wip

1 files changed, 43 insertions, 40 deletions

diff --git a/introduction.tex b/introduction.tex
index aa527bf..8f72301 100644
--- a/introduction.tex
+++ b/introduction.tex
@@ -61,7 +61,7 @@ provide a sound foundation for taxation, facilitate corruption
 hand, systems with too much surveillance eliminate personal freedom.
 
 As the Internet has no standardized payment system, especially not one
-that is capable of instantly, efficiently and securely settling small
+that is capable of quickly, efficiently and securely settling small
 transactions (so-called micropayments), the majority of content on the Web is
 financed by advertisements.  As a result, advertising (and by
 implication, collecting data on users) has been a dominant business
@@ -81,7 +81,7 @@ countries~\cite{adyen2016global,paypers2016ecommerce}.  The resulting
 fragmentation again increases social costs: online shops can either
 choose to invest in implementing many proprietary protocols, or only
 implement the most popular ones, thereby reinforcing the dominance of
-a handful of dominant proprietary payment systems.
+a handful of proprietary payment systems.
 
 Considering these and other social implications of payment systems, we
 started the development of GNU Taler with a set of high-level design
@@ -91,7 +91,7 @@ supports the more highly ranked goal is preferred:
 
 % what about micropayments -> part of 'efficient'
 \begin{enumerate}
-  \item \textbf{GNU Taler must be implemented as free software}
+  \item \textbf{GNU Taler must be implemented as free software.}
 
     Free refers to ``free as in free speech'', as opposed to ``free as in free beer''.
     More specifically, the four essential freedoms of free software
@@ -115,7 +115,7 @@ supports the more highly ranked goal is preferred:
     however, be voluntarily used by merchants, customers or payment processors
     to increase their operational security.
 
-  \item \textbf{GNU Taler must protect the privacy of buyers}\label{item:privacy}
+  \item \textbf{GNU Taler must protect the privacy of buyers.}\label{item:privacy}
 
     Privacy should be guaranteed via technical measures, as opposed to mere
     policies.  Especially with micropayments for online content, a
@@ -128,15 +128,15 @@ supports the more highly ranked goal is preferred:
 %profiles of users.  Unfortunately practically no commercially used payment
 %system has strong anonymity guarantees.
     
-    In legislations with data protection regulations (such as the recently introduced GDPR in Europe),
+    In legislations with data protection regulations (such as the recently introduced GDPR in Europe \cite{voigt2017eu}),
     merchants benefit from this as well, as no data breach of customers can happen if this information
     is, by design, not collected in the first place.  Obviously some private data, such as the shipping
     address for a physical delivery, must still be collected according to business needs.
 
     The security of the payment systems also benefits from this, as the model
     shifts from authentication of customers to mere authorization of payments.
-    This approach rules out whole classes of attacks such as phishing or theft
-    of credit card information.
+    This approach rules out whole classes of attacks such as phishing \cite{garera2007framework} or credit
+    card fraud \cite{sahin2010overview}.
 
   \item \textbf{GNU Taler must enable the state to tax income and crack down on
     illegal business activities.}
@@ -285,11 +285,6 @@ it cannot be misused to facilitate untaxed transactions.  Giving change for
 e-cash has been proposed before \cite{brickell1995trustee,tracz2001fair}, but
 to the best of our knowledge, the idea of income-transparent change is novel.
 
-While the exchange need to be available for payments to be processed, payments
-can still be made when either the customer or the merchant is offline, as one
-of them can route their communication with the exchange through the other
-party.
-
 \subsection{Anonymity Control}
 
 Some proposed e-cash protocols contain mechanisms to allow selective
@@ -297,22 +292,23 @@ deanonymization of transactions for scenarios involving crime
 \cite{sander1999escrow}, specifically blackmailing and tax evasion.
 
 Unfortunately this does not really work as a countermeasure against
-blackmailing in practice.  As noted in the paper that initially described such a
-mechanism for blind signatures \cite{stadler1995fair}, a blackmailer could
-simply request to be paid directly with plain blindly signed coins.
+blackmailing in practice.  As noted in the paper that initially described such
+a mechanism for blind signatures \cite{stadler1995fair}, a blackmailer could
+simply request to be paid directly with plain, blindly signed coins, and
+thereby completely circumvent the threat of revokable anonymity.
 
 GNU Taler provides \emph{income transparency} as a measure against tax evasion.
 We furthermore describe a different approach in a blackmailing scenario in
-Section \ref{sec:design:blackmailing}, which we believe is more practical in
+Section~\ref{sec:design:blackmailing}, which we believe is more practical in
 dissuading blackmailers in practice.
 
 \subsection{User Suspension}
 
 Anonymous user suspension \cite{au2011electronic} has been proposed as
 another mechanism to punish users suspected in illicit activities by
-preventing then from making transactions until the suspension is
+preventing then from making further transactions until the suspension is
 lifted.  Anonymous suspension is based on transactions; the user
-involved in an transaction is suspended, but their identity is not
+involved in a particular transaction is suspended, but their identity is not
 revealed.
 
 While the approach is interesting, it is not practical, as it requires
@@ -366,29 +362,29 @@ showing how GNU Taler {\em looks} from the perspective of an end user in the
 context of Web payments, in a desktop browser (Chromium).
 
 To use GNU Taler, the user must first install a browser extension
-(Figure \ref{fig:ux:install-prompt}).  Once installed, the user can
+(Figure~\ref{fig:ux:install-prompt}).  Once installed, the user can
 open a pop-up window by clicking on the Taler logo, to see the
-initially empty wallet balance (Figure \ref{fig:ux:installed}).
+initially empty wallet balance (Figure~\ref{fig:ux:installed}).
 
 The customer logs into their online bank---a simple demo bank in our case--to
-withdraw digital cash from their bank account into their wallet (Figures
-\ref{fig:ux:bank-login} and \ref{fig:ux:bank-profile}).  Our demo uses
+withdraw digital cash from their bank account into their wallet (Figures~%
+\ref{fig:ux:bank-login} and~\ref{fig:ux:bank-profile}).  Our demo uses
 \textsc{Kudos} as an imaginary currency.  Before the user is asked to confirm,
 they are given the option to view details about or change the default exchange
 provider, the GNU Taler payment service provider \ref{fig:ux:select-exchange}.
 
 With a real bank, a second factor (such as a mobile TAN) would now requested
 from the user.  Our demo instead asks the user to solve a simple CAPTCHA
-(Figure \ref{fig:ux:pin-tan}).  The amount withdrawn--minus withdrawal
-fees---is now available as e-cash in the wallet (Figure
+(Figure~\ref{fig:ux:pin-tan}).  The amount withdrawn---minus withdrawal
+fees---is now available as e-cash in the wallet (Figure~%
 \ref{fig:ux:withdraw-done}).
 
 The customer can now go to an online shop to spend their digital cash.  We've
 implemented a shop that sells single chapter from Richard Stallman's essay
-collection ``Free Software, Free Society'' \cite{stallman2002essays} (Figure
+collection ``Free Software, Free Society'' \cite{stallman2002essays} (Figure~%
 \ref{fig:ux:essay-landing}).  The user selects an essay, and is then
-immediately presented with a confirmation page rendered by the wallet (Figure \ref{fig:ux:essay-pay}).
-After paying, the user can immediately read the article (Figure \ref{fig:ux:essay-done}).
+immediately presented with a confirmation page rendered by the wallet (Figure~\ref{fig:ux:essay-pay}).
+After paying, the user can immediately read the article (Figure~\ref{fig:ux:essay-done}).
 
 Our benchmarks, discussed in Chapter \ref{chapter:implementation} show that a
 single machine can support around 1000 payments per second, and our
@@ -513,9 +509,9 @@ a register of all serial numbers that have been used as payment before.  If the
 serial number is already in the bank's register, the bank informs the merchant
 about the attempted double spending, and the merchant then rejects the payment.
 
-The digital analogue of this process is called a \emph{blind signature},
-where the signer knows that it gave a digital signature, but does not know the value
-that it signed.
+The digital analogue of this process is called a \emph{blind signature}, where
+the signer knows that it gave a digital signature, but does not know the
+contents of the message that it signed.
 
 In this document, we use \emph{coin} to refer to a token of value in an e-cash
 system.  Note that the analogy of a coin does not always hold up, as certain
@@ -528,7 +524,8 @@ divisibility, etc., do not transfer to physical coins.
 We have the following security and correctness properties for GNU Taler
 (formally defined in Chapter~\ref{chapter:security}):
 \begin{itemize}
-  \item \emph{Anonymity} guarantees that transactions cannot be correlated with withdrawals.
+  \item \emph{Anonymity} guarantees that transactions cannot be correlated with withdrawals or
+    other transactions made by the same customer.
   \item \emph{Unforgeability} guarantees that users cannot spend more e-cash than they withdrew.
   \item \emph{Conservation} guarantees that customers do not lose money due to
     interrupted protocols or malicious merchants; they can always obtain
@@ -552,9 +549,15 @@ state, together with rules on how this state can be updated.  The name
 contains a hash of the previous block.  Cryptocurrencies use
 Blockchains to remember the amount of currency controlled by a
 particular account ($\equiv$ private key).  Thus, while
-cryptocurrencies use the term ``coin'' (creating false associations
+cryptocurrencies use the term ``coin'' (creating potentially misleading associations
 with cash), they actually realize a decentralized register-based
-payment system with the Blockchain storing the register using private
+payment system with the Blockchain storing the register\footnote{%
+Anonymous cryotocurrencies such as ZeroCash \cite{bensasson2014zerocash}
+have special accounts (called shielded addresses) that can
+``hide'' their balance, and require the owner to prove in zero knowledge that their balance is sufficient for a transaction.
+As such, anonymous transactions in these systems (which are typically only a small subset of all transactions)
+are closer to value-based systems.  However, currently only a small percentage ($\approx 5\%$) of
+all funds in ZCash, the most widely used anonymous cryptocurrency, belong to shielded addresses (\url{https://explorer.zcha.in/statistics/value}).} using private
 keys to authenticate account owners.
 
 Cryptocurrencies based on Blockchains gained immense popularity over
@@ -591,9 +594,9 @@ inventor of Bitcoin.  The result of the agreement is not final: if a
 branch originating from an earlier block of the chain accumulates more
 work, it becomes the canonical head.  While this type of consensus has
 some attractive properties---there is no fixed set of members, and
-remains secure as long as an adversary has less than 50\% of
-computational power---it consumes a huge amount of energy to provide
-for computation of the proof-of-work puzzles..
+remains secure as long as an adversary has less than 1/4 of
+computational power \cite{eyal2018majority}---it consumes a huge amount of energy to provide
+for computation of the proof-of-work puzzles.
 
 After Bitcoin popularized the concept of Blockchains, alternative consensus
 mechanisms were proposed to replace or augment proof-of-work.  In
@@ -651,7 +654,7 @@ context of centrally banked fiat currencies, such a permissioned
 Blockchain can then effectively recreate the semantics of a classical
 distributed banking system.  As mentioned before, GNU Taler's
 value-based protocol can be integrated with any kind of register-based
-banking --- including those based on Blockchains --- improving
+banking---including those based on Blockchains---improving
 performance and privacy for value-based transactions.
 
 % block structure
@@ -668,10 +671,10 @@ We claim the following key contributions for this thesis:
     instantiation in Chaum-style e-cash and proofs.
   \item We design the GNU Taler payment system under consideration of practical
     aspects of e-cash including aborts, network failures, refunds, multi-coin
-    payments, faults from synchronization and their effects on anonymity;
+    payments, faults from wallet synchronization and their effects on anonymity;
     showing the necessity of a refresh operation.
-  \item We design and implement the seamless/native integration of e-cash into the Web architecture, and discuss
-    security and privacy problems of this integration.
+  \item We design and implement the seamless, native integration of e-cash into the Web architecture, and discuss
+    security and privacy aspects of this integration.
   \item We implemented the GNU Taler payment system and evaluate its
     performance.
 \end{itemize}