workable state for eipsi2024

This commit is contained in:
Özgür Kesim 2024-05-30 18:04:14 +02:00
parent 1c7f48e515
commit c3ae40d20a
13 changed files with 2634 additions and 267 deletions

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -101,12 +101,11 @@
\item<1->[Deliverable]~\\ \item<1->[Deliverable]~\\
Present a solution to age restriction and its integration in GNU Taler. Present a solution to age restriction and its integration in GNU Taler.
\vfill \vfill
\item<2->[Side-Channel]~\\ \item<2->[Drive-By]~\\
Show concepts from cryptography by example: Show concepts from cryptography by example:
Zero-Knowledge protocol, Security Game and Security Proof Zero-Knowledge protocol, Security Game and Security Proof
This will be technical.
\vfill \vfill
\item<3->[Non-goals]~\\ \item<3->[Non-goals]~\\
\begin{itemize} \begin{itemize}
@ -119,13 +118,15 @@
\begin{frame}{Sponsors} \begin{frame}{Sponsors}
\centering\begin{columns}[T] \centering\begin{columns}[T]
\column{0.5\textwidth} \column{0.6\textwidth}
\centering NGI Pointer program of the European Commission\\[2em] \centering NGI Taler and NGI Pointer programs of the European Commission\\[2em]
\centering\includegraphics[width=0.7\textwidth]{images/ngi-ap3.png} \centering\includegraphics[width=0.9\textwidth]{images/ngi-taler.jpg}
\column{0.5\textwidth} \centering\includegraphics[width=0.5\textwidth]{images/ngi-ap3.png}
\centering Project \textit{Concrete Contracts} in the
\column{0.4\textwidth}
\centering Project\\ \textit{Concrete Contracts} in the
\textit{KMU-innovativ} programm\\[2em] \textit{KMU-innovativ} programm\\[2em]
\centering\includegraphics[width=0.9\textwidth]{images/bmbf-english.jpg} \centering\includegraphics[width=0.9\textwidth]{images/bmbf-english.jpg}
@ -297,6 +298,43 @@ with the following properties:
\end{columns} \end{columns}
\end{frame} \end{frame}
\begin{frame}{Helpful figure - Commit}
\centering\includegraphics[height=0.9\textheight]{images/commit.pdf}
\end{frame}
\begin{frame}{Helpful figure - Attest and Verify}
\centering\includegraphics[height=0.9\textheight]{images/attest-verify.pdf}
\end{frame}
\begin{frame}{Helpful figure - Derive and Compare}
\centering\includegraphics[width=\textwidth]{images/derive-compare.pdf}
\end{frame}
\begin{frame}{Helpful figure}
\small
\begin{columns}[t]
\column{0.25\textwidth}
Commit:\\[1em]
\includegraphics[width=\textwidth]{images/commit.pdf}
\column{0.25\textwidth}
Attest and Verify:\\[1em]
\includegraphics[width=\textwidth]{images/attest-verify.pdf}
\column{0.5\textwidth}
Derive and Compare:\\[1em]
\includegraphics[width=\textwidth]{images/derive-compare.pdf}
\end{columns}
\end{frame}
\begin{frame}{Specification of the Function Signatures} \begin{frame}{Specification of the Function Signatures}
\small \small
@ -362,6 +400,7 @@ Searching for functions \uncover<2->{with the following signatures}
} }
\end{frame} \end{frame}
\begin{frame}{Naïve scheme} \begin{frame}{Naïve scheme}
\begin{center} \begin{center}
\begin{tikzpicture}[scale=.8] \begin{tikzpicture}[scale=.8]
@ -427,39 +466,57 @@ Searching for functions \uncover<2->{with the following signatures}
\end{frame} \end{frame}
\begin{frame}{Achieving Unlinkability} \begin{frame}{Achieving Unlinkability}
Given $\Derive()$ and $\Compare()$, define the Zero-Knowledge-protocol Given $\Derive()$ and $\Compare()$, define the cut-and-choose protocoll
\orange{$\DeriveCompare$} as follows (sketch): \orange{$\DeriveCompare$} as follows (sketch):
\begin{columns}
\column{0.3\textwidth}
\pause
\includegraphics[width=\textwidth]{images/cut-and-choose.pdf}
\column{0.7\textwidth}
\pause
\uncover<2->{ \uncover<2->{
\small
\scriptsize
Let $\kappa \in \N$ (say: $\kappa = 3$) Let $\kappa \in \N$ (say: $\kappa = 3$)
\begin{itemize}[<+->] \begin{itemize}[<+->]
\item[$\Child$:] \item[$\Child$:]
\begin{enumerate} \begin{enumerate}
\scriptsize
\item generates $(\commitment_1,\dots,\commitment_\kappa)$ \item generates $(\commitment_1,\dots,\commitment_\kappa)$
and $(\beta_1,\dots,\beta_\kappa)$ from $\commitment_0$\\ and $(\beta_1,\dots,\beta_\kappa)$ from $\commitment_0$
by calling $\kappa$ times $\Derive(\commitment_0, \pruf_0, \omega_i)$ by calling $\kappa$ times $\Derive(\commitment_0, \pruf_0, \omega_i)$
\item calculates $h_0:=H\left(H(\commitment_1, \beta_1)\parallel \dots\parallel H(\commitment_\kappa, \beta_\kappa)\right)$ \item calculates $h_0:=H\left(H(\commitment_1, \beta_1)\parallel \dots\parallel H(\commitment_\kappa, \beta_\kappa)\right)$
\item sends $\commitment_0$ and $h_0$ to $\Exchange$ \item sends $\commitment_0$ and $h_0$ to $\Exchange$
\end{enumerate} \end{enumerate}
\item[$\Exchange$:] \item[$\Exchange$:]
\begin{enumerate} \begin{enumerate}
\scriptsize
\item[4.] saves $\commitment_0$ and $h_0$ and sends $\Child$ random $\gamma \in \{1,\dots,\kappa\}$ \item[4.] saves $\commitment_0$ and $h_0$ and sends $\Child$ random $\gamma \in \{1,\dots,\kappa\}$
\end{enumerate} \end{enumerate}
\item[$\Child$:] \item[$\Child$:]
\begin{enumerate} \begin{enumerate}
\scriptsize
\item[5.] reveals $h_\gamma:=H(\commitment_\gamma, \beta_\gamma)$ and all $(\commitment_i, \beta_i)$, except $(\commitment_\gamma, \beta_\gamma)$ \item[5.] reveals $h_\gamma:=H(\commitment_\gamma, \beta_\gamma)$ and all $(\commitment_i, \beta_i)$, except $(\commitment_\gamma, \beta_\gamma)$
\end{enumerate} \end{enumerate}
\item[$\Exchange$:] \item[$\Exchange$:]
\begin{enumerate} \begin{enumerate}
\scriptsize
\item[6.] compares $h_0$ and \item[6.] compares $h_0$ and
$H\left(H(\commitment_1, \beta_1)\parallel ...\parallel h_\gamma\parallel ...\parallel H(\commitment_\kappa, \beta_\kappa)\right)$ $H\left(H(\commitment_1, \beta_1)\parallel ...\parallel h_\gamma\parallel ...\parallel H(\commitment_\kappa, \beta_\kappa)\right)$
\item[7.] evaluates $\Compare(\commitment_0, \commitment_i, \beta_i)$ for all $i \neq \gamma$. \item[7.] evaluates $\Compare(\commitment_0, \commitment_i, \beta_i)$ for all $i \neq \gamma$.
\end{enumerate} \end{enumerate}
\end{itemize} \end{itemize}
\pause \pause
\scriptsize
If all steps succeed, $\commitment_\gamma$ is the new commitment. If all steps succeed, $\commitment_\gamma$ is the new commitment.
} }
\end{columns}
\end{frame} \end{frame}
\begin{frame}{Achieving Unlinkability}%{Certainty trade-off} \begin{frame}{Achieving Unlinkability}%{Certainty trade-off}
@ -677,10 +734,15 @@ Searching for functions \uncover<2->{with the following signatures}
\end{frame} \end{frame}
\begin{frame}{Definition of Commit with ECDSA}%{Definition of Commit} \begin{frame}{Definition of Commit with ECDSA}%{Definition of Commit}
\begin{columns}
\column{0.2\textwidth}
\includegraphics[width=1.1\textwidth]{images/commit.pdf}
\column{0.8\textwidth}
\begin{description} \begin{description}
\small
\item[To \blue{Commit} to age group $\age \in \{1,\dots,\Age\}$]~\\ \item[To \blue{Commit} to age group $\age \in \{1,\dots,\Age\}$]~\\
\begin{enumerate}[<+->] \begin{enumerate}[<+->]
\small
\item Guardian generates ECDSA-keypairs, one per age group: \item Guardian generates ECDSA-keypairs, one per age group:
\[\langle(q_1, p_1),\dots,(q_\Age,p_\Age)\rangle\] \[\langle(q_1, p_1),\dots,(q_\Age,p_\Age)\rangle\]
\item Guardian then \textbf{drops} all private keys \item Guardian then \textbf{drops} all private keys
@ -699,15 +761,23 @@ Searching for functions \uncover<2->{with the following signatures}
\vfill \vfill
\end{enumerate} \end{enumerate}
\end{description} \end{description}
\end{columns}
\end{frame} \end{frame}
\begin{frame}{Attest and Verify with ECDSA} \begin{frame}{Attest and Verify with ECDSA}
\begin{columns}
\column{0.2\textwidth}
\includegraphics[width=1.1\textwidth]{images/attest-verify.pdf}
\column{0.8\textwidth}
\small
Child has Child has
\begin{itemize} \begin{itemize}
\small
\item ordered public-keys $\Vcommitment = (q_1, \dots~\dots~\dots, q_\Age) $, \item ordered public-keys $\Vcommitment = (q_1, \dots~\dots~\dots, q_\Age) $,
\item (some) private-keys $\Vpruf = (p_1, \dots, p_\age, \Nil, \dots, \Nil)$. \item (some) private-keys $\Vpruf = (p_1, \dots, p_\age, \Nil, \dots, \Nil)$.
\end{itemize} \end{itemize}
\begin{description} \begin{description}
\small
\item<2->[To \blue{Attest} a minimum age (group) $\blue{\minage} \leq \age$:]~\\ \item<2->[To \blue{Attest} a minimum age (group) $\blue{\minage} \leq \age$:]~\\
Sign a message with ECDSA using private key Sign a message with ECDSA using private key
$p_\blue{\minage}$. The signature $\sigma_\blue{\minage}$ is the $p_\blue{\minage}$. The signature $\sigma_\blue{\minage}$ is the
@ -717,17 +787,21 @@ Searching for functions \uncover<2->{with the following signatures}
\vfill \vfill
\uncover<3->{ \uncover<3->{
\small
Merchant gets Merchant gets
\begin{itemize} \begin{itemize}
\small
\item ordered public-keys $\Vcommitment = (q_1, \dots, q_\Age) $ \item ordered public-keys $\Vcommitment = (q_1, \dots, q_\Age) $
\item Signature $\sigma_\blue{\minage}$ \item Signature $\sigma_\blue{\minage}$
\end{itemize} \end{itemize}
\begin{description} \begin{description}
\small
\item<4->[To \blue{Verify} a minimum age (group) \blue{$\minage$}:]~\\ \item<4->[To \blue{Verify} a minimum age (group) \blue{$\minage$}:]~\\
Verify the ECDSA-Signature $\sigma_\blue{\minage}$ with public key $q_\blue{\minage}$. Verify the ECDSA-Signature $\sigma_\blue{\minage}$ with public key $q_\blue{\minage}$.
\end{description} \end{description}
} }
\vfill \vfill
\end{columns}
\end{frame} \end{frame}
\begin{frame}{Derive and Compare with ECDSA} \begin{frame}{Derive and Compare with ECDSA}
@ -951,57 +1025,65 @@ Searching for functions \uncover<2->{with the following signatures}
\centering \includegraphics[height=0.9\textheight]{images/wallet-age.png} \centering \includegraphics[height=0.9\textheight]{images/wallet-age.png}
\end{frame} \end{frame}
\include{gnu} % \include{gnu}
%
\begin{frame}{Interested in GNU Taler?} % \begin{frame}{Interested in GNU Taler?}
We are looking for developers, testers, users! % We are looking for developers, testers, users!
%
\begin{description} % \begin{description}
\item[Intro:] \url{https://taler.net} % \item[Intro:] \url{https://taler.net}
\item[Learn:] \url{https://docs.taler.net} % \item[Learn:] \url{https://docs.taler.net}
\item[Develop:] \url{https://git.taler.net}, \url{https://bugs.taler.net} % \item[Develop:] \url{https://git.taler.net}, \url{https://bugs.taler.net}
\end{description} % \end{description}
\end{frame} % \end{frame}
\section{Discussion \& Conclusion} \section{Discussion \& Conclusion}
\begin{frame}{Discussion} \begin{frame}{Discussion}
Technical Aspects and Challenges
\begin{itemize}[<+->] \begin{itemize}[<+->]
\item Our solution can in principle be used with any token-based payment scheme \item Our solution can in principle be used with any token-based payment scheme
\item[] However, GNU Taler best aligned with our design goals \item[] However, GNU Taler best aligned with our design goals
(security, privacy and efficiency). (security, privacy and efficiency).
\item Subsidiarity requires bank accounts being owned by adults. \item Subsidiarity requires bank accounts being owned by adults.
\item[] However, scheme can be adapted to cases of \item[] However, scheme can be adapted
\begin{itemize} \begin{itemize}
\item minors have bank accounts \item Know-Your-Customer (KYC) provides age information
\item peer-to-peer payments \item Parents can set age on a long-term wallet of a child
\item[] Hint: Know-Your-Customer (KYC) and adapted \item cut\&choose protocol \texttt{age-withdraw} implemented
withdraw protocol.
\end{itemize} \end{itemize}
\item Our scheme offers an alternative to identity management systems (IMS)
\end{itemize} \end{itemize}
\end{frame} \end{frame}
% \begin{frame}{Related Work} \begin{frame}{Discussion}
% \begin{itemize} Legal aspects and applicability
% \item Current privacy-perserving systems all based on \begin{itemize}[<+->]
% attribute-based credentials (Koning et al., \item The scheme only makes sense when cheating can be discouraged, f.e. economically
% Schanzenbach et al., Camenisch et al., Au et al.) \item There will be limits where the scheme is considered acceptable.
% \item Our scheme offers an alternative to identity management systems (IMS), where applicable
% \item Attribute-based approach lacks support: \end{itemize}
% \begin{itemize} \end{frame}
% \item Complex for consumers and retailers
% \item Requires trusted third authority \begin{frame}{Related Work}
% \end{itemize} \begin{itemize}
% \vfill \item Current privacy-perserving systems all based on
% \item Other approaches tie age-restriction to ability to pay ("debit cards for kids") attribute-based credentials (Koning et al.,
% \begin{itemize} Schanzenbach et al., Camenisch et al., Au et al.)
% \item Advantage: mandatory to payment process
% \item Not privacy friendly \item Attribute-based approach lacks support:
% \end{itemize} \begin{itemize}
% \end{itemize} \item Complex for consumers and retailers
% \end{frame} \item Requires trusted third authority
\end{itemize}
\vfill
\item Other approaches tie age-restriction to ability to pay ("debit cards for kids")
\begin{itemize}
\item Advantage: mandatory to payment process
\item Not privacy friendly
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}{Conclusion} \begin{frame}{Conclusion}
Age restriction is a technical, ethical and legal challenge. Age restriction is a technical, ethical and legal challenge.
@ -1015,7 +1097,7 @@ Searching for functions \uncover<2->{with the following signatures}
\vfill \vfill
\pause \pause
Our scheme offers a solution that Our scheme offers an option that
\begin{itemize} \begin{itemize}
\item aligns with subsidiarity \item aligns with subsidiarity
\item preserves privacy \item preserves privacy
@ -1026,7 +1108,7 @@ Searching for functions \uncover<2->{with the following signatures}
\begin{frame}{} \begin{frame}{}
\large % \large
\begin{center} \begin{center}
{\Huge \textbf{Thank you!}}\\ {\Huge \textbf{Thank you!}}\\
Questions? Questions?
@ -1038,9 +1120,11 @@ Searching for functions \uncover<2->{with the following signatures}
\vfill \vfill
{Interested in GNU Taler?} {Interested in GNU Taler?}
\begin{description} \begin{description}
\item[Intro:] \url{https://taler.net} \item[Intro:] \url{https://taler.net},
\item[Learn:] \url{https://docs.taler.net} \item[Learn:] \url{https://docs.taler.net}
\item[Develop:] \url{https://git.taler.net}, \url{https://bugs.taler.net} \item[Develop:] \url{https://git.taler.net}, \url{https://bugs.taler.net}
\item[Connect:] \url{https://ich.taler.net}
\item[NGI Taler:] \url{https://ngi.taler.net}
\end{description} \end{description}
\end{center} \end{center}
\end{frame} \end{frame}

BIN
eipsi2024/images/attest.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 13 KiB

BIN
eipsi2024/images/attest.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 19 KiB

File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 93 KiB

BIN
eipsi2024/images/commit.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 16 KiB

BIN
eipsi2024/images/commit.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 21 KiB

File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 116 KiB

Binary file not shown.

Binary file not shown.

After

Width:  |  Height:  |  Size: 40 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 17 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 19 KiB