diff options
| author | Christian Grothoff <christian@grothoff.org> | 2024-02-29 11:36:22 +0100 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2024-02-29 11:36:22 +0100 |
| commit | e1c366333d8bd174accdcc65f128a8d4a7226c16 (patch) | |
| tree | 8881f326b154a9222aac448d10e0944b47d936de | |
| parent | 656d963d3090800c6b73e7eb53ce1be964abe805 (diff) | |
| download | marketing-e1c366333d8bd174accdcc65f128a8d4a7226c16.tar.gz marketing-e1c366333d8bd174accdcc65f128a8d4a7226c16.tar.bz2 marketing-e1c366333d8bd174accdcc65f128a8d4a7226c16.zip | |
first round of slide updates
| -rw-r--r-- | presentations/comprehensive/g5k.pdf | bin | 0 -> 32940 bytes | |||
| -rw-r--r-- | presentations/comprehensive/main.tex | 1651 | ||||
| -rw-r--r-- | presentations/comprehensive/mining.pdf | bin | 0 -> 30796 bytes | |||
| -rw-r--r-- | presentations/comprehensive/paymentTwint-screen.png | bin | 0 -> 40497 bytes | |||
| -rw-r--r-- | presentations/comprehensive/paymentTwint-screen.xcf | bin | 0 -> 164559 bytes | |||
| -rw-r--r-- | presentations/comprehensive/paymentTwint-screen_25.png | bin | 0 -> 35808 bytes | |||
| -rw-r--r-- | presentations/comprehensive/paymentTwint-screen_50.png | bin | 0 -> 35002 bytes | |||
| -rw-r--r-- | presentations/comprehensive/performance.pdf | bin | 0 -> 21204 bytes | |||
| -rw-r--r-- | presentations/comprehensive/privacy.pdf | bin | 0 -> 30714 bytes | |||
| -rw-r--r-- | presentations/comprehensive/shrine.jpg | bin | 0 -> 835870 bytes | |||
| -rw-r--r-- | presentations/comprehensive/twint.mkv | bin | 0 -> 2953804 bytes |
11 files changed, 855 insertions, 796 deletions
diff --git a/presentations/comprehensive/g5k.pdf b/presentations/comprehensive/g5k.pdf Binary files differnew file mode 100644 index 0000000..e951aa8 --- /dev/null +++ b/presentations/comprehensive/g5k.pdf diff --git a/presentations/comprehensive/main.tex b/presentations/comprehensive/main.tex index 6f81bae..991065a 100644 --- a/presentations/comprehensive/main.tex +++ b/presentations/comprehensive/main.tex @@ -243,6 +243,9 @@ \end{frame} +\setbeamertemplate{navigation symbols}{\hfill \includegraphics[width=1cm]{taler-logo-2021-inkscape.pdf}} + + \begin{frame}{Agenda} \tableofcontents @@ -403,7 +406,7 @@ Current average transaction value: $\approx$ 1000 USD \begin{frame} \frametitle{\includegraphics[height=0.5cm]{pics/zerocoin.png}?} -Cryptography is rather primitive: +Bitcoin cryptography is rather primitive: \begin{center} {\bf All Bitcoin transactions are public and linkable!} \end{center} @@ -429,8 +432,8 @@ ZeroCoin, CryptoNote (Monero) and ZeroCash (ZCash) offer anonymity. \end{frame} - \begin{frame}{The Bank of International Settlements} + \framesubtitle{Central Bank Digital Currency vs. Cash} \begin{center} \movie[%scale=0.6, autostart, @@ -624,7 +627,7 @@ positives in fraud detection \begin{frame}{Social Impact of Taler} \begin{center} - \includegraphics[height=0.9\textheight]{../../social-impact.pdf} + \includegraphics[height=0.9\textheight]{../social-impact.pdf} \end{center} \end{frame} @@ -695,6 +698,447 @@ positives in fraud detection \end{frame} +\section{Component Zoo} + +\begin{frame} + \vfill + \begin{center} + {\bf Component Zoo} + \end{center} + \vfill +\end{frame} + + +\begin{frame}{The Taler Software Ecosystem: Overview} + \framesubtitle{\url{https://taler.net/en/docs.html}} + Taler is based on modular components that work together to provide a + complete payment system: + \vfill + \begin{itemize} + \item {\bf Exchange:} Service provider for digital cash + \begin{itemize} + \item Core exchange software (cryptography, database) + \item Air-gapped key management, real-time {\bf auditing} + \item {\bf libeufin}: Modular integration with banking systems + \end{itemize} + \item {\bf Merchant:} Integration service for existing businesses + \begin{itemize} + \item Core merchant backend software (cryptography, database) + \item {\bf Back-office interface} for staff + \item {\bf Frontend integration} (E-commerce, Point-of-sale) + \end{itemize} + \item {\bf Wallet:} Consumer-controlled applications for e-cash + \begin{itemize} + \item Multi-platform wallet software (for browsers \& mobile phones) + \item Wallet backup storage providers ({\bf sync}) + \item {\bf Anastasis}: Recovery of lost wallets based on secret splitting + \end{itemize} + \end{itemize} +\end{frame} + + +\begin{frame}{Taler Exchange} + The {\bf Exchange} is the core logic of the payment system. + + \begin{itemize} + \item One exchange at minimum must be operated per currency + \item Offers a REST API for merchants and customers + \item Uses several helper processes for configuration and to + interact with RTGS and cryptography + \item KYC support via OAuth 2.0, KycAID or Persona APIs + \item Implemented in C on top of GNU libmicrohttpd + \end{itemize} +\end{frame} + + +\begin{frame}{Taler: Exchange Architecture} +\begin{center} +\begin{tikzpicture} + \tikzstyle{def} = [node distance=2em and 2.5em, inner sep=1em, outer sep=.3em]; + \node (origin) at (0,0) {}; + \node (httpd) [def,above=of origin,draw]{httpd}; + \node (secmod-rsa) [def, draw, right=of httpd] {secmod-rsa}; + \node (secmod-eddsa) [def, draw, left=of httpd] {secmod-eddsa}; + \node (postgres) [def, draw, below=of httpd]{Postgres}; + \node (aggregator) [def, draw, right=of postgres]{aggregator}; + \node (transfer) [def, draw, below left=of postgres]{transfer}; + \node (wirewatch) [def, draw, below right=of postgres]{wirewatch}; + \node (nexus) [def, draw, below=of postgres]{Nexus}; + + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<->, C] (httpd) -- (postgres) node [midway, above, sloped] (TextNode) {}; + \draw [<->, C] (httpd) -- (secmod-rsa) node [midway, above, sloped] (TextNode) {}; + \draw [<->, C] (httpd) -- (secmod-eddsa) node [midway, above, sloped] (TextNode) {}; + \draw [<->, C] (aggregator) -- (postgres) node [midway, above, sloped] (TextNode) {}; + \draw [<->, C] (wirewatch) -- (postgres) node [midway, above, sloped] (TextNode) {}; + \draw [<->, C] (transfer) -- (postgres) node [midway, above, sloped] (TextNode) {}; + \draw [->, C] (transfer) -- (nexus) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (wirewatch) -- (nexus) node [midway, above, sloped] (TextNode) {}; +\end{tikzpicture} +\end{center} +\end{frame} + + +\begin{frame}{Taler Merchant} + The {\bf Merchant} is the software run by merchants to accept\\ + GNU Taler payments. + + \begin{minipage}{6cm} + \begin{itemize} + \item REST API for integration with e-commerce + \item SPA provides Web interface for administration + \item Features include: + \begin{itemize} + \item Multi-tenant support + \item Refunds + \item Tipping (Website pays visitor) + \item Webhooks + \item Inventory management (optional) + \end{itemize} + \item Implemented in C on top of GNU libmicrohttpd + \end{itemize} + \end{minipage} + \begin{minipage}{5cm} + \includegraphics[width=5cm]{screenshots/merchant-spa-settings} + \end{minipage} +\end{frame} + + +\begin{frame} +\frametitle{Taler: Merchant Perspective} +\begin{center} +\begin{tikzpicture} + \tikzstyle{def} = [node distance= 3.5em and 2em, inner sep=1em, outer sep=.3em]; + \node (origin) at (0,0) {}; + \node (backend) [def,above=of origin,draw]{{\tiny taler-merchant-httpd}}; + \node (frontend) [def,above left=of backend,draw]{{\tiny E-commerce Frontend}}; + \node (backoffice) [def,above right=of backend,draw]{Backoffice}; + \node (postgres) [def, draw, below left=of backend] {Postgres}; + \node (sqlite) [def, draw, below=of backend] {Sqlite}; + \node (alt) [def, draw, below right=of backend] {...}; + + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [->, C] (frontend) -- (backend) node [midway, above, sloped] (TextNode) {REST API}; + \draw [->, C] (backoffice) -- (backend) node [midway, above, sloped] (TextNode) {REST API}; + \draw [<->, C] (backend) -- (postgres) node [midway, above, sloped] (TextNode) {SQL}; + \draw [<->, C] (backend) -- (sqlite) node [midway, above, sloped] (TextNode) {SQL}; + \draw [<->, C] (backend) -- (alt) node [midway, above, sloped] (TextNode) {SQL}; +\end{tikzpicture} +\end{center} +\end{frame} + + + +\begin{frame}{Taler Wallet} + The {\bf Wallet} is the software run by consumers to store + their digital cash and authorize transactions. + + \begin{minipage}{8cm} + \begin{itemize} + \item {\bf wallet-core} is the logic shared by all interfaces + \item Applications exist for Android, F-Droid, + WebExtension (Chrome, Chromium, Firefox, etc.), iOS ({\bf WiP}) + \item Features include: + \begin{itemize} + \item Multi-currency support + \item Wallet-to-wallet payments (NFC or QR code) + \item CRDT-like data model + \end{itemize} + \item {\bf wallet-core} implemented in TypeScript + \end{itemize} + Can be integrated into other Apps if desired. + \end{minipage} + \begin{minipage}{3cm} + \includegraphics[width=3cm]{screenshots/Screenshot_20230225-103520.png} + \end{minipage} +\end{frame} + + +\begin{frame} +\frametitle{Taler: Wallet Architecture} + \framesubtitle{Background: \url{https://anastasis.lu/}} +\begin{center} +\begin{tikzpicture} + \tikzstyle{def} = [node distance= 5em and 4.5em, inner sep=1em, outer sep=.3em]; + \node (origin) at (0,0) {}; + \node (gui) [def,above=of origin,draw]{wallet-gui}; + \node (core) [def,below=of gui,draw]{wallet-core}; + \node (sync) [def, draw, below left=of core] {Sync}; + \node (taler) [def, draw, below right=of core] {Taler}; + \node (anastasis) [def, draw, below=of core] {Anastasis}; + + \tikzstyle{C} = [color=black, line width=1pt] + \draw [<->, C] (gui) -- (core) node [midway, above, sloped] (TextNode) {}; + \draw [<->, C] (core) -- (sync) node [midway, above, sloped] (TextNode) {Backup}; + \draw [<->, C] (core) -- (taler) node [midway, above, sloped] (TextNode) {Payment}; + \draw [<->, C] (core) -- (anastasis) node [midway, above, sloped] (TextNode) {Key Escrow}; +\end{tikzpicture} +\end{center} +\end{frame} + + +\begin{frame}[fragile]{RFC 8905: \texttt{payto:} Uniform Identifiers for Payments and Accounts} + \vfill + Like \texttt{mailto:}, but for bank accounts instead of email accounts! + \vfill + \begin{verbatim} + payto://<PAYMENT-METHOD>/<ACCOUNT-NR> + ?subject=InvoiceNr42 + &amount=EUR:12.50 + \end{verbatim} + \vfill + Default action: Open app to review and confirm payment. + \vfill +\includegraphics[width=0.25\textwidth]{einzahlschein-ch.jpeg} +\hfill +\includegraphics[width=0.2\textwidth]{de-ueberweisungsformular.png} + \vfill +\end{frame} + + +\begin{frame}[fragile]{Benefits of {\tt payto://}} + \begin{itemize} + \item Standardized way to represent financial resources (bank account, bitcoin wallet) + and payments to them + \item Useful on the client-side on the Web and for FinTech backend applications + \item Payment methods (such as IBAN, ACH, Bitcoin) are registered with + IANA and allow extra options + \end{itemize} + \begin{center} + {\bf Taler wallet can generate payto://-URI for withdraw!} + \end{center} +\end{frame} + + +\begin{frame}{Taler Auditor} + The {\bf Auditor} is the software run by an independent auditor + to validate the operation of an Exchange. + + \begin{itemize} + \item REST API for additional report inputs by merchants (optional) + \item Secure database replication logic + \item Implemented in C on top of GNU libmicrohttpd + \end{itemize} +\end{frame} + + +\begin{frame} +\frametitle{Taler: Auditor Perspective} +\begin{center} +\begin{tikzpicture} + \tikzstyle{def} = [node distance=2em and 2.5em, inner sep=1em, outer sep=.3em]; + \node (origin) at (0,0) {}; + \node (httpd) [def,above left=of origin,draw]{auditor-httpd}; + \node (report) [def,above right=of origin,draw]{auditor-report}; + \node (postgres-A) [def, draw, below=of origin] {Postgres (Auditor)}; + \node (postgres-E) [def, draw, below=of postgres-A] {Postgres (Bank)}; + + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [->, C] (postgres-E) -- (postgres-A) node [midway, above, sloped] (TextNode) {sync}; + \draw [<->, C] (httpd) -- (postgres-A) node [midway, above, sloped] (TextNode) {}; + \draw [<->, C] (report) -- (postgres-A) node [midway, above, sloped] (TextNode) {}; +\end{tikzpicture} +\end{center} +\end{frame} + + +\begin{frame}{libeufin-nexus} + libeufin-nexus allows Taler components to interact with a core banking system. It: + + \begin{itemize} + \item provides an implementation of the Wire Gateway for the exchange + \item supports EBICS 2.5 + \item other APIs such as FinTS or PSD2-style XS2A APIs can be added + without requiring changes to the Exchange + \item was tested with GLS Bank (DE) and Postfinance (CH) accounts and real EUR/CHF + \end{itemize} +\end{frame} + + +\begin{frame}{libeufin-bank} + libeufin-bank implements a standalone bank with a Web interface. It: + + \begin{itemize} + \item provides the Taler Core Bank API for RESTful online banking + using a Web interface (with multi-factor authentication) + \item includes a Taler Wire Gateway for the exchange + \item offers the Taler Bank Integration API to allow wallets + to easily withdraw digital cash + \item optionally provides the Taler Conversion Info API for currency + conversion between fiat and regional currencies + \item optionally integrates with libeufin-nexus to interact with + a core banking system + \end{itemize} +\end{frame} + + +\begin{frame}[fragile]{Taler: Bank Perspective} +\begin{adjustbox}{max totalsize={.9\textwidth}{.7\textheight},center} +\begin{tikzpicture} + \tikzstyle{def} = [node distance= 5em and 6.5em, inner sep=1em, outer sep=.3em]; + \node (origin) at (0,0) {}; + \node (exchange) [def,above=of origin,draw]{Exchange}; + \node (nexus) [def, draw, below right=of exchange] {Nexus}; + \node (corebanking) [def, draw, below left=of nexus] {Core Banking}; + \node (nginx) [def, draw, above=of exchange]{Nginx}; + \node (postgres) [def, draw, below left=of exchange]{Postgres}; + \node (postgres-nexus) [def, draw, below right=of nexus]{Postgres}; + + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (exchange) -- (nginx) node [midway, above, sloped] (TextNode) {REST API}; + \draw [<-, C] (postgres) -- (exchange) node [midway, above, sloped] (TextNode) {SQL}; + \draw [<-, C] (postgres-nexus) -- (nexus) node [midway, above, sloped] (TextNode) {SQL}; + \draw [<-, C] (nexus) -- (exchange) node [midway, above, sloped] (TextNode) {Internal REST API}; + \draw [<-, C] (corebanking) -- (nexus) node [midway, above, sloped] (TextNode) {EBICS/FinTS}; + +\end{tikzpicture} +\end{adjustbox} +\end{frame} + + +\begin{frame}{Depolymerization} + Depolymerization is a bridge between GNU Taler and blockchains, + making Taler a layer 2 system for crypto-currencies (like Lightning). + + \begin{itemize} + \item provides an implementation of the Wire Gateway for the exchange + \item Works on top of Bitcoin and Ethereum + crypto-currencies, with the DLTs as the ``RTGS'' + \item Provides same API to Exchange as libeufin-nexus + \item Implemented in Rust + \end{itemize} + \begin{center} + \url{https://bitcoin.ice.bfh.ch/} + \end{center} +\end{frame} + + +\begin{frame}{Pretix Taler payment plugin} +\begin{center} +\includegraphics[width=0.5\textwidth]{screenshots/pretix.png} +\end{center} + + Pretix is a ticket sales system. + + \begin{itemize} + \item Pretix payment plugin enables payments via GNU Taler + \item Developed by Pretix.eu for \EUR{3,000} on behalf of Taler Systems SA + \end{itemize} +\end{frame} + + +\begin{frame}{WooCommerce Taler payment plugin} +\begin{minipage}{6cm} + \begin{itemize} + \item WooCommerce is an e-commerce plugin for WordPress. + \item WooCommerce payment plugin enables payments via GNU Taler + \item Features include: + \begin{itemize} + \item Trivial configuration + \item Support for refunds + \item Full internationalization + \end{itemize} + \item WooCommerce and its plugins are implemented in PHP + \end{itemize} +\end{minipage} +\begin{minipage}{5cm} + \includegraphics[width=4cm]{screenshots/woocommerce-cart.png} + \includegraphics[width=4cm]{screenshots/woocommerce-settings.png} + \end{minipage} +\end{frame} + + +\begin{frame}{Joomla! Taler payment plugin} +\begin{minipage}{6cm} + \begin{itemize} + \item Joomla! is an e-commerce platform + \item Joomla! payment plugin enables payments via GNU Taler + \item Features include: + \begin{itemize} + \item Trivial configuration + \item Support for refunds + \item Full internationalization + \end{itemize} + \item Joomla! and its plugins are implemented in PHP + \end{itemize} +\end{minipage} +% FIXME: add screenshots +%\begin{minipage}{5cm} +% \includegraphics[width=4cm]{screenshots/woocommerce-cart.png} +% \includegraphics[width=4cm]{screenshots/woocommerce-settings.png} +% \end{minipage} +\end{frame} + + + + +\begin{frame}{Point-of-Sale App for Android} + +\begin{minipage}{7cm} + \begin{itemize} + \item Allows merchant to generate orders against Taler backend + and display QR code to enable customer to pay in person + \item Patterned after ViewTouch restaurant UI + \item Features include: + \begin{itemize} + \item Internet-based configuration + \item Products sorted by categories + \item Easy undo of every operation + \item Manages multiple concurrent orders + \end{itemize} + \item The Point-of-Sale App is implemented in Kotlin + \end{itemize} +\end{minipage} +\begin{minipage}{4cm} + \includegraphics[width=4cm]{screenshots/Screenshot_20230224-194112.jpg} + \includegraphics[width=4cm]{screenshots/Screenshot_20230224-194119.jpg} + \includegraphics[width=4cm]{screenshots/Screenshot_20230224-195348.jpg} +\end{minipage} +\end{frame} + + +\begin{frame}{Cashier App for Android} +\begin{minipage}{4cm} + \begin{itemize} + \item Enables BFH staff to convert cash to e-cash + \item Staff has special bank accounts with limited funds + \item Students can pay staff in cash to receive e-cash + \item The Cashier App is implemented in Kotlin + \end{itemize} + \end{minipage} + \begin{minipage}{3cm} + \includegraphics[width=3cm]{screenshots/Screenshot_20230225-103315.png} + \end{minipage} + \begin{minipage}{3cm} + \includegraphics[width=3cm]{screenshots/Screenshot_20230225-103325.png} + \end{minipage} +\end{frame} + + +\begin{frame}{TalDir (WiP)} + TalDir is an extension to the existing + peer-to-peer payment functionality. + + \begin{itemize} + \item Registry to associate wallets with network addresses + \item Extensible to different types of network services: + \begin{itemize} + \item E-mail + \item SMS + \item Twitter + \item ... + \end{itemize} + \item Send payments or invoices to wallets associated with network address + \item Will {\bf not} require sending wallet to use same network service + \end{itemize} +\end{frame} + + + \section{Protocol Basics} @@ -706,6 +1150,20 @@ positives in fraud detection \vfill \end{frame} + +\begin{frame}{A Bachelor's Thesis Video} + \begin{center} + \movie[%scale=0.6, + autostart, + poster] + { + \includegraphics[height=0.6\textwidth,width=0.8\textwidth]{white.png} + } + {cs-movie.mp4} + \end{center} +\end{frame} + + \begin{frame}{How does it work?} We use a few ancient constructions: \begin{itemize} @@ -1427,20 +1885,88 @@ But of course we use modern instantiations. \end{frame} +\section{Attacks \& Defenses} -\begin{frame}{Warranting deposit safety} - Exchange has {\em another} online signing key $W = wG$: - \begin{center} - Sends $EdDSA_w(M,H(D),FDH(C))$ to the merchant. - \end{center} - This signature means that $M$ was the {\em first} to deposit - $C$ and that the exchange thus must pay $M$. +\begin{frame} \vfill \begin{center} - Without this, an evil exchange could renege on the deposit - confirmation and claim double-spending if a coin were - deposited twice, and then not pay either merchant! + \vfill + {\bf Attacks \& Defenses} + \vfill \end{center} + \vfill +\end{frame} + + +\begin{frame}{Key management} +Taler has many types of keys: +\begin{itemize} +\item Coin keys +\item Denomination keys +\item Online message signing keys +\item Offline key signing keys +\item Merchant keys +\item Auditor key +\item Security module keys +\item Transfer keys +\item Wallet keys +\item {\em TLS keys, DNSSEC keys} +\end{itemize} +\end{frame} + + +\begin{frame}{Offline keys} +Both exchange and auditor use offline keys. +\begin{itemize} +\item Those keys must be backed up and remain highly confidential! +\item We recommend that computers that have ever had access to those + keys to NEVER again go online. +\item We recommend using a Raspberry Pi for offline key operations. + Store it in a safe under multiple locks and keys. +\item Apply full-disk encryption on offline-key signing systems. +\item Have 3--5 full-disk backups of offline-key signing systems. +\end{itemize} +\begin{center} +\includegraphics[scale=0.1]{pi.png} +\end{center} +\end{frame} + + +\begin{frame}{Online keys} +The exchange needs RSA and EdDSA keys to be available for online signing. +\begin{itemize} +\item Knowledge of these private keys will allow an adversary to + mint digital cash, possibly resulting in huge financial losses + (eventually, this will be detected by the auditor, but only + after some financial losses have been irrevocably incurred). +\item The corresponding public keys are certified using + Taler's public key infrastructure (which uses offline-only keys). +\end{itemize} +\begin{center} +\includegraphics[width=0.5\textwidth]{taler-diagram-signatures.png} +\end{center} +\vfill +{\tt taler-exchange-offline} can also be used to {\bf revoke} the +online signing keys, if we find they have been compromised. +\vfill +\end{frame} + + +\begin{frame}{Protecting online keys} +The exchange needs RSA and EdDSA keys to be available for online signing. +\begin{itemize} +\item {\tt taler-exchange-secmod-rsa} and {\tt taler-exchange-secmod-eddsa} + are the only processes that must have access to the private keys. +\item The secmod processes should run under a different UID, but share + the same GID with the exchange. +\item The secmods generate the keys, allow {\tt taler-exchange-httpd} to sign with + them, and eventually delete the private keys. +\item Communication between secmods and {\tt taler-exchange-httpd} is via + a UNIX domain socket. +\item Online private keys are stored on disk (not in database!) and should + NOT be backed up (RAID should suffice). If disk is lost, we can always + create fresh replacement keys! +\end{itemize} \end{frame} @@ -1515,6 +2041,120 @@ and (likely) would presume an evil exchange, forcing it to pay both merchants. \end{frame} +\begin{frame}{Warranting deposit safety} + Exchange has {\em another} online signing key $W = wG$: + \begin{center} + Sends $EdDSA_w(M,H(D),FDH(C))$ to the merchant. + \end{center} + This signature means that $M$ was the {\em first} to deposit + $C$ and that the exchange thus must pay $M$. + \vfill + \begin{center} + Without this, an evil exchange could renege on the deposit + confirmation and claim double-spending if a coin were + deposited twice, and then not pay either merchant! + \end{center} +\end{frame} + + +\begin{frame}{Database} +The exchange needs the database to detect double spending. +\begin{itemize} +\item Loss of the database will allow technically skilled people + to double-spend their digital cash, possibly resulting in + significant financial losses. +\item The database contains total amounts customers withdrew and + merchants received, so sensitive private banking data. It + must thus not become public. +\item The auditor must have a (current) copy. Asynchronous replication + should be sufficient. This copy can also serve as an + additional (off-site?) backup. +\end{itemize} +\end{frame} + + +\begin{frame}{taler-exchange-wirewatch} +{\tt taler-exchange-wirewatch} needs credentials to access data about +incoming wire transfers from the Nexus. +\begin{itemize} +\item This tool should run as a separate UID and GID (from + {\tt taler-exchange-httpd}). +\item It must have access to the Postgres database (SELECT + INSERT). +\item Its configuration file contains the credentials to talk to Nexus. +\item[$\Rightarrow$] Configuration should be separate from {\tt taler-exchange-httpd}. +\end{itemize} +\end{frame} + + +\begin{frame}{taler-exchange-transfer} +Only {\tt taler-exchange-transfer} needs credentials to initiate wire +transfers using the Nexus. +\begin{itemize} +\item This tool should run as a separate UID and GID (from + {\tt taler-exchange-httpd}). +\item It must have access to the Postgres database (SELECT + INSERT). +\item Its configuration file contains the credentials to talk to Nexus. +\item[$\Rightarrow$] Configuration should be separate from {\tt taler-exchange-httpd}. +\end{itemize} +\end{frame} + + +\begin{frame}{libeufin-nexus} +libeufin-nexus has to be able to interact with the escrow account of the exchange. +\begin{itemize} +\item It must have the private keys to sign EBICS/FinTS messages. +\item It also has its own local database. +\item The Nexus user and database should be kept separate from + the other exchange users and the Taler exchange database. +\end{itemize} +\end{frame} + + +\begin{frame}{Hardware} +General notions: +\begin{itemize} +\item Platforms with disabled Intel ME \& disabled remote administration are safer. +\item VMs are not a security mechanism. Side-channel attacks abound. Avoid running any + Taler component in a virtual machine ``for security''. +\end{itemize} +\end{frame} + + +\begin{frame}{Operating system} +General notions: +\begin{itemize} +\item It should be safe to run the different Taler components (including Nginx, Nexus + and Postgres) all on the same physical hardware (under different UIDs/GIDs). + We would separate them onto different physical machines during scale-out, but not + necessarily for ``basic'' security. +\item Limiting and auditing system administrator access will be crucial. +\item We recommend to {\bf not} use any anti-virus. +\item We recommend using a well-supported GNU/Linux operating system (such as + Debian or Ubuntu). +\end{itemize} +\end{frame} + + +\begin{frame}{Network} +\begin{itemize} +\item We recommend to {\bf not} use any host-based firewall. + Taler components can use UNIX domain sockets (or bind to localhost). +\item A network-based + firewall is not required, but as long as TCP 80/443 are open Taler should + work fine. +\item Any firewall must be configured to permit connection to Auditor + for database synchronization. +\item We recommend running the Taler exchange behind an Nginx or Apache + proxy for TLS termination. +\item We recommend using static IP address configurations (IPv4 and IPv6). +\item We recommend using DNSSEC with DANE in addition to TLS certificates. +\item We recommend auditing the TLS setup using \url{https://observatory.mozilla.org}. +\end{itemize} +\end{frame} + + + + \section{Offline payments} \begin{frame} @@ -1559,6 +2199,47 @@ Three possible approaches: \end{frame} +\begin{frame}{A Scenario} +{God is offline, but customer pays online} +\begin{center} + \includegraphics[height=0.4\textwidth]{shrine.jpg} +\end{center} +\end{frame} + +\begin{frame}{Typical Payment Process}{All equivalent: Twint, PayPal, AliPay, PayTM} +\begin{center} + \movie[%scale=0.6, + autostart, + poster] + { + \includegraphics[height=0.3\textwidth,width=0.4\textwidth]{white.png} + } + {twint.mkv} + + {\tiny (C) Twint, 2023} +\end{center} +\end{frame} + + +\begin{frame}{Secure Payment ...}{Everything green?} +\begin{center} + \includegraphics[height=0.3\textwidth]{paymentTwint-screen_25.png} +\end{center} +\end{frame} + +\begin{frame}{Exploit ``Code''}{Programming optional} +\begin{center} + \includegraphics[height=0.3\textwidth]{paymentTwint-screen.png} +\end{center} +\end{frame} + +\begin{frame}{``Customers'' {\em love} Twint ...}{Daily non-business for shops} +\begin{center} + \includegraphics[height=0.3\textwidth]{paymentTwint-screen_50.png} +\end{center} +\end{frame} + + \begin{frame}{Partially Offline Payments with GNU Taler\footnote{Joint work with Emmanuel Benoist, Priscilla Huang and Sebastian Marchano}} \begin{center} @@ -1910,59 +2591,59 @@ Searching for functions \uncover<2->{with the following signatures} \end{tikzpicture} \end{frame} -% \begin{frame}{Achieving Unlinkability} -% \scriptsize -% $\DeriveCompare : \Commitments\times\Proofs\times\Omega \to \{0,1\}$\\ -% \vfill -% $\DeriveCompare(\commitment, \pruf, \omega) =$ -% \begin{itemize} -% \it -% \itemsep0.5em -% \item[$\Child$:] -% \begin{enumerate} -% \scriptsize -% \itemsep0.3em -% \item for all $i \in \{1,\dots,\kappa\}: -% (\commitment_i,\pruf_i,\beta_i) \leftarrow \Derive(\commitment, \pruf, \omega + i)$ -% \item $h \leftarrow \Hash\big(\Hash(\commitment_1,\beta_1)\parallel\dots\parallel\Hash(\commitment_\kappa,\beta_\kappa) \big)$ -% \item send $(\commitment, h)$ to $\Exchange$ -% \end{enumerate} -% \item[$\Exchange$:] -% \begin{enumerate} -% \setcounter{enumi}{4} -% \scriptsize -% \itemsep0.3em -% \item save $(\commitment, h)$ \label{st:hash} -% \item $\gamma \drawfrom \{1,\dots ,\kappa\}$ -% \item send $\gamma$ to $\Child$ -% \end{enumerate} -% \item[$\Child$:] -% \begin{enumerate} -% \setcounter{enumi}{7} -% -% \scriptsize -% \itemsep0.3em -% \item $h'_\gamma \leftarrow \Hash(\commitment_\gamma, \beta_\gamma)$ -% \item $\mathbf{E}_\gamma \leftarrow \big[(\commitment_1,\beta_1),\dots, -% (\commitment_{\gamma-1}, \beta_{\gamma-1}), -% \Nil, -% (\commitment_{\gamma+1}, \beta_{\gamma+1}), -% \dots,(\commitment_\kappa, \beta_\kappa)\big]$ -% \item send $(\mathbf{E}_\gamma, h'_\gamma)$ to $\Exchange$ -% \end{enumerate} -% \item[$\Exchange$:] -% \begin{enumerate} -% \setcounter{enumi}{10} -% \scriptsize -% \itemsep0.3em -% \item for all $i \in \{1,\dots,\kappa\}\setminus\{\gamma\}: h_i \leftarrow \Hash(\mathbf{E}_\gamma[i])$ -% \item if $h \stackrel{?}{\neq} \HashF(h_1\|\dots\|h_{\gamma-1}\|h'_\gamma\|h_{\gamma+1}\|\dots\|h_{\kappa-1})$ return 0 -% \item for all $i \in \{1,\dots,\kappa\}\setminus\{\gamma\}$: -% if $0 \stackrel{?}{=} \Compare(\commitment,\commitment_i, \beta_i)$ return $0$ -% \item return 1 -% \end{enumerate} -% \end{itemize} -% \end{frame} + \begin{frame}{Achieving Unlinkability} + \scriptsize + $\DeriveCompare : \Commitments\times\Proofs\times\Omega \to \{0,1\}$\\ + \vfill + $\DeriveCompare(\commitment, \pruf, \omega) =$ + \begin{itemize} + \it + \itemsep0.5em + \item[$\Child$:] + \begin{enumerate} + \scriptsize + \itemsep0.3em + \item for all $i \in \{1,\dots,\kappa\}: + (\commitment_i,\pruf_i,\beta_i) \leftarrow \Derive(\commitment, \pruf, \omega + i)$ + \item $h \leftarrow \Hash\big(\Hash(\commitment_1,\beta_1)\parallel\dots\parallel\Hash(\commitment_\kappa,\beta_\kappa) \big)$ + \item send $(\commitment, h)$ to $\Exchange$ + \end{enumerate} + \item[$\Exchange$:] + \begin{enumerate} + \setcounter{enumi}{4} + \scriptsize + \itemsep0.3em + \item save $(\commitment, h)$ \label{st:hash} + \item $\gamma \drawfrom \{1,\dots ,\kappa\}$ + \item send $\gamma$ to $\Child$ + \end{enumerate} + \item[$\Child$:] + \begin{enumerate} + \setcounter{enumi}{7} + + \scriptsize + \itemsep0.3em + \item $h'_\gamma \leftarrow \Hash(\commitment_\gamma, \beta_\gamma)$ + \item $\mathbf{E}_\gamma \leftarrow \big[(\commitment_1,\beta_1),\dots, + (\commitment_{\gamma-1}, \beta_{\gamma-1}), + \Nil, + (\commitment_{\gamma+1}, \beta_{\gamma+1}), + \dots,(\commitment_\kappa, \beta_\kappa)\big]$ + \item send $(\mathbf{E}_\gamma, h'_\gamma)$ to $\Exchange$ + \end{enumerate} + \item[$\Exchange$:] + \begin{enumerate} + \setcounter{enumi}{10} + \scriptsize + \itemsep0.3em + \item for all $i \in \{1,\dots,\kappa\}\setminus\{\gamma\}: h_i \leftarrow \Hash(\mathbf{E}_\gamma[i])$ + \item if $h \stackrel{?}{\neq} \HashF(h_1\|\dots\|h_{\gamma-1}\|h'_\gamma\|h_{\gamma+1}\|\dots\|h_{\kappa-1})$ return 0 + \item for all $i \in \{1,\dots,\kappa\}\setminus\{\gamma\}$: + if $0 \stackrel{?}{=} \Compare(\commitment,\commitment_i, \beta_i)$ return $0$ + \item return 1 + \end{enumerate} + \end{itemize} + \end{frame} \begin{frame}{Basic Requirements} @@ -2011,29 +2692,29 @@ Searching for functions \uncover<2->{with the following signatures} \end{description} \end{frame} -%\begin{frame}{Requirements} -% \framesubtitle{Details} -% -% \begin{description} -% \item[Derivability of commitments and proofs:]~\\[0.1em] -% {\scriptsize -% Let \begin{align*} -% \age & \in\N_\Age,\,\, \omega_0, \omega_1 \in\Omega\\ -% (\commitment_0, \pruf_0) & \leftarrow \Commit(\age, \omega_0),\\ -% (\commitment_1, \pruf_1, \blinding) & \leftarrow \Derive(\commitment_0, \pruf_0, \omega_1). -% \end{align*} -% We require -% \begin{align*} -% \Compare(\commitment_0, \commitment_1, \blinding) = 1 \label{req:comparity} -% \end{align*} -% and for all $n\leq\age$: -% \begin{align*} -% \Verify(n, \commitment_1, \Attest(n, \commitment_1, \pruf_1)) &% -% = -% \Verify(n, \commitment_0, \Attest(n, \commitment_0, \pruf_0)) -% \end{align*}} -% \end{description} -%\end{frame} +\begin{frame}{Requirements} + \framesubtitle{Details} + + \begin{description} + \item[Derivability of commitments and proofs:]~\\[0.1em] + {\scriptsize + Let \begin{align*} + \age & \in\N_\Age,\,\, \omega_0, \omega_1 \in\Omega\\ + (\commitment_0, \pruf_0) & \leftarrow \Commit(\age, \omega_0),\\ + (\commitment_1, \pruf_1, \blinding) & \leftarrow \Derive(\commitment_0, \pruf_0, \omega_1). + \end{align*} + We require + \begin{align*} + \Compare(\commitment_0, \commitment_1, \blinding) = 1 \label{req:comparity} + \end{align*} + and for all $n\leq\age$: + \begin{align*} + \Verify(n, \commitment_1, \Attest(n, \commitment_1, \pruf_1)) &% + = + \Verify(n, \commitment_0, \Attest(n, \commitment_0, \pruf_0)) + \end{align*}} + \end{description} +\end{frame} \begin{frame}{Security Requirements} Candidate functions must also meet \textit{security} requirements. @@ -2186,35 +2867,35 @@ Searching for functions \uncover<2->{with the following signatures} \end{frame} -% \begin{frame}{Instantiation with ECDSA} -% \framesubtitle{Full definitions} -% \scriptsize -% -% \begin{align*} -% \Commit_{E,\FDHg{\cdot}}(\age, \omega) &:= \Big\langle -% \overbrace{(q_1,\ldots,q_\Age)}^{= \Vcommitment},\; -% \overbrace{(p_1,\ldots,p_\age, \Nil,\ldots,\Nil)}^{= \Vpruf \text{, length }\Age} -% \Big\rangle\\ -% \Attest_{E,\HashF}(\bage, \Vcommitment, \Vpruf) &:= -% \begin{cases} -% \attest_\bage := \Sign_{E,\HashF}\big(\bage,\Vpruf[\bage]\big) & \text{if } \Vpruf[\bage] \stackrel{?}{\neq} \Nil\\ -% \Nil & \text{otherwise} -% \end{cases}\\ -% % -% \Verify_{E,\HashF}(\bage, \Vcommitment, \attest) &:= \Ver_{E,\HashF}(\bage, \Vcommitment[\bage], \attest)\\ -% % -% \Derive_{E, \FDHg{\cdot}}(\Vcommitment, \Vpruf, \omega) &:= -% \Big\langle(\beta * q_1,\ldots,\beta * q_\Age), -% (\beta p_1,\ldots,\beta p_\age,\Nil,\ldots,\Nil), \beta \Big\rangle \\ -% & \text{ with } \beta := \FDHg{\omega} \text{ and multiplication } \beta p_i \text{ modulo } g \nonumber\\ -% % -% \Compare_E(\Vcommitment, \Vcommitment', \beta) &:= -% \begin{cases} -% 1 & \text{if } (\beta * q_1, \ldots , \beta * q_\Age) \stackrel{?}{=} (q'_1,\ldots, q'_\Age)\\ -% 0 & \text{otherwise} -% \end{cases} -% \end{align*} -% \end{frame} +\begin{frame}{Instantiation with ECDSA} + \framesubtitle{Full definitions} + \scriptsize + + \begin{align*} + \Commit_{E,\FDHg{\cdot}}(\age, \omega) &:= \Big\langle + \overbrace{(q_1,\ldots,q_\Age)}^{= \Vcommitment},\; + \overbrace{(p_1,\ldots,p_\age, \Nil,\ldots,\Nil)}^{= \Vpruf \text{, length }\Age} + \Big\rangle\\ + \Attest_{E,\HashF}(\bage, \Vcommitment, \Vpruf) &:= + \begin{cases} + \attest_\bage := \Sign_{E,\HashF}\big(\bage,\Vpruf[\bage]\big) & \text{if } \Vpruf[\bage] \stackrel{?}{\neq} \Nil\\ + \Nil & \text{otherwise} + \end{cases}\\ + % + \Verify_{E,\HashF}(\bage, \Vcommitment, \attest) &:= \Ver_{E,\HashF}(\bage, \Vcommitment[\bage], \attest)\\ + % + \Derive_{E, \FDHg{\cdot}}(\Vcommitment, \Vpruf, \omega) &:= + \Big\langle(\beta * q_1,\ldots,\beta * q_\Age), + (\beta p_1,\ldots,\beta p_\age,\Nil,\ldots,\Nil), \beta \Big\rangle \\ + & \text{ with } \beta := \FDHg{\omega} \text{ and multiplication } \beta p_i \text{ modulo } g \nonumber\\ + % + \Compare_E(\Vcommitment, \Vcommitment', \beta) &:= + \begin{cases} + 1 & \text{if } (\beta * q_1, \ldots , \beta * q_\Age) \stackrel{?}{=} (q'_1,\ldots, q'_\Age)\\ + 0 & \text{otherwise} + \end{cases} + \end{align*} +\end{frame} \begin{frame}{Reminder: GNU Taler Fundamentals} @@ -2306,6 +2987,20 @@ Searching for functions \uncover<2->{with the following signatures} \end{frame} +\begin{frame}{Age Restrictions based on KYC} + Subsidiarity requires bank accounts being owned by adults. + \begin{itemize} + \item Scheme can be adapted to case where minors have bank accounts + \begin{itemize} + \item Assumption: banks provide minimum age + information during bank + transactions. + \item Child and Exchange execute a variant of + the cut\&choose protocol. + \end{itemize} + \end{itemize} +\end{frame} + \begin{frame}{Discussion} \begin{itemize} \item Our solution can in principle be used with any token-based payment scheme @@ -2361,283 +3056,18 @@ Searching for functions \uncover<2->{with the following signatures} \end{frame} -\section{Software architecture} +\section{Software development \& deployment} \begin{frame} \vfill \begin{center} - {\bf Software architecture} + {\bf Software development \& deployment} \end{center} \vfill \end{frame} -\begin{frame}{The Taler Software Ecosystem} - \framesubtitle{\url{https://taler.net/en/docs.html}} - Taler is based on modular components that work together to provide a - complete payment system: - \vfill - \begin{itemize} - \item {\bf Exchange:} Service provider for digital cash - \begin{itemize} - \item Core exchange software (cryptography, database) - \item Air-gapped key management, real-time {\bf auditing} - \item LibEuFin: Modular integration with banking systems - \end{itemize} - \item {\bf Merchant:} Integration service for existing businesses - \begin{itemize} - \item Core merchant backend software (cryptography, database) - \item Back-office interface for staff - \item Frontend integration (E-commerce, Point-of-sale) - \end{itemize} - \item {\bf Wallet:} Consumer-controlled applications for e-cash - \begin{itemize} - \item Multi-platform wallet software (for browsers \& mobile phones) - \item Wallet backup storage providers - \item {\bf Anastasis}: Recovery of lost wallets based on secret splitting - \end{itemize} - \end{itemize} -\end{frame} - - -\begin{frame}{Taler Exchange} - The {\bf Exchange} is the core logic of the payment system. - - \begin{itemize} - \item One exchange at minimum must be operated per currency - \item Offers a REST API for merchants and customers - \item Uses several helper processes for configuration and to - interact with RTGS and cryptography - \item KYC support via OAuth 2.0, KycAID or Persona APIs - \item AML staff can analyze transactions and freeze income - \item Implemented in C on top of GNU libmicrohttpd - \end{itemize} -\end{frame} - - -\begin{frame}{Taler Merchant} - The {\bf Merchant} is the software run by merchants to accept\\ - GNU Taler payments. - - \begin{minipage}{6cm} - \begin{itemize} - \item REST API for integration with e-commerce - \item SPA provides Web interface for administration - \item Features include: - \begin{itemize} - \item Multi-tenant support - \item Refunds - \item Rewards (Website pays visitor) - \item Templates (static QR codes with payment request) - \item Webhooks - \item Inventory management - \end{itemize} - \item Implemented in C on top of GNU libmicrohttpd - \end{itemize} - \end{minipage} - \begin{minipage}{5cm} - \includegraphics[width=5cm]{screenshots/merchant-spa-settings} - \end{minipage} -\end{frame} - - -\begin{frame}{Taler Wallet} - The {\bf Wallet} is the software run by consumers to store - their digital cash and authorize transactions. - - \begin{minipage}{8cm} - \begin{itemize} - \item {\bf wallet-core} is the logic shared by all interfaces - \item Applications exist for Android, F-Droid, iOS, - WebExtension (Chrome, Chromium, Firefox, etc.) - \item Features include: - \begin{itemize} - \item Multi-currency support - \item Wallet-to-wallet payments (NFC or QR code) - \item CRDT-like data model - \end{itemize} - \item {\bf wallet-core} implemented in TypeScript - \end{itemize} - Can be integrated into other Apps if desired. - \end{minipage} - \begin{minipage}{3cm} - \includegraphics[width=3cm]{screenshots/Screenshot_20230225-103520.png} - \end{minipage} -\end{frame} - - -\begin{frame}{Taler Auditor} - The {\bf Auditor} is the software run by an independent auditor - to validate the operation of an Exchange. - - \begin{itemize} - \item REST API for additional report inputs by merchants (optional) - \item Secure database replication logic - \item Implemented in C on top of GNU libmicrohttpd - \end{itemize} -\end{frame} - - -\begin{frame}{Pretix Taler payment plugin} -\begin{center} -\includegraphics[width=0.5\textwidth]{screenshots/pretix.png} -\end{center} - - Pretix is a ticket sales system. - - \begin{itemize} - \item Pretix payment plugin enables payments via GNU Taler - \item Developed by Pretix.eu for \EUR{3,000} on behalf of Taler Systems SA - \end{itemize} -\end{frame} - - -\begin{frame}{WooCommerce Taler payment plugin} -\begin{minipage}{6cm} - \begin{itemize} - \item WooCommerce is an e-commerce plugin for WordPress. - \item WooCommerce payment plugin enables payments via GNU Taler - \item Features include: - \begin{itemize} - \item Trivial configuration - \item Support for refunds - \item Full internationalization - \end{itemize} - \item WooCommerce and its plugins are implemented in PHP - \end{itemize} -\end{minipage} -\begin{minipage}{5cm} - \includegraphics[width=4cm]{screenshots/woocommerce-cart.png} - \includegraphics[width=4cm]{screenshots/woocommerce-settings.png} - \end{minipage} -\end{frame} - - -\begin{frame}{Joomla! Taler payment plugin} -\begin{minipage}{6cm} - \begin{itemize} - \item Joomla! is an e-commerce platform - \item Joomla! payment plugin enables payments via GNU Taler - \item Features include: - \begin{itemize} - \item Trivial configuration - \item Support for refunds - \item Full internationalization - \end{itemize} - \item Joomla! and its plugins are implemented in PHP - \end{itemize} -\end{minipage} -% FIXME: add screenshots -%\begin{minipage}{5cm} -% \includegraphics[width=4cm]{screenshots/woocommerce-cart.png} -% \includegraphics[width=4cm]{screenshots/woocommerce-settings.png} -% \end{minipage} -\end{frame} - - -\begin{frame}{Point-of-Sale App for Android} - -\begin{minipage}{7cm} - \begin{itemize} - \item Allows merchant to generate orders against Taler backend - and display QR code to enable customer to pay in person - \item Patterned after ViewTouch restaurant UI - \item Features include: - \begin{itemize} - \item Internet-based configuration - \item Products sorted by categories - \item Easy undo of every operation - \item Manages multiple concurrent orders - \end{itemize} - \item The Point-of-Sale App is implemented in Kotlin - \end{itemize} -\end{minipage} -\begin{minipage}{4cm} - \includegraphics[width=4cm]{screenshots/Screenshot_20230224-194112.jpg} - \includegraphics[width=4cm]{screenshots/Screenshot_20230224-194119.jpg} - \includegraphics[width=4cm]{screenshots/Screenshot_20230224-195348.jpg} -\end{minipage} -\end{frame} - - -\begin{frame}{Cashier App for Android} -\begin{minipage}{4cm} - \begin{itemize} - \item Enables BFH staff to convert cash to e-cash - \item Staff has special bank accounts with limited funds - \item Students can pay staff in cash to receive e-cash - \item The Cashier App is implemented in Kotlin - \end{itemize} - \end{minipage} - \begin{minipage}{3cm} - \includegraphics[width=3cm]{screenshots/Screenshot_20230225-103315.png} - \end{minipage} - \begin{minipage}{3cm} - \includegraphics[width=3cm]{screenshots/Screenshot_20230225-103325.png} - \end{minipage} -\end{frame} - - -\begin{frame}{LibEuFin} - LibEuFin is a standalone project that provides adapters to bank account - access APIs. - - \begin{itemize} - \item LibEuFin provides both a generic access layer and an - implementation of the Wire Gateway for the exchange - \item Supports EBICS 2.5 and 3.0 - \item other APIs such as FinTS or PSD2-style XS2A APIs can be added - without requiring changes to the Exchange - \item tested with German bank GLS business account and real Euros - \end{itemize} - \vfill - \begin{itemize} - \item \texttt{libeufin-nexus} is the main service - \item \texttt{libeufin-bank} implements a bank - (suitable for regional currencies) - \item \texttt{libeufin-sandbox} implements a toy EBICS host for protocol - testing - \end{itemize} -\end{frame} - - -\begin{frame}{Depolymerization} - Depolymerization is a bridge between GNU Taler and blockchains, - making Taler a layer 2 system for crypto-currencies (like Lightning). - - \begin{itemize} - \item Currently implemented for Bitcoin and Ethereum - crypto-currencies, with the DLTs as the ``RTGS'' - \item Provides same API to Exchange as LibEuFin -% \item Transaction rate and speed limited by the underlying blockchain - \item Implemented in Rust - \end{itemize} - \begin{center} - \url{https://bitcoin.ice.bfh.ch/} - \end{center} -\end{frame} - - -\begin{frame}{TalDir (WiP)} - TalDir is an extension to the existing - peer-to-peer payment functionality. - - \begin{itemize} - \item Registry to associate wallets with network addresses - \item Extensible to different types of network services: - \begin{itemize} - \item E-mail - \item SMS - \item Twitter - \item ... - \end{itemize} - \item Send payments or invoices to wallets associated with network address - \item Will {\bf not} require sending wallet to use same network service - \end{itemize} -\end{frame} - - -\begin{frame}<1-| handout:0>{Development Infrastructure} +\begin{frame}{Development Infrastructure} \begin{itemize} \item Borg: incremental backup \item Buildbot: CI/CD ({\url https://buildbot.taler.net/}) @@ -2653,7 +3083,7 @@ Searching for functions \uncover<2->{with the following signatures} \end{frame} -\begin{frame}<1-| handout:0>{Development Tools} +\begin{frame}{Development Tools} \begin{itemize} \item Coverity: static analysis (C/C++) ({\url https://scan.coverity.com/}) \item GNU recutils: constant registration ({\url https://gana.gnunet.org/}) @@ -2664,7 +3094,7 @@ Searching for functions \uncover<2->{with the following signatures} \end{frame} -\begin{frame}<1-| handout:0>{Cryptographic dependencies} +\begin{frame}{Cryptographic dependencies} \begin{itemize} \item libargon2 \item libgcrypt @@ -2673,7 +3103,7 @@ Searching for functions \uncover<2->{with the following signatures} \end{frame} -\begin{frame}<1-| handout:0>{Additional dependencies} +\begin{frame}{Additional dependencies} \begin{itemize} \item libsqlite3 \item libpq / Postgres @@ -2686,183 +3116,15 @@ Searching for functions \uncover<2->{with the following signatures} \end{frame} - -\section{Bank integration and exchange administration} - -\begin{frame} - \vfill - \begin{center} - {\bf Bank integration and exchange administration} - \end{center} - \vfill -\end{frame} - - -\begin{frame}[fragile]{RFC 8905: \texttt{payto:} Uniform Identifiers for Payments and Accounts} - \vfill - Like \texttt{mailto:}, but for bank accounts instead of email accounts! - \vfill - \begin{verbatim} - payto://<PAYMENT-METHOD>/<ACCOUNT-NR> - ?subject=InvoiceNr42 - &amount=EUR:12.50 - \end{verbatim} - \vfill - Default action: Open app to review and confirm payment. - \vfill -\includegraphics[width=0.25\textwidth]{einzahlschein-ch.jpeg} -\hfill -\includegraphics[width=0.2\textwidth]{de-ueberweisungsformular.png} - \vfill -\end{frame} - - -\begin{frame}[fragile]{Benefits of {\tt payto://}} - \begin{itemize} - \item Standardized way to represent financial resources (bank account, bitcoin wallet) - and payments to them - \item Useful on the client-side on the Web and for FinTech backend applications - \item Payment methods (such as IBAN, ACH, Bitcoin) are registered with - IANA and allow extra options - \end{itemize} - \begin{center} - {\bf Taler wallet can generate payto://-URI for withdraw!} - \end{center} -\end{frame} - - -\begin{frame}[fragile]{Taler: Bank Perspective} -\begin{adjustbox}{max totalsize={.9\textwidth}{.7\textheight},center} -\begin{tikzpicture} - \tikzstyle{def} = [node distance= 5em and 6.5em, inner sep=1em, outer sep=.3em]; - \node (origin) at (0,0) {}; - \node (exchange) [def,above=of origin,draw]{Exchange}; - \node (nexus) [def, draw, below right=of exchange] {Nexus}; - \node (corebanking) [def, draw, below left=of nexus] {Core Banking}; - \node (nginx) [def, draw, above=of exchange]{Nginx}; - \node (postgres) [def, draw, below left=of exchange]{Postgres}; - \node (postgres-nexus) [def, draw, below right=of nexus]{Postgres}; - - \tikzstyle{C} = [color=black, line width=1pt] - - \draw [<-, C] (exchange) -- (nginx) node [midway, above, sloped] (TextNode) {REST API}; - \draw [<-, C] (postgres) -- (exchange) node [midway, above, sloped] (TextNode) {SQL}; - \draw [<-, C] (postgres-nexus) -- (nexus) node [midway, above, sloped] (TextNode) {SQL}; - \draw [<-, C] (nexus) -- (exchange) node [midway, above, sloped] (TextNode) {Internal REST API}; - \draw [<-, C] (corebanking) -- (nexus) node [midway, above, sloped] (TextNode) {EBICS/FinTS}; - -\end{tikzpicture} -\end{adjustbox} -\end{frame} - - -\begin{frame}{Taler: Exchange Architecture} -\begin{center} -\begin{tikzpicture} - \tikzstyle{def} = [node distance=2em and 2.5em, inner sep=1em, outer sep=.3em]; - \node (origin) at (0,0) {}; - \node (httpd) [def,above=of origin,draw]{httpd}; - \node (secmod-rsa) [def, draw, right=of httpd] {secmod-rsa}; - \node (secmod-eddsa) [def, draw, left=of httpd] {secmod-eddsa}; - \node (postgres) [def, draw, below=of httpd]{Postgres}; - \node (aggregator) [def, draw, right=of postgres]{aggregator}; - \node (transfer) [def, draw, below left=of postgres]{transfer}; - \node (wirewatch) [def, draw, below right=of postgres]{wirewatch}; - \node (nexus) [def, draw, below=of postgres]{Nexus}; - - \tikzstyle{C} = [color=black, line width=1pt] - - \draw [<->, C] (httpd) -- (postgres) node [midway, above, sloped] (TextNode) {}; - \draw [<->, C] (httpd) -- (secmod-rsa) node [midway, above, sloped] (TextNode) {}; - \draw [<->, C] (httpd) -- (secmod-eddsa) node [midway, above, sloped] (TextNode) {}; - \draw [<->, C] (aggregator) -- (postgres) node [midway, above, sloped] (TextNode) {}; - \draw [<->, C] (wirewatch) -- (postgres) node [midway, above, sloped] (TextNode) {}; - \draw [<->, C] (transfer) -- (postgres) node [midway, above, sloped] (TextNode) {}; - \draw [->, C] (transfer) -- (nexus) node [midway, above, sloped] (TextNode) {}; - \draw [<-, C] (wirewatch) -- (nexus) node [midway, above, sloped] (TextNode) {}; -\end{tikzpicture} -\end{center} -\end{frame} - - -\begin{frame} -\frametitle{Taler: Auditor Perspective} -\begin{center} -\begin{tikzpicture} - \tikzstyle{def} = [node distance=2em and 2.5em, inner sep=1em, outer sep=.3em]; - \node (origin) at (0,0) {}; - \node (httpd) [def,above left=of origin,draw]{auditor-httpd}; - \node (report) [def,above right=of origin,draw]{auditor-report}; - \node (postgres-A) [def, draw, below=of origin] {Postgres (Auditor)}; - \node (postgres-E) [def, draw, below=of postgres-A] {Postgres (Bank)}; - - \tikzstyle{C} = [color=black, line width=1pt] - - \draw [->, C] (postgres-E) -- (postgres-A) node [midway, above, sloped] (TextNode) {sync}; - \draw [<->, C] (httpd) -- (postgres-A) node [midway, above, sloped] (TextNode) {}; - \draw [<->, C] (report) -- (postgres-A) node [midway, above, sloped] (TextNode) {}; -\end{tikzpicture} -\end{center} -\end{frame} - - -\begin{frame} -\frametitle{Taler: Merchant Perspective} -\begin{center} -\begin{tikzpicture} - \tikzstyle{def} = [node distance= 3.5em and 2em, inner sep=1em, outer sep=.3em]; - \node (origin) at (0,0) {}; - \node (backend) [def,above=of origin,draw]{{\tiny taler-merchant-httpd}}; - \node (frontend) [def,above left=of backend,draw]{{\tiny E-commerce Frontend}}; - \node (backoffice) [def,above right=of backend,draw]{Backoffice}; - \node (postgres) [def, draw, below left=of backend] {Postgres}; - \node (sqlite) [def, draw, below=of backend] {Sqlite}; - \node (alt) [def, draw, below right=of backend] {...}; - - \tikzstyle{C} = [color=black, line width=1pt] - - \draw [->, C] (frontend) -- (backend) node [midway, above, sloped] (TextNode) {REST API}; - \draw [->, C] (backoffice) -- (backend) node [midway, above, sloped] (TextNode) {REST API}; - \draw [<->, C] (backend) -- (postgres) node [midway, above, sloped] (TextNode) {SQL}; - \draw [<->, C] (backend) -- (sqlite) node [midway, above, sloped] (TextNode) {SQL}; - \draw [<->, C] (backend) -- (alt) node [midway, above, sloped] (TextNode) {SQL}; -\end{tikzpicture} -\end{center} -\end{frame} - - -\begin{frame} -\frametitle{Taler: Wallet Architecture} - \framesubtitle{Background: \url{https://anastasis.lu/}} -\begin{center} -\begin{tikzpicture} - \tikzstyle{def} = [node distance= 5em and 4.5em, inner sep=1em, outer sep=.3em]; - \node (origin) at (0,0) {}; - \node (gui) [def,above=of origin,draw]{wallet-gui}; - \node (core) [def,below=of gui,draw]{wallet-core}; - \node (sync) [def, draw, below left=of core] {Sync}; - \node (taler) [def, draw, below right=of core] {Taler}; - \node (anastasis) [def, draw, below=of core] {Anastasis}; - - \tikzstyle{C} = [color=black, line width=1pt] - \draw [<->, C] (gui) -- (core) node [midway, above, sloped] (TextNode) {}; - \draw [<->, C] (core) -- (sync) node [midway, above, sloped] (TextNode) {Backup}; - \draw [<->, C] (core) -- (taler) node [midway, above, sloped] (TextNode) {Payment}; - \draw [<->, C] (core) -- (anastasis) node [midway, above, sloped] (TextNode) {Key Escrow}; -\end{tikzpicture} -\end{center} -\end{frame} - - \begin{frame} \frametitle{High-level Deployment Recipe} \dots as a bank \begin{enumerate} \item Create an escrow bank account for the exchange with EBICS access - \item Provision offline signing machine (or account during testing) - \item Provision two PostgreSQL databases (for LibEuFin Nexus and exchange) + \item Provision offline signing machine + \item Provision two PostgreSQL databases (for libeufin-nexus and exchange) \item Provision user-facing exchange service and secmod processes - \item Provision LibEuFin Nexus (connected to escrow account and providing + \item Provision libeufin-nexus (connected to escrow account and providing an internal API to the exchange) \item Test using the ``taler-wallet-cli`` \end{enumerate} @@ -2870,7 +3132,7 @@ Searching for functions \uncover<2->{with the following signatures} \begin{frame}{Exchange escrow account access} -The Taler exchange needs to communicate with the core banking system \dots +The Taler exchange needs to communicate with a core banking system \dots \begin{itemize} \item to query for transactions into the exchange's escrow account \item to initiate payments of aggregated Taler deposits to merchants @@ -2881,47 +3143,18 @@ for Taler-specific access to the Exchange's escrow account. Multiple implementa of the Taler Wire Gateway exist: \begin{itemize} - \item a self-contained play money demo bank - \item LibEuFin, an adapter to EBICS and other protocols + \item libeufin-bank, a self-contained play money demo bank + \item libeufin-nexus, an adapter to EBICS and other protocols + \item Depolymerizer, an adapter to blockchains \end{itemize} - \end{frame} -\begin{frame}{LibEuFin} - LibEuFin is a standalone project that provides adapters to bank account - access APIs. - \begin{itemize} - \item LibEuFin provides both a generic access layer and an - implementation of the Taler Wire Gateway API for the exchange - \item supports EBICS 2.5 and 3.0 - \item other APIs such as FinTS or PSD2-style XS2A APIs can be added - without requiring changes to the Exchange - \item tested with GLS Bank and Postfinance bank accounts - \end{itemize} -\end{frame} - -\begin{frame}{LibEuFin Concepts} - \begin{itemize} - \item A LibEuFin \emph{bank connection} is a set of credentials and parameters - to talk to the bank's account access API. - \item A LibEuFin \emph{bank account} is the information about a bank - account (balances, transactions, payment initiations) stored locally - within the LibEuFin service. A LibEuFin bank account has a default Bank - Connection that is used to communicate with the bank's API. - \item A \emph{facade} provides a domain-specific access layer to bank accounts - and connections. The \emph{Taler Wire Gateway Facade} implements the - API required by the Taler exchange and translates it to operations on the - underlying account/connection. - \end{itemize} -\end{frame} - - -\begin{frame}{LibEuFin Setup Overview} +\begin{frame}{libeufin-nexus setup overview} \framesubtitle{\url{https://docs.taler.net/libeufin/}} \begin{itemize} \item Obtain EBICS subscriber configuration (host URL, host ID, user ID, - partner ID) for the Exchange's escrow account + partner ID) for the bank account \item Create and back up the key material for the bank connection (contains EBICS subscriber configuration and private keys) \item Export key letter and activate subscriber in the EBICS host (physical mail) @@ -2931,10 +3164,10 @@ of the Taler Wire Gateway exist: \end{frame} -\begin{frame}{LibEuFin EBICS Limitations} +\begin{frame}{libeufin-nexus limitations at GLS Bank} The GLS accounts with EBICS access that we have access to have some limitations: \begin{itemize} - \item SEPA Instant Credit Transfers aren't supported yet + \item SEPA instant credit transfers are not supported yet (by the bank) \item Erroneous payment initiations are accepted by the GLS EBICS host, but an error message is later sent only by paper mail (and not reported by the CRZ download request) @@ -2944,175 +3177,6 @@ of the Taler Wire Gateway exist: -\begin{frame}{Key management} -Taler has many types of keys: -\begin{itemize} -\item Coin keys -\item Denomination keys -\item Online message signing keys -\item Offline key signing keys -\item Merchant keys -\item Auditor key -\item Security module keys -\item Transfer keys -\item Wallet keys -\item {\em TLS keys, DNSSEC keys} -\end{itemize} -\end{frame} - - -\begin{frame}{Offline keys} -Both exchange and auditor use offline keys. -\begin{itemize} -\item Those keys must be backed up and remain highly confidential! -\item We recommend that computers that have ever had access to those - keys to NEVER again go online. -\item We recommend using a Raspberry Pi for offline key operations. - Store it in a safe under multiple locks and keys. -\item Apply full-disk encryption on offline-key signing systems. -\item Have 3--5 full-disk backups of offline-key signing systems. -\end{itemize} -\begin{center} -\includegraphics[scale=0.1]{pi.png} -\end{center} -\end{frame} - - -\begin{frame}{Online keys} -The exchange needs RSA and EdDSA keys to be available for online signing. -\begin{itemize} -\item Knowledge of these private keys will allow an adversary to - mint digital cash, possibly resulting in huge financial losses - (eventually, this will be detected by the auditor, but only - after some financial losses have been irrevocably incurred). -\item The corresponding public keys are certified using - Taler's public key infrastructure (which uses offline-only keys). -\end{itemize} -\begin{center} -\includegraphics[width=0.5\textwidth]{taler-diagram-signatures.png} -\end{center} -\vfill -{\tt taler-exchange-offline} can also be used to {\bf revoke} the -online signing keys, if we find they have been compromised. -\vfill -\end{frame} - - -\begin{frame}{Protecting online keys} -The exchange needs RSA and EdDSA keys to be available for online signing. -\begin{itemize} -\item {\tt taler-exchange-secmod-rsa} and {\tt taler-exchange-secmod-eddsa} - are the only processes that must have access to the private keys. -\item The secmod processes should run under a different UID, but share - the same GID with the exchange. -\item The secmods generate the keys, allow {\tt taler-exchange-httpd} to sign with - them, and eventually delete the private keys. -\item Communication between secmods and {\tt taler-exchange-httpd} is via - a UNIX domain socket. -\item Online private keys are stored on disk (not in database!) and should - NOT be backed up (RAID should suffice). If disk is lost, we can always - create fresh replacement keys! -\end{itemize} -\end{frame} - - -\begin{frame}{Database} -The exchange needs the database to detect double spending. -\begin{itemize} -\item Loss of the database will allow technically skilled people - to double-spend their digital cash, possibly resulting in - significant financial losses. -\item The database contains total amounts customers withdrew and - merchants received, so sensitive private banking data. It - must also not become public. -\item The auditor must have a (current) copy. Asynchronous replication - is considered sufficient. This copy could also be used as an - additional (off-site?) backup. -\end{itemize} -\end{frame} - - -\begin{frame}{taler-exchange-wirewatch} -{\tt taler-exchange-wirewatch} needs credentials to access data about -incoming wire transfers from the Nexus. -\begin{itemize} -\item This tool should run as a separate UID and GID (from - {\tt taler-exchange-httpd}). -\item It must have access to the Postgres database (SELECT + INSERT). -\item Its configuration file contains the credentials to talk to Nexus. -\item[$\Rightarrow$] Configuration should be separate from {\tt taler-exchange-httpd}. -\end{itemize} -\end{frame} - - -\begin{frame}{taler-exchange-transfer} -Only {\tt taler-exchange-transfer} needs credentials to initiate wire -transfers using the Nexus. -\begin{itemize} -\item This tool should run as a separate UID and GID (from - {\tt taler-exchange-httpd}). -\item It must have access to the Postgres database (SELECT + INSERT). -\item Its configuration file contains the credentials to talk to Nexus. -\item[$\Rightarrow$] Configuration should be separate from {\tt taler-exchange-httpd}. -\end{itemize} -\end{frame} - - -\begin{frame}{Nexus} -The Nexus has to be able to interact with the escrow account of the bank. -\begin{itemize} -\item It must have the private keys to sign EBICS/FinTS messages. -\item It also has its own local database. -\item The Nexus user and database should be kept separate from - the other exchange users and the Taler exchange database. -\end{itemize} -\end{frame} - - -\begin{frame}{Hardware} -General notions: -\begin{itemize} -\item Platforms with disabled Intel ME \& disabled remote administration are safer. -\item VMs are not a security mechanism. Side-channel attacks abound. Avoid running any - Taler component in a virtual machine ``for security''. -\end{itemize} -\end{frame} - - -\begin{frame}{Operating system} -General notions: -\begin{itemize} -\item It should be safe to run the different Taler components (including Nginx, Nexus - and Postgres) all on the same physical hardware (under different UIDs/GIDs). - We would separate them onto different physical machines during scale-out, but not - necessarily for ``basic'' security. -\item Limiting and auditing system administrator access will be crucial. -\item We recommend to {\bf not} use any anti-virus. -\item We recommend using a well-supported GNU/Linux operating system (such as - Debian or Ubuntu). -\end{itemize} -\end{frame} - - -\begin{frame}{Network} -\begin{itemize} -\item We recommend to {\bf not} use any host-based firewall. - Taler components can use UNIX domain sockets (or bind to localhost). -\item A network-based - firewall is not required, but as long as TCP 80/443 are open Taler should - work fine. -\item Any firewall must be configured to permit connection to Auditor - for database synchronization. -\item We recommend running the Taler exchange behind an Nginx or Apache - proxy for TLS termination. -\item We recommend using static IP address configurations (IPv4 and IPv6). -\item We recommend using DNSSEC with DANE in addition to TLS certificates. -\item We recommend auditing the TLS setup using \url{https://observatory.mozilla.org}. -\end{itemize} -\end{frame} - - - \section{Performance} \begin{frame} @@ -3133,8 +3197,8 @@ General notions: \only<2->{4 TPS}\\ \visible<3->{ \vspace{2em} - \includegraphics[width=0.2\linewidth]{performance}\hspace{1em} - \includegraphics[width=0.2\linewidth]{mining} + \includegraphics[width=0.2\linewidth]{performance.pdf}\hspace{1em} + \includegraphics[width=0.2\linewidth]{mining.pdf} } \end{minipage} \begin{minipage}{0.32\textwidth} @@ -3142,7 +3206,7 @@ General notions: \visible<4->{PayPal\\\vspace{1em}193 TPS}\\ \visible<5->{ \vspace{2em} - \includegraphics[width=0.2\linewidth]{privacy} + \includegraphics[width=0.2\linewidth]{privacy.pdf} } \end{minipage} \begin{minipage}{0.32\textwidth} @@ -3150,7 +3214,7 @@ General notions: \visible<6->{Visa\\\vspace{1em}1'667 TPS}\\ \visible<7->{ \vspace{2em} - \includegraphics[width=0.2\textwidth]{privacy} + \includegraphics[width=0.2\textwidth]{privacy.pdf} } \end{minipage} \let\thefootnote\relax\footnote{ @@ -3167,8 +3231,8 @@ General notions: \visible<1->{e-Krona (Sweden)\\\vspace{1em}100 TPS}\\ \visible<2->{ \vspace{2em} - \includegraphics[width=0.2\linewidth]{performance}\hspace{1em} - \includegraphics[width=0.2\linewidth]{privacy} + \includegraphics[width=0.2\linewidth]{performance.pdf}\hspace{1em} + \includegraphics[width=0.2\linewidth]{privacy.pdf} } \end{minipage} \begin{minipage}{0.32\textwidth} @@ -3176,7 +3240,7 @@ General notions: \visible<3->{e-CNY (China)\\\vspace{1em}10'000 TPS}\\ \visible<4->{ \vspace{2em} - \includegraphics[width=0.2\linewidth]{privacy} + \includegraphics[width=0.2\linewidth]{privacy.pdf} } \end{minipage} \begin{minipage}{0.32\textwidth} @@ -3184,8 +3248,8 @@ General notions: \visible<5->{Project Hamilton (MIT)\\\vspace{1em}1'700'000 TPS}\\ \visible<6->{ \vspace{2em} - \includegraphics[width=0.2\textwidth]{privacy}\hspace{1em} - \includegraphics[width=0.2\textwidth]{applicable} + \includegraphics[width=0.2\textwidth]{privacy.pdf}\hspace{1em} + \includegraphics[width=0.2\textwidth]{applicable.pdf} } \end{minipage} \let\thefootnote\relax\footnote{ @@ -3217,7 +3281,7 @@ General notions: \vfill \null \columnbreak \begin{center} - \includegraphics[width=0.5\linewidth]{g5k.png}\\ + \includegraphics[width=0.5\linewidth]{g5k.pdf}\\ \vspace{2em} \includegraphics[width=0.9\linewidth]{g5k-map.jpg} \end{center} @@ -3282,22 +3346,6 @@ General notions: \end{frame} -\begin{frame}{A Bachelor's Thesis Video} - \begin{center} - \movie[%scale=0.6, - autostart, - poster] - { - \includegraphics[height=0.6\textwidth,width=0.8\textwidth]{white.png} - } - {cs-movie.mp4} - \end{center} -\end{frame} - - - - - \section{Blockchain integration: Project Depolymerization} \begin{frame} @@ -3835,15 +3883,14 @@ Future work: \begin{frame}{Active collaborations} \begin{description} - \item {\bf Freie Universit\"at Berlin:} \\ Programmability - \item {\bf Technical University Dresden:} \\ embedded systems + \item {\bf Freie Universit\"at Berlin:} \\ Programmability \& embedded systems \item {\bf The GNU Project}: \\ Integration into FLOSS software - \item {\bf Anastasis SARL}: \\ Distributed key escrow for backups \item {\bf Fraunhofer Gesellschaft}: \\ Identity management \& SSI \& wallet-to-wallet communication -% \item {\bf Fiscaltrust GmbH}: \\ Point-of-sale integration ({\bf new}) + \item {\bf NGI TALER}: \\ 11 partners deploying GNU Taler across Europe \end{description} \end{frame} + \begin{frame}{NGI TALER PILOT} \framesubtitle{\url{https://taler.net/en/consortium.html}} @@ -3871,6 +3918,18 @@ Future work: \end{frame} +\begin{frame}{Launch Timeline} + \begin{description} + \item[Q2'2022] Internal deployment at BFH + \item[Q1'2023] Deployment using Bitcoin at BFH (running, but not announced) + \item[Q2'2024] Deployment of local currency Netzbon in Basel + \item[Q3'2024] Public deployment of eCHF stablecoin in Switzerland, cleared by FINMA + \item[Q1'2025] GLS bank launches in Eurozone + \item[Q3'2025] Magnet bank launches in Hungary + \end{description} +\end{frame} + + \begin{frame}{Other ongoing developments} \begin{itemize} \item Privacy-preserving auctions (trading, currency exchange) ({\tt oezguer@taler.net}) diff --git a/presentations/comprehensive/mining.pdf b/presentations/comprehensive/mining.pdf Binary files differnew file mode 100644 index 0000000..4a98e15 --- /dev/null +++ b/presentations/comprehensive/mining.pdf diff --git a/presentations/comprehensive/paymentTwint-screen.png b/presentations/comprehensive/paymentTwint-screen.png Binary files differnew file mode 100644 index 0000000..c540841 --- /dev/null +++ b/presentations/comprehensive/paymentTwint-screen.png diff --git a/presentations/comprehensive/paymentTwint-screen.xcf b/presentations/comprehensive/paymentTwint-screen.xcf Binary files differnew file mode 100644 index 0000000..11ba31e --- /dev/null +++ b/presentations/comprehensive/paymentTwint-screen.xcf diff --git a/presentations/comprehensive/paymentTwint-screen_25.png b/presentations/comprehensive/paymentTwint-screen_25.png Binary files differnew file mode 100644 index 0000000..bda99eb --- /dev/null +++ b/presentations/comprehensive/paymentTwint-screen_25.png diff --git a/presentations/comprehensive/paymentTwint-screen_50.png b/presentations/comprehensive/paymentTwint-screen_50.png Binary files differnew file mode 100644 index 0000000..3f1dcec --- /dev/null +++ b/presentations/comprehensive/paymentTwint-screen_50.png diff --git a/presentations/comprehensive/performance.pdf b/presentations/comprehensive/performance.pdf Binary files differnew file mode 100644 index 0000000..ee01881 --- /dev/null +++ b/presentations/comprehensive/performance.pdf diff --git a/presentations/comprehensive/privacy.pdf b/presentations/comprehensive/privacy.pdf Binary files differnew file mode 100644 index 0000000..2ac90b8 --- /dev/null +++ b/presentations/comprehensive/privacy.pdf diff --git a/presentations/comprehensive/shrine.jpg b/presentations/comprehensive/shrine.jpg Binary files differnew file mode 100644 index 0000000..77659dd --- /dev/null +++ b/presentations/comprehensive/shrine.jpg diff --git a/presentations/comprehensive/twint.mkv b/presentations/comprehensive/twint.mkv Binary files differnew file mode 100644 index 0000000..c7c0f70 --- /dev/null +++ b/presentations/comprehensive/twint.mkv |
