commit 2a3361961c138b9e66d807466bf696e887b9997e
parent ad26eafb648b185eeaf77d06e0ebb84c77633ab5
Author: Christian Grothoff <christian@grothoff.org>
Date: Tue, 16 May 2017 15:01:13 +0200
add section on /payback
Diffstat:
1 file changed, 25 insertions(+), 2 deletions(-)
diff --git a/doc/paper/taler.tex b/doc/paper/taler.tex
@@ -871,7 +871,9 @@ with signature $\widetilde{C} := S_K(\FDH_K(C_p))$
public key.
\item
The merchant creates a signed contract
- $\mathcal{A} := S_M(m, f, a, H(p, r), \vec{X})$
+ \begin{equation*}
+ \mathcal{A} := S_M(m, f, a, H(p, r), \vec{X})
+ \end{equation*}
where $m$ is an identifier for this transaction, $f$ is the price of the offer,
and $a$ is data relevant
to the contract indicating which services or goods the merchant will
@@ -1564,6 +1566,24 @@ upholds the core principles described in~\cite{fc2014murdoch}. In
particular, in providing the cryptographic proofs as evidence none of
the participants have to disclose their core secrets.
+\subsection{Business concerns}
+
+The Taler system implementation includes additional protocol elements
+to address real-world concerns. To begin with, the exchange
+automatically transfers any funds that have been left for an extended
+amount of time in a customer's reserve back to the customer's bank
+account. Furthermore, we allow the exchange to revoke denomination
+keys, and wallets periodically check for such revocations. If a
+denomination key has been revoked, the wallets use the {\em payback}
+protocol to deposit funds back to the customer's reserve, from where
+they are either withdrawn with a new denomination key or sent back to
+the customer's bank account. Unlike ordinary deposits, the payback
+protocol does not incur any transaction fees. The primary use of the
+protocol is to limit the financial loss in cases where an audit
+reveals that the exchange's private keys were compromised, and to
+automatically pay back balances held in a customers' wallet if an
+exchange ever goes out of business.
+
%\subsection{System Performance}
%
@@ -1782,7 +1802,10 @@ coin first.
the exchange persists $\langle \mathcal{L} \rangle$
and notifies the merchant that locking was successful.
\item\label{contract2} The merchant creates a digitally signed contract
- $\mathcal{A} := S_M(m, f, a, H(p, r))$ where $a$ is data relevant to the contract
+ \begin{equation*}
+ \mathcal{A} := S_M(m, f, a, H(p, r))
+ \end{equation*}
+ where $a$ is data relevant to the contract
indicating which services or goods the merchant will deliver to the customer, and $p$ is the
merchant's payment information (e.g. his IBAN number) and $r$ is an random nonce.
The merchant persists $\langle \mathcal{A} \rangle$ and sends it to the customer.
