item[Develop:] \url{https://git.taler.net}, \url{https://bugs.taler.net}
+	\end{description}
 	\end{center}
-	\large
-	Interested in GNU Taler? $~\longrightarrow~$ \url{https://taler.net}\\
 \end{frame}
 
 \appendix
 
+\begin{frame}{Taler Overview}
+	\hspace*{-3em}\includegraphics[width=\paperwidth]{images/taler-overview-blue.png}
+\end{frame}
+
 \begin{frame}{Basic Requirements - Details}
 	\label{fr:detailedBasicRequirements}
 	{\scriptsize \it back to \hyperlink{fr:basicRequirements}{Basic Requirements}}
@@ -1064,6 +1091,36 @@ Searching for functions \uncover<2->{with the following signatures}
 	More details in the published paper.
 \end{frame}
 
+\begin{frame}{Reminder: RSA blind signature}
+	\label{fr:reminderBlindSignature}
+	\small
+	In RSA, a public key $(e, N)$ and private key $(d, N)$ have the property
+		\[ x^{ed} = x \mod N \]
+
+	\pause
+	Bob (B) creates a blind signature of a message $m$ for Alice (A):
+	\begin{itemize}[<+->]
+		\item[A:]
+			\begin{itemize}
+				\item chooses random integer $b$
+				\item calculates $m' := m*b^e$ {\hfill \scriptsize \textit{(blinding)}}
+				\item sends $m'$ to B.
+			\end{itemize}
+		\item[B:]
+			\begin{itemize}
+				\item signs $m'$ by $\sigma' := m'^d \mod N$ {\hfill \scriptsize \textit{(B doesn't know $m$)}}
+				\item sends $\sigma'$ to A.
+				\item[] \scriptsize Note: $m'^d = (m*b^e)^d = m^d*b^{ed} = m^d*b \mod N$
+			\end{itemize}
+		\item[A:]\begin{itemize}
+				\item unblinds $\sigma'$ by calculating 
+			\[ \sigma := \sigma'*b^{-1} (= m^d) \]
+			\item[]$\sigma$ is a valid RSA signature to message $m$.
+		\end{itemize}
+	\end{itemize}
+	\hfill \tiny back to \hyperlink{fr:GnuTaler}{\textit{taler}} or \hyperlink{fr:bindingToCoins}{\textit{binding}}
+\end{frame}
+
 %\begin{frame}{Requirements}
 %	\framesubtitle{Details}
 %