commit c8597a95ea27a1f3dd1cfdc50a74f8114ac40f60
parent 226310969419fa741f73e910f7d211a37262c5cd
Author: Christian Grothoff <christian@grothoff.org>
Date: Wed, 22 Feb 2023 22:35:24 +0100
update
Diffstat:
1 file changed, 83 insertions(+), 65 deletions(-)
diff --git a/presentations/comprehensive/sic.tex b/presentations/comprehensive/sic.tex
@@ -214,11 +214,11 @@
\begin{frame}
\begin{center}
- \LARGE {\bf GNU}
-
- \vfill
+ \LARGE {\bf GNU} \\
+ \vspace{0.3cm}
% \includegraphics[width=0.66\textwidth]{logo-2017-fr.pdf}
\includegraphics[width=0.66\textwidth]{taler-logo-2021-inkscape.pdf}
+ \vfill
\end{center}
\begin{textblock*}{6cm}(.5cm,7.7cm) % {block width} (coords)
{\Large {\bf \href{https://taler.net/}{taler.net}} \\
@@ -227,15 +227,16 @@
\end{textblock*}
% Substitute based on who is giving the talk!
- \begin{textblock*}{6cm}(6.7cm,7.7cm) % {block width} (coords)
- {\hfill {\Large {\bf Florian Dold \&} \\
- \hfill {\bf Christian Grothoff}} \\
- \hfill \{dold,grothoff\}@taler.net }
+ \begin{textblock*}{8cm}(4.7cm,6.7cm) % {block width} (coords)
+ {\hfill {{\bf Dr. Emmanuel Benoist} \\
+ \hfill {\bf Dr. Florian Dold} \\
+ \hfill {\bf Dr. Andreas Habegger} \\
+ \hfill {\bf Dr. Christian Grothoff} \\ }
+ \hfill \{benoist,dold,habegger,grothoff\}@taler.net }
\end{textblock*}
\end{frame}
-
\begin{frame}{GNU Taler}
\vfill
\begin{center}
@@ -831,8 +832,8 @@ But of course we use modern instantiations.
\begin{center}
\begin{tikzpicture}
\tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer sep=.3em];
- \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{shop.pdf}};
- \node (cart) [draw=none, below=of m]{\includegraphics[width=0.2\textwidth]{cart.pdf}};
+ \node (origin) at (0,0) {\includegraphics[width=0.18\textwidth]{shop.pdf}};
+ \node (cart) [draw=none, below=of m]{\includegraphics[width=0.18\textwidth]{cart.pdf}};
\node (merchant) [node distance=4em and 0.5em, draw, below =of cart]{Merchant};
\tikzstyle{C} = [color=black, line width=1pt];
\draw [<-, C] (cart) -- (origin) node [midway, above, sloped] (TextNode) {};
@@ -1020,7 +1021,7 @@ But of course we use modern instantiations.
\end{minipage}
\begin{minipage}{4cm}
\begin{tikzpicture}
- \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em];
+ \tikzstyle{def} = [node distance= 1.5em and 0.45em, inner sep=0em, outer sep=.3em];
\node (blinded) [def, draw=none]{\includegraphics[width=0.15\textwidth]{blinded.pdf}};
\node (planchet) [def, draw=none, above left= of blinded] {\includegraphics[width=0.15\textwidth]{planchet.pdf}};
\node (cnew) [def, draw=none, above= of planchet] {$c_{new}$};
@@ -1061,7 +1062,7 @@ But of course we use modern instantiations.
\end{minipage}
\begin{minipage}{4cm}
\begin{tikzpicture}
- \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em];
+ \tikzstyle{def} = [node distance= 1.4em and 0.45em, inner sep=0em, outer sep=.3em];
\node (t) [def, draw=none] at (0,0) {$t$};
\node (dice) [def, draw=none, above = of t]{\includegraphics[width=0.2\textwidth]{dice.pdf}};
\node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}};
@@ -1089,7 +1090,7 @@ But of course we use modern instantiations.
\begin{frame}{Cut-and-Choose}
\begin{minipage}{4cm}
\begin{tikzpicture}
- \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em];
+ \tikzstyle{def} = [node distance= 1.4em and 0.45em, inner sep=0em, outer sep=.3em];
\node (t) [def, draw=none] at (0,0) {$t_1$};
\node (dice) [def, draw=none, above = of t]{\includegraphics[width=0.2\textwidth]{dice.pdf}};
\node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}};
@@ -1113,7 +1114,7 @@ But of course we use modern instantiations.
\end{minipage}
\begin{minipage}{4cm}
\begin{tikzpicture}
- \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em];
+ \tikzstyle{def} = [node distance= 1.4em and 0.45em, inner sep=0em, outer sep=.3em];
\node (t) [def, draw=none] at (0,0) {$t_2$};
\node (dice) [def, draw=none, above = of t]{\includegraphics[width=0.2\textwidth]{dice.pdf}};
\node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}};
@@ -1137,7 +1138,7 @@ But of course we use modern instantiations.
\end{minipage}
\begin{minipage}{4cm}
\begin{tikzpicture}
- \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em];
+ \tikzstyle{def} = [node distance= 1.4em and 0.45em, inner sep=0em, outer sep=.3em];
\node (t) [def, draw=none] at (0,0) {$t_3$};
\node (dice) [def, draw=none, above = of t]{\includegraphics[width=0.2\textwidth]{dice.pdf}};
\node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}};
@@ -2118,6 +2119,22 @@ Searching for functions \uncover<2->{with the following signatures}
\end{frame}
+\begin{frame}{Warranting deposit safety}
+ Exchange has online signing key $W = wG$:
+ \begin{center}
+ Sends $EdDSA_w(M,H(D),FDH(C))$ to the merchant.
+ \end{center}
+ This signature means that $M$ was the {\em first} to deposit
+ $C$ and that the exchange thus must pay $M$.
+ \vfill
+ \begin{center}
+ Without this, an evil exchange could renege on the deposit
+ confirmation and claim double-spending if a coin were
+ deposited twice, and then not pay either merchant!
+ \end{center}
+\end{frame}
+
+
\begin{frame}{Key management}
Taler has many types of keys:
\begin{itemize}
@@ -2135,24 +2152,6 @@ Taler has many types of keys:
\end{frame}
-\begin{frame}{Protecting online keys}
-The exchange needs RSA and EdDSA keys to be available for online signing.
-\begin{itemize}
-\item {\tt taler-exchange-secmod-rsa} and {\tt taler-exchange-secmod-eddsa}
- are the only processes that must have access to the private keys.
-\item The secmod processes should run under a different UID, but share
- the same GID with the exchange.
-\item The secmods generate the keys, allow {\tt taler-exchange-httpd} to sign with
- them, and eventually delete the private keys.
-\item Communication between secmods and {\tt taler-exchange-httpd} is via
- a UNIX domain socket.
-\item Online private keys are stored on disk (not in database!) and should
- NOT be backed up (RAID should suffice). If disk is lost, we can always
- create fresh replacement keys!
-\end{itemize}
-\end{frame}
-
-
\begin{frame}{Offline keys}
Both exchange and auditor use offline keys.
\begin{itemize}
@@ -2170,13 +2169,31 @@ Both exchange and auditor use offline keys.
\end{frame}
+\begin{frame}{Protecting online keys}
+The exchange needs keys to be available for online signing.
+\begin{itemize}
+\item {\tt taler-exchange-secmod-\{cs,eddsa,rsa\}}
+ are the only processes that must have access to the private keys.
+\item The secmod processes should run under a different UID, but share
+ the same GID with the exchange.
+\item The secmods generate the keys, allow {\tt taler-exchange-httpd} to sign with
+ them, and eventually delete the private keys.
+\item Communication between secmods and {\tt taler-exchange-httpd} is via
+ a UNIX domain socket.
+\item Online private keys are stored on disk (not in database!) and should
+ NOT be backed up (RAID should suffice). If disk is lost, we can always
+ create fresh replacement keys!
+\end{itemize}
+\end{frame}
+
+
\begin{frame}{Online keys}
-The exchange needs RSA and EdDSA keys to be available for online signing.
+The exchange needs keys to be available for online signing:
\begin{itemize}
\item Knowledge of these private keys will allow an adversary to
- mint digital cash, possibly resulting in huge financial losses
- (eventually, this will be detected by the auditor, but only
- after some financial losses have been irrevocably incurred).
+ mint digital cash, possibly resulting in financial losses
+% (eventually, this will be detected by the auditor, but only
+% after some financial losses have been irrevocably incurred).
\item The corresponding public keys are certified using
Taler's public key infrastructure (which uses offline-only keys).
\end{itemize}
@@ -2190,31 +2207,12 @@ online signing keys, if we find they have been compromised.
\end{frame}
-\begin{frame}{Warranting deposit safety}
- Exchange has {\em another} online signing key $W = wG$:
- \begin{center}
- Sends $EdDSA_w(M,H(D),FDH(C))$ to the merchant.
- \end{center}
- This signature means that $M$ was the {\em first} to deposit
- $C$ and that the exchange thus must pay $M$.
- \vfill
- \begin{center}
- Without this, an evil exchange could renege on the deposit
- confirmation and claim double-spending if a coin were
- deposited twice, and then not pay either merchant!
- \end{center}
-\end{frame}
-
-
\begin{frame}{Online keys}
\begin{itemize}
\item The exchange needs $d$ and $w$ to be available for online signing.
\item The corresponding public keys $W$ and $(e,n)$ are certified using
Taler's public key infrastructure (which uses offline-only keys).
\end{itemize}
-\begin{center}
-\includegraphics[width=0.5\textwidth]{taler-diagram-signatures.png}
-\end{center}
\vfill
\begin{center}
{\bf What happens if those private keys are compromised?}
@@ -2285,9 +2283,9 @@ The exchange needs the database to detect double spending.
significant financial losses.
\item The database contains total amounts customers withdrew and
merchants received, so sensitive private banking data. It
- must also not become public.
+ must thus not become public.
\item The auditor must have a (current) copy. Asynchronous replication
- is considered sufficient. This copy could also be used as an
+ should be sufficient. This copy can also serve as an
additional (off-site?) backup.
\end{itemize}
\end{frame}
@@ -2491,12 +2489,17 @@ The exchange needs the database to detect double spending.
\item[$\Rightarrow$] Permanent offline features weaken a digital payment solution (privacy, security)
\item[$\Rightarrow$] Introduces unwarranted competition for physical cash (endangers emergency-preparedness).
\end{itemize}
+\end{frame}
+
+\begin{frame}{Offline Payments with GNU Taler}
We have filed for a patent to address situations where only the merchant is offline:
\begin{enumerate}
\item Customer pays by scanning static QR code and entering amount on mobile phone.
\item Merchant confirms payment by checking simple unique numeric confirmation code.
\end{enumerate}
-Merchant needs only $\approx$ \EUR{10} COSTS hardware.
+\begin{center}
+{\bf Point-of-sale needs only $\approx$ \EUR{10} COSTS hardware.}
+\end{center}
\end{frame}
@@ -2906,9 +2909,9 @@ Merchant needs only $\approx$ \EUR{10} COSTS hardware.
\draw[confl,thick,dotted](I) -- (Ip);
\end{tikzpicture}
\end{center}
- If we experience a reorganization once, its dangerously likely for another
- one of a similar scope to happen again. Depolymerizer learns from reorganizations
- by increasing its confirmation delay.
+ If we experience a reorganization once, its likely for another
+ reorganization of a similar scope to happen again.
+ Depolymerizer learns from reorganizations by increasing its confirmation delay.
\end{frame}
@@ -2980,7 +2983,7 @@ Merchant needs only $\approx$ \EUR{10} COSTS hardware.
\begin{itemize}
\item [$-$] Trust exchange operator or auditors
\item [$+$] Fast and cheap
- \item [$+$] Realtime, ms latency
+ \item [$+$] Realtime: transactions with milliseconds of latency
\item [$+$] Linear scalability
\item [$+$] Ecological
\item [$+$] Privacy when it can, transparency when it must (avoid tax evasion and money laundering)
@@ -3037,8 +3040,8 @@ Future work:
\begin{center} \small
\begin{tabular}{l||c|c|c|c|c}
& Cash & Bitcoin & Zerocoin & Creditcard & GNU Taler \\ \hline \hline
- Online &$-$$-$$-$ & ++ & ++ & + & +++ \\ \hline
- Offline & +++ & $-$$-$ & $-$$-$ & + & $-$$-$ \\ \hline
+ Online &$-$$-$$-$ & ++ & ++ & + & +++ \\ \hline
+ Offline & +++ & $-$$-$ & $-$$-$ & + & ++ \\ \hline
Trans. cost & + & $-$$-$$-$ & $-$$-$$-$ & $-$ & ++ \\ \hline
Speed & + & $-$$-$$-$ & $-$$-$$-$ & o & ++ \\ \hline
Taxation & $-$ & $-$$-$ & $-$$-$$-$ & +++ & +++ \\ \hline
@@ -3085,6 +3088,7 @@ References:
\end{center}
\end{frame}
+\section*{Appendix: Business aspects}
\begin{frame}{Development Infrastructure}
\begin{itemize}
@@ -3135,6 +3139,20 @@ References:
\end{frame}
+\begin{frame}{Rights}
+ \begin{itemize}
+ \item GNUnet e.V. shared copyrights of their AGPLv3+ licensed code with Taler Systems SA
+ \item Taler Systems SA holds copyrights to entire GNU Taler code base (AGPLv3+, GPLv3+,
+ dual-licensing exclusive domain of Taler Systems SA)
+ \item Taler Systems SA applied for patent on offline payment approach
+ \item Taler Systems SA holds trademark on ``Taler''.
+ \item FSF holds trademark on ``GNU'', we are authorized to use ``GNU Taler''.
+ \item Taler Systems SA owns {\tt taler.net} and {\tt taler-systems.com}.
+ \end{itemize}
+\end{frame}
+
+
+
\end{document}
