workable state for eipsi2024

eipsi2024/eipsi2024.tex

@@ -101,12 +101,11 @@
 		\item<1->[Deliverable]~\\
 			Present a solution to age restriction and its integration in GNU Taler.
 			\vfill
-		\item<2->[Side-Channel]~\\
+		\item<2->[Drive-By]~\\
 			Show concepts from cryptography by example:
 
 			Zero-Knowledge protocol, Security Game and Security Proof
 
-			This will be technical.
 			\vfill
 		\item<3->[Non-goals]~\\
 			\begin{itemize}
@@ -119,13 +118,15 @@
 
 \begin{frame}{Sponsors}
 	\centering\begin{columns}[T]
-		\column{0.5\textwidth}
+		\column{0.6\textwidth}
-		\centering NGI Pointer program of the European Commission\\[2em]
+		\centering NGI Taler and NGI Pointer programs of the European Commission\\[2em]
 
-		\centering\includegraphics[width=0.7\textwidth]{images/ngi-ap3.png}
+		\centering\includegraphics[width=0.9\textwidth]{images/ngi-taler.jpg}
 
-		\column{0.5\textwidth}
+		\centering\includegraphics[width=0.5\textwidth]{images/ngi-ap3.png}
-		\centering Project \textit{Concrete Contracts} in the
+
+		\column{0.4\textwidth}
+		\centering Project\\ \textit{Concrete Contracts} in the
 		\textit{KMU-innovativ} programm\\[2em]
 
 		\centering\includegraphics[width=0.9\textwidth]{images/bmbf-english.jpg}
@@ -297,6 +298,43 @@ with the following properties:
 	\end{columns}
 \end{frame}
 
+\begin{frame}{Helpful figure - Commit}
+
+	\centering\includegraphics[height=0.9\textheight]{images/commit.pdf}
+
+\end{frame}
+
+\begin{frame}{Helpful figure - Attest and Verify}
+
+	\centering\includegraphics[height=0.9\textheight]{images/attest-verify.pdf}
+
+\end{frame}
+
+\begin{frame}{Helpful figure - Derive and Compare}
+
+	\centering\includegraphics[width=\textwidth]{images/derive-compare.pdf}
+
+\end{frame}
+
+\begin{frame}{Helpful figure}
+	\small
+	\begin{columns}[t]
+	\column{0.25\textwidth}
+	Commit:\\[1em]
+
+	\includegraphics[width=\textwidth]{images/commit.pdf}
+
+	\column{0.25\textwidth}
+	Attest and Verify:\\[1em]
+
+	\includegraphics[width=\textwidth]{images/attest-verify.pdf}
+
+	\column{0.5\textwidth}
+	Derive and Compare:\\[1em]
+
+	\includegraphics[width=\textwidth]{images/derive-compare.pdf}
+	\end{columns}
+\end{frame}
 
 \begin{frame}{Specification of the Function Signatures}
 \small
@@ -362,6 +400,7 @@ Searching for functions \uncover<2->{with the following signatures}
 	}
 \end{frame}
 
+
 \begin{frame}{Naïve scheme}
 	\begin{center}
 	\begin{tikzpicture}[scale=.8]
@@ -427,39 +466,57 @@ Searching for functions \uncover<2->{with the following signatures}
 \end{frame}
 
 \begin{frame}{Achieving Unlinkability}
-	Given $\Derive()$ and $\Compare()$, define the Zero-Knowledge-protocol
+	Given $\Derive()$ and $\Compare()$, define the cut-and-choose protocoll
 	\orange{$\DeriveCompare$} as follows (sketch):
 
+	\begin{columns}
+	\column{0.3\textwidth}
+	\pause
+	\includegraphics[width=\textwidth]{images/cut-and-choose.pdf}
+
+	\column{0.7\textwidth}
+	\pause
+
 	\uncover<2->{
-	\small
+
+				\scriptsize
+
 	Let $\kappa \in \N$ (say: $\kappa = 3$)
 	\begin{itemize}[<+->]
 		\item[$\Child$:]
 			\begin{enumerate}
+				\scriptsize
 				\item generates $(\commitment_1,\dots,\commitment_\kappa)$
-					and $(\beta_1,\dots,\beta_\kappa)$ from $\commitment_0$\\
+					and $(\beta_1,\dots,\beta_\kappa)$ from $\commitment_0$
 					by calling $\kappa$ times $\Derive(\commitment_0, \pruf_0, \omega_i)$
 				\item calculates $h_0:=H\left(H(\commitment_1, \beta_1)\parallel \dots\parallel H(\commitment_\kappa, \beta_\kappa)\right)$
 				\item sends $\commitment_0$ and $h_0$ to $\Exchange$
 			\end{enumerate}
 		\item[$\Exchange$:]
 			\begin{enumerate}
+				\scriptsize
+
 				\item[4.] saves $\commitment_0$ and $h_0$ and sends $\Child$ random  $\gamma \in \{1,\dots,\kappa\}$
 			\end{enumerate}
 		\item[$\Child$:]
 			\begin{enumerate}
+				\scriptsize
 				\item[5.] reveals $h_\gamma:=H(\commitment_\gamma, \beta_\gamma)$ and all $(\commitment_i, \beta_i)$, except $(\commitment_\gamma, \beta_\gamma)$
 			\end{enumerate}
 		\item[$\Exchange$:]
 			\begin{enumerate}
-				\item[6.] compares $h_0$ and
+			\scriptsize
+			\item[6.] compares $h_0$ and
 			$H\left(H(\commitment_1, \beta_1)\parallel ...\parallel h_\gamma\parallel ...\parallel H(\commitment_\kappa, \beta_\kappa)\right)$
 				\item[7.] evaluates $\Compare(\commitment_0, \commitment_i, \beta_i)$ for all $i \neq \gamma$.
 			\end{enumerate}
 	\end{itemize}
 	\pause
+	\scriptsize
+
 	If all steps succeed, $\commitment_\gamma$ is the new commitment.
 	}
+	\end{columns}
 \end{frame}
 
 \begin{frame}{Achieving Unlinkability}%{Certainty trade-off}
@@ -677,10 +734,15 @@ Searching for functions \uncover<2->{with the following signatures}
 \end{frame}
 
 \begin{frame}{Definition of Commit with ECDSA}%{Definition of Commit}
-
+	\begin{columns}
+	\column{0.2\textwidth}
+	\includegraphics[width=1.1\textwidth]{images/commit.pdf}
+	\column{0.8\textwidth}
 	\begin{description}
+		\small
 		\item[To \blue{Commit} to age group $\age \in \{1,\dots,\Age\}$]~\\
 		\begin{enumerate}[<+->]
+			\small
 			\item Guardian generates ECDSA-keypairs, one per age group:
 				\[\langle(q_1, p_1),\dots,(q_\Age,p_\Age)\rangle\]
 			\item Guardian then \textbf{drops} all private keys
@@ -699,15 +761,23 @@ Searching for functions \uncover<2->{with the following signatures}
 				\vfill
 		\end{enumerate}
 	\end{description}
+	\end{columns}
 \end{frame}
 
 \begin{frame}{Attest and Verify with ECDSA}
+	\begin{columns}
+	\column{0.2\textwidth}
+	\includegraphics[width=1.1\textwidth]{images/attest-verify.pdf}
+	\column{0.8\textwidth}
+	\small
 	Child has
 	\begin{itemize}
+		\small
 		\item ordered public-keys $\Vcommitment = (q_1, \dots~\dots~\dots, q_\Age) $,
 		\item (some) private-keys $\Vpruf = (p_1, \dots, p_\age, \Nil, \dots, \Nil)$.
 	\end{itemize}
 	\begin{description}
+		\small
 		\item<2->[To \blue{Attest} a minimum age (group) $\blue{\minage} \leq \age$:]~\\
 			Sign a message with ECDSA using private key
 			$p_\blue{\minage}$.  The signature $\sigma_\blue{\minage}$ is the
@@ -717,17 +787,21 @@ Searching for functions \uncover<2->{with the following signatures}
 	\vfill
 
 	\uncover<3->{
+	\small
 	Merchant gets
 	\begin{itemize}
+		\small
 		\item ordered public-keys $\Vcommitment = (q_1, \dots, q_\Age) $
 		\item Signature $\sigma_\blue{\minage}$
 	\end{itemize}
 	\begin{description}
+		\small
 		\item<4->[To \blue{Verify} a minimum age (group) \blue{$\minage$}:]~\\
 			Verify the ECDSA-Signature $\sigma_\blue{\minage}$ with public key $q_\blue{\minage}$.
 	\end{description}
 	}
 	\vfill
+	\end{columns}
 \end{frame}
 
 \begin{frame}{Derive and Compare with ECDSA}
@@ -951,57 +1025,65 @@ Searching for functions \uncover<2->{with the following signatures}
 	\centering \includegraphics[height=0.9\textheight]{images/wallet-age.png}
 \end{frame}
 
-\include{gnu}
+% \include{gnu}
-
+%
-\begin{frame}{Interested in GNU Taler?}
+% \begin{frame}{Interested in GNU Taler?}
-	We are looking for developers, testers, users!
+% 	We are looking for developers, testers, users!
-
+%
-	\begin{description}
+% 	\begin{description}
-		\item[Intro:] \url{https://taler.net}
+% 		\item[Intro:] \url{https://taler.net}
-		\item[Learn:] \url{https://docs.taler.net}
+% 		\item[Learn:] \url{https://docs.taler.net}
-		\item[Develop:] \url{https://git.taler.net}, \url{https://bugs.taler.net}
+% 		\item[Develop:] \url{https://git.taler.net}, \url{https://bugs.taler.net}
-	\end{description}
+% 	\end{description}
-\end{frame}
+% \end{frame}
 
 \section{Discussion \& Conclusion}
 
 \begin{frame}{Discussion}
+	Technical Aspects and Challenges
 	\begin{itemize}[<+->]
 		\item Our solution can in principle be used with any token-based payment scheme
 		\item[] However, GNU Taler best aligned with our design goals
 			(security, privacy and efficiency).
 
 		\item Subsidiarity requires bank accounts being owned by adults.
-		\item[] However, scheme can be adapted to cases of
+		\item[] However, scheme can be adapted
 			\begin{itemize}
-			\item minors have bank accounts
+				\item Know-Your-Customer (KYC) provides age information
-			\item peer-to-peer payments
+				\item Parents can set age on a long-term wallet of a child
-			\item[] Hint: Know-Your-Customer (KYC) and adapted
+				\item cut\&choose protocol \texttt{age-withdraw} implemented
-				withdraw protocol.
 			\end{itemize}
-		\item Our scheme offers an alternative to identity management systems (IMS)
 	\end{itemize}
 \end{frame}
 
-% \begin{frame}{Related Work}
+\begin{frame}{Discussion}
-% 	\begin{itemize}
+	Legal aspects and applicability
-% 		\item Current privacy-perserving systems all based on
+	\begin{itemize}[<+->]
-% 			attribute-based credentials (Koning et al.,
+		\item The scheme only makes sense when cheating can be discouraged, f.e. economically
-% 			Schanzenbach et al., Camenisch et al., Au et al.)
+		\item There will be limits where the scheme is considered acceptable.
-%
+		\item Our scheme offers an alternative to identity management systems (IMS), where applicable
-% 		\item Attribute-based approach lacks support:
+	\end{itemize}
-% 			\begin{itemize}
+\end{frame}
-% 				\item Complex for consumers and retailers
+
-% 				\item Requires trusted third authority
+\begin{frame}{Related Work}
-% 			\end{itemize}
+	\begin{itemize}
-% 		\vfill
+		\item Current privacy-perserving systems all based on
-% 		\item Other approaches tie age-restriction to ability to pay ("debit cards for kids")
+			attribute-based credentials (Koning et al.,
-% 			\begin{itemize}
+			Schanzenbach et al., Camenisch et al., Au et al.)
-% 				\item Advantage: mandatory to payment process
+
-% 				\item Not privacy friendly
+		\item Attribute-based approach lacks support:
-% 			\end{itemize}
+			\begin{itemize}
-% 	\end{itemize}
+				\item Complex for consumers and retailers
-% \end{frame}
+				\item Requires trusted third authority
+			\end{itemize}
+		\vfill
+		\item Other approaches tie age-restriction to ability to pay ("debit cards for kids")
+			\begin{itemize}
+				\item Advantage: mandatory to payment process
+				\item Not privacy friendly
+			\end{itemize}
+	\end{itemize}
+\end{frame}
 
 \begin{frame}{Conclusion}
 	Age restriction is a technical, ethical and legal challenge.
@@ -1015,7 +1097,7 @@ Searching for functions \uncover<2->{with the following signatures}
 	\vfill
 
 	\pause
-	Our scheme offers a solution that
+	Our scheme offers an option that
 	\begin{itemize}
 		\item aligns with subsidiarity
 		\item preserves privacy
@@ -1026,7 +1108,7 @@ Searching for functions \uncover<2->{with the following signatures}
 
 
 \begin{frame}{}
-	\large
+	% \large
 	\begin{center}
 		{\Huge \textbf{Thank you!}}\\
 	Questions?
@@ -1038,9 +1120,11 @@ Searching for functions \uncover<2->{with the following signatures}
 	\vfill
 	{Interested in GNU Taler?}
 	\begin{description}
-		\item[Intro:] \url{https://taler.net}
+		\item[Intro:] \url{https://taler.net},
 		\item[Learn:] \url{https://docs.taler.net}
 		\item[Develop:] \url{https://git.taler.net}, \url{https://bugs.taler.net}
+		\item[Connect:] \url{https://ich.taler.net}
+		\item[NGI Taler:] \url{https://ngi.taler.net}
 	\end{description}
 	\end{center}
 \end{frame}