marketing

boi.tex (27979B)

---

 \pdfminorversion=3
 \documentclass[fleqn,xcolor={usenames,dvipsnames}]{beamer}
 \usepackage{amsmath}
 \usepackage{multimedia}
 \usepackage[utf8]{inputenc}
 \usepackage{framed,color,ragged2e}
 \usepackage[absolute,overlay]{textpos}
 \definecolor{shadecolor}{rgb}{0.8,0.8,0.8}
 \usetheme{boxes}
 \setbeamertemplate{navigation symbols}{}
 \usepackage{xcolor}
 \usepackage{tikz,eurosym}
 \usepackage[normalem]{ulem}
 \usepackage{listings}
 \usepackage{adjustbox}
 
 % CSS
 \lstdefinelanguage{CSS}{
   keywords={color,background-image:,margin,padding,font,weight,display,position,top,left,right,bottom,list,style,border,size,white,space,min,width, transition:, transform:, transition-property, transition-duration, transition-timing-function},
   sensitive=true,
   morecomment=[l]{//},
   morecomment=[s]{/*}{*/},
   morestring=[b]',
   morestring=[b]",
   alsoletter={:},
   alsodigit={-}
 }
 
 % JavaScript
 \lstdefinelanguage{JavaScript}{
   basicstyle=\ttfamily\scriptsize,
   morekeywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break},
   morecomment=[s]{/*}{*/},
   morecomment=[l]//,
   morestring=[b]",
   morestring=[b]'
 }
 
 \usetikzlibrary{shapes,arrows}
 \usetikzlibrary{positioning}
 \usetikzlibrary{calc}
 
 \title{GNU Taler as a Retail CBDC}
 %\subtitle{}
 
 \setbeamertemplate{navigation symbols}{\includegraphics[width=1cm]{inria.pdf} \includegraphics[width=2.3cm]{bfh.png} \includegraphics[width=1.6cm]{fub.pdf} \includegraphics[width=0.4cm]{ashoka.png}  \includegraphics[width=0.4cm]{gnu.png} \includegraphics[width=1cm]{logo-2021.pdf} \hfill}
 %\setbeamercovered{transparent=1}
 
 \author[C. Grothoff]{{\bf C. Grothoff}}
 \date{16.3.2022}
 \institute{Taler Systems SA}
 
 
 \begin{document}
 
 \justifying
 
 \begin{frame}
   \begin{center}
     \LARGE {\bf GNU}
 
     \vfill
 %    \includegraphics[width=0.66\textwidth]{logo-2017-fr.pdf}
     \includegraphics[width=0.66\textwidth]{logo-2021.pdf}
 
     as a Retail CBDC
     \vfill
   \end{center}
 \begin{textblock*}{6cm}(.5cm,7.7cm) % {block width} (coords)
     {\Large {\bf \href{https://taler.net/}{taler.net}} \\
     \href{https://twitter.com/taler}{taler@twitter} \\
     \href{https://taler-systems.com/}{taler-systems.com}}
 \end{textblock*}
 
 % Substitute based on who is giving the talk!
  \begin{textblock*}{6cm}(6.7cm,7.7cm) % {block width} (coords)
    {%\hfill {\Large {\bf Florian Dold \&} \\
     \hfill {\bf Christian Grothoff} \\
     \hfill grothoff@taler.net }
 \end{textblock*}
 
 \end{frame}
 
 \section{Introduction}
 
 \begin{frame}{Main Points}
   \framesubtitle{\url{https://taler.net/}}
 Our retail CBDC:
 \begin{itemize}
 \item is token-based (no accounts), centrally issued (not DLT); as efficient and cost-effective
 as modern real-time gross settlement (RTGS) systems operated by central banks;
 \item is designed to provide an electronic equivalent to banknotes, therefore no material
 impact on monetary policy and/or financial stability expected;
 \item guarantees privacy for the payer, combined with KYC/AML/CFT compliance and
 income transparency to ensure taxes are paid;
 \item is implemented as Free/Libre and Open Source Software (FLOSS) to provide
 transparency, accountability, and security (part of the GNU project).
 \end{itemize}
 \end{frame}
 
 
 \begin{frame}{Payment Systems: Accounts vs. Tokens}
   \framesubtitle{\url{https://taler.net/papers/accounts-dangerous-2022.pdf}}
 Two types of payment systems:
 \begin{enumerate}
 \item {\bf account-based system}: transfer occurs by charging the payer’s account and crediting
 the payee’s account (e.g., bank deposits)
 \item {\bf token-based (value-based) system}: transfer occurs by transferring the value itself, or a
 token that represents the monetary asset (e.g., banknotes)
 \end{enumerate}
 Key difference is the information carried by the information asset:
 \begin{itemize}
 \item account (assets): associated with a transaction history
 \item token (assets): carry information about value and entity that issued the token
 \end{itemize}
 Bitcoin, and distributed ledger technologies (DLTs) in general, are account-based systems!
 Novelty is that the ledger is distributed (decentralized).
 \end{frame}
 
 
 \begin{frame}{Simplistic CBDC Designs}
   \framesubtitle{\url{https://taler.net/en/news/2022-07.html}}
   \begin{itemize}
 \item Account-based CBDC (e.g., Bindseil 2020, Berentsen and Schär 2018):
 \begin{itemize}
 \item simplest solution: central bank account for all
 \item responsibility to perform KYC and ensure AML/CFT (could be outsourced);
 \item potential for mass-surveillance (threat to CB independence);
 \item in direct competition with commercial banks
 \end{itemize} \pause
 \item Token-based CBDC:
 \begin{itemize}
 \item requires a system to ensure that electronic tokens are not easily copied
 (hardware-based or software-based) \\ $\rightarrow$ double-spending problem
 \item KYC and AML/CFT compliance?
 \end{itemize}
 \end{itemize}
 \end{frame}
 
 
 \section{What is Taler?}
 \begin{frame}{What is Taler?}
   \begin{center}
 Taler is an electronic instant payment system based on tokens.
   \end{center}
   \begin{itemize}
   \item Uses electronic coins stored in {\bf wallets} on customer's device
   \item Like {\bf cash}
   \item Pay in {\bf existing currencies} (i.e. CHF, EUR, USD, JPY)
   \end{itemize}
   \vfill
   \pause
  \noindent
  However, Taler is
   \begin{itemize}
     \item \emph{not} a currency
     \item \emph{not} a long-term store of value
     \item \emph{not} a network or instance of a system
     \item \emph{not} decentralized
     \item \emph{not} based on proof-of-work or proof-of-stake
     \item \emph{not} a speculative asset / ``get-rich-quick scheme''
   \end{itemize}
 \end{frame}
 
 
 \begin{frame}{Some of the people behind GNU Taler}
 {\tiny
 \begin{itemize}
   \item Prof. David Chaum (original research)
   \item Dr. Florian Dold (cryptography, systems engineering)
   \item Dr. Belén Barros Pena (UX design, accessibility)
   \item Prof. Christian Grothoff (research \& development)
   \item Prof. Andreas Habegger (research, hardware)
   \item Dr. Thomas Moser (economics)
   \item Dr. Richard Stallman (advisory)
   \item Leon Schumacher, MBA (business)
   \item Prof. Hansj\"urg Wenger (research, deployment)
   \item Dr. Michael Widmer, MBA (legal)
   \item Jonathan (iOS wallet)
   \item Marcello (bank integration)
   \item Marco (scalability, snack machine)
   \item \"Ozg\"ur (security audit, age restrictions)
   \item Sebastian (Web interface)
   \item Stefan (documentation, project management)
   \item Torsten (Andorid wallet)
 \end{itemize}
 }
 \end{frame}
 
 
 \begin{frame}{Design Principles}
   \framesubtitle{https://taler.net/en/principles.html}
 GNU Taler must ...
 \begin{enumerate}
   \item {... be implemented as {\bf free software}.}
   \item {... protect the {\bf privacy of buyers}.}
   \item {... must enable the state to {\bf tax income} and crack down on
     illegal business activities.}
   \item {... prevent payment fraud.}
   \item {... only {\bf disclose the minimal amount of information
     necessary}.}
   \item {... be usable.}
   \item {... be efficient.}
   \item {... avoid single points of failure.}
   \item {... foster {\bf competition}.}
 \end{enumerate}
 \end{frame}
 
 
 \begin{frame}{The Big Picture}
 \begin{center}
 \includegraphics[width=0.8\textwidth]{bp.png}
 \end{center}
 \end{frame}
 
 
 \begin{frame}{Taler: Unique Regulatory Features for CBs}
   \framesubtitle{\url{https://www.snb.ch/en/mmr/papers/id/working_paper_2021_03}}
   \begin{itemize}
     \item Central bank issues digital coins equivalent to issuing cash \\
           $\Rightarrow$ monetary policy remains under CB control
     \item Architecture with consumer accounts at commercial banks \\
           $\Rightarrow$ no competition for commercial banking (S\&L) \\
           $\Rightarrow$ CB does not have to manage KYC, customer support
     \item Withdrawal limits and denomination expiration \\
           $\Rightarrow$ protects against bank runs and hoarding
     \item Income transparency and possibility to set fees \\
           $\Rightarrow$ additional insights into economy and new policy options
     \item Revocation protocols and loss limitations \\
           $\Rightarrow$ exit strategy and handles catastrophic security incidents
     \item Privacy by cryptographic design not organizational compliance \\
           $\Rightarrow$ CB cannot be forced to facilitate mass-surveillance
   \end{itemize}
 \end{frame}
 
 
 \begin{frame}
 \frametitle{Taler Core Components}
   \framesubtitle{\url{https://taler.net/en/docs.html}}
 \begin{center}
 \scalebox{0.3}{
 \begin{tikzpicture}
  \tikzstyle{def} = [node distance= 5em and 6.5em, inner sep=1em, outer sep=.3em];
  \node (origin) at (0,0) {};
  \node (exchange) [def,above=of origin,draw]{Exchange};
  \node (customer) [def, draw, below left=of origin] {Customer};
  \node (merchant) [def, draw, below right=of origin] {Merchant};
  \node (auditor) [def, draw, above right=of origin]{Auditor};
 % \node (regulator) [def, draw, above=of auditor]{CSSF};
 
  \tikzstyle{C} = [color=black, line width=1pt]
 
  \draw [<-, C] (customer) -- (exchange) node [midway, above, sloped] (TextNode) {withdraw coins};
  \draw [<-, C] (exchange) -- (merchant) node [midway, above, sloped] (TextNode) {deposit coins};
  \draw [<-, C] (merchant) -- (customer) node [midway, above, sloped] (TextNode) {spend coins};
  \draw [<-, C] (exchange) -- (auditor) node [midway, above, sloped] (TextNode) {verify};
 % \draw [<-, C] (regulator) -- (auditor) node [midway, above, sloped] (TextNode) {report};
 
 \end{tikzpicture}
 }
 \end{center}
 {%\tiny
   \begin{itemize}
     \item {\bf Exchange:} Service provider for digital cash
       \begin{itemize}
         \item Core exchange software (cryptography, database)
         \item Air-gapped key management, real-time {\bf auditing}
        \end{itemize}
     \item {\bf Merchant:} Integration service for existing businesses
       \begin{itemize}
         \item Core merchant backend software (cryptography, database)
         \item Back-office interface for staff
         \item Frontend integration (E-commerce, Point-of-sale)
       \end{itemize}
     \item {\bf Wallet:} Consumer-controlled applications for e-cash
       \begin{itemize}
         \item Multi-platform wallet software (for browsers \& mobile phones)
         \item Wallet backup storage providers
        \end{itemize}
   \end{itemize}
 }
 \end{frame}
 
 
 \begin{frame}{Usability of Taler}
   \vfill
   \begin{center}
     \url{https://demo.taler.net/}
   \end{center}
   \begin{enumerate}
   \item Install browser extension.
   \item Visit the {\tt bank.demo.taler.net} to withdraw coins.
   \item Visit the {\tt shop.demo.taler.net} to spend coins.
   \end{enumerate}
   \vfill
 \end{frame}
 
 
 
 \begin{frame}{How does it work?}
   \framesubtitle{\url{https://taler.net/papers/thesis-dold-phd-2019.pdf}}
   We use a few ancient constructions:
   \begin{itemize}
   \item Cryptographic hash function (1989)
   \item Blind signature (1983)
   \item Schnorr signature (1989)
   \item Diffie-Hellman key exchange (1976)
   \item Cut-and-choose zero-knowledge proof (1985)
   \end{itemize}
 But of course we use modern instantiations.
 \end{frame}
 
 
 %\begin{frame}{Definition: Taxability}
 %  We say Taler is taxable because:
 %  \begin{itemize}
 %  \item Merchant's income is visible from deposits.
 %  \item Hash of contract is part of deposit data.
 %  \item State can trace income and enforce taxation.
 %  \end{itemize}\pause
 %  Limitations:
 %  \begin{itemize}
 %  \item withdraw loophole
 %  \item {\em sharing} coins among family and friends
 %  \end{itemize}
 %\end{frame}
 
 
 \begin{frame}{Exchange setup: Create a denomination key (RSA)}
    \begin{minipage}{6cm}
     \begin{enumerate}
     \item Pick random primes $p,q$.
     \item Compute $n := pq$, $\phi(n) = (p-1)(q-1)$
     \item Pick small $e < \phi(n)$ such that
           $d := e^{-1} \mod \phi(n)$ exists.
     \item Publish public key $(e,n)$.
     \end{enumerate}
   \end{minipage}
   \begin{minipage}{6cm}
   \begin{tikzpicture}
  \tikzstyle{def} = [node distance=1em and 1em, inner sep=0em, outer sep=.3em];
     \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}};
     \node (primes) [draw=none, below = of origin] at (0,0) {$(p, q)$};
     \node (seal) [def, draw=none, below left=of primes]{\includegraphics[width=0.15\textwidth]{seal.pdf}};
     \node (hammer) [def, draw=none, below right=of primes]{\includegraphics[width=0.15\textwidth]{hammer.pdf}};
 
     \tikzstyle{C} = [color=black, line width=1pt]
 
     \draw [<-, C] (primes) -- (origin) node [midway, above, sloped] (TextNode) {};
     \draw [<-, C] (seal) -- (primes) node [midway, above, sloped] (TextNode) {};
     \draw [<-, C] (hammer) -- (primes) node [midway, above, sloped] (TextNode) {};
   \end{tikzpicture}
 %  \includegraphics[width=0.4\textwidth]{seal.pdf}
   \end{minipage}
 \end{frame}
 
 
 \begin{frame}{Merchant: Create a signing key (EdDSA)}
   \begin{minipage}{6cm}
     \begin{itemize}
   \item pick random $m \mod o$ as private key
   \item $M = mG$ public key
   \end{itemize}
   \end{minipage}
   \begin{minipage}{6cm}
   \begin{tikzpicture}
    \tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer sep=.3em];
     \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}};
     \node (m) [draw=none, below = of origin] at (0,0) {$m$};
     \node (seal) [draw=none, below=of m]{M};
    \tikzstyle{C} = [color=black, line width=1pt]
 
     \draw [<-, C] (m) -- (origin) node [midway, above, sloped] (TextNode) {};
     \draw [<-, C] (seal) -- (primes) node [midway, above, sloped] (TextNode) {};
   \end{tikzpicture}
   \end{minipage}
   \parbox[t]{3cm}{{\bf Capability:} $m \Rightarrow$ }
   \raisebox{\dimexpr-\height+\baselineskip}{\includegraphics[width=0.1\textwidth]{merchant-sign.pdf}}
 \end{frame}
 
 
 \begin{frame}{Customer: Create a planchet (EdDSA)}
   \begin{minipage}{8cm}
   \begin{itemize}
   \item Pick random $c \mod o$ private key
   \item $C = cG$ public key
   \end{itemize}
   \end{minipage}
   \begin{minipage}{4cm}
   \begin{tikzpicture}
    \tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer sep=.3em];
     \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}};
     \node (c) [draw=none, below = of origin] at (0,0) {$c$};
     \node (planchet) [draw=none, below=of c]{\includegraphics[width=0.4\textwidth]{planchet.pdf}};
     \tikzstyle{C} = [color=black, line width=1pt]
 
     \draw [<-, C] (c) -- (origin) node [midway, above, sloped] (TextNode) {};
     \draw [<-, C] (planchet) -- (c) node [midway, above, sloped] (TextNode) {};
   \end{tikzpicture}
   \end{minipage}
   \parbox[t]{3cm}{{\bf Capability:} $c \Rightarrow$ }
   \raisebox{\dimexpr-\height+\baselineskip}{\includegraphics[width=0.1\textwidth]{planchet-sign.pdf}}
 \end{frame}
 
 
 \begin{frame}{Customer: Blind planchet (RSA)}
   \begin{minipage}{6cm}
     \begin{enumerate}
     \item Obtain public key $(e,n)$
     \item Compute $f := FDH(C)$, $f < n$.
     \item Pick blinding factor $b \in \mathbb Z_n$
     \item Transmit $f' := f b^e \mod n$
     \end{enumerate}
   \end{minipage}
   \begin{minipage}{6cm}
   \begin{tikzpicture}
    \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em];
     \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}};
     \node (b) [def, draw=none, below = of origin] at (0,-0.2) {$b$};
     \node (blinded) [def, draw=none, below right=of b]{\includegraphics[width=0.2\textwidth]{blinded.pdf}};
     \node (planchet) [def, draw=none, above right=of blinded]{\includegraphics[width=0.15\textwidth]{planchet.pdf}};
     \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange};
     \tikzstyle{C} = [color=black, line width=1pt]
 
     \draw [<-, C] (b) -- (origin) node [midway, above, sloped] (TextNode) {};
     \draw [<-, C] (blinded) -- (planchet) node [midway, above, sloped] (TextNode) {};
     \draw [<-, C] (blinded) -- (b) node [midway, above, sloped] (TextNode) {};
     \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}};
   \end{tikzpicture}
   \end{minipage}
 \end{frame}
 
 
 \begin{frame}{Exchange: Blind sign (RSA)}
    \begin{minipage}{6cm}
     \begin{enumerate}
     \item Receive $f'$.
     \item Compute $s' := f'^d \mod n$.
     \item Send signature $s'$.
     \end{enumerate}
    \end{minipage}
   \begin{minipage}{6cm}
   \begin{tikzpicture}
    \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em];
     \node (hammer) [def, draw=none] at (0,0) {\includegraphics[width=0.15\textwidth]{hammer.pdf}};
     \node (signed) [def, draw=none, below left=of hammer]{\includegraphics[width=0.2\textwidth]{sign.pdf}};
     \node (blinded) [def, draw=none, above left=of signed]{\includegraphics[width=0.15\textwidth]{blinded.pdf}};
     \node (customer) [node distance=4em and 0.5em, draw, below =of signed]{Customer};
     \tikzstyle{C} = [color=black, line width=1pt]
 
     \draw [<-, C] (signed) -- (hammer) node [midway, above, sloped] (TextNode) {};
     \draw [<-, C] (signed) -- (blinded) node [midway, above, sloped] (TextNode) {};
     \draw [<-, C] (customer) -- (signed) node [midway, above, sloped] (TextNode) {{\small transmit}};
   \end{tikzpicture}
   \end{minipage}
 \end{frame}
 
 
 \begin{frame}{Customer: Unblind coin (RSA)}
   \begin{minipage}{6cm}
    \begin{enumerate}
     \item Receive $s'$.
     \item Compute $s := s' b^{-1} \mod n$ % \\
     % ($(f')^d = (f b^e)^d = f^d b$).
     \end{enumerate}
    \end{minipage}
   \begin{minipage}{6cm}
   \begin{tikzpicture}
    \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em];
     \node (b) [def, draw=none] at (0,0) {$b$};
     \node (coin) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{coin.pdf}};
     \node (signed) [def, draw=none, above left=of coin]{\includegraphics[width=0.15\textwidth]{sign.pdf}};
     \tikzstyle{C} = [color=black, line width=1pt]
 
     \draw [<-, C] (coin) -- (b) node [midway, above, sloped] (TextNode) {};
     \draw [<-, C] (coin) -- (signed) node [midway, above, sloped] (TextNode) {};
   \end{tikzpicture}
   \end{minipage}
 \end{frame}
 
 
 \begin{frame}{Customer: Build shopping cart}
   \begin{center}
   \begin{tikzpicture}
    \tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer sep=.3em];
     \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{shop.pdf}};
     \node (cart) [draw=none, below=of m]{\includegraphics[width=0.2\textwidth]{cart.pdf}};
     \node (merchant) [node distance=4em and 0.5em, draw, below =of cart]{Merchant};
     \tikzstyle{C} = [color=black, line width=1pt];
     \draw [<-, C] (cart) -- (origin) node [midway, above, sloped] (TextNode) {};
     \draw [<-, C] (merchant) -- (cart) node [midway, above, sloped] (TextNode) {{\small transmit}};
   \end{tikzpicture}
   \end{center}
 \end{frame}
 
 
 \begin{frame}{Merchant: Propose contract (EdDSA)}
    \begin{minipage}{6cm}
    \begin{enumerate}
     \item Complete proposal $D$.
     \item Send $D$, $EdDSA_m(D)$
     \end{enumerate}
    \end{minipage}
   \begin{minipage}{6cm}
   \begin{tikzpicture}
    \tikzstyle{def} = [node distance=2em and 0.5em, inner sep=0em, outer sep=.3em];
     \node (cart) [def, draw=none] at (0,0) {\includegraphics[width=0.15\textwidth]{cart.pdf}};
     \node (proposal) [def, draw=none, below right=of cart]{\includegraphics[width=0.5\textwidth]{merchant_propose.pdf}};
     \node (customer) [node distance=4em and 0.5em, draw, below =of proposal]{Customer};
     \tikzstyle{C} = [color=black, line width=1pt];
     \node (sign) [def, draw=none, above right=of proposal] {$m$};
     \tikzstyle{C} = [color=black, line width=1pt]
 
     \draw [<-, C] (proposal) -- (sign) node [midway, above, sloped] (TextNode) {};
     \draw [<-, C] (proposal) -- (cart) node [midway, above, sloped] (TextNode) {};
     \draw [<-, C] (customer) -- (proposal) node [midway, above, sloped] (TextNode) {{\small transmit}};
   \end{tikzpicture}
   \end{minipage}
 \end{frame}
 
 
 \begin{frame}{Customer: Spend coin (EdDSA)}
   \begin{minipage}{6cm}
    \begin{enumerate}
     \item Receive proposal $D$, $EdDSA_m(D)$.
     \item Send $s$, $C$, $EdDSA_c(D)$
     \end{enumerate}
    \end{minipage}
   \begin{minipage}{6cm}
   \begin{tikzpicture}
    \tikzstyle{def} = [node distance=2em and 0.4em, inner sep=0em, outer sep=.3em];
     \node (proposal) [def, draw=none] at (0,0) {\includegraphics[width=0.15\textwidth]{merchant_propose.pdf}};
     \node (contract) [def, draw=none, below right=of cart]{\includegraphics[width=0.3\textwidth]{contract.pdf}};
     \node (c) [def, draw=none, above=of contract] {$c$};
     \node (merchant) [node distance=4em and 0.5em, draw, below=of contract]{Merchant};
     \node (coin) [def, draw=none, right=of contract]{\includegraphics[width=0.2\textwidth]{coin.pdf}};
     \tikzstyle{C} = [color=black, line width=1pt]
 
     \draw [<-, C] (contract) -- (c) node [midway, above, sloped] (TextNode) {};
     \draw [<-, C] (contract) -- (proposal) node [midway, above, sloped] (TextNode) {};
     \draw [<-, C] (merchant) -- (contract) node [midway, above, sloped] (TextNode) {{\small transmit}};
     \draw [<-, C] (merchant) -- (coin) node [midway, below, sloped] (TextNode) {{\small transmit}};
   \end{tikzpicture}
   \end{minipage}
 \end{frame}
 
 
 \begin{frame}{Merchant and Exchange: Verify coin (RSA)}
    \begin{minipage}{6cm}
  \begin{equation*}
    s^e \stackrel{?}{\equiv} FDH(C) \mod n
    \end{equation*}
    \end{minipage}
   \begin{minipage}{6cm}
   \begin{minipage}{0.2\textwidth}
     \includegraphics[width=\textwidth]{coin.pdf}
   \end{minipage}
   $\stackrel{?}{\Leftrightarrow}$
   \begin{minipage}{0.2\textwidth}
     \includegraphics[width=\textwidth]{seal.pdf}
   \end{minipage}
   \end{minipage}
   \vfill
   The exchange does not only verify the signature, but also
   checks that the coin was not double-spent.
   \vfill
   \pause
   \begin{center}
   {\bf Taler is an online payment system.}
   \end{center}
   \vfill
 \end{frame}
 
 
 \begin{frame}{Requirements: Online vs. Offline Digital Currencies}
 \framesubtitle{\url{https://taler.net/papers/euro-bearer-online-2021.pdf}}
 \begin{itemize}
     \item Offline capabilities are sometimes cited as a requirement for digital payment solutions
     \item All implementations must either use restrictive hardware elements and/or introduce
       counterparty risk.
     \item[$\Rightarrow$] Permanent offline features weaken a digital payment solution (privacy, security)
     \item[$\Rightarrow$] Introduces unwarranted competition for physical cash (endangers emergency-preparedness).
   \end{itemize}
   We recommend a tiered approach:
       \begin{enumerate}
         \item Online-first, bearer-based digital currency with Taler
         \item (Optional:) Limited offline mode for network outages
         \item Physical cash for emergencies (power outage, catastrophic cyber incidents)
       \end{enumerate}
 \end{frame}
 
 
 \begin{frame}{Scalability}
 On paper, the design scales linearly with computing resources:
 \begin{itemize}
 \item Front-end logic at the central bank only needs to perform a few signature operations, a
 single CPU core can typically do a few thousands per second.
 \item Front-end servers need to talk to a database to prevent double-spending. A single database server can handle tens of thousands of such operations per second.
 \item All operations are easily split across multiple database servers by simply assigning
 each database server a range of values.
 \item The frontends need to talk to the backends using an interconnect. The size of an
 individual transaction is typically about 1–10 kilobytes. Modern interconnects
 can support millions of such transactions per second.
 \item To securely store 1-10 kilobytes per transaction, using AWS pricing, the cost of the
 system (storage, bandwidth, computation) at scale would be 0.0001 USD per transaction.
 \end{itemize}
 \end{frame}
 
 
 \begin{frame}{Scalability in numbers}
 \framesubtitle{\url{https://taler.net/en/news/2022-06.html}}
 On a {\bf single desktop system}, we measured:
 \begin{itemize}
 \item {\bf 1k+} withdraws\&deposits/second (client and server doing 2048-bit RSA)
 \item {\bf 50k+} import inbound wire transfers per second (to RTGS)
 \item {\bf 33k+} transactions aggregated/second
 \item {\bf 62k+} export outbound wire transfers per second (to RTGS)
 \end{itemize}\pause
 \vfill
 In a distributed experiment on {\bf Grid5000}, we measured
 \begin{center}
   {\bf 28'500+} transactions (withdraw\&deposits)/second
 \end{center}
 as part of a Bacherlor's thesis. Opportunties for further improvement were identified.
 \end{frame}
 
 
 \begin{frame}{Taler: Project Status}
 \framesubtitle{\url{https://docs.taler.net/}}
 \begin{itemize}
     \item Cryptographic protocols and core exchange component are stable
     \item Current focus: KYC process at commercial bank, age-restricted payments, programmability, P2P payments
     \item Internal alpha deployment with a commercial bank in progress
     \item Pilot project at Bern University of Applied Sciences cafeteria
   \end{itemize}
 \begin{center}
 \includegraphics[width=0.7\textwidth]{taler-in-use.png}
  \end{center}
 \end{frame}
 
 
 \section{Competitor comparison}
 \begin{frame}{Competitor comparison}
   \begin{center} \small
     \begin{tabular}{l||c|c|c|c|c}
                 & Cash     &  DLT      & HW-Token & CB-Account & GNU Taler \\ \hline \hline
     Online      &$-$$-$$-$ &   +       &    $-$   &     ++     &   +++     \\ \hline
     Offline     & +++      & $-$$-$$-$ &    $+$   &  $-$$-$    &   $-$$-$  \\ \hline
     Cost        & $-$      & $-$$-$$-$ &    $-$   &     +      &   ++      \\ \hline
     Speed       & +        & $-$$-$$-$ &    $+$   &     o      &   ++      \\ \hline
     Taxation    & $-$      &   +++     &  $-$$-$  &    +++     &  +++      \\ \hline
     Payer-anon  &  ++      &  $-$$-$   &    ???   &  $-$$-$    &  +++      \\ \hline
     Payee-anon  & ++       &  $-$$-$   &    ???   &  $-$$-$    & $-$$-$$-$ \\ \hline
     Security    &  $-$     &    ???    &  $-$$-$  &     o      &  ++       \\ \hline
     Migration   & +++      & $-$$-$$-$ & $-$$-$$-$&     o      &  +        \\ \hline
     Libre       &  $-$     &    ???    & $-$$-$$-$&    N/A     &  +++      \\
   \end{tabular}
   \end{center}
 \end{frame}
 
 
 \begin{frame}{Taler Systems SA: Commercial support}
   \framesubtitle{\url{https://taler-systems.com/}}
   Pilots with banking organizations often involve:
   \begin{itemize}
     \item Share knowledge on Taler deployment (training package)
     \item Provide deployment for evaluation (sandbox package)
     \item Support integration with core banking (integration package)
   \end{itemize}
   \hfill
   \begin{center}
     {\bf Contact me or Leon Schumacher for details.}
   \end{center}
 \end{frame}
 
 
 \begin{frame}
 \frametitle{Do you have any questions?}
 \vfill
 References:
 {\tiny
 \begin{enumerate}
  \item{David Chaum, Christian Grothoff and Thomas Moser.
        {\em How to issue a central bank digital currency}.
        {\bf SNB Working Papers, 2021}.}
  \item{Christian Grothoff, Bart Polot and Carlo von Loesch.
        {\em The Internet is broken: Idealistic Ideas for Building a GNU Network}.
        {\bf W3C/IAB Workshop on Strengthening the Internet Against Pervasive Monitoring (STRINT)}, 2014.}
  \item{Jeffrey Burdges, Florian Dold, Christian Grothoff and Marcello Stanisci.
        {\em Enabling Secure Web Payments with GNU Taler}.
        {\bf SPACE 2016}.}
  \item{Florian Dold, Sree Harsha Totakura, Benedikt M\"uller, Jeffrey Burdges and Christian Grothoff.
        {\em Taler: Taxable Anonymous Libre Electronic Reserves}.
        Available upon request. 2016.}
  \item{Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer and Madars Virza.
        {\em Zerocash: Decentralized Anonymous Payments from Bitcoin}.
        {\bf IEEE Symposium on Security \& Privacy, 2016}.}
  \item{David Chaum, Amos Fiat and Moni Naor.
        {\em Untraceable electronic cash}.
        {\bf Proceedings on Advances in Cryptology, 1990}.}
   \item{Phillip Rogaway.
        {\em The Moral Character of Cryptographic Work}.
        {\bf Asiacrypt}, 2015.} \label{bib:rogaway}
 \end{enumerate}
 }
 \end{frame}
 
 
 \end{document}