threats.tex (1654B)
1 \subsection{Money laundering}\label{sec:threats} 2 3 \ifodd0 4 5 The presented protocol is using similar cryptographic constructions as 6 the GNU Taler payment system itself, primarily blind signatures and 7 regular signatures. However, it does not use the ``refresh'' protocol 8 of GNU Taler, as there is no need to render change. As a result, the 9 Donau protocol suffers from a subset of the threats from quantum 10 computing.~\cite{lange2024} 11 \fi 12 13 A new Donau-specific threat is that donations could be used for 14 laundering criminal assets. This does not mean that we expect 15 charities themselves to play foul, but tax benefits that could be 16 transferred to someone else would indirectly represent actual value 17 (even commercially tradeable): donations from someone paying lower tax 18 rates could be used to artificially lower the income of a person 19 paying a higher rate. The money going to the charity would essentially 20 be used to trigger a laundered partial payout in the legitimate world. 21 The Donau protocol does not prove that the donor identification $\DI$ 22 used in the $\UDI$s inside the BKPs is that of the actual donor, as 23 that is incompatible with the anonymity and confidentiality guarantees 24 of the system. In practice, we expect this threat to be largely 25 theoretical: the hypothetical money launderer would need complex arrangements 26 as well as be willing to take a significant loss (depending on the tax rate, 27 but generally probably more than half, given that common effective tax rates 28 are rarely above 50\%). Thus, the overhead of laundering money with this 29 method would most likely substantially exceed the cost of other methods to 30 launder criminal assets.