workable state for eipsi2024
1483
age-restriction.drawio/.$age-restriction-taler.drawio.bkp
Normal file
@ -101,12 +101,11 @@
|
|||||||
\item<1->[Deliverable]~\\
|
\item<1->[Deliverable]~\\
|
||||||
Present a solution to age restriction and its integration in GNU Taler.
|
Present a solution to age restriction and its integration in GNU Taler.
|
||||||
\vfill
|
\vfill
|
||||||
\item<2->[Side-Channel]~\\
|
\item<2->[Drive-By]~\\
|
||||||
Show concepts from cryptography by example:
|
Show concepts from cryptography by example:
|
||||||
|
|
||||||
Zero-Knowledge protocol, Security Game and Security Proof
|
Zero-Knowledge protocol, Security Game and Security Proof
|
||||||
|
|
||||||
This will be technical.
|
|
||||||
\vfill
|
\vfill
|
||||||
\item<3->[Non-goals]~\\
|
\item<3->[Non-goals]~\\
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
@ -119,13 +118,15 @@
|
|||||||
|
|
||||||
\begin{frame}{Sponsors}
|
\begin{frame}{Sponsors}
|
||||||
\centering\begin{columns}[T]
|
\centering\begin{columns}[T]
|
||||||
\column{0.5\textwidth}
|
\column{0.6\textwidth}
|
||||||
\centering NGI Pointer program of the European Commission\\[2em]
|
\centering NGI Taler and NGI Pointer programs of the European Commission\\[2em]
|
||||||
|
|
||||||
\centering\includegraphics[width=0.7\textwidth]{images/ngi-ap3.png}
|
\centering\includegraphics[width=0.9\textwidth]{images/ngi-taler.jpg}
|
||||||
|
|
||||||
\column{0.5\textwidth}
|
\centering\includegraphics[width=0.5\textwidth]{images/ngi-ap3.png}
|
||||||
\centering Project \textit{Concrete Contracts} in the
|
|
||||||
|
\column{0.4\textwidth}
|
||||||
|
\centering Project\\ \textit{Concrete Contracts} in the
|
||||||
\textit{KMU-innovativ} programm\\[2em]
|
\textit{KMU-innovativ} programm\\[2em]
|
||||||
|
|
||||||
\centering\includegraphics[width=0.9\textwidth]{images/bmbf-english.jpg}
|
\centering\includegraphics[width=0.9\textwidth]{images/bmbf-english.jpg}
|
||||||
@ -297,6 +298,43 @@ with the following properties:
|
|||||||
\end{columns}
|
\end{columns}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}{Helpful figure - Commit}
|
||||||
|
|
||||||
|
\centering\includegraphics[height=0.9\textheight]{images/commit.pdf}
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}{Helpful figure - Attest and Verify}
|
||||||
|
|
||||||
|
\centering\includegraphics[height=0.9\textheight]{images/attest-verify.pdf}
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}{Helpful figure - Derive and Compare}
|
||||||
|
|
||||||
|
\centering\includegraphics[width=\textwidth]{images/derive-compare.pdf}
|
||||||
|
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
|
\begin{frame}{Helpful figure}
|
||||||
|
\small
|
||||||
|
\begin{columns}[t]
|
||||||
|
\column{0.25\textwidth}
|
||||||
|
Commit:\\[1em]
|
||||||
|
|
||||||
|
\includegraphics[width=\textwidth]{images/commit.pdf}
|
||||||
|
|
||||||
|
\column{0.25\textwidth}
|
||||||
|
Attest and Verify:\\[1em]
|
||||||
|
|
||||||
|
\includegraphics[width=\textwidth]{images/attest-verify.pdf}
|
||||||
|
|
||||||
|
\column{0.5\textwidth}
|
||||||
|
Derive and Compare:\\[1em]
|
||||||
|
|
||||||
|
\includegraphics[width=\textwidth]{images/derive-compare.pdf}
|
||||||
|
\end{columns}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}{Specification of the Function Signatures}
|
\begin{frame}{Specification of the Function Signatures}
|
||||||
\small
|
\small
|
||||||
@ -362,6 +400,7 @@ Searching for functions \uncover<2->{with the following signatures}
|
|||||||
}
|
}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
|
|
||||||
\begin{frame}{Naïve scheme}
|
\begin{frame}{Naïve scheme}
|
||||||
\begin{center}
|
\begin{center}
|
||||||
\begin{tikzpicture}[scale=.8]
|
\begin{tikzpicture}[scale=.8]
|
||||||
@ -427,39 +466,57 @@ Searching for functions \uncover<2->{with the following signatures}
|
|||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}{Achieving Unlinkability}
|
\begin{frame}{Achieving Unlinkability}
|
||||||
Given $\Derive()$ and $\Compare()$, define the Zero-Knowledge-protocol
|
Given $\Derive()$ and $\Compare()$, define the cut-and-choose protocoll
|
||||||
\orange{$\DeriveCompare$} as follows (sketch):
|
\orange{$\DeriveCompare$} as follows (sketch):
|
||||||
|
|
||||||
|
\begin{columns}
|
||||||
|
\column{0.3\textwidth}
|
||||||
|
\pause
|
||||||
|
\includegraphics[width=\textwidth]{images/cut-and-choose.pdf}
|
||||||
|
|
||||||
|
\column{0.7\textwidth}
|
||||||
|
\pause
|
||||||
|
|
||||||
\uncover<2->{
|
\uncover<2->{
|
||||||
\small
|
|
||||||
|
\scriptsize
|
||||||
|
|
||||||
Let $\kappa \in \N$ (say: $\kappa = 3$)
|
Let $\kappa \in \N$ (say: $\kappa = 3$)
|
||||||
\begin{itemize}[<+->]
|
\begin{itemize}[<+->]
|
||||||
\item[$\Child$:]
|
\item[$\Child$:]
|
||||||
\begin{enumerate}
|
\begin{enumerate}
|
||||||
|
\scriptsize
|
||||||
\item generates $(\commitment_1,\dots,\commitment_\kappa)$
|
\item generates $(\commitment_1,\dots,\commitment_\kappa)$
|
||||||
and $(\beta_1,\dots,\beta_\kappa)$ from $\commitment_0$\\
|
and $(\beta_1,\dots,\beta_\kappa)$ from $\commitment_0$
|
||||||
by calling $\kappa$ times $\Derive(\commitment_0, \pruf_0, \omega_i)$
|
by calling $\kappa$ times $\Derive(\commitment_0, \pruf_0, \omega_i)$
|
||||||
\item calculates $h_0:=H\left(H(\commitment_1, \beta_1)\parallel \dots\parallel H(\commitment_\kappa, \beta_\kappa)\right)$
|
\item calculates $h_0:=H\left(H(\commitment_1, \beta_1)\parallel \dots\parallel H(\commitment_\kappa, \beta_\kappa)\right)$
|
||||||
\item sends $\commitment_0$ and $h_0$ to $\Exchange$
|
\item sends $\commitment_0$ and $h_0$ to $\Exchange$
|
||||||
\end{enumerate}
|
\end{enumerate}
|
||||||
\item[$\Exchange$:]
|
\item[$\Exchange$:]
|
||||||
\begin{enumerate}
|
\begin{enumerate}
|
||||||
|
\scriptsize
|
||||||
|
|
||||||
\item[4.] saves $\commitment_0$ and $h_0$ and sends $\Child$ random $\gamma \in \{1,\dots,\kappa\}$
|
\item[4.] saves $\commitment_0$ and $h_0$ and sends $\Child$ random $\gamma \in \{1,\dots,\kappa\}$
|
||||||
\end{enumerate}
|
\end{enumerate}
|
||||||
\item[$\Child$:]
|
\item[$\Child$:]
|
||||||
\begin{enumerate}
|
\begin{enumerate}
|
||||||
|
\scriptsize
|
||||||
\item[5.] reveals $h_\gamma:=H(\commitment_\gamma, \beta_\gamma)$ and all $(\commitment_i, \beta_i)$, except $(\commitment_\gamma, \beta_\gamma)$
|
\item[5.] reveals $h_\gamma:=H(\commitment_\gamma, \beta_\gamma)$ and all $(\commitment_i, \beta_i)$, except $(\commitment_\gamma, \beta_\gamma)$
|
||||||
\end{enumerate}
|
\end{enumerate}
|
||||||
\item[$\Exchange$:]
|
\item[$\Exchange$:]
|
||||||
\begin{enumerate}
|
\begin{enumerate}
|
||||||
|
\scriptsize
|
||||||
\item[6.] compares $h_0$ and
|
\item[6.] compares $h_0$ and
|
||||||
$H\left(H(\commitment_1, \beta_1)\parallel ...\parallel h_\gamma\parallel ...\parallel H(\commitment_\kappa, \beta_\kappa)\right)$
|
$H\left(H(\commitment_1, \beta_1)\parallel ...\parallel h_\gamma\parallel ...\parallel H(\commitment_\kappa, \beta_\kappa)\right)$
|
||||||
\item[7.] evaluates $\Compare(\commitment_0, \commitment_i, \beta_i)$ for all $i \neq \gamma$.
|
\item[7.] evaluates $\Compare(\commitment_0, \commitment_i, \beta_i)$ for all $i \neq \gamma$.
|
||||||
\end{enumerate}
|
\end{enumerate}
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\pause
|
\pause
|
||||||
|
\scriptsize
|
||||||
|
|
||||||
If all steps succeed, $\commitment_\gamma$ is the new commitment.
|
If all steps succeed, $\commitment_\gamma$ is the new commitment.
|
||||||
}
|
}
|
||||||
|
\end{columns}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}{Achieving Unlinkability}%{Certainty trade-off}
|
\begin{frame}{Achieving Unlinkability}%{Certainty trade-off}
|
||||||
@ -677,10 +734,15 @@ Searching for functions \uncover<2->{with the following signatures}
|
|||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}{Definition of Commit with ECDSA}%{Definition of Commit}
|
\begin{frame}{Definition of Commit with ECDSA}%{Definition of Commit}
|
||||||
|
\begin{columns}
|
||||||
|
\column{0.2\textwidth}
|
||||||
|
\includegraphics[width=1.1\textwidth]{images/commit.pdf}
|
||||||
|
\column{0.8\textwidth}
|
||||||
\begin{description}
|
\begin{description}
|
||||||
|
\small
|
||||||
\item[To \blue{Commit} to age group $\age \in \{1,\dots,\Age\}$]~\\
|
\item[To \blue{Commit} to age group $\age \in \{1,\dots,\Age\}$]~\\
|
||||||
\begin{enumerate}[<+->]
|
\begin{enumerate}[<+->]
|
||||||
|
\small
|
||||||
\item Guardian generates ECDSA-keypairs, one per age group:
|
\item Guardian generates ECDSA-keypairs, one per age group:
|
||||||
\[\langle(q_1, p_1),\dots,(q_\Age,p_\Age)\rangle\]
|
\[\langle(q_1, p_1),\dots,(q_\Age,p_\Age)\rangle\]
|
||||||
\item Guardian then \textbf{drops} all private keys
|
\item Guardian then \textbf{drops} all private keys
|
||||||
@ -699,15 +761,23 @@ Searching for functions \uncover<2->{with the following signatures}
|
|||||||
\vfill
|
\vfill
|
||||||
\end{enumerate}
|
\end{enumerate}
|
||||||
\end{description}
|
\end{description}
|
||||||
|
\end{columns}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}{Attest and Verify with ECDSA}
|
\begin{frame}{Attest and Verify with ECDSA}
|
||||||
|
\begin{columns}
|
||||||
|
\column{0.2\textwidth}
|
||||||
|
\includegraphics[width=1.1\textwidth]{images/attest-verify.pdf}
|
||||||
|
\column{0.8\textwidth}
|
||||||
|
\small
|
||||||
Child has
|
Child has
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
|
\small
|
||||||
\item ordered public-keys $\Vcommitment = (q_1, \dots~\dots~\dots, q_\Age) $,
|
\item ordered public-keys $\Vcommitment = (q_1, \dots~\dots~\dots, q_\Age) $,
|
||||||
\item (some) private-keys $\Vpruf = (p_1, \dots, p_\age, \Nil, \dots, \Nil)$.
|
\item (some) private-keys $\Vpruf = (p_1, \dots, p_\age, \Nil, \dots, \Nil)$.
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\begin{description}
|
\begin{description}
|
||||||
|
\small
|
||||||
\item<2->[To \blue{Attest} a minimum age (group) $\blue{\minage} \leq \age$:]~\\
|
\item<2->[To \blue{Attest} a minimum age (group) $\blue{\minage} \leq \age$:]~\\
|
||||||
Sign a message with ECDSA using private key
|
Sign a message with ECDSA using private key
|
||||||
$p_\blue{\minage}$. The signature $\sigma_\blue{\minage}$ is the
|
$p_\blue{\minage}$. The signature $\sigma_\blue{\minage}$ is the
|
||||||
@ -717,17 +787,21 @@ Searching for functions \uncover<2->{with the following signatures}
|
|||||||
\vfill
|
\vfill
|
||||||
|
|
||||||
\uncover<3->{
|
\uncover<3->{
|
||||||
|
\small
|
||||||
Merchant gets
|
Merchant gets
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
|
\small
|
||||||
\item ordered public-keys $\Vcommitment = (q_1, \dots, q_\Age) $
|
\item ordered public-keys $\Vcommitment = (q_1, \dots, q_\Age) $
|
||||||
\item Signature $\sigma_\blue{\minage}$
|
\item Signature $\sigma_\blue{\minage}$
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\begin{description}
|
\begin{description}
|
||||||
|
\small
|
||||||
\item<4->[To \blue{Verify} a minimum age (group) \blue{$\minage$}:]~\\
|
\item<4->[To \blue{Verify} a minimum age (group) \blue{$\minage$}:]~\\
|
||||||
Verify the ECDSA-Signature $\sigma_\blue{\minage}$ with public key $q_\blue{\minage}$.
|
Verify the ECDSA-Signature $\sigma_\blue{\minage}$ with public key $q_\blue{\minage}$.
|
||||||
\end{description}
|
\end{description}
|
||||||
}
|
}
|
||||||
\vfill
|
\vfill
|
||||||
|
\end{columns}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}{Derive and Compare with ECDSA}
|
\begin{frame}{Derive and Compare with ECDSA}
|
||||||
@ -951,57 +1025,65 @@ Searching for functions \uncover<2->{with the following signatures}
|
|||||||
\centering \includegraphics[height=0.9\textheight]{images/wallet-age.png}
|
\centering \includegraphics[height=0.9\textheight]{images/wallet-age.png}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
\include{gnu}
|
% \include{gnu}
|
||||||
|
%
|
||||||
\begin{frame}{Interested in GNU Taler?}
|
% \begin{frame}{Interested in GNU Taler?}
|
||||||
We are looking for developers, testers, users!
|
% We are looking for developers, testers, users!
|
||||||
|
%
|
||||||
\begin{description}
|
% \begin{description}
|
||||||
\item[Intro:] \url{https://taler.net}
|
% \item[Intro:] \url{https://taler.net}
|
||||||
\item[Learn:] \url{https://docs.taler.net}
|
% \item[Learn:] \url{https://docs.taler.net}
|
||||||
\item[Develop:] \url{https://git.taler.net}, \url{https://bugs.taler.net}
|
% \item[Develop:] \url{https://git.taler.net}, \url{https://bugs.taler.net}
|
||||||
\end{description}
|
% \end{description}
|
||||||
\end{frame}
|
% \end{frame}
|
||||||
|
|
||||||
\section{Discussion \& Conclusion}
|
\section{Discussion \& Conclusion}
|
||||||
|
|
||||||
\begin{frame}{Discussion}
|
\begin{frame}{Discussion}
|
||||||
|
Technical Aspects and Challenges
|
||||||
\begin{itemize}[<+->]
|
\begin{itemize}[<+->]
|
||||||
\item Our solution can in principle be used with any token-based payment scheme
|
\item Our solution can in principle be used with any token-based payment scheme
|
||||||
\item[] However, GNU Taler best aligned with our design goals
|
\item[] However, GNU Taler best aligned with our design goals
|
||||||
(security, privacy and efficiency).
|
(security, privacy and efficiency).
|
||||||
|
|
||||||
\item Subsidiarity requires bank accounts being owned by adults.
|
\item Subsidiarity requires bank accounts being owned by adults.
|
||||||
\item[] However, scheme can be adapted to cases of
|
\item[] However, scheme can be adapted
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item minors have bank accounts
|
\item Know-Your-Customer (KYC) provides age information
|
||||||
\item peer-to-peer payments
|
\item Parents can set age on a long-term wallet of a child
|
||||||
\item[] Hint: Know-Your-Customer (KYC) and adapted
|
\item cut\&choose protocol \texttt{age-withdraw} implemented
|
||||||
withdraw protocol.
|
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\item Our scheme offers an alternative to identity management systems (IMS)
|
|
||||||
\end{itemize}
|
\end{itemize}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
|
||||||
% \begin{frame}{Related Work}
|
\begin{frame}{Discussion}
|
||||||
% \begin{itemize}
|
Legal aspects and applicability
|
||||||
% \item Current privacy-perserving systems all based on
|
\begin{itemize}[<+->]
|
||||||
% attribute-based credentials (Koning et al.,
|
\item The scheme only makes sense when cheating can be discouraged, f.e. economically
|
||||||
% Schanzenbach et al., Camenisch et al., Au et al.)
|
\item There will be limits where the scheme is considered acceptable.
|
||||||
%
|
\item Our scheme offers an alternative to identity management systems (IMS), where applicable
|
||||||
% \item Attribute-based approach lacks support:
|
\end{itemize}
|
||||||
% \begin{itemize}
|
\end{frame}
|
||||||
% \item Complex for consumers and retailers
|
|
||||||
% \item Requires trusted third authority
|
\begin{frame}{Related Work}
|
||||||
% \end{itemize}
|
\begin{itemize}
|
||||||
% \vfill
|
\item Current privacy-perserving systems all based on
|
||||||
% \item Other approaches tie age-restriction to ability to pay ("debit cards for kids")
|
attribute-based credentials (Koning et al.,
|
||||||
% \begin{itemize}
|
Schanzenbach et al., Camenisch et al., Au et al.)
|
||||||
% \item Advantage: mandatory to payment process
|
|
||||||
% \item Not privacy friendly
|
\item Attribute-based approach lacks support:
|
||||||
% \end{itemize}
|
\begin{itemize}
|
||||||
% \end{itemize}
|
\item Complex for consumers and retailers
|
||||||
% \end{frame}
|
\item Requires trusted third authority
|
||||||
|
\end{itemize}
|
||||||
|
\vfill
|
||||||
|
\item Other approaches tie age-restriction to ability to pay ("debit cards for kids")
|
||||||
|
\begin{itemize}
|
||||||
|
\item Advantage: mandatory to payment process
|
||||||
|
\item Not privacy friendly
|
||||||
|
\end{itemize}
|
||||||
|
\end{itemize}
|
||||||
|
\end{frame}
|
||||||
|
|
||||||
\begin{frame}{Conclusion}
|
\begin{frame}{Conclusion}
|
||||||
Age restriction is a technical, ethical and legal challenge.
|
Age restriction is a technical, ethical and legal challenge.
|
||||||
@ -1015,7 +1097,7 @@ Searching for functions \uncover<2->{with the following signatures}
|
|||||||
\vfill
|
\vfill
|
||||||
|
|
||||||
\pause
|
\pause
|
||||||
Our scheme offers a solution that
|
Our scheme offers an option that
|
||||||
\begin{itemize}
|
\begin{itemize}
|
||||||
\item aligns with subsidiarity
|
\item aligns with subsidiarity
|
||||||
\item preserves privacy
|
\item preserves privacy
|
||||||
@ -1026,7 +1108,7 @@ Searching for functions \uncover<2->{with the following signatures}
|
|||||||
|
|
||||||
|
|
||||||
\begin{frame}{}
|
\begin{frame}{}
|
||||||
\large
|
% \large
|
||||||
\begin{center}
|
\begin{center}
|
||||||
{\Huge \textbf{Thank you!}}\\
|
{\Huge \textbf{Thank you!}}\\
|
||||||
Questions?
|
Questions?
|
||||||
@ -1038,9 +1120,11 @@ Searching for functions \uncover<2->{with the following signatures}
|
|||||||
\vfill
|
\vfill
|
||||||
{Interested in GNU Taler?}
|
{Interested in GNU Taler?}
|
||||||
\begin{description}
|
\begin{description}
|
||||||
\item[Intro:] \url{https://taler.net}
|
\item[Intro:] \url{https://taler.net},
|
||||||
\item[Learn:] \url{https://docs.taler.net}
|
\item[Learn:] \url{https://docs.taler.net}
|
||||||
\item[Develop:] \url{https://git.taler.net}, \url{https://bugs.taler.net}
|
\item[Develop:] \url{https://git.taler.net}, \url{https://bugs.taler.net}
|
||||||
|
\item[Connect:] \url{https://ich.taler.net}
|
||||||
|
\item[NGI Taler:] \url{https://ngi.taler.net}
|
||||||
\end{description}
|
\end{description}
|
||||||
\end{center}
|
\end{center}
|
||||||
\end{frame}
|
\end{frame}
|
||||||
|
BIN
eipsi2024/images/attest.jpg
Normal file
After Width: | Height: | Size: 13 KiB |
BIN
eipsi2024/images/attest.png
Normal file
After Width: | Height: | Size: 19 KiB |
4
eipsi2024/images/attest.svg
Normal file
After Width: | Height: | Size: 93 KiB |
BIN
eipsi2024/images/commit.jpg
Normal file
After Width: | Height: | Size: 16 KiB |
BIN
eipsi2024/images/commit.png
Normal file
After Width: | Height: | Size: 21 KiB |
4
eipsi2024/images/commit.svg
Normal file
After Width: | Height: | Size: 116 KiB |
BIN
eipsi2024/images/commit.vsdx
Normal file
BIN
eipsi2024/images/derive-compare.png
Normal file
After Width: | Height: | Size: 40 KiB |
BIN
eipsi2024/images/ngi-taler.jpg
Normal file
After Width: | Height: | Size: 17 KiB |
BIN
eipsi2024/images/ngi-taler.png
Normal file
After Width: | Height: | Size: 19 KiB |