\documentclass{beamer} \usepackage{tikz} \usepackage{ragged2e} \apptocmd{\frame}{}{\justifying}{} \usetikzlibrary{positioning,fit} \title{Depolymerization} \subtitle{Integrating GNU Taler with blockchain-based cryptocurrencies} \author{Antoine d'Aligny} \institute{Bern University of Applied Sciences} \date{\today} \titlegraphic{\includegraphics[width=2.5cm]{media/taler.png}} \begin{document} \begin{frame} \titlepage \end{frame} \begin{frame}{Blockchain based cryptocurrencies} \begin{tikzpicture}[remember picture,overlay] \node (N1)[above right=5mm and 25mm of current page.center] {\includegraphics[width=34mm]{media/news1.png}}; \node (N0)[below=-3mm of N1] {\includegraphics[width=34mm]{media/news0.png}}; \node (N2)[below left=-26mm and -2.5mm of N1] {\includegraphics[width=34mm]{media/news2.png}}; \end{tikzpicture} \begin{block}{Biggest cryptocurrencies} \begin{itemize} \item \textbf{BTC} Bitcoin \item \textbf{ETH} Ethereum \end{itemize} \end{block} \begin{block}{Common blockchain limitations} \begin{itemize} \item \textbf{Delay} block and confirmation delay \item \textbf{Cost} transaction fees \item \textbf{Scalability} limited amount of transaction per second \item \textbf{Ecological impact} computation redundancy \item \textbf{Privacy} \item \textbf{Regulatory risk} \end{itemize} \end{block} \end{frame} \begin{frame}{Taler}{Architecture} \begin{columns} \column{0.5\paperwidth} \begin{tikzpicture}[ rect/.style={circle, draw=black}, sym/.style={-stealth, shorten >= 2pt, shorten <= 2pt} ] % Taler payment system \node[rect](1) {Exchange}; \node[rect,below left=1.5cm and 0.7cm of 1](2) {Customer}; \node[rect,below right=1.5cm and 0.7cm of 1](3) {Merchant}; \draw[sym] (1) -- node [midway, above, sloped] {\tiny Withdraw coins} (2); \draw[sym] (2) -- node [midway, above, sloped] {\tiny Spend coins} (3); \draw[sym] (3) -- node [midway, above, sloped] {\tiny Deposit coins} (1); % Settlement layer \node[left=2cm of 1](E1){}; \node[right=2cm of 1](E2){}; \draw[sym] (E1) -- node [midway, above] {\tiny Deposit money} (1); \draw[sym] (1) -- node [midway, above] {\tiny Withdraw money} (E2); % Auditor \node[above= of 1](A){Auditor}; \draw[sym] (A) -- node [midway, right] {\tiny Verify} (1); % Separator \node[below=1mm of E1] (S1S) {}; \node[below=1mm of E2] (S1E) {}; \node[above=6mm of E1] (S2S) {}; \node[above=6mm of E2] (S2E) {}; \draw[dotted] (S1S) -- (S1E); \draw[dotted] (S2S) -- (S2E); \node[below right=-2mm and -1.5mm of S2S] {\tiny{\emph{Settlement Layer}}}; \node[below right=-2mm and -1.5mm of S1S] {\tiny{\emph{Taler payment system}}}; \end{tikzpicture} \column{0.47\paperwidth} \begin{block}{Settlement layer} \begin{itemize} \item This work, Blockchain! \end{itemize} \end{block} \begin{block}{Taler payment system} \begin{itemize} \item Realtime transactions, 1 RTT \item Scalable microtransactions \item Blind signatures (privacy) \end{itemize} \end{block} \end{columns} \end{frame} \begin{frame}{Taler}{Blockchain settlement layer} \begin{center} \begin{tikzpicture}[ rect/.style={rectangle, draw=black, minimum width=30mm}, sym/.style={stealth-stealth, shorten >= 2pt, shorten <= 2pt}, block/.style={rectangle,draw=black,fill=black!10,minimum size=7mm}, ] %% Architecture \node(Tt){Taler}; \node[rect,below=0cm of Tt](Tc){Exchange}; \node[rect,fit={(Tt) (Tc)}](T){}; \node[rect,below=7mm of Tc](D) {\textbf{Depolymerization}}; \node[rect,below=7mm of D](Bc){Node}; \node[below=0cm of Bc](Bt){Blockchain}; \node[rect,fit={(Bt) (Bc)}](B){}; \draw[sym] (T) -- (D); \draw[sym] (D) -- (B); %% Blockchain \node[block,right=8mm of B] (1){}; \node[block,right=4mm of 1] (2){}; \node[block,right=4mm of 2] (3){}; \node[block,right=4mm of 3] (4){}; \node[block,right=4mm of 4] (5){}; \node[block,right=4mm of 5] (6){}; \draw[-stealth] (1) -- (2); \draw[-stealth] (2) -- (3); \draw[-stealth] (3) -- (4); \draw[-stealth] (4) -- (5); \draw[-stealth] (5) -- (6); \node[left=4mm of 1] (S){}; \node[right=4mm of 6] (E){}; \draw[-stealth] (S) -- (1); \draw[-stealth] (6) -- (E); %% Taler \node[block, below right=-7.5mm and 20.5mm of T] (off){Off-chain transactions}; \node[above=-0.5mm of off] {\includegraphics[height=7mm]{media/taler.png}}; %% Depolymerization \node[right=11mm of D] {\small{Credit}}; \node[right=50mm of D] {\small{Debit}}; \draw[dashed,-stealth] (1.north) |- (off.west); \draw[dashed,-stealth] (off.east) -| (6.north); \end{tikzpicture} \end{center} \end{frame} \begin{frame}{Challenges} \begin{block}{Taler Metadata} \begin{itemize} \item Metadata are required to link a wallet to credits and allow merchant to link deposits to debits \item Putting metadata in blockchain transactions can be tricky \end{itemize} \end{block} \begin{block}{Blockchain based cryptocurrencies} \begin{itemize} \item Blockchain transactions lack finality (fork) \item Transactions can be stuck for a long time (mempool) \end{itemize} \end{block} \end{frame} \begin{frame}{Blockchain challenges}{Chain reorganization} \begin{center} \begin{tikzpicture}[ block/.style={rectangle,draw=black,fill=black!10,minimum size=7mm}, ar/.style={-stealth} ] % Common \node[block](1){}; \node[block,right=5mm of 1](2){$D_0$}; \node[block,right=5mm of 2](3){}; \draw[ar] (1) -- (2); \draw[ar] (2) -- (3); % Current \node [block,right=5mm of 3](4){}; \node[block,right=5mm of 4](5){}; \node[block,right=5mm of 5](6){$D_1$}; \draw[ar] (3) -- (4); \draw[ar] (4) -- (5); \draw[ar] (5) -- (6); % Fork \node [block,above=7mm of 4](4p){}; \node[block,right=5mm of 4p](5p){$D_2$}; \node[block,right=5mm of 5p](6p){}; \node[block,right=5mm of 6p](7p){}; \draw[ar] (3.east) -- (4p.west); \draw[ar] (4p) -- (5p); \draw[ar] (5p) -- (6p); \draw[ar] (6p) -- (7p); % Indication \node [right=5mm of 7p]{\emph{fork}}; \node [right=17mm of 6]{\emph{active}}; \end{tikzpicture} \end{center} A fork is when concurrent blockchain states coexist. Nodes will follow the longest chain, replacing recent blocks if necessary during a blockchain reorganization. If a deposit transaction disappears from the blockchain, an irrevocable withdraw transactions would no longer be backed by credit. \end{frame} \begin{frame}{Blockchain challenges}{Stuck transactions} We want confirmed debits within a limited time frame. \begin{figure} \centering \only<1> { \begin{tikzpicture}[ dot/.style={circle,fill,inner sep=1pt,} ] \node (I) {\includegraphics[width=\textwidth]{media/fee.png}}; \node [below left=-2.5mm and -1.5cm of I] (Tx) {\small Tx}; \node [dot,above=8.4mm of Tx](D) {}; \draw [dotted,thick] (Tx) -- (D); \node [left=-4.5cm of Tx] (C) {\small conf}; \node [dot,above=8.4mm of C](D1) {}; \draw [dotted,thick] (C) -- (D1); \end{tikzpicture} } \only<2> { \includegraphics[width=\textwidth]{media/fee_var.png} \caption{Bitcoin average transaction fee over 6 months {\tiny (ychart)}} } \end{figure} \only<1>{When we trigger a debit with a fee too small, it may not be confirmed in a timely fashion.} \only<2>{However, transaction fees are unpredictable.} \end{frame} \begin{frame}{Depolymerization}{Architecture} \begin{center} \begin{tikzpicture}[ rect/.style={rectangle, draw=black, minimum height=6mm, minimum width=28mm}, sym/.style={stealth-stealth, shorten >= 2pt, shorten <= 2pt} ] \node[rect](1) {Taler Exchange}; \node[rect,below=of 1](2) {Wire Gateway}; \node[rect,right=of 2](3) {PostgreSQL}; \node[rect,right=of 3](4) {DLT Adapter}; \node[rect,above=of 4](5) {DLT Full Node}; \draw[sym] (1) -- node [midway,right] {\tiny HTTP} (2); \draw[sym] (2) -- node [midway,above] {\tiny SQL} (3); \draw[sym] (3) -- node [midway,above] {\tiny SQL} (4); \draw[sym] (4) -- node [midway,left ] {\tiny RPC} (5); \node[above= 2mm of 1]{\small{\emph{Wire Gateway API}}}; \node[above= 2mm of 5]{\small{\emph{DLT specific}}}; \node[above=22mm of 3](T) {}; \draw[dotted] (3) -- (T); \end{tikzpicture} \end{center} \begin{itemize} \item Common database to store transactions state and communicate with notifications \item Wire Gateway for Taler API compatibility \item DLT specific adapter \end{itemize} \end{frame} \begin{frame}{Storing metadata}{Bitcoin} \begin{block}{Bitcoin - Credit} \begin{itemize} \item Transactions from code \item Only 32B + URI \item \textbf{OP\_RETURN} \end{itemize} \end{block} \begin{block}{Bitcoin - Debit} \begin{itemize} \item Transactions from common wallet software \item Only 32B \item \textbf{Fake Segwit Addresses} \end{itemize} \end{block} \end{frame} \begin{frame}{Storing metadata}{Ethereum} \begin{block}{Smart contract ?} \begin{itemize} \item Logs in smart contract is the recommend way {\tiny (ethereum.org)} \item Expensive (additional storage and execution fees) \item Avoidable attack surface (error prone) \end{itemize} \end{block} \begin{block}{Custom input format} Use input data in transactions, usually used to call smart contract, to store our metadata. \end{block} \end{frame} \begin{frame}{Handling blockchain reorganization} \begin{center} \begin{tikzpicture}[ block/.style={rectangle,draw=black,fill=black!10,minimum size=7mm}, conf/.style={draw=black!60!green,fill=black!60!green!10}, nconf/.style={dotted}, err/.style={draw=black!60!red,fill=black!60!red!10}, ar/.style={-stealth} ] % Common \node[block,conf](1){}; \node[block,conf,right=5mm of 1](2){$D_0$}; \node[block,conf,right=5mm of 2](3){}; \draw[ar] (1) -- (2); \draw[ar] (2) -- (3); % Current \only<1>{ \node [block,nconf,right=5mm of 3](4){}; } \only<2->{ \node [block,conf,right=5mm of 3](4){\only<3>{$D_3$}}; } \node[block,nconf,right=5mm of 4](5){}; \node[block,nconf,right=5mm of 5](6){$D_1$}; \draw[ar] (3) -- (4); \draw[ar] (4) -- (5); \draw[ar] (5) -- (6); % Fork \only<-2>{ \node [block,nconf,above=7mm of 4](4p){}; } \only<3>{ \node [block,dashed,err,above=7mm of 4](4p){$D_3'$}; } \node[block,nconf,right=5mm of 4p](5p){$D_2$}; \node[block,nconf,right=5mm of 5p](6p){}; \node[block,nconf,right=5mm of 6p](7p){}; \draw[ar] (3.east) -- (4p.west); \draw[ar] (4p) -- (5p); \draw[ar] (5p) -- (6p); \draw[ar] (6p) -- (7p); % Indication \node [right=5mm of 7p]{\emph{fork}}; \node [right=17mm of 6]{\emph{active}}; \end{tikzpicture} \end{center} \only<1>{As small reorganizations are common, Satoshi already recommended to apply a confirmation delay to handle most disturbances and attacks.} \only<2>{If a reorganization longer than the confirmation delay happens, but it did not remove credits, Depolymerizer is safe and automatically resumes.} \only<3>{If a fork removed a confirmed debit, an attacker may create a conflicting transaction. Depolymerizer suspends operation until lost credits reappear.} \end{frame} \begin{frame}{Adaptive confirmation} \begin{center} \begin{tikzpicture}[ block/.style={rectangle,draw=black,fill=black!10,minimum size=7mm}, conf/.style={draw=black!60!green,fill=black!60!green!10}, nconf/.style={dotted}, conft/.style={text=black!60!green}, confl/.style={draw=black!60!green}, ar/.style={-stealth} ] % Common \node(0){}; \node[block,conf,right=5mm of 0](1){}; \node[block,conf,right=5mm of 1](2){}; \draw[ar] (0) -- (1); \draw[ar] (1) -- (2); % Current \node[block,conf,right=5mm of 2](3){}; \node[block,nconf,right=5mm of 3](4){}; \node[block,nconf,right=5mm of 4](5){}; \node[block,nconf,right=5mm of 5](6){}; \draw[ar] (2) -- (3); \draw[ar] (3) -- (4); \draw[ar] (4) -- (5); \draw[ar] (5) -- (6); % Fork \node[block,nconf,above=7mm of 3](3p){}; \node[block,nconf,right=5mm of 3p](4p){}; \node[block,nconf,right=5mm of 4p](5p){}; \node[block,nconf,right=5mm of 5p](6p){}; \node[block,nconf,right=5mm of 6p](7p){}; \draw[ar] (2.east) -- (3p.west); \draw[ar] (3p) -- (4p); \draw[ar] (4p) -- (5p); \draw[ar] (5p) -- (6p); \draw[ar] (6p) -- (7p); % Indication \node[right=5mm of 7p]{\emph{fork}}; \node[right=17mm of 6]{\emph{active}}; % Confirmation \path (0) -- (1) node[conft,midway, below=6mm] (M) {Max}; \path (2) -- (3) node[conft,midway, below=6mm] (N) {New}; \path (3) -- (4) node[conft,midway, below=6mm] (I) {Initial}; \node[above=25mm of M] (Mp) {}; \node[above=25mm of N] (Np) {}; \node[above=25mm of I] (Ip) {}; \draw[confl,thick,dotted](M) -- (Mp); \draw[confl](N) -- (Np); \draw[confl,thick,dotted](I) -- (Ip); \end{tikzpicture} \end{center} If we experience a reorganization once, its dangerously likely for another one of a similar scope to happen again. Depolymerizer learns from reorganizations by increasing its confirmation delay. \end{frame} \begin{frame}{DLT Adapter}{Architecture} \begin{block}{Event system} \begin{itemize} \item \textbf{Watcher} watch and notify for new blocks with credits \item \textbf{Wire Gateway} notify requested debits \item \textbf{Worker} operates on notifications updating state \end{itemize} \end{block} \end{frame} \begin{frame}{DLT Adapter state machine} \begin{columns} \column{0.5\paperwidth} \begin{figure} \begin{tikzpicture}[ rect/.style={rectangle, draw=black, minimum height=6mm, minimum width=50mm}, ] \node[rect](wo1) {Wait for notifications}; \node[rect, below=4mm of wo1](wo2) {Reconcile local DB with DLT}; \node[rect, below=4mm of wo2](wo3) {Trigger debits}; \node[rect, below=4mm of wo3](wo4) {Reissue stuck debits}; \node[rect, below=4mm of wo4](wo5) {Bounce malformed credits}; \draw[-stealth] (wo1) -- (wo2); \draw[-stealth] (wo2) -- (wo3); \draw[-stealth] (wo3) -- (wo4); \draw[-stealth] (wo4) -- (wo5); \draw[-stealth] (wo5) .. controls ([xshift=-0.4cm] wo5.west) and ([xshift=-0.4cm] wo1.west) .. (wo1); \end{tikzpicture} \caption{Worker loop} \end{figure} \column{0.47\paperwidth} \begin{block}{DLT reconcialisation} \begin{itemize} \item List new and removed transactions since last reconciliation \item Check for confirmed credits removal \item Register new credits \item Recover lost debits \end{itemize} \end{block} \end{columns} \end{frame} \begin{frame}{Related work} \begin{block}{Centralization - Coinbase off-chain sending} \begin{itemize} \item [$+$] Fast and cheap: off chain transaction \item [$-$] Trust in Coinbase: privacy, security \& transparency \end{itemize} \end{block} \begin{block}{Layering - Lightning Network} \begin{itemize} \item [$+$] Fast and cheap: off-chain transactions \item [$-$] Requires setting up bidirectional payment channels \item [$-$] Fraud attempts are mitigated via a complex penalty system \end{itemize} \end{block} \end{frame} \begin{frame}{Conclusion} Blockchains can be used as a settlement layer for GNU Taler with Depolymerizer. \begin{itemize} \item [$-$] Trust exchange operator or auditors \item [$+$] Fast and cheap \item [$+$] Realtime, ms latency \item [$+$] Linear scalability \item [$+$] Ecological \item [$+$] Privacy when it can, transparency when it must (avoid tax evasion and money laundering) \end{itemize} \end{frame} \begin{frame}{Future work} \begin{itemize} \item Universal auditability, using sharded transactions history \item Smarter analysis, update confirmation delay based on currency network behavior \item Multisig by multiple operator for transactions validation \end{itemize} \end{frame} \end{document}