Commit Graph

121 Commits

Author SHA1 Message Date
Jeffrey Burdges
4601559917
Footnote but Christian wanted this elsewhere 2017-08-29 14:24:40 +02:00
Jeffrey Burdges
ec3604261d
Actualy this part has nothing to do with BOLT being fragile 2017-08-29 14:19:52 +02:00
Jeffrey Burdges
c3752e8c96
Rephrase BOLT fix 2017-08-29 13:44:31 +02:00
Jeffrey Burdges
33edef30ac
Errata: Statement about BOLT corrected
Discussion :

Christian & Florian,

This is about the UI paper in SPACE, not the protocol paper with real
crypto discussions.  And the text in question never existed in the
protocol paper.

Ian,

I'm the member of our team who looked into BOLT the most, mostly looking
to see if any of the ideas helped us.  I might manage to reconstruct
more details later, but right now my description there sounds bizarre
and wrong.

In Taler, our denomination key expirations limit the exchange's
liability to double its deposits, even in the case that its private keys
are all compromised and used to create unbacked coins.  In practice,
offline ecash schemes lack this limit due to their decreased ability to
rotate denomination keys.

I do not see why I wrote that BOLT lacked this property:  If I recall,
both BOLT payment channel types are created with fixed initial value
commitments.  In particular, intermediaries have already committed the
maximum funds they could transfer to each merchant.

That would prevent unbacked transfers in the payment channel, and thus
limit liability, even when the intermediary gets compromised.  There is
an anonymity cost if BOLT's approach limits the number of users in
payment channels with each intermediary of course.

I do not know if a compromised BOLT intermediary could complete payments
to merchants while refunding customers, but even if so that's still not
the sort of "unlimited" liability you get in offline ecash schemes.
It's just the sort of 2x limit on liability that Taler provides.

In BOLT, the x would be value committed to outgoing channels, while in
Taler x is value deposited by customers, so I suppose the intermediary
could technically be robbed of their money without seeing any incoming
money.  That's not "unlimited" though.  It's limited by the
intermediary's commitments to the network.

I doubt I even thought about it this deeply though when I wrote that.  I
think once-upon-a-time I wanted to express some vague concern around
intermediaries and anonymity sets in BOLT, but never thought about it
clearly, and later managed to confuse myself with conventional ecash
issues when discussing related work with Christian while we were writing
this usability paper.

Sorry for writing what appears to be nonsense!
Jeff

On Mon, 2017-08-28 at 21:10 +0200, Christian Grothoff wrote:
>
> -------- Forwarded Message --------
> Subject:      bolt attack?
> Date:         Mon, 28 Aug 2017 18:49:43 +0000
> From:         Ian Miers <imiers@cs.jhu.edu>
> To:   christian@grothoff.org <christian@grothoff.org>
>
>
>
> Hi,
> Someone pointed me at a copy of your  Taler paper from 2016 and pointed
> out  that  it  describes Bolt  saying there  "are numerous seemingly
> fragile aspects of the BOLT protocol, including aborts deanonymizing
> customers, *intermediaries risking unlimited losses,* and theft if a
> party fails to post a refute message in a timely fashion."
>
> The unlimited loss to intermediaries  comment  surprised both them and
> me.  Are you referring to some specific attack or an issue involving
> timeouts and  delays?
>
> Thanks,
> Ian
2017-08-29 13:41:16 +02:00
Jeff Burdges
9b471718e3 Minor tweaks to ui paper 2016-10-01 10:56:55 -04:00
Christian Grothoff
d705309199 remove generated file 2016-09-22 15:09:33 +02:00
Christian Grothoff
4974dd19c0 Merge branch 'master' of git+ssh://taler.net/var/git/wallet-webex 2016-09-22 15:09:18 +02:00
Christian Grothoff
903bb780de cameraready edition 2016-09-22 15:09:09 +02:00
Florian Dold
ebbdadb4b6 sort out libs / fix warnings 2016-09-14 15:55:10 +02:00
Christian Grothoff
dd2bd32491 define 3ds 2016-08-30 09:50:37 +02:00
Christian Grothoff
f88abffb28 krista pass 2016-08-30 09:46:37 +02:00
Jeff Burdges
5e595863bd Merge branch 'master' of git.taler.net:/var/git/wallet-webex 2016-08-26 17:48:08 +02:00
Jeff Burdges
f565c522f9 Makefile for PlantUML 2016-08-26 17:47:41 +02:00
Florian Dold
9d8ee17191 plantuml / autonumber 2016-08-26 16:25:33 +02:00
Florian Dold
8258db6b55 url syntax 2016-08-26 16:17:56 +02:00
Christian Grothoff
019e10d51e Merge branch 'master' of git+ssh://taler.net/var/git/wallet-webex 2016-08-26 16:17:12 +02:00
Christian Grothoff
2f4aaca850 compress 2016-08-26 16:17:11 +02:00
Florian Dold
64373e23ad put an actual fulfillment URL in the contract 2016-08-26 16:16:52 +02:00
Christian Grothoff
4370bcc9ae merge 2016-08-26 16:11:17 +02:00
Christian Grothoff
a40d42d618 cut 2016-08-26 16:10:48 +02:00
Florian Dold
9cbe7a498d js payment execution 2016-08-26 16:10:28 +02:00
Christian Grothoff
36eaca40d6 Merge branch 'master' of git+ssh://taler.net/var/git/wallet-webex 2016-08-26 16:04:16 +02:00
Christian Grothoff
7d31c03da1 reorder figs 2016-08-26 16:04:12 +02:00
Jeff Burdges
a3d68aa969 Rebuild PlantUML 2016-08-26 15:55:04 +02:00
Florian Dold
5e2acdcede fix URL again 2016-08-26 15:51:50 +02:00
Florian Dold
16969c4eab match contract examples 2016-08-26 15:51:50 +02:00
Christian Grothoff
acfc24ff3c do not be so POST-specific 2016-08-26 15:50:17 +02:00
Christian Grothoff
f85f75b7db fix pay process 2016-08-26 15:41:06 +02:00
Christian Grothoff
e245e9dff7 Merge branch 'master' of git+ssh://taler.net/var/git/wallet-webex 2016-08-26 15:32:29 +02:00
Christian Grothoff
f0b08e6b4c major edits of pay process 2016-08-26 15:32:27 +02:00
Florian Dold
654758eb20 match offer URL with contract example 2016-08-26 15:24:28 +02:00
Florian Dold
32052786e5 include pay url in example 2016-08-26 15:22:42 +02:00
Florian Dold
1a6f39f407 clarify payment replay 2016-08-26 02:48:47 +02:00
Florian Dold
be9b3b11de Clarifications 2016-08-26 02:32:54 +02:00
Christian Grothoff
03e4d95f24 more edits 2016-08-25 17:53:55 +02:00
Christian Grothoff
b4f3dbc568 minor edits 2016-08-25 17:37:49 +02:00
Christian Grothoff
481f9ff554 Merge branch 'master' of git+ssh://taler.net/var/git/wallet-webex 2016-08-25 17:12:23 +02:00
Christian Grothoff
67705c4165 more minor edits 2016-08-25 17:12:22 +02:00
Jeff Burdges
fcb554668f Merge branch 'master' of git.taler.net:/var/git/wallet-webex 2016-08-25 17:09:21 +02:00
Jeff Burdges
af7fab2a43 Two references 2016-08-25 17:09:02 +02:00
Christian Grothoff
240f5085bb updates sec 1-3 2016-08-25 16:56:31 +02:00
Jeff Burdges
334561a07d Merge branch 'master' of git.taler.net:/var/git/wallet-webex 2016-08-25 11:27:01 +02:00
Jeff Burdges
d9fa78efe2 Fig 7 2016-08-25 04:21:24 +02:00
Christian Grothoff
35c42e1f4a fix bib 2016-08-24 19:13:55 +02:00
Christian Grothoff
d6c8b73df9 misc minor edits 2016-08-24 19:10:46 +02:00
Jeff Burdges
33e7fb56a1 Merge branch 'master' of git.taler.net:/var/git/wallet-webex 2016-08-24 16:41:37 +02:00
Florian Dold
fc4ea95df5 use EUR and not KUDOS in the example 2016-08-24 14:26:30 +02:00
Florian Dold
0faf47cf88 fix duplicate label 2016-08-24 14:25:29 +02:00
Florian Dold
6ffbfff683 no escaping in lstlisting 2016-08-24 14:21:04 +02:00
Florian Dold
9df967c6a0 contract description 2016-08-24 14:20:42 +02:00