summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorÖzgür Kesim <oec@codeblau.de>2021-10-12 16:14:45 +0200
committerÖzgür Kesim <oec@codeblau.de>2021-10-12 16:20:03 +0200
commit3174aff1df3f657d2b73b6ab606bd8dcd8fba9aa (patch)
tree09834c2a0f587798801d6bc4aa491427289fd0d9
parent5c2d90681490515ea3daf8de53dbcbbc166133f4 (diff)
downloaddocs-3174aff1df3f657d2b73b6ab606bd8dcd8fba9aa.tar.gz
docs-3174aff1df3f657d2b73b6ab606bd8dcd8fba9aa.tar.bz2
docs-3174aff1df3f657d2b73b6ab606bd8dcd8fba9aa.zip
Initial upload of the age-restriction design document
-rw-r--r--design-documents/024-age-restriction.rst192
-rw-r--r--design-documents/index.rst1
2 files changed, 193 insertions, 0 deletions
diff --git a/design-documents/024-age-restriction.rst b/design-documents/024-age-restriction.rst
new file mode 100644
index 00000000..b6ce1687
--- /dev/null
+++ b/design-documents/024-age-restriction.rst
@@ -0,0 +1,192 @@
+DD 024: Anonymous Age Restriction Extension for GNU Taler
+#########################################################
+
+Summary
+=======
+
+This document presents and discusses an extension to GNU Taler that provides
+anonymous age-restriction.
+
+Motivation
+==========
+
+Merchants are legally obliged to perform age verification of customers when
+they buy certain goods and services. Current mechanisms for age verification
+are either ID-based or require the usage of credit/debit cards. In all cases
+sensitive private information is disclosed.
+
+We want to offer a better mechanism for age-restriction with GNU Taler that
+
+* ensures anonymity and unlinkability of purchases
+* can be set to particular age groups by parents/wardens at withdrawal
+* is bound to particular coins/tokens
+* can be verified by the merchant at purchase time
+* persists even after refresh
+
+The mechanism is presented as an 'extension' to GNU Taler, that is, as an
+optional feature that can be switched on by the exchange operator.
+
+Requirements
+============
+
+TODO
+
+* legal requirements for merchants must allow for this kind of mechanism
+
+
+Proposed Solution
+=================
+
+We propose an extension to GNU Taler for age-restriction that can be enabled
+optionally by an Exchange¹).
+
+Once enabled, coins with age restrictions can be withdrawn by parents/warden
+who can choose to **commit** the coins to a certain maximum age out of a
+predefined list of age groups.
+
+The minors/wards receive those coins and can now **attest** a required minimum
+age (provided that age is less or equal to the committed age of the coins) to
+merchants, who can **verify** the minimum age.
+
+For the rest values (change) after an transaction, the minor/ward can
+**derive** new age-restricted coins. The exchange can **compare** the equality
+of the age-restriction of the old coin with the new coin (in a zero-knowledge
+protocol, that gives the minor/ward a 1/κ chance to raise the minimum age for
+the new coin).
+
+The proposed solution maintains the guarantees of GNU Taler with respect to
+anonymity and unlinkability. (TODO: refer to the paper, once published)
+
+¹) Once the feature is enabled and the age groups are defined, the exchange has
+to stick to that decision until the support for age groups are disabled. We
+might reconsider this design decision at some point.
+
+
+Building Blocks
+^^^^^^^^^^^^^^^
+
+TODO: Summarize the design based on the five functions ``Commit()``,
+``Attest()``, ``Verify()``, ``Derive()``, ``Compare()``.
+
+
+Changes in the Exchange
+^^^^^^^^^^^^^^^^^^^^^^^
+
+The necessary changes in the exchange involve
+
+* indication of support for age restriction
+* modification of the refresh protocol (both, commit and reveal phase)
+* modification of the deposit protocol
+
+
+Support for Age Restriction
+---------------------------
+
+The exchange indicates support for age-restriction in response to ``/keys`` in
+an optional field ``'age_restriction`` with new type ``AgeRestriction``:
+
+.. ts:def:: AgeRestriction
+
+ interface AgeRestriction {
+ // Representation of the age groups as comma separated edges: Increasing
+ // from left to right, the values mark the begining of an age group up
+ // to, but not including the next value. The initial age group starts at
+ // 0 and is not listed. Example: "8:10:12:14:16:18:21".
+ // This field is mandatory and binding in the sense that its hash value
+ // is taken into consideration when signing the denominations below.
+ age_groups: string;
+
+ // List of denominations that support age-restriction with the age groups
+ // given in ``age_groups``. The data structure is the same as for the
+ // denominations in ``ExchangeKeysResponse.denoms``.
+ // **However**, the following differences apply for each denomination in
+ // the list:
+ //
+ // 1. The value of ``TALER_DenominationKeyValidityPS.denom_hash``
+ // is taken over the public key of the denomination __and__ the
+ // string in ``age_groups``.
+ //
+ // 2. The value of ``TALER_DenominationKeyValidityPS.purpose`` is set to
+ // TALER_SIGNATURE_MASTER_AGE_RESTRICTED_DENOMINATION_KEY_VALIDITY
+ denoms: Denom[];
+
+ // Same role as ``ExchangeKeysResponse.eddsa_sig``, but only for the
+ // denominations listed in ``denoms`` above for age restriction. The public
+ // EdDSA key of the exchange that was used to generate the signature is the
+ // same as ``ExchangeKeysResponse.eddsa_pub``.
+ eddsa_sig: EddsaSignature;
+ }
+
+
+Refresh
+-------
+
+TODO: Extension of the cut'n-choose-protocol.
+
+
+Deposit
+-------
+
+TODO: Add opaque hash value of the commitments to the protocol
+
+Changes in the Merchant
+^^^^^^^^^^^^^^^^^^^^^^^
+
+TODO
+
+* Spending protocol
+
+
+Changes in the Wallet
+^^^^^^^^^^^^^^^^^^^^^
+
+TODO.
+
+* choosing age-restriction during withdrawal coins from denominations with
+ support for age restriction.
+* Define protocol to pass denominations to child/ward.
+
+
+
+Alternatives
+============
+
+TODO.
+
+* ID-based systems
+* credit/debit card based systems
+
+
+Drawbacks
+=========
+
+TODO.
+
+* age groups, once defined, are set permanently
+* age restricted coins are basically shared between ward and warden.
+
+Also discuss:
+* storage overhead
+* computational overhead
+* bandwidth overhead
+* legal issues?
+
+Discussion / Q&A
+================
+
+We had some very engaged discussions on the GNU Taler mailing list
+`<mailto:taler@gnu.org>`:
+
+* Money with capabilities
+ `<https://lists.gnu.org/archive/html/taler/2021-08/msg00005.html>`_
+
+
+* On age-restriction (was: online games in China)
+ `<https://lists.gnu.org/archive/html/taler/2021-09/msg00006.html>`_
+
+* Age-restriction is about coins, not currencies
+ `<https://lists.gnu.org/archive/html/taler/2021-09/msg00021.html>`_
+
+
+The upcoming paper on anonymous age-restriction for GNU Taler from Özgür Kesim
+and Christian Grothoff will be cited here, once it is published.
diff --git a/design-documents/index.rst b/design-documents/index.rst
index f97117ef..e5cd09e6 100644
--- a/design-documents/index.rst
+++ b/design-documents/index.rst
@@ -31,4 +31,5 @@ and protocol.
021-exchange-key-continuity
022-wallet-auditor-reports
023-taler-kyc
+ 024-age-restriction
999-template