diff options
author | Christian Grothoff <christian@grothoff.org> | 2020-01-11 11:44:54 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2020-01-11 11:44:54 +0100 |
commit | 9e016129fbf0b541bbf773ba328727357ac1ea43 (patch) | |
tree | 6edc40dd85052ceba898ea19371c16703d2eba26 /presentations | |
parent | 54a794bd2f4bff2fd5237a3de4b3e74bfc6303bd (diff) | |
download | marketing-9e016129fbf0b541bbf773ba328727357ac1ea43.tar.gz marketing-9e016129fbf0b541bbf773ba328727357ac1ea43.tar.bz2 marketing-9e016129fbf0b541bbf773ba328727357ac1ea43.zip |
ghm
Diffstat (limited to 'presentations')
-rw-r--r-- | presentations/comprehensive/blog_nsa_swift.jpg | bin | 0 -> 66455 bytes | |||
-rw-r--r-- | presentations/comprehensive/gnu.tex | 1753 |
2 files changed, 1753 insertions, 0 deletions
diff --git a/presentations/comprehensive/blog_nsa_swift.jpg b/presentations/comprehensive/blog_nsa_swift.jpg Binary files differnew file mode 100644 index 0000000..68e57ab --- /dev/null +++ b/presentations/comprehensive/blog_nsa_swift.jpg diff --git a/presentations/comprehensive/gnu.tex b/presentations/comprehensive/gnu.tex new file mode 100644 index 0000000..bf73a6e --- /dev/null +++ b/presentations/comprehensive/gnu.tex @@ -0,0 +1,1753 @@ +\pdfminorversion=3 +\documentclass[fleqn,xcolor={usenames,dvipsnames}]{beamer} +\usepackage{amsmath} +\usepackage{multimedia} +\usepackage[utf8]{inputenc} +\usepackage{framed,color,ragged2e} +\usepackage[absolute,overlay]{textpos} +\definecolor{shadecolor}{rgb}{0.8,0.8,0.8} +\usetheme{boxes} +\setbeamertemplate{navigation symbols}{} +\usepackage{xcolor} +\usepackage{tikz,eurosym} +\usepackage[normalem]{ulem} +\usepackage{listings} + +% CSS +\lstdefinelanguage{CSS}{ + basicstyle=\ttfamily\scriptsize, + keywords={color,background-image:,margin,padding,font,weight,display,position,top,left,right,bottom,list,style,border,size,white,space,min,width, transition:, transform:, transition-property, transition-duration, transition-timing-function}, + sensitive=true, + morecomment=[l]{//}, + morecomment=[s]{/*}{*/}, + morestring=[b]', + morestring=[b]", + alsoletter={:}, + alsodigit={-} +} + +% JavaScript +\lstdefinelanguage{JavaScript}{ + basicstyle=\ttfamily\scriptsize, + morekeywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break}, + morecomment=[s]{/*}{*/}, + morecomment=[l]//, + morestring=[b]", + morestring=[b]' +} + +\lstdefinelanguage{HTML5}{ + basicstyle=\ttfamily\scriptsize, + language=html, + sensitive=true, + alsoletter={<>=-}, + morecomment=[s]{<!-}{-->}, + tag=[s], + otherkeywords={ + % General + >, + % Standard tags + <!DOCTYPE, + </html, <html, <head, <title, </title, <style, </style, <link, </head, <meta, />, + % body + </body, <body, + % Divs + </div, <div, </div>, + % Paragraphs + </p, <p, </p>, + % scripts + </script, <script, + % More tags... + <canvas, /canvas>, <svg, <rect, <animateTransform, </rect>, </svg>, <video, <source, <iframe, </iframe>, </video>, <image, </image> + }, + ndkeywords={ + % General + =, + % HTML attributes + charset=, src=, id=, width=, height=, style=, type=, rel=, href=, + % SVG attributes + fill=, attributeName=, begin=, dur=, from=, to=, poster=, controls=, x=, y=, repeatCount=, xlink:href=, + % CSS properties + margin:, padding:, background-image:, border:, top:, left:, position:, width:, height:, + % CSS3 properties + transform:, -moz-transform:, -webkit-transform:, + animation:, -webkit-animation:, + transition:, transition-duration:, transition-property:, transition-timing-function:, + } +} + +\lstdefinelanguage{JavaScript}{ + basicstyle=\ttfamily\scriptsize, + keywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break, for}, + keywordstyle=\color{blue}\bfseries, + ndkeywords={class, export, boolean, throw, implements, import, this}, + ndkeywordstyle=\color{darkgray}\bfseries, + identifierstyle=\color{black}, + sensitive=false, + comment=[l]{//}, + morecomment=[s]{/*}{*/}, + commentstyle=\color{purple}\ttfamily, + stringstyle=\color{red}\ttfamily, + morestring=[b]', + morestring=[b]" +} + +\usetikzlibrary{shapes,arrows} +\usetikzlibrary{positioning} +\usetikzlibrary{calc} + +\title{GNU Taler} +%\subtitle{} + +\setbeamertemplate{navigation symbols}{\includegraphics[width=1cm]{inria.pdf} \includegraphics[width=0.5cm]{gnu.png} \includegraphics[width=0.5cm]{ashoka.png}\hfill} +%\setbeamercovered{transparent=1} + +\author[C. Grothoff]{J. Burdges, F. Dold, {\bf C. Grothoff}, M. Stanisci} +\date{\today} +\institute{The GNU Project} + + +\begin{document} + +\justifying + +\begin{frame} + \begin{center} + \LARGE {\bf GNU} + + \vfill +% \includegraphics[width=0.66\textwidth]{logo-2017-fr.pdf} + \includegraphics[width=0.66\textwidth]{taler-logo-2018.pdf} + \end{center} +\begin{textblock*}{4cm}(.5cm,6.5cm) % {block width} (coords) + {\Large {\bf \url{taler.net}} \\ + IRC{\bf \#taler} \\ + {\small (on freenode)} \\ + twitter@taler \\ + mail@taler.net } +\end{textblock*} + +% Substitute based on who is giving the talk! + \begin{textblock*}{6cm}(6.7cm,7.7cm) % {block width} (coords) + {\hfill {\Large {\bf Florian Dold \&} \\ + \hfill {\bf Christian Grothoff}} \\ + \hfill \{dold,grothoff\}@taler.net } +\end{textblock*} + +\end{frame} + + +\begin{frame}{A Social Problem} +% \vfill + This was a question posed to RAND researchers in 1971: + +\begin{quote} + ``Suppose you were an advisor to the head of the KGB, the Soviet Secret Police. Suppose you are given the assignment of designing a system for the surveillance of all citizens and visitors within the boundaries of the USSR. The system is not to be too obtrusive or obvious. What would be your decision?'' +\end{quote} +%The result: an electronic funds transfer system that looks +%strikingly similar today's debit card system. +\pause + \begin{center} + \Large \textbf{Mastercard/Visa are too transparent.} + \end{center} +\vfill + \begin{center} +``I think one of the big things that we need to do, is we need +to get a way from true-name payments on the Internet. The credit +card payment system is one of the worst things that happened for the +user, in terms of being able to divorce their access from their +identity.'' \hfill --Edward Snowden, IETF 93 (2015) +\end{center} + +\end{frame} + + +\begin{frame}{Payment System Surveillance is Real} +\begin{center} +\includegraphics[width=\textwidth]{blog_nsa_swift.jpg} +\end{center} +\end{frame} + + +\begin{frame}{Credit Card Surveillance} + \begin{itemize} + \item When you pay by CC, the information includes your name + \item When you pay in person with CC, your location is also known + \item You often have no alternative payment methods available + \item You hardly ever can use someone else's CC + \item Anonymous prepaid cards are difficult to get and expensive + \item Payment information is typically stored for at least 6 years + \end{itemize} +\end{frame} + + +\section{The Bank's Problem} +\begin{frame}{The Bank's Problem} + + 3D secure (``verified by visa'') is a nightmare: + + \begin{minipage}{5cm} + \begin{itemize} + \item Complicated process + \item Shifts liability to consumer + \item Significant latency + \item Can refuse valid requests + \item Legal vendors excluded + \item No privacy for buyers + \end{itemize} + \end{minipage} + \begin{minipage}{5cm} + \includegraphics[width=\textwidth]{illustrations/cc3ds.pdf} + \end{minipage} + \vfill + Online credit card payments will be replaced, but with what? +\end{frame} + + +\begin{frame}{The Bank's Problem} +\vfill + \begin{textblock*}{12cm}(0.5cm,1cm) % {block width} (coords) + \begin{itemize} + \item Global tech companies push oligopolies + \item Privacy and federated finance are at risk +% \item 30\% fees are conceivable + \item Economic sovereingity is in danger + \end{itemize} +\end{textblock*} +\begin{textblock*}{4cm}(3.5cm,5.2cm) % {block width} (coords) + {\includegraphics[width=\textwidth]{../investors/competitor-logos/amazon.png}} +\end{textblock*} +\begin{textblock*}{2cm}(7cm,3cm) % {block width} (coords) + {\includegraphics[width=\textwidth]{../investors/competitor-logos/alipay.jpeg}} +\end{textblock*} +\begin{textblock*}{2cm}(3cm,3.5cm) % {block width} (coords) + {\includegraphics[width=\textwidth]{../investors/competitor-logos/paypal.jpeg}} +\end{textblock*} +\begin{textblock*}{2cm}(9cm,5cm) % {block width} (coords) + {\includegraphics[width=\textwidth]{../investors/competitor-logos/applepay.jpeg}} +\end{textblock*} +\begin{textblock*}{2cm}(7.5cm,5.9cm) % {block width} (coords) + {\includegraphics[width=\textwidth]{../investors/competitor-logos/samsungpay.jpeg}} +\end{textblock*} +\begin{textblock*}{1cm}(9.5cm,6.3cm) % {block width} (coords) + {\includegraphics[width=\textwidth]{../investors/competitor-logos/android_pay.png}} +\end{textblock*} +\vfill +\end{frame} + + +\begin{frame}{Predicting the Future} + \begin{itemize} + \item Google, Apple or Facebook's Libra will be your bank and run your payment system + \item They target advertising based on your purchase history, location and + your ability to pay + \item They will provide more usable, faster and broadly available + payment solutions; our federated banking system will be history +% just like SMTP is now Gmail. + \item After dominating the payment sector, they will start to charge fees + befitting their oligopoly size + \item Competitors and vendors not aligning with their corporate ``values'' + will be excluded by terms of service and go bankrupt + \item The imperium will have another major tool for its financial warfare + \end{itemize} +\end{frame} + + +\begin{frame}{The Distraction: Bitcoin} + +\begin{itemize} +\item Unregulated payment system and currency: +\item[] $\Rightarrow$ lack of regulation is a feature! +\item Implemented in free software +\item Decentralised peer-to-peer system \pause +\item Decentralised banking requires solving Byzantine consensus +\item Creative solution: tie initial accumulation to solving consensus \pause +\item[] $\Rightarrow$ Proof-of-work advances ledger +\item[] $\Rightarrow$ Very expensive banking +\end{itemize} +\end{frame} + + +\begin{frame} + \frametitle{\includegraphics[height=0.5cm]{pics/bitcoin.jpeg}?} + \centering +\noindent +\includegraphics[width=\textwidth]{pics/btc-transaction-cost.png} + +Current average transaction value: $\approx$ 1000 USD +\end{frame} + + +\begin{frame} + \frametitle{\includegraphics[height=0.5cm]{pics/zerocoin.png}?} + +Cryptography is rather primitive: +\begin{center} + {\bf All Bitcoin transactions are public and linkable!} +\end{center} + +\begin{itemize} +\item[] $\Rightarrow$ no privacy guarantees +\item[] $\Rightarrow$ enhanced with ``laundering'' services +\end{itemize} +ZeroCoin, CryptoNote (Monero) and ZeroCash (ZCash) offer anonymity. +\end{frame} + + + + +\begin{frame} + \vfill +\begin{center} +{\bf Do you want to have a libertarian economy?} +\end{center} + \vfill +\begin{center} +{\bf Do you want to live under total surveillance?} +\end{center} +\vfill +\end{frame} + + +\begin{frame}{GNU Taler} + \vfill + \begin{center} + {\huge {\bf Digital} cash, made \textbf{socially responsible}.} + \end{center} + \vfill + \begin{center} + \includegraphics[scale=1.5]{taler-logo-2018.pdf} + \end{center} + \vfill + \begin{center} + Privacy-Preserving, Practical, Taxable, Free Software, Efficient + \end{center} + \vfill + \vfill +\ % +\end{frame} + + +\section{What is Taler?} +\begin{frame}{What is Taler?} + \vfill + \begin{center} +Taler is an electronic instant payment system. + \end{center} + \begin{itemize} + \item Uses electronic coins stored in {\bf wallets} on customer's device + \item Like {\bf cash} + \item Pay in {\bf existing currencies} (i.e. EUR, USD, BTC), \\ + or use it to create new {\bf regional currencies} + \end{itemize} + \vfill +\end{frame} + + +\begin{frame}{Design goals for the GNU Taler Payment System} +GNU Taler must ... +\begin{enumerate} + \item {... be implemented as {\bf free software}.} + \item {... protect the {\bf privacy of buyers}.} + \item {... must enable the state to {\bf tax income} and crack down on + illegal business activities.} + \item {... prevent payment fraud.} + \item {... only {\bf disclose the minimal amount of information + necessary}.} + \item {... be usable.} + \item {... be efficient.} + \item {... avoid single points of failure.} + \item {... foster {\bf competition}.} +\end{enumerate} +\end{frame} + + +\begin{frame} +\frametitle{Taler Overview} +\begin{center} +\begin{tikzpicture} + \tikzstyle{def} = [node distance= 5em and 6.5em, inner sep=1em, outer sep=.3em]; + \node (origin) at (0,0) {}; + \node (exchange) [def,above=of origin,draw]{Exchange}; + \node (customer) [def, draw, below left=of origin] {Customer}; + \node (merchant) [def, draw, below right=of origin] {Merchant}; + \node (auditor) [def, draw, above right=of origin]{Auditor}; + + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (customer) -- (exchange) node [midway, above, sloped] (TextNode) {withdraw coins}; + \draw [<-, C] (exchange) -- (merchant) node [midway, above, sloped] (TextNode) {deposit coins}; + \draw [<-, C] (merchant) -- (customer) node [midway, above, sloped] (TextNode) {spend coins}; + \draw [<-, C] (exchange) -- (auditor) node [midway, above, sloped] (TextNode) {verify}; + +\end{tikzpicture} +\end{center} +\end{frame} + + +\begin{frame}{Taler in Operation} + \pause + \centering + \includegraphics[height=10cm]{operations.png} +\end{frame} + + +\begin{frame}{Usability of Taler} + \vfill + \begin{center} + \url{https://demo.taler.net/} + \end{center} + \begin{enumerate} + \item Install browser extension. + \item Visit the {\tt bank.demo.taler.net} to withdraw coins. + \item Visit the {\tt shop.demo.taler.net} to spend coins. + \end{enumerate} + \vfill +\end{frame} + + +\begin{frame}{Use Case: Journalism} + Today: + \begin{itemize} + \item Corporate structure % ($\Rightarrow$ filter) + \item Advertising primary revenue % ($\Rightarrow$ dependence) + \item Tracking readers critical for business success + \item Journalism and marketing hard to distinguish + \end{itemize}\vfill\pause + With GNU Taler: + \begin{itemize} + \item One-click micropayments per article + \item Hosting requires no expertise % (no PCI DSS) + \item Reader-funded reporting separated from marketing + \item Readers can remain anonymous + \end{itemize} +\end{frame} + + +\begin{frame}{Use Case: Anti-Spam} + Today, p$\equiv$p provides authenticated encryption for e-mail: + \begin{itemize} + \item Free software + \item Easy to use opportunistic encryption + \item Available for Outlook, Android, Enigmail + \item Spies \& spam filters can no longer inspect content + \end{itemize}\vfill\pause + With GNU Taler: + \begin{itemize} + \item Peer-to-peer payments via e-mail + \item If unsolicited sender, hide messages from user \& + automatically request payment from sender + \item Sender can attach payment to be moved to inbox + \item Receiver may grant refund to sender + \end{itemize} +\end{frame} + + +\begin{frame} + \vfill + \begin{center} + {\bf Where might this get us exactly?} + \end{center} + \vfill +\end{frame} + + +\begin{frame}{Visions} + \begin{itemize} + \item Be paid to read advertising, starting with spam + \item Give welfare without intermediaries taking huge cuts + \item Forster regional trade via regional currencies + \item Eliminate corruption by making all income visible + \item Stop the mining by making crypto-currencies useless for + anything but crime + \end{itemize} +\end{frame} + + + +\begin{frame} + \vfill + \begin{center} + {\bf What is there?} + \end{center} + \vfill +\end{frame} + + +\begin{frame}{Components} + \begin{itemize} + \item REST APIs, C APIs + \item Command-line, WebExtension (Firefox, Chrome, Chromium, Brave) and Android wallet + \item GLS bank integration (libeufin, WiP) + \item Escrow/backup solution (Anastasis, WiP) + \item Merchant backend \& backoffice (needs love) + \item WooCommerce plugin (needs update) + \item Taler-enabled vending machine (MDB) + \item Sample Web frontends + \item Twister + \end{itemize} +\end{frame} + + +\begin{frame} + \vfill + \begin{center} + {\bf How can you help?} + \end{center} + \vfill +\end{frame} + + +\begin{frame}{How to support?} + \begin{itemize} + \item Join: \href{https://lists.gnu.org/mailman/listinfo/taler}{taler@gnu.org}, \href{irc://irc.freenode.net/\#taler}{\#taler} + \item Testing: try it out, report issues (\url{https://bugs.gnunet.org/}) + \item Translation: translate Web site and software (GNU gettext) + \item Propaganda: spread the word (\url{https://git.taler.net/marketing.git}) + \item Documentation: explain things better (\url{https://docs.taler.net/}) + \item Integration: \url{https://git.taler.net/} + \item Security audits: study our code and design + \end{itemize} +\end{frame} + + +\begin{frame} + \vfill + \begin{center} + {\bf Technology deep dive} + \end{center} + \vfill +\end{frame} + + +\begin{frame}{Taxability} + We say Taler is taxable because: + \begin{itemize} + \item Merchant's income is visible from deposits. + \item Hash of contract is part of deposit data. + \item State can trace income and enforce taxation. + \end{itemize}\pause + Limitations: + \begin{itemize} + \item withdraw loophole + \item {\em sharing} coins among family and friends + \end{itemize} +\end{frame} + + +\begin{frame}{How does it work?} +We use a few ancient constructions: + \begin{itemize} + \item Cryptographic hash function (1989) + \item Blind signature (1983) + \item Schnorr signature (1989) + \item Diffie-Hellman key exchange (1976) + \item Cut-and-choose zero-knowledge proof (1985) + \end{itemize} +But of course we use modern instantiations. +\end{frame} + + +\begin{frame}{Exchange setup: Create a denomination key (RSA)} + \begin{minipage}{6cm} + \begin{enumerate} + \item Pick random primes $p,q$. + \item Compute $n := pq$, $\phi(n) = (p-1)(q-1)$ + \item Pick small $e < \phi(n)$ such that + $d := e^{-1} \mod \phi(n)$ exists. + \item Publish public key $(e,n)$. + \end{enumerate} + \end{minipage} + \begin{minipage}{6cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance=1em and 1em, inner sep=0em, outer sep=.3em]; + \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}}; + \node (primes) [draw=none, below = of origin] at (0,0) {$(p, q)$}; + \node (seal) [def, draw=none, below left=of primes]{\includegraphics[width=0.15\textwidth]{seal.pdf}}; + \node (hammer) [def, draw=none, below right=of primes]{\includegraphics[width=0.15\textwidth]{hammer.pdf}}; + + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (primes) -- (origin) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (seal) -- (primes) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (hammer) -- (primes) node [midway, above, sloped] (TextNode) {}; + \end{tikzpicture} +% \includegraphics[width=0.4\textwidth]{seal.pdf} + \end{minipage} +\end{frame} + + +\begin{frame}{Merchant: Create a signing key (EdDSA)} + \begin{minipage}{6cm} + \begin{itemize} + \item pick random $m \mod o$ as private key + \item $M = mG$ public key + \end{itemize} + \end{minipage} + \begin{minipage}{6cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer sep=.3em]; + \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}}; + \node (m) [draw=none, below = of origin] at (0,0) {$m$}; + \node (seal) [draw=none, below=of m]{M}; + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (m) -- (origin) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (seal) -- (primes) node [midway, above, sloped] (TextNode) {}; + \end{tikzpicture} + \end{minipage} + \parbox[t]{3cm}{{\bf Capability:} $m \Rightarrow$ } + \raisebox{\dimexpr-\height+\baselineskip}{\includegraphics[width=0.1\textwidth]{merchant-sign.pdf}} +\end{frame} + + +\begin{frame}{Customer: Create a planchet (EdDSA)} + \begin{minipage}{8cm} + \begin{itemize} + \item Pick random $c \mod o$ private key + \item $C = cG$ public key + \end{itemize} + \end{minipage} + \begin{minipage}{4cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer sep=.3em]; + \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}}; + \node (c) [draw=none, below = of origin] at (0,0) {$c$}; + \node (planchet) [draw=none, below=of c]{\includegraphics[width=0.4\textwidth]{planchet.pdf}}; + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (c) -- (origin) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (planchet) -- (c) node [midway, above, sloped] (TextNode) {}; + \end{tikzpicture} + \end{minipage} + \parbox[t]{3cm}{{\bf Capability:} $c \Rightarrow$ } + \raisebox{\dimexpr-\height+\baselineskip}{\includegraphics[width=0.1\textwidth]{planchet-sign.pdf}} +\end{frame} + + +\begin{frame}{Customer: Blind planchet (RSA)} + \begin{minipage}{6cm} + \begin{enumerate} + \item Obtain public key $(e,n)$ + \item Compute $f := FDH(C)$, $f < n$. + \item Pick blinding factor $b \in \mathbb Z_n$ + \item Transmit $f' := f b^e \mod n$ + \end{enumerate} + \end{minipage} + \begin{minipage}{6cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em]; + \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}}; + \node (b) [def, draw=none, below = of origin] at (0,-0.2) {$b$}; + \node (blinded) [def, draw=none, below right=of b]{\includegraphics[width=0.2\textwidth]{blinded.pdf}}; + \node (planchet) [def, draw=none, above right=of blinded]{\includegraphics[width=0.15\textwidth]{planchet.pdf}}; + \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange}; + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (b) -- (origin) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (blinded) -- (planchet) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (blinded) -- (b) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}}; + \end{tikzpicture} + \end{minipage} +\end{frame} + + +\begin{frame}{Exchange: Blind sign (RSA)} + \begin{minipage}{6cm} + \begin{enumerate} + \item Receive $f'$. + \item Compute $s' := f'^d \mod n$. + \item Send signature $s'$. + \end{enumerate} + \end{minipage} + \begin{minipage}{6cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em]; + \node (hammer) [def, draw=none] at (0,0) {\includegraphics[width=0.15\textwidth]{hammer.pdf}}; + \node (signed) [def, draw=none, below left=of hammer]{\includegraphics[width=0.2\textwidth]{sign.pdf}}; + \node (blinded) [def, draw=none, above left=of signed]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; + \node (customer) [node distance=4em and 0.5em, draw, below =of signed]{Customer}; + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (signed) -- (hammer) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (signed) -- (blinded) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (customer) -- (signed) node [midway, above, sloped] (TextNode) {{\small transmit}}; + \end{tikzpicture} + \end{minipage} +\end{frame} + + +\begin{frame}{Customer: Unblind coin (RSA)} + \begin{minipage}{6cm} + \begin{enumerate} + \item Receive $s'$. + \item Compute $s := s' b^{-1} \mod n$ % \\ + % ($(f')^d = (f b^e)^d = f^d b$). + \end{enumerate} + \end{minipage} + \begin{minipage}{6cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em]; + \node (b) [def, draw=none] at (0,0) {$b$}; + \node (coin) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{coin.pdf}}; + \node (signed) [def, draw=none, above left=of coin]{\includegraphics[width=0.15\textwidth]{sign.pdf}}; + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (coin) -- (b) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (coin) -- (signed) node [midway, above, sloped] (TextNode) {}; + \end{tikzpicture} + \end{minipage} +\end{frame} + + +\begin{frame}{Customer: Build shopping cart} + \begin{center} + \begin{tikzpicture} + \tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer sep=.3em]; + \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{shop.pdf}}; + \node (cart) [draw=none, below=of m]{\includegraphics[width=0.2\textwidth]{cart.pdf}}; + \node (merchant) [node distance=4em and 0.5em, draw, below =of cart]{Merchant}; + \tikzstyle{C} = [color=black, line width=1pt]; + \draw [<-, C] (cart) -- (origin) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (merchant) -- (cart) node [midway, above, sloped] (TextNode) {{\small transmit}}; + \end{tikzpicture} + \end{center} +\end{frame} + + +\begin{frame}{Merchant: Propose contract (EdDSA)} + \begin{minipage}{6cm} + \begin{enumerate} + \item Complete proposal $D$. + \item Send $D$, $EdDSA_m(D)$ + \end{enumerate} + \end{minipage} + \begin{minipage}{6cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance=2em and 0.5em, inner sep=0em, outer sep=.3em]; + \node (cart) [def, draw=none] at (0,0) {\includegraphics[width=0.15\textwidth]{cart.pdf}}; + \node (proposal) [def, draw=none, below right=of cart]{\includegraphics[width=0.5\textwidth]{merchant_propose.pdf}}; + \node (customer) [node distance=4em and 0.5em, draw, below =of proposal]{Customer}; + \tikzstyle{C} = [color=black, line width=1pt]; + \node (sign) [def, draw=none, above right=of proposal] {$m$}; + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (proposal) -- (sign) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (proposal) -- (cart) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (customer) -- (proposal) node [midway, above, sloped] (TextNode) {{\small transmit}}; + \end{tikzpicture} + \end{minipage} +\end{frame} + + +\begin{frame}{Customer: Spend coin (EdDSA)} + \begin{minipage}{6cm} + \begin{enumerate} + \item Receive proposal $D$, $EdDSA_m(D)$. + \item Send $s$, $C$, $EdDSA_c(D)$ + \end{enumerate} + \end{minipage} + \begin{minipage}{6cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance=2em and 0.4em, inner sep=0em, outer sep=.3em]; + \node (proposal) [def, draw=none] at (0,0) {\includegraphics[width=0.15\textwidth]{merchant_propose.pdf}}; + \node (contract) [def, draw=none, below right=of cart]{\includegraphics[width=0.3\textwidth]{contract.pdf}}; + \node (c) [def, draw=none, above=of contract] {$c$}; + \node (merchant) [node distance=4em and 0.5em, draw, below=of contract]{Merchant}; + \node (coin) [def, draw=none, right=of contract]{\includegraphics[width=0.2\textwidth]{coin.pdf}}; + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (contract) -- (c) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (contract) -- (proposal) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (merchant) -- (contract) node [midway, above, sloped] (TextNode) {{\small transmit}}; + \draw [<-, C] (merchant) -- (coin) node [midway, below, sloped] (TextNode) {{\small transmit}}; + \end{tikzpicture} + \end{minipage} +\end{frame} + + +\begin{frame}{Merchant and Exchange: Verify coin (RSA)} + \begin{minipage}{6cm} + \begin{equation*} + s^e \stackrel{?}{\equiv} FDH(C) \mod n + \end{equation*} + \end{minipage} + \begin{minipage}{6cm} + \begin{minipage}{0.2\textwidth} + \includegraphics[width=\textwidth]{coin.pdf} + \end{minipage} + $\stackrel{?}{\Leftrightarrow}$ + \begin{minipage}{0.2\textwidth} + \includegraphics[width=\textwidth]{seal.pdf} + \end{minipage} + \end{minipage} +\end{frame} + + +\begin{frame}{Giving change} + It would be inefficient to pay EUR 100 with 1 cent coins! + \begin{itemize} + \item Denomination key represents value of a coin. + \item Exchange may offer various denominations for coins. + \item Wallet may not have exact change! + \item Usability requires ability to pay given sufficient total funds. + \end{itemize}\pause + Key goals: + \begin{itemize} + \item maintain unlinkability + \item maintain taxability of transactions + \end{itemize}\pause + Method: + \begin{itemize} + \item Contract can specify to only pay {\em partial value} of a coin. + \item Exchange allows wallet to obtain {\em unlinkable change} + for remaining coin value. + \end{itemize} +\end{frame} + + +\begin{frame}{Diffie-Hellman (ECDH)} + \begin{minipage}{8cm} + \begin{enumerate} + \item Create private keys $c,t \mod o$ + \item Define $C = cG$ + \item Define $T = tG$ + \item Compute DH \\ $cT = c(tG) = t(cG) = tC$ + \end{enumerate} + \end{minipage} + \begin{minipage}{6cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em]; + \node (t) [def, draw=none] at (0,0) {$t$}; + \node (ct) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{dh.pdf}}; + \node (c) [def, draw=none, above left= of ct] {$c$}; + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (ct) -- (c) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (ct) -- (t) node [midway, above, sloped] (TextNode) {}; + \end{tikzpicture} + \end{minipage} +\end{frame} + + +\begin{frame}{Strawman solution} + \begin{minipage}{8cm} + Given partially spent private coin key $c_{old}$: + \begin{enumerate} +% \item Let $C_{old} := c_{old}G$ (as before) + \item Pick random $c_{new} \mod o$ private key + \item $C_{new} = c_{new}G$ public key + \item Pick random $b_{new}$ + \item Compute $f_{new} := FDH(C_{new})$, $m < n$. + \item Transmit $f'_{new} := f_{new} b_{new}^e \mod n$ + \end{enumerate} + ... and sign request for change with $c_{old}$. + \end{minipage} + \begin{minipage}{4cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; + \node (blinded) [def, draw=none]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; + \node (planchet) [def, draw=none, above left= of blinded] {\includegraphics[width=0.15\textwidth]{planchet.pdf}}; + \node (cnew) [def, draw=none, above= of planchet] {$c_{new}$}; + \node (bnew) [def, draw=none, above right= of blinded] {$b_{new}$}; + \node (dice1) [def, draw=none, above = of cnew]{\includegraphics[width=0.2\textwidth]{dice.pdf}}; + \node (dice2) [def, draw=none, above = of bnew]{\includegraphics[width=0.2\textwidth]{dice.pdf}}; + \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange}; + + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (cnew) -- (dice1) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (planchet) -- (cnew) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (bnew) -- (dice2) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (blinded) -- (planchet) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (blinded) -- (bnew) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}}; + \end{tikzpicture} + \end{minipage} + \pause + \vfill + {\bf Problem: Owner of $c_{new}$ may differ from owner of $c_{old}$!} +\end{frame} + + +\begin{frame}{Customer: Transfer key setup (ECDH)} + \begin{minipage}{8cm} + Given partially spent private coin key $c_{old}$: + \begin{enumerate} + \item Let $C_{old} := c_{old}G$ (as before) + \item Create random private transfer key $t \mod o$ + \item Compute $T := tG$ + \item Compute $X := c_{old}(tG) = t(c_{old}G) = tC_{old}$ + \item Derive $c_{new}$ and $b_{new}$ from $X$ + \item Compute $C_{new} := c_{new}G$ + \item Compute $f_{new} := FDH(C_{new})$ + \item Transmit $f_{new}' := f_{new} b_{new}^e$ + \end{enumerate} + \end{minipage} + \begin{minipage}{4cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; + \node (t) [def, draw=none] at (0,0) {$t$}; + \node (dice) [def, draw=none, above = of t]{\includegraphics[width=0.2\textwidth]{dice.pdf}}; + \node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; + \node (d) [def, draw=none, above left= of dh] {$c_{old}$}; + \node (cp) [def, draw=none, below left= of dh] {$c_{new}$}; + \node (bp) [def, draw=none, below right= of dh] {$b_{new}$}; + \node (blinded) [def, draw=none, below right=of cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; + \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange}; + + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (dh) -- (t) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (t) -- (dice) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}}; + \end{tikzpicture} + \end{minipage} +\end{frame} + + +\begin{frame}{Cut-and-Choose} + \begin{minipage}{4cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; + \node (t) [def, draw=none] at (0,0) {$t_1$}; + \node (dice) [def, draw=none, above = of t]{\includegraphics[width=0.2\textwidth]{dice.pdf}}; + \node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; + \node (d) [def, draw=none, above left= of dh] {$c_{old}$}; + \node (cp) [def, draw=none, below left= of dh] {$c_{new,1}$}; + \node (bp) [def, draw=none, below right= of dh] {$b_{new,1}$}; + \node (blinded) [def, draw=none, below right=of cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; + \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange}; + + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (t) -- (dice) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (dh) -- (t) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}}; + \end{tikzpicture} + \end{minipage} + \begin{minipage}{4cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; + \node (t) [def, draw=none] at (0,0) {$t_2$}; + \node (dice) [def, draw=none, above = of t]{\includegraphics[width=0.2\textwidth]{dice.pdf}}; + \node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; + \node (d) [def, draw=none, above left= of dh] {$c_{old}$}; + \node (cp) [def, draw=none, below left= of dh] {$c_{new,2}$}; + \node (bp) [def, draw=none, below right= of dh] {$b_{new,2}$}; + \node (blinded) [def, draw=none, below right=of cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; + \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange}; + + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (t) -- (dice) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (dh) -- (t) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}}; + \end{tikzpicture} + \end{minipage} + \begin{minipage}{4cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; + \node (t) [def, draw=none] at (0,0) {$t_3$}; + \node (dice) [def, draw=none, above = of t]{\includegraphics[width=0.2\textwidth]{dice.pdf}}; + \node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; + \node (d) [def, draw=none, above left= of dh] {$c_{old}$}; + \node (cp) [def, draw=none, below left= of dh] {$c_{new,3}$}; + \node (bp) [def, draw=none, below right= of dh] {$b_{new,3}$}; + \node (blinded) [def, draw=none, below right=of cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; + \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange}; + + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (t) -- (dice) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (dh) -- (t) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}}; + \end{tikzpicture} + \end{minipage} +\end{frame} + + +\begin{frame}{Exchange: Choose!} + \begin{center} + \item Exchange sends back random $\gamma \in \{ 1, 2, 3 \}$ to the customer. + \end{center} +\end{frame} + + +\begin{frame}{Customer: Reveal} + \begin{enumerate} + \item If $\gamma = 1$, send $t_2$, $t_3$ to exchange + \item If $\gamma = 2$, send $t_1$, $t_3$ to exchange + \item If $\gamma = 3$, send $t_1$, $t_2$ to exchange + \end{enumerate} +\end{frame} + + +\begin{frame}{Exchange: Verify ($\gamma = 2$)} + \begin{minipage}{4cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; + \node (h) [def, draw=none] at (0,0) {$t_1$}; + \node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; + \node (d) [def, draw=none, above left= of dh] {$C_{old}$}; + \node (cp) [def, draw=none, below left= of dh] {$c_{new,1}$}; + \node (bp) [def, draw=none, below right= of dh] {$b_{new,1}$}; + \node (blinded) [def, draw=none, below right=of cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; + + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (dh) -- (h) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {}; + \end{tikzpicture} + \end{minipage} + \begin{minipage}{4cm} + \ + \end{minipage} + \begin{minipage}{4cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; + \node (h) [def, draw=none] at (0,0) {$t_3$}; + \node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; + \node (d) [def, draw=none, above left= of dh] {$C_{old}$}; + \node (cp) [def, draw=none, below left= of dh] {$c_{new,3}$}; + \node (bp) [def, draw=none, below right= of dh] {$b_{new,3}$}; + \node (blinded) [def, draw=none, below right=of cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; + + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (dh) -- (h) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {}; + \end{tikzpicture} + \end{minipage} +\end{frame} + + +\begin{frame}{Exchange: Blind sign change (RSA)} + \begin{minipage}{6cm} + \begin{enumerate} + \item Take $f_{new,\gamma}'$. + \item Compute $s' := f_{new,\gamma}'^d \mod n$. + \item Send signature $s'$. + \end{enumerate} + \end{minipage} + \begin{minipage}{6cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em]; + \node (hammer) [def, draw=none] at (0,0) {\includegraphics[width=0.15\textwidth]{hammer.pdf}}; + \node (signed) [def, draw=none, below left=of hammer]{\includegraphics[width=0.2\textwidth]{sign.pdf}}; + \node (blinded) [def, draw=none, above left=of signed]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; + \node (customer) [node distance=4em and 0.5em, draw, below =of signed]{Customer}; + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (signed) -- (hammer) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (signed) -- (blinded) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (customer) -- (signed) node [midway, above, sloped] (TextNode) {{\small transmit}}; + \end{tikzpicture} + \end{minipage} +\end{frame} + + +\begin{frame}{Customer: Unblind change (RSA)} + \begin{minipage}{6cm} + \begin{enumerate} + \item Receive $s'$. + \item Compute $s := s' b_{new,\gamma}^{-1} \mod n$. + \end{enumerate} + \end{minipage} + \begin{minipage}{6cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em]; + \node (b) [def, draw=none] at (0,0) {$b_{new,\gamma}$}; + \node (coin) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{coin.pdf}}; + \node (signed) [def, draw=none, above left=of coin]{\includegraphics[width=0.15\textwidth]{sign.pdf}}; + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (coin) -- (b) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (coin) -- (signed) node [midway, above, sloped] (TextNode) {}; + \end{tikzpicture} + \end{minipage} +\end{frame} + + +\begin{frame}{Exchange: Allow linking change} + \begin{minipage}{7cm} + \begin{center} + Given $C_{old}$ + + \vspace{1cm} + + return $T_\gamma$, $s := s' b_{new,\gamma}^{-1} \mod n$. + \end{center} + \end{minipage} + \begin{minipage}{5cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance= 3em and 0.5em, inner sep=0.5em, outer sep=.3em]; + \node (co) [def, draw=none] at (0,0) {$C_{old}$}; + \node (T) [def, draw=none, below left=of co]{$T_\gamma$}; + \node (sign) [def, draw=none, below right=of co]{\includegraphics[width=0.15\textwidth]{sign.pdf}}; + \node (customer) [def, draw, below right=of T] {Customer}; + + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (T) -- (co) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (sign) -- (co) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (customer) -- (T) node [midway, above, sloped] (TextNode) {link}; + \draw [<-, C] (customer) -- (sign) node [midway, above, sloped] (TextNode) {link}; + \end{tikzpicture} + \end{minipage} +\end{frame} + + +\begin{frame}{Customer: Link (threat!)} + \begin{minipage}{6.3cm} + \begin{enumerate} + \item Have $c_{old}$. + \item Obtain $T_\gamma$, $s$ from exchange + \item Compute $X_\gamma = c_{old}T_\gamma$ + \item Derive $c_{new,\gamma}$ and $b_{new,\gamma}$ from $X_\gamma$ + \item Unblind $s := s' b_{new,\gamma}^{-1} \mod n$ + \end{enumerate} + + \end{minipage} + \begin{minipage}{5.7cm} + \begin{tikzpicture} + \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; + \node (T) [def, draw=none] at (0,0) {$T_\gamma$}; + \node (exchange) [def, inner sep=0.5em, draw, above left=of T] {Exchange}; + \node (signed) [def, draw=none, below left=of T]{\includegraphics[width=0.15\textwidth]{sign.pdf}}; + \node (dh) [def, draw=none, below right=of T]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; + \node (bp) [def, draw=none, below left= of dh] {$b_{new,\gamma}$}; + \node (co) [def, draw=none, above right= of dh] {$c_{old}$}; + \node (cp) [def, draw=none, below= of dh] {$c_{new,\gamma}$}; + \node (coin) [def, draw=none, below left = of bp]{\includegraphics[width=0.2\textwidth]{coin.pdf}}; + \node (psign) [def, node distance=2.5em and 0em, draw=none, below = of cp]{\includegraphics[width=0.2\textwidth]{planchet-sign.pdf}}; + + \tikzstyle{C} = [color=black, line width=1pt] + + \draw [<-, C] (dh) -- (co) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (dh) -- (T) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (coin) -- (signed) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (coin) -- (bp) node [midway, above, sloped] (TextNode) {}; + \draw [<-, C] (T) -- (exchange) node [midway, above, sloped] (TextNode) {link}; + \draw [<-, C] (signed) -- (exchange) node [midway, below, sloped] (TextNode) {link}; + \draw [<-, C, double] (psign) -- (cp) node [midway, below, sloped] (TextNode) {}; + \end{tikzpicture} + \end{minipage} +\end{frame} + + +\begin{frame}{Refresh protocol summary} + \begin{itemize} + \item Customer asks exchange to convert old coin to new coin + \item Protocol ensures new coins can be recovered from old coin + \item[$\Rightarrow$] New coins are owned by the same entity! + \end{itemize} + Thus, the refresh protocol allows: + \begin{itemize} + \item To give unlinkable change. + \item To give refunds to an anonymous customer. + \item To expire old keys and migrate coins to new ones. + \item To handle protocol aborts. + \end{itemize} + \noindent + \begin{center} + \bf + Transactions via refresh are equivalent to {\em sharing} a wallet. +\end{center} +\end{frame} + + +\begin{frame}{Warranting deposit safety} + Exchange has {\em another} online signing key $W = wG$: + \begin{center} + Sends $E$, $EdDSA_w(M,H(D),FDH(C))$ to the merchant. + \end{center} + This signature means that $M$ was the {\em first} to deposit + $C$ and that the exchange thus must pay $M$. + \begin{center} + Without this, an evil exchange could renege on the deposit + confirmation and claim double-spending if a coin were + deposited twice, and then not pay either merchant! + \end{center} +\end{frame} + + +\begin{frame}{Online keys} +\begin{itemize} +\item The exchange needs $d$ and $w$ to be available for online signing. +\item The corresponding public keys $W$ and $(e,n)$ are certified using + Taler's public key infrastructure (which uses offline-only keys). +\end{itemize} +\begin{center} +\includegraphics[width=0.5\textwidth]{taler-diagram-signatures.png} +\end{center} +\vfill +\begin{center} +{\bf What happens if those private keys are compromised?} +\end{center} +\vfill +\end{frame} + + +\begin{frame}{Denomination key $(e,n)$ compromise} +\begin{itemize} +\item An attacker who learns $d$ can sign an arbitrary number of illicit coins + into existence and deposit them. +\item Auditor and exchange can detect this once the total number of deposits + (illicit and legitimate) exceeds the number of legitimate coins the + exchange created. +\item At this point, $(e,n)$ is {\em revoked}. Users of {\em unspent} + legitimate coins reveal $b$ from their withdrawal operation and + obtain a {\em refund}. +\item The financial loss of the exchange is {\em bounded} by the number of + legitimate coins signed with $d$. +\item[$\Rightarrow$] Taler frequently rotates denomination signing keys and + deletes $d$ after the signing period of the respective key expires. +\end{itemize} +\begin{center} +\includegraphics[width=0.5\textwidth]{taler-diagram-denom-expiration.png} +\end{center} +\end{frame} + + +\begin{frame}{Online signing key $W$ compromise} +\begin{itemize} +\item An attacker who learns $w$ can sign deposit confirmations. +\item Attacker sets up two (or more) merchants and customer(s) which double-spend + legitimate coins at both merchants. +\item The merchants only deposit each coin once at the exchange and get paid once. +\item The attacker then uses $w$ to fake deposit confirmations for the double-spent + transactions. +\item The attacker uses the faked deposit confirmations to complain to the auditor + that the exchange did not honor the (faked) deposit confirmations. +\end{itemize} +The auditor can then detect the double-spending, but cannot tell who is to blame, +and (likely) would presume an evil exchange, forcing it to pay both merchants. +\end{frame} + + +\begin{frame}{Detecting online signing key $W$ compromise} +\begin{itemize} +\item Merchants are required to {\em probabilistically} report + signed deposit confirmations to the auditor. +\item Auditor can thus detect exchanges not reporting signed + deposit confirmations. +\item[$\Rightarrow$] Exchange can rekey if illicit key use is detected, + then only has to honor deposit confirmations it already provided + to the auditor {\em and} those without proof of double-spending + {\em and} those merchants reported to the auditor. +\item[$\Rightarrow$] Merchants that do not participate in reporting + to the auditor risk their deposit permissions being voided in + cases of an exchange's private key being compromised. +\end{itemize} +\end{frame} + + +\begin{frame}{Technology Summary} +\begin{itemize} +\item We can design protocols that fail {\em soft}. +\item GNU Taler's design limits financial damage + even in the case private keys are compromised. +\item GNU Taler does more: +\begin{itemize} +\item Gives change, can provide refunds +\item Integrates nicely with HTTP, handles network failures +\item High performance +\item Formal security proofs +\end{itemize} +\begin{center} +\includegraphics[width=0.5\textwidth]{provable-security.png} +\end{center} +\item More information at \url{https://taler.net/}. +\end{itemize} +\end{frame} + + +\section{Competitor analysis} +\begin{frame}{Competitor comparison} + \begin{center} \small + \begin{tabular}{l||c|c|c|c|c} + & Cash & Bitcoin & Zerocoin & Creditcard & GNU Taler \\ \hline \hline + Online &$-$$-$$-$ & ++ & ++ & + & +++ \\ \hline + Offline & +++ & $-$$-$ & $-$$-$ & + & $-$$-$ \\ \hline + Trans. cost & + & $-$$-$$-$ & $-$$-$$-$ & $-$ & ++ \\ \hline + Speed & + & $-$$-$$-$ & $-$$-$$-$ & o & ++ \\ \hline + Taxation & $-$ & $-$$-$ & $-$$-$$-$ & +++ & +++ \\ \hline + Payer-anon & ++ & o & ++ & $-$$-$$-$ & +++ \\ \hline + Payee-anon & ++ & o & ++ & $-$$-$$-$ & $-$$-$$-$ \\ \hline + Security & $-$ & o & o & $-$$-$ & ++ \\ \hline + Conversion & +++ & $-$$-$$-$ & $-$$-$$-$ & +++ & +++ \\ \hline + Libre & $-$ & +++ & +++ & $-$ $-$ $-$ & +++ \\ + \end{tabular} + \end{center} +\end{frame} + + +\begin{frame}{Conclusion} + \begin{center} + {\bf What can we do?} + \end{center} + \vfill +\begin{itemize} + \item{Suffer mass-surveillance enabled by credit card oligopolies with high fees, and} + \item{Engage in arms race with deliberately unregulatable blockchains, and} + \item{Enjoy the ``benefits'' of cash \\ + \hfill \includegraphics[height=0.3\textheight]{atm-rupee.jpg} \hfill} +\end{itemize} +\vfill +\begin{center} + {\bf OR} +\end{center} +\vfill +\begin{itemize} + \item{Establish free software alternative balancing social goals!} +\end{itemize} +\vfill +\end{frame} + + +\begin{frame} +\frametitle{Do you have any questions?} +\vfill +References: +{\tiny + \begin{enumerate} + \item{Christian Grothoff, Bart Polot and Carlo von Loesch. + {\em The Internet is broken: Idealistic Ideas for Building a GNU Network}. + {\bf W3C/IAB Workshop on Strengthening the Internet Against Pervasive Monitoring (STRINT)}, 2014.} + \item{Jeffrey Burdges, Florian Dold, Christian Grothoff and Marcello Stanisci. + {\em Enabling Secure Web Payments with GNU Taler}. + {\bf SPACE 2016}.} + \item{Florian Dold, Sree Harsha Totakura, Benedikt M\"uller, Jeffrey Burdges and Christian Grothoff. + {\em Taler: Taxable Anonymous Libre Electronic Reserves}. + Available upon request. 2016.} + \item{Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer and Madars Virza. + {\em Zerocash: Decentralized Anonymous Payments from Bitcoin}. + {\bf IEEE Symposium on Security \& Privacy, 2016}.} + \item{David Chaum, Amos Fiat and Moni Naor. + {\em Untraceable electronic cash}. + {\bf Proceedings on Advances in Cryptology, 1990}.} + \item{Phillip Rogaway. + {\em The Moral Character of Cryptographic Work}. + {\bf Asiacrypt}, 2015.} \label{bib:rogaway} +\end{enumerate} +} +\begin{center} + {\bf Let money facilitate trade; but ensure capital serves society.} +\end{center} +\end{frame} + + + + +\end{document} + + + + +\begin{frame}{Taler {\tt /withdraw/sign}} +% Customer withdrawing coins with blind signatures +% \bigskip + \begin{figure}[th] + \begin{minipage}[b]{0.45\linewidth} + \begin{center} + \begin{tikzpicture}[scale = 0.4, + transform shape, + msglabel/.style = { text = Black, yshift = .3cm, + sloped, midway }, + okmsg/.style = { ->, color = MidnightBlue, thick, + >=stealth }, + rstmsg/.style = { ->, color = BrickRed, thick, + >=stealth } + ] + \node[draw = MidnightBlue, + fill = CornflowerBlue, + minimum width = .3cm, + minimum height = 10cm + ] (h1) at (-4, 0) {}; + \node[draw = MidnightBlue, + fill = CornflowerBlue, + minimum width = .3cm, + minimum height = 10cm + ] (h2) at (4, 0) {}; + \node[above = 0cm of h1] {Wallet}; + \node[above = 0cm of h2] {Exchange}; + + \path[->, color = MidnightBlue, very thick, >=stealth] + (-5, 4.5) edge + node[rotate=90, text = Black, yshift = .3cm] {Time} + (-5, -4.5); + \path[okmsg, dashed] + ($(h1.east)+(0, 4.0)+(0, -1.0)$) edge + node[msglabel] {SEPA(RK,A)} + ($(h2.west)+(0, 3.5)+(0, -1.0)$); + \path[okmsg] + ($(h1.east)+(0, -1.0)$) edge + node[msglabel] {POST {\tt /withdraw/sign} $S_{RK}(DK, B_b(C))$} + ($(h2.west)+(0, -1.5)$); + \path[okmsg] + ($(h2.west)+(0, -2.0)$) edge + node[msglabel] {200 OK: $S_{DK}(B_b(C))$)} + ($(h1.east)+(0, -2.5)$); + \path[rstmsg] + ($(h2.west)+(0, -3.5)$) edge + node[msglabel] {402 PAYMENT REQUIRED: $S_{RK}(DK, B_b(C))$)} + ($(h1.east)+(0, -4)$); + \node at (5.3, 0) {}; + \end{tikzpicture} + \end{center} + Result: $\langle c, S_{DK}(C) \rangle$. + \end{minipage} + \hspace{0.5cm} + \begin{minipage}[b]{0.45\linewidth} + \tiny + \begin{description} + \item[$A$] Some amount, $A \ge A_{DK}$ + \item[$RK$] Reserve key + \item[$DK$] Denomination key + \item[$b$] Blinding factor + \item[$B_b()$] RSA-FDH blinding % DK supressed + \item[$C$] Coin public key $C := cG$ + \item[$S_{RK}()$] EdDSA signature + \item[$S_{DK}()$] RSA-FDH signature + \end{description} + \end{minipage} + \end{figure} +\end{frame} + + +\begin{frame}[t]{Taler {\tt /deposit}} +Merchant and exchange see only the public coin $\langle C, S_{DK}(C) \rangle$. +\bigskip + \begin{figure}[th] + \begin{minipage}[b]{0.45\linewidth} + \begin{center} + \begin{tikzpicture}[scale = 0.4, + transform shape, + msglabel/.style = { text = Black, yshift = .3cm, + sloped, midway }, + okmsg/.style = { ->, color = MidnightBlue, thick, + >=stealth }, + rstmsg/.style = { ->, color = BrickRed, thick, + >=stealth } + ] + \node[draw = MidnightBlue, + fill = CornflowerBlue, + minimum width = .3cm, + minimum height = 10cm + ] (h1) at (-4, 0) {}; + \node[draw = MidnightBlue, + fill = CornflowerBlue, + minimum width = .3cm, + minimum height = 10cm + ] (h2) at (4, 0) {}; + \node[above = 0cm of h1] {Merchant}; + \node[above = 0cm of h2] {Exchange}; + + \path[->, color = MidnightBlue, very thick, >=stealth] + (-5, 4.5) edge + node[rotate=90, text = Black, yshift = .3cm] {Time} + (-5, -4.5); + \path[->, color = MidnightBlue, thick, >=stealth] + ($(h1.east)+(0,3)$) edge + node[text = Black, yshift = .3cm, sloped] {POST {\tt /deposit} $S_{DK}(C), S_{c}(D)$} + ($(h2.west)+(0,2)$); + \path[->, color = MidnightBlue, thick, >=stealth] + ($(h2.west)+(0,0.5)$) edge + node[text = Black, yshift = .3cm, sloped] {200 OK: $S_{SK}(S_{c}(D))$} + ($(h1.east)+(0,-0.5)$); + \path[rstmsg] + ($(h2.west)+(0, -2.5)$) edge + node[msglabel] {409 CONFLICT: $S_{c}(D')$} + ($(h1.east)+(0, -3.5)$); + \node at (5.3, 0) {}; + \end{tikzpicture} + \end{center} + \end{minipage} + \hspace{0.5cm} + \begin{minipage}[b]{0.45\linewidth} + \tiny + \begin{description} + \item[$DK$] Denomination key + \item[$S_{DK}()$] RSA-FDH signature using $DK$ + \item[$c$] Private coin key, $C := cG$. + \item[$S_{C}()$] EdDSA signature using $c$ + \item[$D$] Deposit details + \item[$SK$] Exchange's signing key + \item[$S_{SK}()$] EdDSA signature using $SK$ + \item[$D'$] Conficting deposit details $D' \not= D$ + \end{description} + \end{minipage} + \end{figure} +\end{frame} + + +\begin{frame}{Taler {\tt /refresh/melt}} + \begin{figure}[th] + \begin{minipage}[b]{0.45\linewidth} + \begin{center} + \begin{tikzpicture}[scale = 0.4, + transform shape, + msglabel/.style = { text = Black, yshift = .3cm, + sloped, midway }, + okmsg/.style = { ->, color = MidnightBlue, thick, + >=stealth }, + rstmsg/.style = { ->, color = BrickRed, thick, + >=stealth } + ] + \node[draw = MidnightBlue, + fill = CornflowerBlue, + minimum width = .3cm, + minimum height = 10cm + ] (h1) at (-4, 0) {}; + \node[draw = MidnightBlue, + fill = CornflowerBlue, + minimum width = .3cm, + minimum height = 10cm + ] (h2) at (4, 0) {}; + \node[above = 0cm of h1] {Customer}; + \node[above = 0cm of h2] {Exchange}; + + \path[->, color = MidnightBlue, very thick, >=stealth] + (-5, 4.5) edge + node[rotate=90, text = Black, yshift = .3cm] {Time} + (-5, -4.5); + \path[->, color = MidnightBlue, thick, >=stealth] + ($(h1.east)+(0,3)$) edge + node[text = Black, yshift = .3cm, sloped] {POST {\tt /refresh/melt} $S_{DK}(C), S_c({\cal DK}, {\cal T},{\cal B})$} + ($(h2.west)+(0,2)$); + \path[->, color = MidnightBlue, thick, >=stealth] + ($(h2.west)+(0,0.5)$) edge + node[text = Black, yshift = .3cm, sloped] {200 OK: $S_{SK}(H({\cal T}, {\cal B}),\gamma)$} + ($(h1.east)+(0,-0.5)$); + \path[rstmsg] + ($(h2.west)+(0, -2.5)$) edge + node[msglabel] {409 CONFLICT: $S_{C}(X), \ldots$} + ($(h1.east)+(0, -3.5)$); + \node at (5.3, 0) {}; + \end{tikzpicture} + \end{center} + \end{minipage} + \hspace{0.5cm} + \begin{minipage}[b]{0.45\linewidth} + \tiny + \begin{description} + \item[$\kappa$] System-wide security parameter, usually 3. + \\ \smallskip + \item[$\cal DK$] $:= [DK^{(i)}]_i$ \\ List of denomination keys \\ + $D + \sum_i A_{DK^{(i)}} < A_{DK}$ + \item[$t_j$] Random scalar for $j<\kappa$ + \item[${\cal T}$] $:= [T_j]_\kappa$ where $T_j = t_j G$ + \item[$k_j$] $:= c T_j = t_j C$ is an ECDHE + \item[$b_j^{(i)}$] $:= KDF_b(k_j,i)$ % blinding factor + \item[$c_j^{(i)}$] $:= KDF_c(k_j,i)$ % coin secret keys + \item[$C_j^{(i)}$] $: = c_j^{(i)} G$ % new coin publics % keys + \item[${\cal B}$] $:= [H( \beta_j )]_\kappa$ where \\ + $\beta_j := \left[ B_{b_j^{(i)}}(C_j^{(i)}) \right]_i$ + \\ \smallskip + \item[$\gamma$] Random value in $[0,\kappa)$ +% \\ \smallskip +% \item[$X$] Deposit or refresh + \end{description} + \end{minipage} + \end{figure} +\end{frame} + + +\begin{frame}{Taler {\tt /refresh/reveal}} + \begin{figure}[th] + \begin{minipage}[b]{0.45\linewidth} + \begin{center} + \begin{tikzpicture}[scale = 0.4, + transform shape, + msglabel/.style = { text = Black, yshift = .3cm, + sloped, midway }, + okmsg/.style = { ->, color = MidnightBlue, thick, + >=stealth }, + rstmsg/.style = { ->, color = BrickRed, thick, + >=stealth } + ] + \node[draw = MidnightBlue, + fill = CornflowerBlue, + minimum width = .3cm, + minimum height = 10cm + ] (h1) at (-4, 0) {}; + \node[draw = MidnightBlue, + fill = CornflowerBlue, + minimum width = .3cm, + minimum height = 10cm + ] (h2) at (4, 0) {}; + \node[above = 0cm of h1] {Customer}; + \node[above = 0cm of h2] {Exchange}; + + \path[->, color = MidnightBlue, very thick, >=stealth] + (-5, 4.5) edge + node[rotate=90, text = Black, yshift = .3cm] {Time} + (-5, -4.5); + \path[->, color = MidnightBlue, thick, >=stealth] + ($(h1.east)+(0,3)$) edge + node[text = Black, yshift = .3cm, sloped] {POST {\tt /refresh/reveal} $H({\cal T}, {\cal B}), {\tilde{\cal T}}, \beta_\gamma$} + ($(h2.west)+(0,2)$); + \path[->, color = MidnightBlue, thick, >=stealth] + ($(h2.west)+(0,0.5)$) edge + node[text = Black, yshift = .3cm, sloped] {200 OK: $\cal S$} + ($(h1.east)+(0,-0.5)$); + \path[rstmsg] + ($(h2.west)+(0, -2.5)$) edge + node[msglabel] {400 BAD REQUEST: $Z$} + ($(h1.east)+(0, -3.5)$); + \node at (5.3, 0) {}; + \end{tikzpicture} + \end{center} + \end{minipage} + \hspace{0.5cm} + \begin{minipage}[b]{0.45\linewidth} + \tiny + \begin{description} + \item[$\cal DK$] $:= [DK^{(i)}]_i$ + \item[$t_j$] .. \\ \smallskip + + \item[$\tilde{\cal T}$] $:= [t_j | j \in \kappa, j \neq \gamma]$ \\ \smallskip + + \item[$k_\gamma$] $:= c T_\gamma = t_\gamma C$ + \item[$b_\gamma^{(i)}$] $:= KDF_b(k_\gamma,i)$ + \item[$c_\gamma^{(i)}$] $:= KDF_c(k_\gamma,i)$ + \item[$C_\gamma^{(i)}$] $: = c_\gamma^{(i)} G$ + + \item[$B_\gamma^{(i)}$] $:= B_{b_\gamma^{(i)}}(C_\gamma^{(i)})$ + \item[$\beta_\gamma$] $:= \big[ B_\gamma^{(i)} \big]_i$ + \item[$\cal S$] $:= \left[ S_{DK^{(i)}}( B_\gamma^{(i)} ) \right]_i$ \\ \smallskip + + \item[$Z$] Cut-and-choose missmatch information + \end{description} + \end{minipage} + \end{figure} +\end{frame} + + +\begin{frame}{Taler {\tt /refresh/link}} + \begin{figure}[th] + \begin{minipage}[b]{0.45\linewidth} + \begin{center} + \begin{tikzpicture}[scale = 0.4, + transform shape, + msglabel/.style = { text = Black, yshift = .3cm, + sloped, midway }, + okmsg/.style = { ->, color = MidnightBlue, thick, + >=stealth }, + rstmsg/.style = { ->, color = BrickRed, thick, + >=stealth } + ] + \node[draw = MidnightBlue, + fill = CornflowerBlue, + minimum width = .3cm, + minimum height = 10cm + ] (h1) at (-4, 0) {}; + \node[draw = MidnightBlue, + fill = CornflowerBlue, + minimum width = .3cm, + minimum height = 10cm + ] (h2) at (4, 0) {}; + \node[above = 0cm of h1] {Customer}; + \node[above = 0cm of h2] {Exchagne}; + + \path[->, color = MidnightBlue, very thick, >=stealth] + (-5, 4.5) edge + node[rotate=90, text = Black, yshift = .3cm] {Time} + (-5, -4.5); + \path[->, color = MidnightBlue, thick, >=stealth] + ($(h1.east)+(0,3)$) edge + node[text = Black, yshift = .3cm, sloped] {POST {\tt /refresh/link} $C$} + ($(h2.west)+(0,2)$); + \path[->, color = MidnightBlue, thick, >=stealth] + ($(h2.west)+(0,0.5)$) edge + node[text = Black, yshift = .3cm, sloped] {200 OK: $T_\gamma$} + ($(h1.east)+(0,-0.5)$); + \path[rstmsg] + ($(h2.west)+(0, -2.5)$) edge + node[msglabel] {404 NOT FOUND} + ($(h1.east)+(0, -3.5)$); + \node at (5.3, 0) {}; + \end{tikzpicture} + \end{center} + \end{minipage} + \hspace{0.5cm} + \begin{minipage}[b]{0.45\linewidth} + \tiny + \begin{description} + \item[$C$] Old coind public key \\ \smallskip + \item[$T_\gamma$] Linkage data $\cal L$ at $\gamma$ + \end{description} + \end{minipage} + \end{figure} +\end{frame} + + +\begin{frame}{Operational security} + \begin{center} + \resizebox{\textwidth}{!}{ +\begin{tikzpicture}[ + font=\sffamily, + every matrix/.style={ampersand replacement=\&,column sep=2cm,row sep=2cm}, + source/.style={draw,thick,rounded corners,fill=green!20,inner sep=.3cm}, + process/.style={draw,thick,circle,fill=blue!20}, + sink/.style={source,fill=green!20}, + datastore/.style={draw,very thick,shape=datastore,inner sep=.3cm}, + dots/.style={gray,scale=2}, + to/.style={->,>=stealth',shorten >=1pt,semithick,font=\sffamily\footnotesize}, + every node/.style={align=center}] + + % Position the nodes using a matrix layout + \matrix{ + \node[source] (wallet) {Wallet}; + \& \node[process] (browser) {Browser}; + \& \node[process] (shop) {Web shop}; + \& \node[sink] (backend) {Taler backend}; \\ + }; + + % Draw the arrows between the nodes and label them. + \draw[to] (browser) to[bend right=50] node[midway,above] {(4) signed contract} + node[midway,below] {(signal)} (wallet); + \draw[to] (wallet) to[bend right=50] node[midway,above] {(signal)} + node[midway,below] {(5) signed coins} (browser); + \draw[<->] (browser) -- node[midway,above] {(3,6) custom} + node[midway,below] {(HTTPS)} (shop); + \draw[to] (shop) to[bend right=50] node[midway,above] {(HTTPS)} + node[midway,below] {(1) proposed contract / (7) signed coins} (backend); + \draw[to] (backend) to[bend right=50] node[midway,above] {(2) signed contract / (8) confirmation} + node[midway,below] {(HTTPS)} (shop); +\end{tikzpicture} +} +\end{center} +\end{frame} |