commit feeda62b30b1992a61ffd373a6178c9d31fecc90
parent 9d537034b5919ec8c8b53aea68c4dd3ba1bf6296
Author: Christian Grothoff <christian@grothoff.org>
Date: Thu, 16 Dec 2021 20:51:48 +0100
prep for BB
Diffstat:
2 files changed, 760 insertions(+), 1 deletion(-)
diff --git a/presentations/2021-cb/bb.tex b/presentations/2021-cb/bb.tex
@@ -0,0 +1,759 @@
+\pdfminorversion=3
+\documentclass[fleqn,xcolor={usenames,dvipsnames}]{beamer}
+\usepackage{amsmath}
+\usepackage{multimedia}
+\usepackage[utf8]{inputenc}
+\usepackage{framed,color,ragged2e}
+\usepackage[absolute,overlay]{textpos}
+\definecolor{shadecolor}{rgb}{0.8,0.8,0.8}
+\usetheme{boxes}
+\setbeamertemplate{navigation symbols}{}
+\usepackage{xcolor}
+\usepackage{tikz,eurosym}
+\usepackage[normalem]{ulem}
+\usepackage{listings}
+\usepackage{adjustbox}
+
+% CSS
+\lstdefinelanguage{CSS}{
+ basicstyle=\ttfamily\scriptsize,
+ keywords={color,background-image:,margin,padding,font,weight,display,position,top,left,right,bottom,list,style,border,size,white,space,min,width, transition:, transform:, transition-property, transition-duration, transition-timing-function},
+ sensitive=true,
+ morecomment=[l]{//},
+ morecomment=[s]{/*}{*/},
+ morestring=[b]',
+ morestring=[b]",
+ alsoletter={:},
+ alsodigit={-}
+}
+
+% JavaScript
+\lstdefinelanguage{JavaScript}{
+ basicstyle=\ttfamily\scriptsize,
+ morekeywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break},
+ morecomment=[s]{/*}{*/},
+ morecomment=[l]//,
+ morestring=[b]",
+ morestring=[b]'
+}
+
+\lstdefinelanguage{HTML5}{
+ basicstyle=\ttfamily\scriptsize,
+ language=html,
+ sensitive=true,
+ alsoletter={<>=-},
+ morecomment=[s]{<!-}{-->},
+ tag=[s],
+ otherkeywords={
+ % General
+ >,
+ % Standard tags
+ <!DOCTYPE,
+ </html, <html, <head, <title, </title, <style, </style, <link, </head, <meta, />,
+ % body
+ </body, <body,
+ % Divs
+ </div, <div, </div>,
+ % Paragraphs
+ </p, <p, </p>,
+ % scripts
+ </script, <script,
+ % More tags...
+ <canvas, /canvas>, <svg, <rect, <animateTransform, </rect>, </svg>, <video, <source, <iframe, </iframe>, </video>, <image, </image>
+ },
+ ndkeywords={
+ % General
+ =,
+ % HTML attributes
+ charset=, src=, id=, width=, height=, style=, type=, rel=, href=,
+ % SVG attributes
+ fill=, attributeName=, begin=, dur=, from=, to=, poster=, controls=, x=, y=, repeatCount=, xlink:href=,
+ % CSS properties
+ margin:, padding:, background-image:, border:, top:, left:, position:, width:, height:,
+ % CSS3 properties
+ transform:, -moz-transform:, -webkit-transform:,
+ animation:, -webkit-animation:,
+ transition:, transition-duration:, transition-property:, transition-timing-function:,
+ }
+}
+
+\lstdefinelanguage{JavaScript}{
+ basicstyle=\ttfamily\scriptsize,
+ keywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break, for},
+ keywordstyle=\color{blue}\bfseries,
+ ndkeywords={class, export, boolean, throw, implements, import, this},
+ ndkeywordstyle=\color{darkgray}\bfseries,
+ identifierstyle=\color{black},
+ sensitive=false,
+ comment=[l]{//},
+ morecomment=[s]{/*}{*/},
+ commentstyle=\color{purple}\ttfamily,
+ stringstyle=\color{red}\ttfamily,
+ morestring=[b]',
+ morestring=[b]"
+}
+
+\usetikzlibrary{shapes,arrows}
+\usetikzlibrary{positioning}
+\usetikzlibrary{calc}
+
+\title{GNU Taler as a Retail CBDC}
+%\subtitle{}
+
+\setbeamertemplate{navigation symbols}{\includegraphics[width=1cm]{inria.pdf} \includegraphics[width=2.3cm]{bfh.png} \includegraphics[width=1.6cm]{fub.pdf} \includegraphics[width=0.4cm]{ashoka.png} \includegraphics[width=0.4cm]{gnu.png} \includegraphics[width=1cm]{logo-2020.jpg} \hfill}
+%\setbeamercovered{transparent=1}
+
+\author[C. Grothoff]{{\bf C. Grothoff}}
+\date{17.12.2021}
+\institute{Taler Systems SA}
+
+
+\begin{document}
+
+\justifying
+
+\begin{frame}
+ \begin{center}
+ \LARGE {\bf GNU}
+
+ \vfill
+% \includegraphics[width=0.66\textwidth]{logo-2017-fr.pdf}
+ \includegraphics[width=0.66\textwidth]{logo-2020.jpg}
+
+ as a Retail CBDC
+ \vfill
+ \end{center}
+\begin{textblock*}{6cm}(.5cm,7.7cm) % {block width} (coords)
+ {\Large {\bf \href{https://taler.net/}{taler.net}} \\
+ \href{https://twitter.com/taler}{taler@twitter} \\
+ \href{https://taler-systems.com/}{taler-systems.com}}
+\end{textblock*}
+
+% Substitute based on who is giving the talk!
+ \begin{textblock*}{6cm}(6.7cm,7.7cm) % {block width} (coords)
+ {%\hfill {\Large {\bf Florian Dold \&} \\
+ \hfill {\bf Christian Grothoff} \\
+ \hfill grothoff@taler.net }
+\end{textblock*}
+
+\end{frame}
+
+\section{Introduction}
+
+\begin{frame}{Main Points}
+ \framesubtitle{\url{https://taler.net/}}
+Our CBDC:
+\begin{itemize}
+\item is token-based (no accounts), centrally issued (not DLT); as efficient and cost-effective
+as modern real-time gross settlement (RTGS) systems operated by central banks;
+\item is designed to provide an electronic equivalent to banknotes, therefore no material
+impact on monetary policy and/or financial stability expected;
+\item guarantees privacy for the payer, combined with KYC/AML/CFT compliance and
+income transparency to ensure taxes are paid;
+\item is implemented as Free/Libre and Open Source Software (FLOSS) to provide
+transparency, accountability, and security (part of the GNU project).
+\end{itemize}
+\end{frame}
+
+
+\begin{frame}{Payment Systems: Accounts vs. Tokens}
+Two types of payment systems:
+\begin{enumerate}
+\item {\bf account-based system}: transfer occurs by charging the payer’s account and crediting
+the payee’s account (e.g., bank deposits)
+\item {\bf token-based (value-based) system}: transfer occurs by transferring the value itself, or a
+token that represents the monetary asset (e.g., banknotes)
+\end{enumerate}
+Key Difference is the information carried by the information asset:
+\begin{itemize}
+\item account (assets): associated with a transaction history
+\item token (assets): carry information about value and entity that issued the token
+\end{itemize}
+Bitcoin, and Distributed Ledger Technologies (DLTs) in general, are account-based systems!
+Novelty is that the ledger is distributed (decentralized).
+\end{frame}
+
+
+\begin{frame}{Simplistic CBDC Designs}
+ \framesubtitle{\url{https://edwardsnowden.substack.com/p/cbdcs}}
+ \begin{itemize}
+\item Account-based CBDC (e.g., Bindseil 2020, Berentsen and Schär 2018):
+\begin{itemize}
+\item simplest solution: central bank account for all
+\item responsibility to perform KYC and ensure AML/CFT (could be outsourced);
+\item potential for mass-surveillance (threat to CB independence);
+\item in direct competition with commercial banks
+\end{itemize} \pause
+\item Token-based CBDC:
+\begin{itemize}
+\item requires a system to ensure that electronic tokens are not easily copied
+(hardware-based or software-based) \\ $\rightarrow$ double-spending problem
+\item KYC and AML/CFT compliance?
+\end{itemize}
+\end{itemize}
+\end{frame}
+
+
+\section{What is Taler?}
+\begin{frame}{What is Taler?}
+ \begin{center}
+Taler is an electronic instant payment system based on tokens.
+ \end{center}
+ \begin{itemize}
+ \item Uses electronic coins stored in {\bf wallets} on customer's device
+ \item Like {\bf cash}
+ \item Pay in {\bf existing currencies} (i.e. CHF, EUR, USD)
+ \end{itemize}
+ \vfill
+ \pause
+ \noindent
+ However, Taler is
+ \begin{itemize}
+ \item \emph{not} a currency
+ \item \emph{not} a long-term store of value
+ \item \emph{not} a network or instance of a system
+ \item \emph{not} decentralized
+ \item \emph{not} based on proof-of-work or proof-of-stake
+ \item \emph{not} a speculative asset / ``get-rich-quick scheme''
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}{Some of the people behind GNU Taler}
+{\tiny
+\begin{itemize}
+ \item Prof. David Chaum (original research)
+ \item Dr. Florian Dold (cryptography, systems engineering)
+ \item Dr. Belén Barros Pena (UX design, accessibility)
+ \item Prof. Christian Grothoff (research \& development)
+ \item Prof. Andreas Habegger (research, hardware)
+ \item Dr. Thomas Moser (economics)
+ \item Dr. Richard Stallman (advisory)
+ \item Leon Schumacher, MBA (business)
+ \item Prof. Hansj\"urg Wenger (research, deployment)
+ \item Dr. Michael Widmer, MBA (legal)
+ \item Jonathan (iOS wallet)
+ \item Marcello (bank integration)
+ \item Marco (scalability, snack machine)
+ \item \"Ozg\"ur (security audit, age restrictions)
+ \item Sebastian (Web interface)
+ \item Stefan (documentation, project management)
+ \item Torsten (Andorid wallet)
+\end{itemize}
+}
+\end{frame}
+
+
+\begin{frame}{Design Principles}
+ \framesubtitle{https://taler.net/en/principles.html}
+GNU Taler must ...
+\begin{enumerate}
+ \item {... be implemented as {\bf free software}.}
+ \item {... protect the {\bf privacy of buyers}.}
+ \item {... must enable the state to {\bf tax income} and crack down on
+ illegal business activities.}
+ \item {... prevent payment fraud.}
+ \item {... only {\bf disclose the minimal amount of information
+ necessary}.}
+ \item {... be usable.}
+ \item {... be efficient.}
+ \item {... avoid single points of failure.}
+ \item {... foster {\bf competition}.}
+\end{enumerate}
+\end{frame}
+
+
+\begin{frame}{The Big Picture}
+\begin{center}
+\includegraphics[width=0.8\textwidth]{bp.png}
+\end{center}
+\end{frame}
+
+
+\begin{frame}{Taler: Unique Regulatory Features for CBs}
+ \framesubtitle{\url{https://www.snb.ch/en/mmr/papers/id/working_paper_2021_03}}
+ \begin{itemize}
+ \item Central bank issues digital coins equivalent to issuing cash \\
+ $\Rightarrow$ monetary policy remains under CB control
+ \item Architecture with consumer accounts at commercial banks \\
+ $\Rightarrow$ no competition for commercial banking (S\&L) \\
+ $\Rightarrow$ CB does not have to manage KYC, customer support
+ \item Withdrawal limits and denomination expiration \\
+ $\Rightarrow$ protects against bank runs and hoarding
+ \item Income transparency and possibility to set fees \\
+ $\Rightarrow$ additional insights into economy and new policy options
+ \item Revocation protocols and loss limitations \\
+ $\Rightarrow$ exit strategy and handles catastrophic security incidents
+ \item Privacy by cryptographic design not organizational compliance \\
+ $\Rightarrow$ CB cannot be forced to facilitate mass-surveillance
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+\frametitle{Taler Core Components}
+ \framesubtitle{\url{https://taler.net/en/docs.html}}
+\begin{center}
+\scalebox{0.3}{
+\begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 5em and 6.5em, inner sep=1em, outer sep=.3em];
+ \node (origin) at (0,0) {};
+ \node (exchange) [def,above=of origin,draw]{Exchange};
+ \node (customer) [def, draw, below left=of origin] {Customer};
+ \node (merchant) [def, draw, below right=of origin] {Merchant};
+ \node (auditor) [def, draw, above right=of origin]{Auditor};
+% \node (regulator) [def, draw, above=of auditor]{CSSF};
+
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (customer) -- (exchange) node [midway, above, sloped] (TextNode) {withdraw coins};
+ \draw [<-, C] (exchange) -- (merchant) node [midway, above, sloped] (TextNode) {deposit coins};
+ \draw [<-, C] (merchant) -- (customer) node [midway, above, sloped] (TextNode) {spend coins};
+ \draw [<-, C] (exchange) -- (auditor) node [midway, above, sloped] (TextNode) {verify};
+% \draw [<-, C] (regulator) -- (auditor) node [midway, above, sloped] (TextNode) {report};
+
+\end{tikzpicture}
+}
+\end{center}
+{%\tiny
+ \begin{itemize}
+ \item {\bf Exchange:} Service provider for digital cash
+ \begin{itemize}
+ \item Core exchange software (cryptography, database)
+ \item Air-gapped key management, real-time {\bf auditing}
+ \end{itemize}
+ \item {\bf Merchant:} Integration service for existing businesses
+ \begin{itemize}
+ \item Core merchant backend software (cryptography, database)
+ \item Back-office interface for staff
+ \item Frontend integration (E-commerce, Point-of-sale)
+ \end{itemize}
+ \item {\bf Wallet:} Consumer-controlled applications for e-cash
+ \begin{itemize}
+ \item Multi-platform wallet software (for browsers \& mobile phones)
+ \item Wallet backup storage providers
+ \end{itemize}
+ \end{itemize}
+}
+\end{frame}
+
+
+\begin{frame}{Usability of Taler}
+ \vfill
+ \begin{center}
+ \url{https://demo.taler.net/}
+ \end{center}
+ \begin{enumerate}
+ \item Install browser extension.
+ \item Visit the {\tt bank.demo.taler.net} to withdraw coins.
+ \item Visit the {\tt shop.demo.taler.net} to spend coins.
+ \end{enumerate}
+ \vfill
+\end{frame}
+
+
+
+\begin{frame}{How does it work?}
+ \framesubtitle{\url{https://taler.net/papers/thesis-dold-phd-2019.pdf}}
+ We use a few ancient constructions:
+ \begin{itemize}
+ \item Cryptographic hash function (1989)
+ \item Blind signature (1983)
+ \item Schnorr signature (1989)
+ \item Diffie-Hellman key exchange (1976)
+ \item Cut-and-choose zero-knowledge proof (1985)
+ \end{itemize}
+But of course we use modern instantiations.
+\end{frame}
+
+
+\begin{frame}{Definition: Taxability}
+ We say Taler is taxable because:
+ \begin{itemize}
+ \item Merchant's income is visible from deposits.
+ \item Hash of contract is part of deposit data.
+ \item State can trace income and enforce taxation.
+ \end{itemize}\pause
+ Limitations:
+ \begin{itemize}
+ \item withdraw loophole
+ \item {\em sharing} coins among family and friends
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}{Exchange setup: Create a denomination key (RSA)}
+ \begin{minipage}{6cm}
+ \begin{enumerate}
+ \item Pick random primes $p,q$.
+ \item Compute $n := pq$, $\phi(n) = (p-1)(q-1)$
+ \item Pick small $e < \phi(n)$ such that
+ $d := e^{-1} \mod \phi(n)$ exists.
+ \item Publish public key $(e,n)$.
+ \end{enumerate}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance=1em and 1em, inner sep=0em, outer sep=.3em];
+ \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}};
+ \node (primes) [draw=none, below = of origin] at (0,0) {$(p, q)$};
+ \node (seal) [def, draw=none, below left=of primes]{\includegraphics[width=0.15\textwidth]{seal.pdf}};
+ \node (hammer) [def, draw=none, below right=of primes]{\includegraphics[width=0.15\textwidth]{hammer.pdf}};
+
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (primes) -- (origin) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (seal) -- (primes) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (hammer) -- (primes) node [midway, above, sloped] (TextNode) {};
+ \end{tikzpicture}
+% \includegraphics[width=0.4\textwidth]{seal.pdf}
+ \end{minipage}
+\end{frame}
+
+
+\begin{frame}{Merchant: Create a signing key (EdDSA)}
+ \begin{minipage}{6cm}
+ \begin{itemize}
+ \item pick random $m \mod o$ as private key
+ \item $M = mG$ public key
+ \end{itemize}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer sep=.3em];
+ \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}};
+ \node (m) [draw=none, below = of origin] at (0,0) {$m$};
+ \node (seal) [draw=none, below=of m]{M};
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (m) -- (origin) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (seal) -- (primes) node [midway, above, sloped] (TextNode) {};
+ \end{tikzpicture}
+ \end{minipage}
+ \parbox[t]{3cm}{{\bf Capability:} $m \Rightarrow$ }
+ \raisebox{\dimexpr-\height+\baselineskip}{\includegraphics[width=0.1\textwidth]{merchant-sign.pdf}}
+\end{frame}
+
+
+\begin{frame}{Customer: Create a planchet (EdDSA)}
+ \begin{minipage}{8cm}
+ \begin{itemize}
+ \item Pick random $c \mod o$ private key
+ \item $C = cG$ public key
+ \end{itemize}
+ \end{minipage}
+ \begin{minipage}{4cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer sep=.3em];
+ \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}};
+ \node (c) [draw=none, below = of origin] at (0,0) {$c$};
+ \node (planchet) [draw=none, below=of c]{\includegraphics[width=0.4\textwidth]{planchet.pdf}};
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (c) -- (origin) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (planchet) -- (c) node [midway, above, sloped] (TextNode) {};
+ \end{tikzpicture}
+ \end{minipage}
+ \parbox[t]{3cm}{{\bf Capability:} $c \Rightarrow$ }
+ \raisebox{\dimexpr-\height+\baselineskip}{\includegraphics[width=0.1\textwidth]{planchet-sign.pdf}}
+\end{frame}
+
+
+\begin{frame}{Customer: Blind planchet (RSA)}
+ \begin{minipage}{6cm}
+ \begin{enumerate}
+ \item Obtain public key $(e,n)$
+ \item Compute $f := FDH(C)$, $f < n$.
+ \item Pick blinding factor $b \in \mathbb Z_n$
+ \item Transmit $f' := f b^e \mod n$
+ \end{enumerate}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em];
+ \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}};
+ \node (b) [def, draw=none, below = of origin] at (0,-0.2) {$b$};
+ \node (blinded) [def, draw=none, below right=of b]{\includegraphics[width=0.2\textwidth]{blinded.pdf}};
+ \node (planchet) [def, draw=none, above right=of blinded]{\includegraphics[width=0.15\textwidth]{planchet.pdf}};
+ \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange};
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (b) -- (origin) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (blinded) -- (planchet) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (blinded) -- (b) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}};
+ \end{tikzpicture}
+ \end{minipage}
+\end{frame}
+
+
+\begin{frame}{Exchange: Blind sign (RSA)}
+ \begin{minipage}{6cm}
+ \begin{enumerate}
+ \item Receive $f'$.
+ \item Compute $s' := f'^d \mod n$.
+ \item Send signature $s'$.
+ \end{enumerate}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em];
+ \node (hammer) [def, draw=none] at (0,0) {\includegraphics[width=0.15\textwidth]{hammer.pdf}};
+ \node (signed) [def, draw=none, below left=of hammer]{\includegraphics[width=0.2\textwidth]{sign.pdf}};
+ \node (blinded) [def, draw=none, above left=of signed]{\includegraphics[width=0.15\textwidth]{blinded.pdf}};
+ \node (customer) [node distance=4em and 0.5em, draw, below =of signed]{Customer};
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (signed) -- (hammer) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (signed) -- (blinded) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (customer) -- (signed) node [midway, above, sloped] (TextNode) {{\small transmit}};
+ \end{tikzpicture}
+ \end{minipage}
+\end{frame}
+
+
+\begin{frame}{Customer: Unblind coin (RSA)}
+ \begin{minipage}{6cm}
+ \begin{enumerate}
+ \item Receive $s'$.
+ \item Compute $s := s' b^{-1} \mod n$ % \\
+ % ($(f')^d = (f b^e)^d = f^d b$).
+ \end{enumerate}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em];
+ \node (b) [def, draw=none] at (0,0) {$b$};
+ \node (coin) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{coin.pdf}};
+ \node (signed) [def, draw=none, above left=of coin]{\includegraphics[width=0.15\textwidth]{sign.pdf}};
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (coin) -- (b) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (coin) -- (signed) node [midway, above, sloped] (TextNode) {};
+ \end{tikzpicture}
+ \end{minipage}
+\end{frame}
+
+\begin{frame}{Customer: Build shopping cart}
+ \begin{center}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer sep=.3em];
+ \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{shop.pdf}};
+ \node (cart) [draw=none, below=of m]{\includegraphics[width=0.2\textwidth]{cart.pdf}};
+ \node (merchant) [node distance=4em and 0.5em, draw, below =of cart]{Merchant};
+ \tikzstyle{C} = [color=black, line width=1pt];
+ \draw [<-, C] (cart) -- (origin) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (merchant) -- (cart) node [midway, above, sloped] (TextNode) {{\small transmit}};
+ \end{tikzpicture}
+ \end{center}
+\end{frame}
+
+
+\begin{frame}{Merchant: Propose contract (EdDSA)}
+ \begin{minipage}{6cm}
+ \begin{enumerate}
+ \item Complete proposal $D$.
+ \item Send $D$, $EdDSA_m(D)$
+ \end{enumerate}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance=2em and 0.5em, inner sep=0em, outer sep=.3em];
+ \node (cart) [def, draw=none] at (0,0) {\includegraphics[width=0.15\textwidth]{cart.pdf}};
+ \node (proposal) [def, draw=none, below right=of cart]{\includegraphics[width=0.5\textwidth]{merchant_propose.pdf}};
+ \node (customer) [node distance=4em and 0.5em, draw, below =of proposal]{Customer};
+ \tikzstyle{C} = [color=black, line width=1pt];
+ \node (sign) [def, draw=none, above right=of proposal] {$m$};
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (proposal) -- (sign) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (proposal) -- (cart) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (customer) -- (proposal) node [midway, above, sloped] (TextNode) {{\small transmit}};
+ \end{tikzpicture}
+ \end{minipage}
+\end{frame}
+
+
+\begin{frame}{Customer: Spend coin (EdDSA)}
+ \begin{minipage}{6cm}
+ \begin{enumerate}
+ \item Receive proposal $D$, $EdDSA_m(D)$.
+ \item Send $s$, $C$, $EdDSA_c(D)$
+ \end{enumerate}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{tikzpicture}
+ \tikzstyle{def} = [node distance=2em and 0.4em, inner sep=0em, outer sep=.3em];
+ \node (proposal) [def, draw=none] at (0,0) {\includegraphics[width=0.15\textwidth]{merchant_propose.pdf}};
+ \node (contract) [def, draw=none, below right=of cart]{\includegraphics[width=0.3\textwidth]{contract.pdf}};
+ \node (c) [def, draw=none, above=of contract] {$c$};
+ \node (merchant) [node distance=4em and 0.5em, draw, below=of contract]{Merchant};
+ \node (coin) [def, draw=none, right=of contract]{\includegraphics[width=0.2\textwidth]{coin.pdf}};
+ \tikzstyle{C} = [color=black, line width=1pt]
+
+ \draw [<-, C] (contract) -- (c) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (contract) -- (proposal) node [midway, above, sloped] (TextNode) {};
+ \draw [<-, C] (merchant) -- (contract) node [midway, above, sloped] (TextNode) {{\small transmit}};
+ \draw [<-, C] (merchant) -- (coin) node [midway, below, sloped] (TextNode) {{\small transmit}};
+ \end{tikzpicture}
+ \end{minipage}
+\end{frame}
+
+
+\begin{frame}{Merchant and Exchange: Verify coin (RSA)}
+ \begin{minipage}{6cm}
+ \begin{equation*}
+ s^e \stackrel{?}{\equiv} FDH(C) \mod n
+ \end{equation*}
+ \end{minipage}
+ \begin{minipage}{6cm}
+ \begin{minipage}{0.2\textwidth}
+ \includegraphics[width=\textwidth]{coin.pdf}
+ \end{minipage}
+ $\stackrel{?}{\Leftrightarrow}$
+ \begin{minipage}{0.2\textwidth}
+ \includegraphics[width=\textwidth]{seal.pdf}
+ \end{minipage}
+ \end{minipage}
+ \vfill
+ The exchange does not only verify the signature, but also
+ checks that the coin was not double-spent.
+ \vfill
+ \pause
+ \begin{center}
+ {\bf Taler is an online payment system.}
+ \end{center}
+ \vfill
+\end{frame}
+
+
+\begin{frame}{Requirements: Online vs. Offline Digital Currencies}
+\framesubtitle{\url{https://taler.net/papers/euro-bearer-online-2021.pdf}}
+\begin{itemize}
+ \item Offline capabilities are sometimes cited as a requirement for digital payment solutions
+ \item All implementations must either use restrictive hardware elements and/or introduce
+ counterparty risk.
+ \item[$\Rightarrow$] Permanent offline features weaken a digital payment solution (privacy, security)
+ \item[$\Rightarrow$] Introduces unwarranted competition for physical cash (endangers emergency-preparedness).
+ \end{itemize}
+ We recommend a tiered approach:
+ \begin{enumerate}
+ \item Online-first, bearer-based digital currency with Taler
+ \item (Optional:) Limited offline mode for network outages
+ \item Physical cash for emergencies (power outage, catastrophic cyber incidents)
+ \end{enumerate}
+\end{frame}
+
+
+\begin{frame}{Scalability}
+On paper, the design scales linearly with computing resources:
+\begin{itemize}
+\item Front-end logic at the central bank only needs to perform a few signature operations, a
+single CPU core can typically do a few thousands per second.
+\item Front-end servers need to talk to a database to prevent double-spending. A single database server can handle tens of thousands of such operations per second.
+\item All operations are easily split across multiple database servers by simply assigning
+each database server a range of values.
+\item The frontends need to talk to the backends using an interconnect. The size of an
+individual transaction is typically about 1–10 kilobytes. Modern interconnects
+can support millions of such transactions per second.
+\item To securely store 1-10 kilobytes per transaction, using AWS pricing, the cost of the
+system (storage, bandwidth, computation) at scale would be 0.0001 USD per transaction.
+\end{itemize}
+\end{frame}
+
+
+\begin{frame}{Scalability in numbers}
+On a {\bf single desktop system}, we measured:
+\begin{itemize}
+\item {\bf 1k+} withdraws\&deposits/second (client and server doing 2048-bit RSA)
+\item {\bf 50k+} import inbound wire transfers per second (to RTGS)
+\item {\bf 33k+} transactions aggregated/second
+\item {\bf 62k+} export outbound wire transfers per second (to RTGS)
+\end{itemize}
+We are now configuring the Grid 5000 for larger-scale experiments.
+\end{frame}
+
+
+\begin{frame}{Taler: Project Status}
+\framesubtitle{\url{https://docs.taler.net/}}
+\begin{itemize}
+ \item Cryptographic protocols and core exchange component are stable
+ \item Current focus: KYC process at commercial bank, scalability evaluation, age-restricted payments, P2P payments
+ \item Internal alpha deployment with a commercial bank in progress
+ \item Pilot project at Bern University of Applied Sciences cafeteria
+ \end{itemize}
+\begin{center}
+\includegraphics[width=0.7\textwidth]{taler-in-use.png}
+ \end{center}
+\end{frame}
+
+
+\section{Competitor comparison}
+\begin{frame}{Competitor comparison}
+ \begin{center} \small
+ \begin{tabular}{l||c|c|c|c|c}
+ & Cash & DLT & HW-Token & CB-Account & GNU Taler \\ \hline \hline
+ Online &$-$$-$$-$ & + & $-$ & ++ & +++ \\ \hline
+ Offline & +++ & $-$$-$$-$ & $+$ & $-$$-$ & $-$$-$ \\ \hline
+ Cost & $-$ & $-$$-$$-$ & $-$ & + & ++ \\ \hline
+ Speed & + & $-$$-$$-$ & $+$ & o & ++ \\ \hline
+ Taxation & $-$ & +++ & $-$$-$ & +++ & +++ \\ \hline
+ Payer-anon & ++ & $-$$-$ & ??? & $-$$-$ & +++ \\ \hline
+ Payee-anon & ++ & $-$$-$ & ??? & $-$$-$ & $-$$-$$-$ \\ \hline
+ Security & $-$ & ??? & $-$$-$ & o & ++ \\ \hline
+ Migration & +++ & $-$$-$$-$ & $-$$-$$-$& o & + \\ \hline
+ Libre & $-$ & ??? & $-$$-$$-$& N/A & +++ \\
+ \end{tabular}
+ \end{center}
+\end{frame}
+
+
+\begin{frame}{The Future: System Integration and Partnerships}
+ Pilots with banking organizations could:
+ \begin{itemize}
+ \item Share knowledge on Taler deployment
+ \item Study integration with the underlying RTGS layer:
+ \begin{itemize}
+ \item Develop standardized operational procedures
+ \item Perform cost analysis in banking environment
+ \item Assess effort for integration with commercial banks
+ \end{itemize}
+ \item Analyze regulatory considerations for different legislations
+ \item Perform independent security audits of Taler components
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+\frametitle{Do you have any questions?}
+\vfill
+References:
+{\tiny
+ \begin{enumerate}
+ \item{David Chaum, Christian Grothoff and Thomas Moser.
+ {\em How to issue a central bank digital currency}.
+ {\bf SNB Working Papers, 2021}.}
+ \item{Christian Grothoff, Bart Polot and Carlo von Loesch.
+ {\em The Internet is broken: Idealistic Ideas for Building a GNU Network}.
+ {\bf W3C/IAB Workshop on Strengthening the Internet Against Pervasive Monitoring (STRINT)}, 2014.}
+ \item{Jeffrey Burdges, Florian Dold, Christian Grothoff and Marcello Stanisci.
+ {\em Enabling Secure Web Payments with GNU Taler}.
+ {\bf SPACE 2016}.}
+ \item{Florian Dold, Sree Harsha Totakura, Benedikt M\"uller, Jeffrey Burdges and Christian Grothoff.
+ {\em Taler: Taxable Anonymous Libre Electronic Reserves}.
+ Available upon request. 2016.}
+ \item{Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer and Madars Virza.
+ {\em Zerocash: Decentralized Anonymous Payments from Bitcoin}.
+ {\bf IEEE Symposium on Security \& Privacy, 2016}.}
+ \item{David Chaum, Amos Fiat and Moni Naor.
+ {\em Untraceable electronic cash}.
+ {\bf Proceedings on Advances in Cryptology, 1990}.}
+ \item{Phillip Rogaway.
+ {\em The Moral Character of Cryptographic Work}.
+ {\bf Asiacrypt}, 2015.} \label{bib:rogaway}
+\end{enumerate}
+}
+\end{frame}
+
+
+\end{document}
diff --git a/presentations/2021-cb/oenb.tex b/presentations/2021-cb/oenb.tex
@@ -104,7 +104,7 @@
%\setbeamercovered{transparent=1}
\author[C. Grothoff]{{\bf C. Grothoff}}
-\date{15.10.2021}
+\date{17.12.2021}
\institute{Taler Systems SA}
