commit 05b1525467afa189db96fc2ccd7c6e2647c13623
parent 3a301269e75833a8fef636f8c19ab46f579ae4ab
Author: Matyja Lukas Adam <lukas.matyja@students.bfh.ch>
Date: Wed, 5 Jun 2024 21:48:16 +0200
Merge remote-tracking branch 'refs/remotes/origin/master'
Diffstat:
12 files changed, 172 insertions(+), 98 deletions(-)
diff --git a/doc/thesis/bibliography.bib b/doc/thesis/bibliography.bib
@@ -13,6 +13,12 @@
url = {https://eprint.iacr.org/2019/877}
}
+@misc{Taler,
+ title = {GNU Taler: Features},
+ addendum = {accessed: 05.06.2024},
+ url = {https://taler.net/en/features.html}
+}
+
@book{nigelcrypto:2016,
language = {eng},
publisher = {Springer},
diff --git a/doc/thesis/chapters/approach/concept.tex b/doc/thesis/chapters/approach/concept.tex
@@ -1,4 +1,3 @@
-\section{The Concept}
The Donau (donation authority) environment includes three stakeholders. Donors, charities and the tax authority. The Donau itself is operated by the tax authority while maintaining a list of verified charities. Each charity maintains a backend solution that allows it to communicate with the Donau and the donors. See Figure \ref{fig:stakeholders} \pageref{fig:stakeholders}
\begin{figure}[ht]
@@ -24,7 +23,7 @@ The Donau (donation authority) environment includes three stakeholders. Donors,
\caption{stakeholders} \label{fig:stakeholders}
\end{figure}
-\subsection{Issuing Donation Receipts}
+\section{Issuing Donation Receipts}
When donating to a charity the donor sends the payment together with a receipt request to the charity. In order to link the donation to the donor so that the donation receipt cannot be used by someone else, the donor's unique tax identification number is part of the receipt request. The tax ID does not cause a problem for anonymity as the whole receipt with the tax ID is blinded (see section 2.x). In the figure \ref{fig:issue receipt request} \pageref{fig:issue receipt request} the blinded receipt is illustrated as an envelope. The charity must verify if the payment was successful and if the amount written in the receipt request is lower or equal the amount donated. Next, if the charity approves the receipt request, it signs the unmodified request and forwards the request to the Donau. The Donau accepts only issued requests from verified charities. If the charity signature is valid, the Donau issues the actual donation receipt by signing the request. This is different from the current system donations are made, where the charity issues the receipt. By shifting this task to the Donau, the receipts can easily be verified and unlink the donor from the charity. Because the Donau does only know the amount and the charity it is signing for, this first step of issuing receipts anonymizes the data and provides privacy for the donor. If the payment process also provides anonymity (as the case is in GNU Taler) the donations are fully anonymous.
\begin{figure}[ht]
@@ -71,7 +70,7 @@ Upon receiving the signed issue request from the charity, the Donau must verify
\caption{issue receipt response} \label{fig:issue receipt response}
\end{figure}
-\subsection{Summarize the Receipts}
+\section{Summarize the Receipts}
When it is time for the tax declaration (usually at the beginning of the next year) the donor has to request a final donation statement signature from the Donau, summarizing all the donation receipts of a year (see figure: \ref{fig:summarize receipts} \pageref{fig:summarize receipts}). This step combines the amounts of the donation receipts in a single total amount. This further protects the privacy of the donor as the individual donations could be enough information to link with specific donations to their corresponding charity and donor. Merging donation receipts reduces the time and effort for the manual verification of the tax authority as donor generates a single QR-Code containing the donation statement. The signs over the total amount donated, the year and the tax ID. This is the signature which is used to verify the donation statement by the tax authority. The donation statement can be requested multiple times during the year for save keeping the donation receipts. The latest donation statement will always contain all the receipts of a year - the old receipts (from a previous statement) and the new donation receipts.
\begin{figure}[ht]
@@ -107,7 +106,7 @@ When it is time for the tax declaration (usually at the beginning of the next ye
\caption{summarize receipts} \label{fig:summarize receipts}
\end{figure}
-\subsection{Validation}
+\section{Validation}
Once the donor has received the donation statement signature, they can summarize them in a QR code. The donor must submit the QR-Code with their tax documents, in order to claim the tax reduction (see figure:\ref{fig:validation} \pageref{fig:validation}). The final check is made by the tax authority, by checking the donation statement signature. If the signature is valid, this is the proof that the specified donor indeed has donated the claimed amount in the indicated year.
\begin{figure}[ht]
@@ -137,7 +136,7 @@ Once the donor has received the donation statement signature, they can summarize
The tax authority will not have any information to which charity the donor has donated money. The tax authority only knows that every donation was made to one of the approved charites in the specified year and the total amount donated to all charities in that list. This way the donor could make an anonymous donation and still have enough proof to deduct the amount from taxes. By keeping track of how much income a charity has generated in donations per year and how much a donor has donated throughout the year, tax fraud is essentially eliminated.
-\subsection{Incorporating the Donau}
+\section{Incorporating the Donau}
Every donor is related to only one specific Donau of his location where he is able to issue and submit donation receipts for deducting taxes. If a charity wants to be accepted in multiple tax areas, it has to be registered by all the corresponding donation authorities. To do so, the charities has to apply to the tax authorities. The region for which a Donau is responsible depends on the tax area of the tax authority and their reglementation of what is charitable. A Donau is maybe responsible for a geographical area like a canton, a country or even a confederation of states. Different donation authorities must also be kept for different currencies, but this should not be a problem as most countries have a single currency.
diff --git a/doc/thesis/chapters/background/hash.tex b/doc/thesis/chapters/background/hash.tex
@@ -0,0 +1 @@
+\section{Hash functions}
diff --git a/doc/thesis/chapters/background/taler.tex b/doc/thesis/chapters/background/taler.tex
@@ -1,6 +1,6 @@
\section{GNU Taler}
GNU Taler is an open protocol for electronic payment system using blind signatures to protect the privacy of the customer.
-One key component of the GNU Taler payment system is the exchange which is responsible for exchanging existing money into electronic money. Customers can retrieve funds from the exchange to make anonymous payments. The merchant is not anonymous and thus can not hide the income. This helps to avoid tax evasion and money laundering \cite{taler}.
+One key component of the GNU Taler payment system is the exchange which is responsible for exchanging existing money into electronic money. Customers can retrieve funds from the exchange to make anonymous payments. The merchant is not anonymous and thus can not hide the income. This helps to avoid tax evasion and money laundering \cite{Taler}.
GNU Taler uses denominations to represent the values of a coins. A denomination contains the unit of currency and the face value of a given coin. Each denomination contains a cryptographic public key used by the exchange to verify the denomination.
%...maybe not in background but intro?
diff --git a/doc/thesis/chapters/implementation/android.tex b/doc/thesis/chapters/implementation/android.tex
@@ -1,5 +1,5 @@
\section{Android Verification App}
-The android app is part of the verification process used by the tax authority to check the donation statement (see xx).
+The Android app is part of the verification process used by the tax authority to check the donation statement (see xx).
-It is possible to define an URI scheme for an android app. The app opens when the link is activated. The arguments defined in chapter Protocol xx are separated with slashes. To ensure that as many characters as possible can be stored in the QR code, the QR code should be alphanumeric encoded\footnote{alphanumeric encoded QR codes have a capaticity of up to 4296 characters and support only a few special characters}. This means that each argument is stringified. To ensure that no special characters are used for binary data, the hash and the signature are encoded in ASCII using CrockfordBase32.\cite{qrcodedensowavewebsite}
+It is possible to define an URI scheme for an Android app. The app opens when the link is activated. The arguments defined in chapter Protocol xx are separated with slashes. To ensure that as many characters as possible can be stored in the QR code, the QR code should be alphanumeric encoded\footnote{alphanumeric encoded QR codes have a capaticity of up to 4296 characters and support only a few special characters}. This means that each argument is stringified. To ensure that no special characters are used for binary data, the hash and the signature are encoded in ASCII using CrockfordBase32.\cite{qrcodedensowavewebsite}
%TODO: Add Link example
diff --git a/doc/thesis/chapters/introduction/scope.tex b/doc/thesis/chapters/introduction/scope.tex
@@ -2,7 +2,7 @@
At the start of the project we wrote the REST API specifications together with the database schema and the Donau protocol.
Later tests were written to ensure that the endpoints work correctly without any errors.
During the project we documented the code and created various other documents like presentations and project summaries.
-To demonstrate the Donau we developped an android application that can verify donations by scanning a QR-Code.
+To demonstrate the Donau we developped an Android application that can verify donations by scanning a QR-Code.
We also held an interview with the tax authority Zürich, which has provided valuable insight in how donations are verified and important aspects that a system like the Donau should fulfil.
diff --git a/doc/thesis/chapters/protocol/details.tex b/doc/thesis/chapters/protocol/details.tex
@@ -73,7 +73,7 @@ These individual \textbf{BKP}'s are then put in an array of \textbf{BKP}'s $\vec
The donor sends the array of \textbf{BKP}'s $\vec{\mu}$ as well as the corresponding \textbf{payment} to the charity.
-\subsection{Charity receives Donation}
+\subsection{Charity receives donation}
Upon receiving the \textbf{BKP}'s $\vec{\mu}$ with the corresponding payment the charity has to verify that the amount requested (based on the \textbf{Donation Unit} public key hash $h(K_x^{pub})$) for signing is \textbf{lower or equal} to the effective amount of the donation.
If the payment was successful with the correct amount present, the charity signs (using EdDSA) a structure containing all unsigned \textbf{BKP}'s $\vec{\mu}$ coming from the donor.
@@ -85,7 +85,7 @@ Signing the array of BKP's:
The charity sends the \textbf{BKP}'s $\vec{\mu}$ and the signature $\sigma_c$ to the Donau.
-\subsection{Donau creates Donation receipt material}
+\subsection{Donau creates donation receipt material}
The Donau now has received the \textbf{BKP}'s $\vec{\mu}$ previously sent by the charity. The Donau must ensure that the charity signature is valid.
Verifing the charity signature $\sigma_c$:
@@ -106,7 +106,7 @@ Donau blind signing Blinded Unique Donor Identifiers $\overline u_1, \overline u
The signatures $\overline{\beta_1}, \overline{\beta_2}, \overline{\beta_3}$ are then sent back to the charity which inturn forwards them to the donor. This is done out of simplicity as the charity has already a secure channel open with the donor, elmination the need to open another channel.
-\subsection{Donor receives Donation receipt material}
+\subsection{Donor receives donation receipt material}
Upon receiving the Donau signatures $\overline{\beta_1}, \overline{\beta_2}, \overline{\beta_3}$ via the charity, the Donor checks if the blind signatures over the \textbf{Blinded Unique Donor Identifiers} $\overline u_1, \overline u_2, \overline u_3$ is valid:
\begin{align*}
verify\_blind(u_1,\overline{\beta_1}, K_1^{pub}) \\
@@ -132,7 +132,7 @@ Donor creates the final Donation Receipts $r_1, r_2, r_3$
These \textbf{Donation Receipt (DR)} are then stored on the donors device.
-\subsection{Donor requests a Donation Statement from the Donau}
+\subsection{Donor requests a donation statement from the Donau}
To make the donations tax deductable the donor needs to have a final \textbf{Donation Statement} which can be sent to the tax authority. To get the \textbf{Donation Statement} the donor sends the \textbf{Donation Receipts} $\{r_1, r_2, r_3\}$ accumulated throughout the year to the Donau.
This can be done multiple times during the year. It is not done automatically as to obtain \emph{unlinkability} between the \emph{issuance} of the \textbf{Donation Receipts} (which happens upon donation) and their \emph{submission} for the \textbf{Donation Statement}.
diff --git a/doc/thesis/include/glossary.tex b/doc/thesis/include/glossary.tex
@@ -0,0 +1,64 @@
+\makeglossaries
+
+\newglossaryentry{Donau}
+{
+ name=Donau,
+ description={The name of our project, short for donation authority}
+}
+
+\newglossaryentry{Taler}
+{
+ name=Taler,
+ description={The GNU Taler payment system}
+}
+
+\newglossaryentry{nonce}
+{
+ name=nonce,
+ description={Number used once, a high-entropy value which must not be reused}
+}
+
+\newglossaryentry{salt}
+{
+ name=salt,
+ description={A high-entropy value added to the hash function input to prevent brute-force attacks }
+}
+
+\newglossaryentry{ID}
+{
+ name=ID,
+ description={Unique identifier}
+}
+
+\newglossaryentry{DU}
+{
+ name=DU,
+ description={Donation unit, used to represent the value and currency of coins}
+}
+
+\newglossaryentry{DI}
+{
+ name=DI,
+ description={Donor identifier, a salted hash of the donor tax number}
+}
+
+\newglossaryentry{UDI}
+{
+ name=UDI,
+ description={Unique donor identifier, donor identifier combined with a unique nonce}
+}
+
+\newglossaryentry{BUDI}
+{
+ name=BUDI,
+ description={Blinded unique donor identifier, result of blinding a UDI}
+}
+
+\newglossaryentry{BKP}
+{
+ name=BKP,
+ description={Blinded unique donor identifier key pair, result of adding the corresponding hash of the DU public key to the BUDI}
+}
+
+\glsaddall
+
diff --git a/doc/thesis/include/settings.tex b/doc/thesis/include/settings.tex
@@ -0,0 +1,82 @@
+\usepackage[utf8]{inputenc}
+\usepackage{amsmath}
+\usepackage{amsfonts}
+\usepackage{amssymb}
+\usepackage{graphicx}
+\usepackage[final]{pdfpages}
+\usepackage{stmaryrd}
+\usepackage{listings}
+\usepackage[hidelinks]{hyperref}
+\usepackage[english]{babel}
+\usepackage{color}
+\usepackage{fancyhdr}
+\usepackage{xcolor}
+\usepackage{url}
+\usepackage{sectsty}
+\usepackage{etoolbox}
+\usepackage{tikz}
+\usepackage{parskip}
+\usepackage[toc,sort=use]{glossaries}
+
+% Abstract
+\patchcmd{\abstract}{\null\vfil}{}{}{}
+
+% Margins
+\topmargin=-0.2in
+\oddsidemargin=0.4in
+\textwidth=5.5in
+
+% Graphics and images
+\graphicspath{{./images/}}
+
+% Set headers to sans serif
+\allsectionsfont{\sffamily}
+
+% Defining colors for syntax highlighting
+\definecolor{commentsColor}{rgb}{0.497495, 0.497587, 0.497464}
+\definecolor{keywordsColor}{rgb}{0.000000, 0.000000, 0.635294}
+\definecolor{stringColor}{rgb}{0.558215, 0.000000, 0.135316}
+
+\lstset{aboveskip=20pt,belowskip=20pt}
+
+% Source: https://denbeke.be/blog/programming/syntax-highlighting-in-latex/
+\lstset{
+ backgroundcolor=\color{white},
+ basicstyle=\ttfamily\small,
+ breakatwhitespace=false,
+ breaklines=true,
+ captionpos=b,
+ commentstyle=\color{commentsColor}\textit,
+ deletekeywords={...},
+ escapeinside={\%*}{*)},
+ extendedchars=true,
+ frame=tb,
+ keepspaces=true,
+ keywordstyle=\color{keywordsColor}\bfseries,
+ %language=Python,
+ otherkeywords={*,...},
+ %numbers=left,
+ numbersep=5pt,
+ numberstyle=\tiny\color{commentsColor},
+ rulecolor=\color{black},
+ showspaces=false,
+ showstringspaces=false,
+ showtabs=false,
+ stepnumber=1,
+ stringstyle=\color{stringColor},
+ tabsize=2,
+ title=\lstname,
+ columns=fixed
+}
+
+% Bibliography
+\bibliographystyle{plain}
+
+% Pagestyle
+\pagestyle{fancy}
+
+% Hyperlinks
+\hypersetup{
+ colorlinks=true,
+ allcolors=black
+}
diff --git a/doc/thesis/settings/settings.tex b/doc/thesis/settings/settings.tex
@@ -1,81 +0,0 @@
-\usepackage[utf8]{inputenc}
-\usepackage{amsmath}
-\usepackage{amsfonts}
-\usepackage{amssymb}
-\usepackage{graphicx}
-\usepackage[final]{pdfpages}
-\usepackage{stmaryrd}
-\usepackage{listings}
-\usepackage[hidelinks]{hyperref}
-\usepackage[english]{babel}
-\usepackage{color}
-\usepackage{fancyhdr}
-\usepackage{xcolor}
-\usepackage{url}
-\usepackage{sectsty}
-\usepackage{etoolbox}
-\usepackage{tikz}
-\usepackage{parskip}
-
-% Abstract
-\patchcmd{\abstract}{\null\vfil}{}{}{}
-
-% Margins
-\topmargin=-0.2in
-\oddsidemargin=0.4in
-\textwidth=5.5in
-
-% Graphics and images
-\graphicspath{{./images/}}
-
-% Set headers to sans serif
-\allsectionsfont{\sffamily}
-
-% Defining colors for syntax highlighting
-\definecolor{commentsColor}{rgb}{0.497495, 0.497587, 0.497464}
-\definecolor{keywordsColor}{rgb}{0.000000, 0.000000, 0.635294}
-\definecolor{stringColor}{rgb}{0.558215, 0.000000, 0.135316}
-
-\lstset{aboveskip=20pt,belowskip=20pt}
-
-% Source: https://denbeke.be/blog/programming/syntax-highlighting-in-latex/
-\lstset{
- backgroundcolor=\color{white},
- basicstyle=\ttfamily\small,
- breakatwhitespace=false,
- breaklines=true,
- captionpos=b,
- commentstyle=\color{commentsColor}\textit,
- deletekeywords={...},
- escapeinside={\%*}{*)},
- extendedchars=true,
- frame=tb,
- keepspaces=true,
- keywordstyle=\color{keywordsColor}\bfseries,
- %language=Python,
- otherkeywords={*,...},
- %numbers=left,
- numbersep=5pt,
- numberstyle=\tiny\color{commentsColor},
- rulecolor=\color{black},
- showspaces=false,
- showstringspaces=false,
- showtabs=false,
- stepnumber=1,
- stringstyle=\color{stringColor},
- tabsize=2,
- title=\lstname,
- columns=fixed
-}
-
-% Bibliography
-\bibliographystyle{unsrturl}
-
-% Pagestyle
-\pagestyle{fancy}
-
-% Hyperlinks
-\hypersetup{
- colorlinks=true,
- allcolors=black
-}
diff --git a/doc/thesis/thesis.pdf b/doc/thesis/thesis.pdf
Binary files differ.
diff --git a/doc/thesis/thesis.tex b/doc/thesis/thesis.tex
@@ -1,11 +1,11 @@
\documentclass[11pt,a4paper,parskip=full]{report}
-
-\include{settings/settings}
+\include{include/settings}
+\include{include/glossary}
\begin{document}
-\title{\Huge\textsf{\textbf{DONAU}}\\
+\title{\Huge\textsf{\textbf{Donau}: Donation authority}\\
\vspace{30px}
\huge{Tax-deductable Privacy-Preserving Donations}}
\author{Johannes Casaburi \and Lukas Matyja\\
@@ -27,8 +27,9 @@
\input{chapters/introduction/scope}
\chapter{Background}
-\input{chapters/background/blindsign}
+\input{chapters/background/hash}
\input{chapters/background/eddsa}
+\input{chapters/background/blindsign}
\input{chapters/background/taler}
\chapter{Approach}
@@ -50,4 +51,6 @@
\bibliography{bibliography}
\addcontentsline{toc}{chapter}{Bibliography}
+\printglossaries
+
\end{document}
