path: root/thesis.tex

\documentclass[12pt,twoside,DIV=calc,usegeometry,index=totoc]{scrbook}

%\usepackage{showframe} % to show the page layout

\usepackage[utf8]{inputenc}

\usepackage{xspace}
\usepackage{microtype}

\usepackage[main=english,french]{babel}

\usepackage{amssymb,amsmath,amsthm}
\newtheorem{theorem}{Theorem}
\newtheorem{lemma}{Lemma}

\usepackage{url}
\usepackage{graphicx}

\usepackage{caption}
\usepackage{subcaption}

\usepackage{enumitem}

\usepackage{minitoc}

\usepackage{hyperref}

% bold math
\usepackage{bm}


\usepackage{adjustbox}
\usepackage{array}


\usepackage{verbatim}

\usepackage{listings}

\usepackage{multicol}


% stuff like \ding for symbols
\usepackage{pifont}

\usepackage[natbib=true,style=numeric]{biblatex}
\addbibresource{ref.bib}

\usepackage{epsfig}
\usepackage{textpos}
\usepackage{ifthen}
\usepackage{makeidx}
\usepackage{babel}
\usepackage{float}
\usepackage{calc}
\usepackage{vmargin}
\usepackage{letterspace}
\usepackage[pass]{geometry}

\usepackage{eurosym}

\usepackage[usenames,dvipsnames,svgnames,table]{xcolor}

\usepackage{mdframed}

\KOMAoption{titlepage}{firstiscover}
\KOMAoption{bibliography}{totocnumbered}

% Typography
\usepackage[sc,osf]{mathpazo}
\linespread{1.05}
\usepackage[scaled]{helvet} % ss
\usepackage{courier} % tt
\normalfont
\usepackage[T1]{fontenc}

\author{Florian Dold}
\title{The GNU Taler System: \\ Practical and Provably Secure Electronic Payments}

\begin{document}

\dominitoc[n]

\frontmatter
\include{titlepage-rennes}
\tableofcontents
\listoffigures

\chapter{Abstract}
%As our society becomes more and more digitalized, an electronic version of cash
%becomes inevitable.  The design of payment systems is not just a technological
%matter, but has far-reaching sociopolitical consequences.

We describe the design and implementation of GNU Taler, an electronic payment
system based on an extension of Chaumian online e-cash with efficient change.
In addition to anonymity for customers, it provides the novel notion of
\emph{income transparency}, which guarantees that merchants can reliably
receive a payment from an untrusted payer only when their income from the
payment is visible to tax authorities.

Income transparency is achieved by the introduction of a \emph{refresh
protocol}, which gives anonymous change for a partially spent coin without
introducing a tax evasion loophole.  In addition to income transparency, the
refresh protocol can be used to implement Camenisch-style \emph{atomic swaps}, and to
preserve anonymity in the presence of protocol \emph{aborts} and crash faults with
data loss by participants.

Furthermore, we show the provable security of our income-transparent anonymous
e-cash, which, in addition to the usual \emph{anonymity} and
\emph{unforgeability} properties of e-cash, also formally models
\emph{conservation} of funds and income transparency.

Our implementation of GNU Taler is useable by non-expert users and integrates
with the modern Web architecture.  Our payment platform addresses a range of
practical issues, such as tipping customers, providing refunds, integrating
with banks and know-your-customer (KYC) checks, as well as Web platform
security and reliability requirements.  On a single machine, we archieve
transaction rates that rival those of global, commercial credit card
processors.  We increase the robustness of the exchange---the component that
keeps bank money in escrow in exchange for e-cash---by adding an auditor
component, which verifies the correct operation of the system and allows to
detect a compromise or misbehavior of the exchange early.

Just like bank accounts have reason to exist besides bank notes, e-cash only
serves as part of a whole payment system stack.  Distributed ledgers have
recently gained immense popularity as potential replacement for parts of the
traditional financial industry.  While cryptocurrencies based on proof-of-work
such as Bitcoin have yet to scale to be useful as a replacement for established
payment systems, other more efficient systems based on Blockchains with more
classical consensus algorithms might still have promising applications in the
financial industry.

We design, implement and analyze the performance of \emph{Byzantine Set Union
Consensus}, a Byzantine consensus protocol that agrees on a (super-)set of
elements at once, instead of sequentially agreeing on the individual elements
on a set.  Byzantine Set Consensus can be used as a building block for
permissioned block chains, where (just like in Nakamoto-style consensus) whole
blocks of transactions are agreed upon at once, increasing the transaction
rate.

% Camenisch-style atomic swap
% to add: auditing
% to add: anti phishing
% to add: web stuff **
% - Tipping, Refunds, payto://, more on Web
% to add: robustness
% to add: easy integration for merchants
% foster competition, no monopolization




\chapter{Acknowledgements}
%FIXME: put into prose
%\begin{itemize}
%\item ARED, Bruno Haible, RFF, Moritz Bartl
%\item Donaukurier, Tor project (letter of support)
%\item GLS bank
%\item PEP, GNU
%\item Ashoka
%\item Ben
%\item Jean-Louie Lanet
%\item Axel
%\item Cristina
%\item Marcello
%\item Jeff
%\item ng0
%\item gabor
%\item hartmut
%\item andreas enge
%\item richard s
%\item Vaish
%\item GNU developers
%\item Inria
%\item Leon s / business team
%\item Laurent
%\item Christian
%\item shivam
%\end{itemize}

This work has been partially funded by ARED and the RFF.  I would like to thank
Moritz Bartl for helping with the funding for this thesis.  Bruno Haible
provided generous support for the GNU Taler team to visit meetings of the W3C's Web
Payment Working Group.  I also thank Ashoka, the Tor project and the
Donaukurier for their support.

I want to thank Inria and my team leader Axel Legay for hosting me during the
work on my thesis, and Jean-Louie Lanet for agreeing to co-advise my thesis.
Special thanks goes to Thomas Give-Wilson, Fabrizio Biondi, Laurent Morin and
Nisrine Jafri for their support and company.

Thanks to Marcello Stanisci for his work as an engineer on the GNU Taler project.

Chapter \ref{chapter:consensus} is based on work published at ARES 2016 in
collaboration with Christian Grothoff.  Parts of Chapter
\ref{chapter:implementation} have been published in collaboration with Jeff
Burdges, Christian Grothoff and Marcello Stanisci at SPACE 2016.

Thanks to Cristina Onete and Jeff Burdges for their collaboration on the
provable security of GNU Taler.

I am grateful to the GNU project, in particular Richard Stallman, for their support
of this project.  I also thank all GNUnet developers and GNU Guix developers, especially
Hartmut Goebel, Nils Gillmann, Gabor Toth, Ludovic Courtès and Andreas Enge.

Thanks to the Taler Systems business team, in particular Leon Schumacher
and Michael Widmer, for their continuous faith in the project.

I thank my advisor Christian Grothoff for his advice and friendship.

Last but now least I'd like to thank my parents, my oldest friends Tom and Ben
and my fiancée Vaish for their relentless support even during the most
difficult times.

\mainmatter


\include{introduction}



\include{taler/design}
\include{taler/security}
\include{taler/implementation}

\chapter{Byzantine Set-Union Consensus}\label{chapter:consensus}
\graphicspath{{consensus/}}
\include{consensus/chap}
\graphicspath{{/}}

\include{conclusions}


\nocite{*}
\printbibliography[heading=bibintoc]

\appendix

\chapter{draft-dold-payto}
{\small
\verbatiminput{draft-dold-payto.raw.txt}
}

\chapter{Taler HTTP API Reference}
Available at \url{https://docs.taler.net/api/index.html}.  The API reference
will be included in the final version of the manuscript.


\end{document}