commit f6b44cf33a0af0eebc67c794cc2557acdde8f67c
parent 01df577236a34202e9a400f6064354331b4b963b
Author: Christian Grothoff <christian@grothoff.org>
Date: Fri, 10 Jan 2025 09:25:51 +0100
add threats.tex
Diffstat:
1 file changed, 27 insertions(+), 0 deletions(-)
diff --git a/doc/usenix-security-2025/paper/threats.tex b/doc/usenix-security-2025/paper/threats.tex
@@ -0,0 +1,27 @@
+\section{Threat Analysis}\label{sec:threats}
+
+The presented protocol is using similar cryptographic constructions as
+the GNU Taler payment system itself, primarily blind signatures and
+regular signatures. However, it does not use the ``refresh'' protocol
+of GNU Taler, as there is no need to render change. As a result, the
+Donau protocol suffers from a subset of the threats from quantum
+computing.~\cite{lange2024}
+
+A new Donau-specific threat is that donations could be used for
+laundering criminal assets. This does not mean that we expect
+charities themselves to play foul, but tax benefits that could be
+transferred to someone else would indirectly represent actual value
+(even commercially tradeable): donations from someone paying lower tax
+rates could be used to artificially lower the income of a person
+paying a higher rate. The money going to the charity would essentially
+be used to trigger a laundered partial payout in the legitimate world.
+The Donau protocol does not prove that the donor identification $\DI$
+used in the $\UDI$s inside the BKPs is that of the actual donor, as
+that is incompatible with the anonymity and confidentiality guarantees
+of the system. In practice, we expect this threat to be largely
+theoretical: the hypothetical money launderer would need to take a
+significant loss (depending on the tax rate, but generally probably
+more than half, given that common effective tax rates are rarely above
+50\%). Thus, the costs of laundering money with this method would
+most likely substantially exceed the cost of other methods to launder
+criminal assets.
