marketing

bank.tex (47340B)

---

 \pdfminorversion=3
 \documentclass[fleqn,xcolor={usenames,dvipsnames}]{beamer}
 \usepackage{amsmath}
 \usepackage{multimedia}
 \usepackage[utf8]{inputenc}
 \usepackage{framed,color,ragged2e}
 \usepackage[absolute,overlay]{textpos}
 \usepackage{adjustbox}
 \definecolor{shadecolor}{rgb}{0.8,0.8,0.8}
 \usetheme{boxes}
 \setbeamertemplate{navigation symbols}{}
 \usepackage{xcolor}
 \usepackage{tikz,eurosym}
 \usepackage[normalem]{ulem}
 \usepackage{listings}
 
 % CSS
 \lstdefinelanguage{CSS}{
   basicstyle=\ttfamily\scriptsize,
   keywords={color,background-image:,margin,padding,font,weight,display,position,top,left,right,bottom,list,style,border,size,white,space,min,width, transition:, transform:, transition-property, transition-duration, transition-timing-function},
   sensitive=true,
   morecomment=[l]{//},
   morecomment=[s]{/*}{*/},
   morestring=[b]',
   morestring=[b]",
   alsoletter={:},
   alsodigit={-}
 }
 
 % JavaScript
 \lstdefinelanguage{JavaScript}{
   basicstyle=\ttfamily\scriptsize,
   morekeywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break},
   morecomment=[s]{/*}{*/},
   morecomment=[l]//,
   morestring=[b]",
   morestring=[b]'
 }
 
 \lstdefinelanguage{HTML5}{
   basicstyle=\ttfamily\scriptsize,
   language=html,
   sensitive=true,
   alsoletter={<>=-},
   morecomment=[s]{<!-}{-->},
   tag=[s],
   otherkeywords={
   % General
   >,
   % Standard tags
 	<!DOCTYPE,
   </html, <html, <head, <title, </title, <style, </style, <link, </head, <meta, />,
 	% body
 	</body, <body,
 	% Divs
 	</div, <div, </div>,
 	% Paragraphs
 	</p, <p, </p>,
 	% scripts
 	</script, <script,
   % More tags...
   <canvas, /canvas>, <svg, <rect, <animateTransform, </rect>, </svg>, <video, <source, <iframe, </iframe>, </video>, <image, </image>
   },
   ndkeywords={
   % General
   =,
   % HTML attributes
   charset=, src=, id=, width=, height=, style=, type=, rel=, href=,
   % SVG attributes
   fill=, attributeName=, begin=, dur=, from=, to=, poster=, controls=, x=, y=, repeatCount=, xlink:href=,
   % CSS properties
   margin:, padding:, background-image:, border:, top:, left:, position:, width:, height:,
 	% CSS3 properties
   transform:, -moz-transform:, -webkit-transform:,
   animation:, -webkit-animation:,
   transition:,  transition-duration:, transition-property:, transition-timing-function:,
   }
 }
 
 \lstdefinelanguage{JavaScript}{
   basicstyle=\ttfamily\scriptsize,
   keywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break, for},
   keywordstyle=\color{blue}\bfseries,
   ndkeywords={class, export, boolean, throw, implements, import, this},
   ndkeywordstyle=\color{darkgray}\bfseries,
   identifierstyle=\color{black},
   sensitive=false,
   comment=[l]{//},
   morecomment=[s]{/*}{*/},
   commentstyle=\color{purple}\ttfamily,
   stringstyle=\color{red}\ttfamily,
   morestring=[b]',
   morestring=[b]"
 }
 
 \usetikzlibrary{shapes,arrows}
 \usetikzlibrary{positioning}
 \usetikzlibrary{calc}
 
 \title{GNU Taler}
 \subtitle{Deployment Plan 2021}
 
 \setbeamertemplate{navigation symbols}{\includegraphics[width=1cm]{inria.pdf} \includegraphics[width=0.5cm]{gnu.png} \includegraphics[width=0.5cm]{ashoka.png}\hfill}
 %\setbeamercovered{transparent=1}
 
 \author{F. Dold, C. Grothoff, L. Schumacher}
 \date{\today}
 \institute{Taler Systems SA}
 
 
 \begin{document}
 
 \justifying
 
 \begin{frame}
   \begin{center}
     \LARGE {\bf GNU}
 
     \vfill
     \includegraphics[width=0.66\textwidth]{logo-2020.jpg}
   \end{center}
 \begin{textblock*}{4cm}(.5cm,6.5cm) % {block width} (coords)
   {\Large {\bf \url{taler.net}} \\
     IRC{\bf \#taler} \\
     {\small (on freenode)} \\
     twitter@taler \\
     mail@taler.net }
 \end{textblock*}
 
 % Substitute based on who is giving the talk!
  \begin{textblock*}{6cm}(6.7cm,7.7cm) % {block width} (coords)
    {\hfill {\Large {\bf Florian Dold \&} \\
     \hfill {\bf Christian Grothoff}} \\
     \hfill \{dold,grothoff\}@taler.net }
 \end{textblock*}
 
 \end{frame}
 
 
 \section{Introduction}
 
 \begin{frame}{What is Taler?}
   \vfill
 \begin{center}
 \includegraphics[width=0.7\textwidth]{operations.png}
 \end{center}
 \end{frame}
 
 
 \begin{frame}{Design goals for the GNU Taler Payment System}
 GNU Taler must ...
 \begin{enumerate}
   \item {... be implemented as {\bf free software}.}
   \item {... protect the {\bf privacy of buyers}.}
   \item {... must enable the state to {\bf tax income} and crack down on
     illegal business activities.}
   \item {... prevent payment fraud.}
   \item {... only {\bf disclose the minimal amount of information
     necessary}.}
   \item {... be usable.}
   \item {... be efficient.}
   \item {... avoid single points of failure.}
   \item {... foster {\bf competition}.}
 \end{enumerate}
 \end{frame}
 
 
 \section{Architecture}
 
 \begin{frame}
   \vfill
   \begin{center}
     {\bf Part I: Architecture}
   \end{center}
   \vfill
 \end{frame}
 
 
 \begin{frame}{Taler Overview}
 \begin{center}
 \begin{tikzpicture}
  \tikzstyle{def} = [node distance= 5em and 6.5em, inner sep=1em, outer sep=.3em];
  \node (origin) at (0,0) {};
  \node (exchange) [def,above=of origin,draw]{Exchange};
  \node (customer) [def, draw, below left=of origin] {Customer};
  \node (merchant) [def, draw, below right=of origin] {Merchant};
  \node (auditor) [def, draw, above right=of origin]{Auditor};
 
  \tikzstyle{C} = [color=black, line width=1pt]
 
  \draw [<-, C] (customer) -- (exchange) node [midway, above, sloped] (TextNode) {withdraw coins};
  \draw [<-, C] (exchange) -- (merchant) node [midway, above, sloped] (TextNode) {deposit coins};
  \draw [<-, C] (merchant) -- (customer) node [midway, above, sloped] (TextNode) {spend coins};
  \draw [<-, C] (exchange) -- (auditor) node [midway, above, sloped] (TextNode) {verify};
 
 \end{tikzpicture}
 \end{center}
 \end{frame}
 
 
 \begin{frame}[fragile]{Taler: Bank Perspective}
 \begin{adjustbox}{max totalsize={.9\textwidth}{.7\textheight},center}
 \begin{tikzpicture}
  \tikzstyle{def} = [node distance= 5em and 6.5em, inner sep=1em, outer sep=.3em];
  \node (origin) at (0,0) {};
  \node (exchange) [def,above=of origin,draw]{Exchange};
  \node (nexus) [def, draw, below right=of exchange] {Nexus};
  \node (corebanking) [def, draw, below left=of nexus] {Core Banking};
  \node (nginx) [def, draw, above=of exchange]{Nginx};
  \node (postgres) [def, draw, below left=of exchange]{Postgres};
  \node (postgres-nexus) [def, draw, below right=of nexus]{Postgres};
 
  \tikzstyle{C} = [color=black, line width=1pt]
 
  \draw [<-, C] (exchange) -- (nginx) node [midway, above, sloped] (TextNode) {REST API};
  \draw [<-, C] (postgres) -- (exchange) node [midway, above, sloped] (TextNode) {SQL};
  \draw [<-, C] (postgres-nexus) -- (nexus) node [midway, above, sloped] (TextNode) {SQL};
  \draw [<-, C] (nexus) -- (exchange) node [midway, above, sloped] (TextNode) {Internal REST API};
  \draw [<-, C] (corebanking) -- (nexus) node [midway, above, sloped] (TextNode) {EBICS/FinTS};
 
 \end{tikzpicture}
 \end{adjustbox}
 \end{frame}
 
 
 \begin{frame}{Taler: Exchange Details}
 \begin{center}
 \begin{tikzpicture}
  \tikzstyle{def} = [node distance=2em and 2.5em, inner sep=1em, outer sep=.3em];
  \node (origin) at (0,0) {};
  \node (httpd) [def,above=of origin,draw]{httpd};
  \node (secmod-rsa) [def, draw, right=of httpd] {secmod-rsa};
  \node (secmod-eddsa) [def, draw, left=of httpd] {secmod-eddsa};
  \node (postgres) [def, draw, below=of httpd]{Postgres};
  \node (aggregator) [def, draw, right=of postgres]{aggregator};
  \node (transfer) [def, draw, below left=of postgres]{transfer};
  \node (wirewatch) [def, draw, below right=of postgres]{wirewatch};
  \node (nexus) [def, draw, below=of postgres]{Nexus};
 
  \tikzstyle{C} = [color=black, line width=1pt]
 
  \draw [<->, C] (httpd) -- (postgres) node [midway, above, sloped] (TextNode) {};
  \draw [<->, C] (httpd) -- (secmod-rsa) node [midway, above, sloped] (TextNode) {};
  \draw [<->, C] (httpd) -- (secmod-eddsa) node [midway, above, sloped] (TextNode) {};
  \draw [<->, C] (aggregator) -- (postgres) node [midway, above, sloped] (TextNode) {};
  \draw [<->, C] (wirewatch) -- (postgres) node [midway, above, sloped] (TextNode) {};
  \draw [<->, C] (transfer) -- (postgres) node [midway, above, sloped] (TextNode) {};
  \draw [->, C] (transfer) -- (nexus) node [midway, above, sloped] (TextNode) {};
  \draw [<-, C] (wirewatch) -- (nexus) node [midway, above, sloped] (TextNode) {};
 \end{tikzpicture}
 \end{center}
 \end{frame}
 
 
 \begin{frame}
 \frametitle{Taler: Auditor Details}
 \begin{center}
 \begin{tikzpicture}
  \tikzstyle{def} = [node distance=2em and 2.5em, inner sep=1em, outer sep=.3em];
  \node (origin) at (0,0) {};
  \node (httpd) [def,above left=of origin,draw]{auditor-httpd};
  \node (report) [def,above right=of origin,draw]{auditor-report};
  \node (postgres-A) [def, draw, below=of origin] {Postgres (Auditor)};
  \node (postgres-E) [def, draw, below=of postgres-A] {Postgres (Bank)};
 
  \tikzstyle{C} = [color=black, line width=1pt]
 
  \draw [->, C] (postgres-E) -- (postgres-A) node [midway, above, sloped] (TextNode) {sync};
  \draw [<->, C] (httpd) -- (postgres-A) node [midway, above, sloped] (TextNode) {};
  \draw [<->, C] (report) -- (postgres-A) node [midway, above, sloped] (TextNode) {};
 \end{tikzpicture}
 \end{center}
 \end{frame}
 
 
 \begin{frame}
 \frametitle{Taler: Merchant Details}
 \begin{center}
 \begin{tikzpicture}
  \tikzstyle{def} = [node distance= 5em and 4.5em, inner sep=1em, outer sep=.3em];
  \node (origin) at (0,0) {};
  \node (frontend) [def,above=of origin,draw]{merchant-frontend};
  \node (backend) [def,below=of frontend,draw]{taler-backend};
  \node (postgres) [def, draw, below left=of backend] {Postgres};
  \node (sqlite) [def, draw, below=of backend] {Sqlite};
  \node (alt) [def, draw, below right=of backend] {...};
 
  \tikzstyle{C} = [color=black, line width=1pt]
 
  \draw [->, C] (frontend) -- (backend) node [midway, above, sloped] (TextNode) {REST API};
  \draw [<->, C] (backend) -- (postgres) node [midway, above, sloped] (TextNode) {SQL};
  \draw [<->, C] (backend) -- (sqlite) node [midway, above, sloped] (TextNode) {SQL};
  \draw [<->, C] (backend) -- (alt) node [midway, above, sloped] (TextNode) {SQL};
 \end{tikzpicture}
 \end{center}
 \end{frame}
 
 
 \begin{frame}
 \frametitle{Taler: Wallet Details}
 \begin{center}
 \begin{tikzpicture}
  \tikzstyle{def} = [node distance= 5em and 4.5em, inner sep=1em, outer sep=.3em];
  \node (origin) at (0,0) {};
  \node (gui) [def,above=of origin,draw]{wallet-gui};
  \node (core) [def,below=of gui,draw]{wallet-core};
  \node (sync) [def, draw, below left=of core] {Sync};
  \node (taler) [def, draw, below right=of core] {Taler};
  \node (anastasis) [def, draw, below=of core] {Anastasis};
 
  \tikzstyle{C} = [color=black, line width=1pt]
  \draw [<->, C] (gui) -- (core) node [midway, above, sloped] (TextNode) {};
  \draw [<->, C] (core) -- (sync) node [midway, above, sloped] (TextNode) {Backup};
  \draw [<->, C] (core) -- (taler) node [midway, above, sloped] (TextNode) {Payment};
  \draw [<->, C] (core) -- (anastasis) node [midway, above, sloped] (TextNode) {Key Escrow};
 \end{tikzpicture}
 \end{center}
 \end{frame}
 
 \begin{frame}
 \frametitle{High-level Deployment Recipe}
 \dots as a bank
 \begin{enumerate}
   \item Create an escrow bank account for the exchange with EBICS access
   \item Provision offline signing machine (or account during testing)
   \item Provision two PostgreSQL databases (for LibEuFin Nexus and exchange)
   \item Provision user-facing exchange service and secmod processes
   \item Provision LibEuFin Nexus (connected to escrow account and providing
     an internal API to the exchange)
   \item Test using the ``taler-wallet-cli``
 \end{enumerate}
 \end{frame}
 
 
 \section{Integration with the core banking system}
 
 \begin{frame}
   \vfill
   \begin{center}
     {\bf Part II: Integration with the core banking system}
   \end{center}
   \vfill
 \end{frame}
 
 \begin{frame}{Exchange escrow account access}
 The Taler exchange needs to communicate with the core banking system \dots
 \begin{itemize}
   \item to query for transactions into the exchange's escrow account
   \item to initiate payments of aggregated Taler deposits to merchants
 \end{itemize}
 
 In a Taler deployment, the \emph{Taler Wire Gateway} provides an API to the exchange
 for Taler-specific access to the Exchange's escrow account.  Multiple implementations
 of the Taler Wire Gateway exist:
 
 \begin{itemize}
   \item a self-contained play money demo bank
   \item LibEuFin, an adapter to EBICS and other protocols
 \end{itemize}
 
 \end{frame}
 
 \begin{frame}{LibEuFin}
   LibEuFin is a standalone project that provides adapters to bank account
   access APIs.
 
   \begin{itemize}
     \item LibEuFin provides both a generic access layer and an
       implementation of the Taler Wire Gateway API for the exchange
     \item currently, only EBICS 2.5 is supported
     \item other APIs such as FinTS or PSD2-style XS2A APIs can be added
       without requiring changes to the Exchange
     \item tested with a GLS business account
   \end{itemize}
 \end{frame}
 
 \begin{frame}{LibEuFin Concepts}
   \begin{itemize}
     \item A LibEuFin \emph{bank connection} is a set of credentials and parameters
       to talk to the bank's account access API.
     \item A LibEuFin \emph{bank account} is the information about a bank
       account (balances, transactions, payment initiations) stored locally
       within the LibEuFin service.  A LibEuFin bank account has a default Bank
       Connection that is used to communicate with the bank's API.
     \item A \emph{facade} provides a domain-specific access layer to bank accounts
       and connections.  The \emph{Taler Wire Gateway Facade} implements the
       API required by the Taler exchange and translates it to operations on the
       underlying account/connection.
   \end{itemize}
 \end{frame}
 
 \begin{frame}{LibEuFin Tooling}
   \begin{itemize}
     \item \texttt{libeufin-nexus} is the main service
     \item Almost all configuration (except DB credentials)
       is stored in the database and managed via a RESTful HTTP API
     \item \texttt{libeufin-sandbox} implements a toy EBICS host for protocol
       testing
     \item \texttt{libeufin-cli} is client for the HTTP API (only implements a subset
       of available functionality)
   \end{itemize}
 \end{frame}
 
 \begin{frame}{LibEuFin Setup Overview}
   \begin{itemize}
     \item Obtain EBICS subscriber configuration (host URL, host ID, user ID,
       partner ID) for the Exchange's escrow account
     \item Deploy the LibEuFin Nexus service
     \item Create a new LibEuFin bank connection (of type \texttt{ebics})
     \item Export and back up the key material for the bank connection (contains
       EBICS subscriber configuration and private keys)
     \item Send subscriber initialization to the EBICS host (electronically)
     \item Export key letter and activate subscriber in the EBICS host (manually)
     \item Synchronize the bank connection
     \item Import the account into LibEuFin
     \item Create a Taler Wire Gateway facade
     \item Set up scheduled tasks for ingesting new transactions / sending payment
       initiations
   \end{itemize}
 \end{frame}
 
 
 
 \begin{frame}{LibEuFin Implementation Limitations}
   \begin{itemize}
     \item LibEuFin is less stable than other Taler components, and future
       updates might contain breaking changes (tooling, APIs and database
       schema)
     \item Error handling and recovery is still rather primitive
     \item The Taler Wire Gateway does not yet implement automatic return
       transactions when transactions with a malformed subject (i.e.  no reserve
       public key) are received
   \end{itemize}
 \end{frame}
 
 \begin{frame}{LibEuFin EBICS Limitations}
   The GLS accounts with EBICS access that we have access to have some limitations:
   \begin{itemize}
     \item SEPA Instant Credit Transfers aren't supported yet
     \item Erroneous payment initiations are accepted by the GLS EBICS host,
       but an error message is later sent only by paper mail (and not reported
       by the CRZ download request)
     \item Limited access to transaction history (3 months)
   \end{itemize}
 \end{frame}
 
 \begin{frame}[fragile]{LibEuFin Setup Guide}
 \vfill
 \begin{center}
 \url{https://docs.taler.net/libeufin/nexus-tutorial.html}
 \end{center}
 \vfill
 \end{frame}
 
 
 \section{Operator security considerations}
 
 \begin{frame}
   \vfill
   \begin{center}
     {\bf Part III: Operator security considerations}
   \end{center}
   \vfill
 \end{frame}
 
 
 \begin{frame}{Key management}
 Taler has many types of keys:
 \begin{itemize}
 \item Coin keys
 \item Denomination keys
 \item Online message signing keys
 \item Offline key signing keys
 \item Merchant keys
 \item Auditor key
 \item Security module keys
 \item Transfer keys
 \item Wallet keys
 \item {\em TLS keys, DNSSEC keys}
 \end{itemize}
 \end{frame}
 
 
 \begin{frame}{Offline keys}
 Both exchange and auditor use offline keys.
 \begin{itemize}
 \item Those keys must be backed up and remain highly confidential!
 \item We recommend that computers that have ever had access to those
       keys to NEVER again go online.
 \item We recommend using a Raspberry Pi for offline key operations.
       Store it in a safe under multiple locks and keys.
 \item Apply full-disk encryption on offline-key signing systems.
 \item Have 3--5 full-disk backups of offline-key signing systems.
 \end{itemize}
 \begin{center}
 \includegraphics[scale=0.1]{pi.png}
 \end{center}
 \end{frame}
 
 
 \begin{frame}{Online keys}
 The exchange needs RSA and EdDSA keys to be available for online signing.
 \begin{itemize}
 \item Knowledge of these private keys will allow an adversary to
       mint digital cash, possibly resulting in huge financial losses
       (eventually, this will be detected by the auditor, but only
        after some financial losses have been irrevocably incurred).
 \item The corresponding public keys are certified using
       Taler's public key infrastructure (which uses offline-only keys).
 \end{itemize}
 \begin{center}
 \includegraphics[width=0.5\textwidth]{taler-diagram-signatures.png}
 \end{center}
 \vfill
 {\tt taler-exchange-offline} can also be used to {\bf revoke} the
 online signing keys, if we find they have been compromised.
 \vfill
 \end{frame}
 
 
 \begin{frame}{Protecting online keys}
 The exchange needs RSA and EdDSA keys to be available for online signing.
 \begin{itemize}
 \item {\tt taler-exchange-secmod-rsa} and {\tt taler-exchange-secmod-eddsa}
       are the only processes that must have access to the private keys.
 \item The secmod processes should run under a different UID, but share
       the same GID with the exchange.
 \item The secmods generate the keys, allow {\tt taler-exchange-httpd} to sign with
       them, and eventually delete the private keys.
 \item Communication between secmods and {\tt taler-exchange-httpd} is via
       a UNIX domain socket.
 \item Online private keys are stored on disk (not in database!) and should
       NOT be backed up (RAID should suffice). If disk is lost, we can always
       create fresh replacement keys!
 \end{itemize}
 \end{frame}
 
 
 \begin{frame}{Database}
 The exchange needs the database to detect double spending.
 \begin{itemize}
 \item Loss of the database will allow technically skilled people
       to double-spend their digital cash, possibly resulting in
       significant financial losses.
 \item The database contains total amounts customers withdrew and
       merchants received, so sensitive private banking data. It
       must also not become public.
 \item The auditor must have a (current) copy. Asynchronous replication
       is considered sufficient.  This copy could also be used as an
       additional (off-site?) backup.
 \end{itemize}
 \end{frame}
 
 
 \begin{frame}{taler-exchange-wirewatch}
 {\tt taler-exchange-wirewatch} needs credentials to access data about
 incoming wire transfers from the Nexus.
 \begin{itemize}
 \item This tool should run as a separate UID and GID (from
       {\tt taler-exchange-httpd}).
 \item It must have access to the Postgres database (SELECT + INSERT).
 \item Its configuration file contains the credentials to talk to Nexus.
 \item[$\Rightarrow$] Configuration should be separate from {\tt taler-exchange-httpd}.
 \end{itemize}
 \end{frame}
 
 
 \begin{frame}{taler-exchange-transfer}
 Only {\tt taler-exchange-transfer} needs credentials to initiate wire
 transfers using the Nexus.
 \begin{itemize}
 \item This tool should run as a separate UID and GID (from
       {\tt taler-exchange-httpd}).
 \item It must have access to the Postgres database (SELECT + INSERT).
 \item Its configuration file contains the credentials to talk to Nexus.
 \item[$\Rightarrow$] Configuration should be separate from {\tt taler-exchange-httpd}.
 \end{itemize}
 \end{frame}
 
 
 \begin{frame}{Nexus}
 The Nexus has to be able to interact with the escrow account of the bank.
 \begin{itemize}
 \item It must have the private keys to sign EBICS/FinTS messages.
 \item It also has its own local database.
 \item The Nexus user and database should be kept separate from
       the other exchange users and the Taler exchange database.
 \end{itemize}
 \end{frame}
 
 
 \begin{frame}{Hardware}
 General notions:
 \begin{itemize}
 \item Platforms with disabled Intel ME \& disabled remote administration are safer.
 \item VMs are not a security mechanism. Side-channel attacks abound. Avoid running any
       Taler component in a virtual machine ``for security''.
 \end{itemize}
 \end{frame}
 
 
 \begin{frame}{Operating system}
 General notions:
 \begin{itemize}
 \item It should be safe to run the different Taler components (including Nginx, Nexus
       and Postgres) all on the same physical hardware (under different UIDs/GIDs).
       We would separate them onto different physical machines during scale-out, but not
       necessarily for ``basic'' security.
 \item Limiting and auditing system administrator access will be crucial.
 \item We recommend to {\bf not} use any anti-virus.
 \item We recommend using a well-supported GNU/Linux operating system (such as
       Debian or Ubuntu).
 \end{itemize}
 \end{frame}
 
 
 \begin{frame}{Network}
 \begin{itemize}
 \item We recommend to {\bf not} use any host-based firewall.
       Taler components can use UNIX domain sockets (or bind to localhost).
 \item A network-based
       firewall is not required, but as long as TCP 80/443 are open Taler should
       work fine.
 \item Any firewall must be configured to permit connection to Auditor
       for database synchronization.
 \item We recommend running the Taler exchange behind an Nginx or Apache
       proxy for TLS termination.
 \item We recommend using static IP address configurations (IPv4 and IPv6).
 \item We recommend using DNSSEC with DANE in addition to TLS certificates.
 \item We recommend auditing the TLS setup using \url{https://observatory.mozilla.org}.
 \end{itemize}
 \end{frame}
 
 
 
 \section{Deployment}
 
 \begin{frame}
   \vfill
   \begin{center}
     {\bf Part IV: Deployment}
   \end{center}
   \vfill
 \end{frame}
 
 
 \begin{frame}{Alpha: internal-only}
 Objective:
 \begin{center}
 {\bf Bank staff to gain first operational experience.}
 \end{center}
 Proposed setup:
   \begin{itemize}
   \item Nexus with key material for escrow bank account
   \item Taler exchange with Nexus banking backend
   \item Offline key signing
   \end{itemize}
 Proposed timeline: Q1-Q2'2021.
 \end{frame}
 
 
 \begin{frame}{Alpha: internal-only}
 Technical tasks in Alpha phase:
 \begin{itemize}
   \item Setup minimal merchant, run test transactions $\Rightarrow$ Integration test
   \item Determine performance limits (benchmark $\Rightarrow$ capacity planning)
   \item Document and verify procedures (setup, maintenance, disaster recovery)
   \item Database synchronization setup with auditor ($\Rightarrow$ generate audit reports)
   \item Test system upgrade procedure
   \item Test system termination (out-of-business) procedure
 \end{itemize}
 Once Alpha is complete and BaFin approved, move to Beta phase.
 \end{frame}
 
 
 \begin{frame}{Beta: invitation-only}
 Objectives:
 \begin{center}
 {\bf Merchants gain first operational experience.} \\
 {\bf Taler/Bank gain first support experience.}
 \end{center}
 Changes to setup:
   \begin{itemize}
   \item Limit access to production system (operational security)
   \item RAID, synchronous backup to Auditor and locally
   \item Deploy legally binding ToS/PP
   \end{itemize}
 Proposed timeline: Q3-Q4'2021.
 \end{frame}
 
 
 \begin{frame}{Beta: invitation-only}
 Technical tasks in Beta phase:
 \begin{itemize}
   \item Onboard first merchant(s) with limited reach
   \item Develop customer support procedures
   \item Security audit of operational security
   \item Integrate system monitoring (load, disk capacity, etc.)
   \item Verify deployment is {\bf reproducibly deterministic}
   \item Experiment with scale-out options:
   \begin{itemize}
   \item multiple Postgres backends (sharding)
   \item multiple Nginx frontends (TLS termination)
   \item multiple Exchange servers (Taler processing)
   \end{itemize}
 \end{itemize}
 Once everyone is happy with Beta, move to production.
 \end{frame}
 
 
 
 \begin{frame}{Software status: Working key components}
   \begin{itemize}
   \item Command-line, WebExtension (Firefox, Chrome, Chromium, Brave) and Android wallet
   \item Bank integration (libeufin / Nexus)
   \item Backup solution (Sync)
   \item Merchant backend
   \item WooCommerce plugin
   \item Taler-enabled vending machine (MDB)
   \item Sample Web frontends
   \end{itemize}
 \end{frame}
 
 
 \begin{frame}{Software status: Components under development}
   \begin{itemize}
   \item Key escrow solution (\url{https://anastasis.lu/}) [Q1'2021]
   \item Merchant backoffice [Q2'2021]
   \item iOS wallet [Q3'2021]
   \end{itemize}
 \end{frame}
 
 
 \begin{frame}[fragile]{Ubuntu 20.04 LTS Installation Overview}
 \noindent
 Extend your {\tt /etc/apt/sources.list} with:
 
 {\tiny
 \begin{verbatim}
 deb https://deb.taler.net/apt/ubuntu focal-fossa main
 \end{verbatim}
 }
 \noindent
 Key import and installation:
 
 {\tiny
 \begin{verbatim}
 # wget -O - https://taler.net/static/taler-systems.gpg.key | apt-sign add -
 # apt update
 # apt install taler-exchange
 \end{verbatim}
 }
 \end{frame}
 
 
 \begin{frame}[fragile]{Configuration}
 \vfill
 \begin{center}
 \url{https://docs.taler.net/taler-exchange-manual.html#id3}
 \end{center}
 \vfill
 \end{frame}
 
 
 \begin{frame}{Database setup}
 \begin{center}
 \includegraphics[width=\textwidth]{replication.pdf}
 \end{center}
 \end{frame}
 
 \begin{frame}{Simplified database setup}
 \begin{center}
 \includegraphics[width=\textwidth]{replication2.pdf}
 \end{center}
 \end{frame}
 
 \begin{frame}{Database setup with Nexus}
 \begin{center}
 \includegraphics[width=\textwidth]{db-full.pdf}
 \end{center}
 \end{frame}
 
 
 
 
 
 \section{Integration}
 
 \begin{frame}
   \vfill
   \begin{center}
     {\bf Part V: Integration}
   \end{center}
   \vfill
 \end{frame}
 
 
 \begin{frame}{Integration considerations}
   \begin{itemize}
   \item KYC/CFT obligations
   \item Bank branding strategy (unified (?) App)
   \item Simple customer withdraw flow
   \item Use for customer-to-customer payments
   \item Support for customer financial (self-) analysis
   \item Taler for use-cases beyond digital cash
   \end{itemize}
 \end{frame}
 
 
 \begin{frame}{KYC/CFT obligations}
   \begin{itemize}
   \item Nexus or core-banking need to discharge KYC/CFT obligations
   \item Taler exchange assumes incoming wire transfers have valid
         wire transfer subject and KYC has passed.
   \item Incoming transaction limits must be enforced by Nexus/core-banking and/or merchant.
   \item KYC/CFT checks on (large) outgoing transactions must be triggered by
         Nexus/core-banking.
   \item So far, Nexus does {\bf nothing}.
   \item[$\Rightarrow$] Need to determine where to discharge which legal requirement.
   \end{itemize}
 \end{frame}
 
 
 \begin{frame}{Unified App}
   \begin{itemize}
   \item Taler wallet consists of GUI and wallet-core.
   \item wallet-core is written in TypeScript and runs usually on top of NodeJS.
   \item wallet-core exposes message-based API.
   \item wallet-core {\em could} be integrated with (unified) bank App.
   \item[$\Rightarrow$] Increased complexity of unified App may have negative
         usability and security implications.
   \end{itemize}
 \end{frame}
 
 
 \begin{frame}{User-friendly withdraw flow}
   \begin{itemize}
   \item Integration with online-banking (``withdraw button'')
   \item Integration with (non-unified) bank App ({\bf discuss how!})
   \item Support for customers of other banks
   \item Integration via {\tt payto://}
   \end{itemize}
 \end{frame}
 
 
 \begin{frame}[fragile]{RFC 8905: \texttt{payto:} Uniform Identifiers for Payments and Accounts}
   \vfill
   Like \texttt{mailto:}, but for bank accounts instead of email accounts!
   \vfill
   \begin{verbatim}
     payto://<PAYMENT-METHOD>/<ACCOUNT-NR>
       ?subject=InvoiceNr42
       &amount=EUR:12.50
   \end{verbatim}
   \vfill
   Default action:  Open app to review and confirm payment.
   \vfill
 \includegraphics[width=0.25\textwidth]{einzahlschein-ch.jpeg}
 \hfill
 \includegraphics[width=0.2\textwidth]{de-ueberweisungsformular.png}
   \vfill
 \end{frame}
 
 
 \begin{frame}[fragile]{Benefits of {\tt payto://}}
   \begin{itemize}
     \item Standardized way to represent financial resources (bank account, bitcoin wallet)
       and payments to them
     \item Useful on the client-side on the Web and for FinTech backend applications
     \item Payment methods (such as IBAN, ACH, Bitcoin) are registered with
           IANA and allow extra options
   \end{itemize}
   \begin{center}
   {\bf Taler wallet can generate payto://-URI for withdraw!}
   \end{center}
 \end{frame}
 
 
 
 \begin{frame}{Customer-to-customer payments}
   \begin{itemize}
   \item Customer-to-bank account will be easy.
   \item Wallet-to-wallet transactions require withdraw ($\Rightarrow$ customer authorization!)
   \end{itemize}
 \end{frame}
 
 
 \begin{frame}{Financial self-analysis}
   \begin{itemize}
   \item Transaction history kept in Taler wallet
   \item Visualization in Taler wallet is planned for future version
   \item Possible to {\em export} transaction history from Taler wallet
         for analysis in other tools
   \end{itemize}
 \end{frame}
 
 
 \begin{frame}{Beyond digital cash}
   \begin{itemize}
   \item Taler can do transactions not just in EUR
   \item Could also issue coins denominated in company stocks, or other trade goods
   \item Can theoretically be combined with electronic voting for shareholder meetings,
         and support dividend payments
   \item[$\Rightarrow$] Many additional technical and regulatory issues to address.
   \end{itemize}
 \end{frame}
 
 
 
 \section{Go to market strategy}
 
 \begin{frame}
   \vfill
   \begin{center}
     {\bf Part VI: Go to market strategy}
   \end{center}
   \vfill
 \end{frame}
 
 
 
 \begin{frame}{Use Case: Hackers\footnote{\url{https://www.gnu.org/philosophy/rms-hack.html}}}
   Today:
   \begin{itemize}
     \item Most payment systems proprietary and not privacy-friendly
     \item Crypto-currencies popular because Free Software and unregulated
   \end{itemize}\vfill\pause
   With GNU Taler:
   \begin{itemize}
     \item Free Software
     \item Privacy-Friendly
     \item Scalable
     \item Legal
     \item Easy-to-use, well-documented public API
     \item[$\Rightarrow$] World-first {\em hacker-friendly} real-world payments!
   \end{itemize}
 \end{frame}
 
 
 \begin{frame}{Use Case: Journalism}
   Today:
   \begin{itemize}
     \item Corporate structure % ($\Rightarrow$ filter)
     \item Advertising primary revenue % ($\Rightarrow$ dependence)
     \item Tracking readers critical for business success
     \item Journalism and marketing hard to distinguish
   \end{itemize}\vfill\pause
   With GNU Taler:
   \begin{itemize}
     \item One-click micropayments per article
     \item Hosting requires no expertise % (no PCI DSS)
     \item Reader-funded reporting separated from marketing
     \item Readers can remain anonymous
   \end{itemize}
 \end{frame}
 
 
 \begin{frame}{Use Case: Anti-Spam}
   Today, p$\equiv$p provides authenticated encryption for e-mail:
   \begin{itemize}
     \item Free software
     \item Easy to use opportunistic encryption
     \item Available for Outlook, Android, Enigmail
     \item Spies \& spam filters can no longer inspect content
   \end{itemize}\vfill\pause
   With GNU Taler:
   \begin{itemize}
     \item Peer-to-peer payments via e-mail
     \item If unsolicited sender, hide messages from user \&
           automatically request payment from sender
     \item Sender can attach payment to be moved to inbox
     \item Receiver may grant refund to sender
   \end{itemize}
 \end{frame}
 
 
 
 \begin{frame}
 \frametitle{Do you have any questions?}
 \vfill
 References:
 {\tiny
   \begin{enumerate}
  \item{Christian Grothoff, Bart Polot and Carlo von Loesch.
        {\em The Internet is broken: Idealistic Ideas for Building a GNU Network}.
        {\bf W3C/IAB Workshop on Strengthening the Internet Against Pervasive Monitoring (STRINT)}, 2014.}
  \item{Jeffrey Burdges, Florian Dold, Christian Grothoff and Marcello Stanisci.
        {\em Enabling Secure Web Payments with GNU Taler}.
        {\bf SPACE 2016}.}
  \item{Florian Dold, Sree Harsha Totakura, Benedikt M\"uller, Jeffrey Burdges and Christian Grothoff.
        {\em Taler: Taxable Anonymous Libre Electronic Reserves}.
        Available upon request. 2016.}
  \item{Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer and Madars Virza.
        {\em Zerocash: Decentralized Anonymous Payments from Bitcoin}.
        {\bf IEEE Symposium on Security \& Privacy, 2016}.}
  \item{David Chaum, Amos Fiat and Moni Naor.
        {\em Untraceable electronic cash}.
        {\bf Proceedings on Advances in Cryptology, 1990}.}
   \item{Phillip Rogaway.
        {\em The Moral Character of Cryptographic Work}.
        {\bf Asiacrypt}, 2015.} \label{bib:rogaway}
 \end{enumerate}
 }
 \begin{center}
   {\bf Let money facilitate trade; but ensure capital serves society.}
 \end{center}
 \end{frame}
 
 
 
 
 \end{document}
 
 
 
 
 \begin{frame}{Taler {\tt /withdraw/sign}}
 % Customer withdrawing coins with blind signatures
 % \bigskip
   \begin{figure}[th]
     \begin{minipage}[b]{0.45\linewidth}
       \begin{center}
         \begin{tikzpicture}[scale = 0.4,
             transform shape,
             msglabel/.style    = { text = Black, yshift = .3cm,
                                    sloped, midway },
             okmsg/.style       = { ->, color = MidnightBlue, thick,
                                    >=stealth },
             rstmsg/.style      = { ->, color = BrickRed, thick,
                                    >=stealth }
           ]
           \node[draw = MidnightBlue,
             fill = CornflowerBlue,
             minimum width = .3cm,
             minimum height = 10cm
           ] (h1) at (-4, 0) {};
           \node[draw = MidnightBlue,
             fill = CornflowerBlue,
             minimum width = .3cm,
             minimum height = 10cm
           ] (h2) at (4, 0) {};
           \node[above = 0cm of h1] {Wallet};
           \node[above = 0cm of h2] {Exchange};
 
           \path[->, color = MidnightBlue, very thick, >=stealth]
             (-5, 4.5) edge
             node[rotate=90, text = Black, yshift = .3cm] {Time}
             (-5, -4.5);
           \path[okmsg, dashed]
              ($(h1.east)+(0, 4.0)+(0, -1.0)$) edge
              node[msglabel] {SEPA(RK,A)}
              ($(h2.west)+(0, 3.5)+(0, -1.0)$);
           \path[okmsg]
             ($(h1.east)+(0, -1.0)$) edge
             node[msglabel] {POST {\tt /withdraw/sign} $S_{RK}(DK, B_b(C))$}
             ($(h2.west)+(0, -1.5)$);
           \path[okmsg]
             ($(h2.west)+(0, -2.0)$) edge
             node[msglabel] {200 OK: $S_{DK}(B_b(C))$)}
             ($(h1.east)+(0, -2.5)$);
           \path[rstmsg]
             ($(h2.west)+(0, -3.5)$) edge
             node[msglabel] {402 PAYMENT REQUIRED: $S_{RK}(DK, B_b(C))$)}
             ($(h1.east)+(0, -4)$);
           \node at (5.3, 0) {};
         \end{tikzpicture}
       \end{center}
       Result: $\langle c, S_{DK}(C) \rangle$.
     \end{minipage}
     \hspace{0.5cm}
     \begin{minipage}[b]{0.45\linewidth}
       \tiny
       \begin{description}
       \item[$A$] Some amount, $A \ge A_{DK}$
       \item[$RK$] Reserve key
       \item[$DK$] Denomination key
       \item[$b$] Blinding factor
       \item[$B_b()$] RSA-FDH blinding % DK supressed
       \item[$C$] Coin public key $C := cG$
       \item[$S_{RK}()$] EdDSA signature
       \item[$S_{DK}()$] RSA-FDH signature
       \end{description}
     \end{minipage}
   \end{figure}
 \end{frame}
 
 
 \begin{frame}[t]{Taler {\tt /deposit}}
 Merchant and exchange see only the public coin $\langle C, S_{DK}(C) \rangle$.
 \bigskip
   \begin{figure}[th]
     \begin{minipage}[b]{0.45\linewidth}
       \begin{center}
         \begin{tikzpicture}[scale = 0.4,
             transform shape,
             msglabel/.style    = { text = Black, yshift = .3cm,
                                    sloped, midway },
             okmsg/.style       = { ->, color = MidnightBlue, thick,
                                    >=stealth },
             rstmsg/.style      = { ->, color = BrickRed, thick,
                                    >=stealth }
           ]
           \node[draw = MidnightBlue,
             fill = CornflowerBlue,
             minimum width = .3cm,
             minimum height = 10cm
           ] (h1) at (-4, 0) {};
           \node[draw = MidnightBlue,
             fill = CornflowerBlue,
             minimum width = .3cm,
             minimum height = 10cm
           ] (h2) at (4, 0) {};
           \node[above = 0cm of h1] {Merchant};
           \node[above = 0cm of h2] {Exchange};
 
           \path[->, color = MidnightBlue, very thick, >=stealth]
             (-5, 4.5) edge
             node[rotate=90, text = Black, yshift = .3cm] {Time}
             (-5, -4.5);
           \path[->, color = MidnightBlue, thick, >=stealth]
             ($(h1.east)+(0,3)$) edge
             node[text = Black, yshift = .3cm, sloped] {POST {\tt /deposit} $S_{DK}(C), S_{c}(D)$}
             ($(h2.west)+(0,2)$);
           \path[->, color = MidnightBlue, thick, >=stealth]
             ($(h2.west)+(0,0.5)$) edge
             node[text = Black, yshift = .3cm, sloped] {200 OK: $S_{SK}(S_{c}(D))$}
             ($(h1.east)+(0,-0.5)$);
           \path[rstmsg]
             ($(h2.west)+(0, -2.5)$) edge
             node[msglabel] {409 CONFLICT: $S_{c}(D')$}
             ($(h1.east)+(0, -3.5)$);
           \node at (5.3, 0) {};
         \end{tikzpicture}
       \end{center}
     \end{minipage}
     \hspace{0.5cm}
     \begin{minipage}[b]{0.45\linewidth}
       \tiny
       \begin{description}
       \item[$DK$] Denomination key
       \item[$S_{DK}()$] RSA-FDH signature using $DK$
       \item[$c$] Private coin key, $C := cG$.
       \item[$S_{C}()$] EdDSA signature using $c$
       \item[$D$] Deposit details
       \item[$SK$] Exchange's signing key
       \item[$S_{SK}()$] EdDSA signature using $SK$
       \item[$D'$] Conficting deposit details $D' \not= D$
       \end{description}
     \end{minipage}
   \end{figure}
 \end{frame}
 
 
 \begin{frame}{Taler {\tt /refresh/melt}}
   \begin{figure}[th]
     \begin{minipage}[b]{0.45\linewidth}
       \begin{center}
 	\begin{tikzpicture}[scale = 0.4,
             transform shape,
             msglabel/.style    = { text = Black, yshift = .3cm,
                                    sloped, midway },
             okmsg/.style       = { ->, color = MidnightBlue, thick,
                                    >=stealth },
             rstmsg/.style      = { ->, color = BrickRed, thick,
                                    >=stealth }
 	  ]
 	  \node[draw = MidnightBlue,
 	    fill = CornflowerBlue,
 	    minimum width = .3cm,
 	    minimum height = 10cm
 	  ] (h1) at (-4, 0) {};
 	  \node[draw = MidnightBlue,
 	    fill = CornflowerBlue,
 	    minimum width = .3cm,
 	    minimum height = 10cm
 	  ] (h2) at (4, 0) {};
 	  \node[above = 0cm of h1] {Customer};
 	  \node[above = 0cm of h2] {Exchange};
 
 	  \path[->, color = MidnightBlue, very thick, >=stealth]
 	    (-5, 4.5) edge
 	    node[rotate=90, text = Black, yshift = .3cm] {Time}
 	    (-5, -4.5);
 	  \path[->, color = MidnightBlue, thick, >=stealth]
 	    ($(h1.east)+(0,3)$) edge
 	    node[text = Black, yshift = .3cm, sloped] {POST {\tt /refresh/melt} $S_{DK}(C), S_c({\cal DK}, {\cal T},{\cal B})$}
 	    ($(h2.west)+(0,2)$);
 	  \path[->, color = MidnightBlue, thick, >=stealth]
 	    ($(h2.west)+(0,0.5)$) edge
 	    node[text = Black, yshift = .3cm, sloped] {200 OK: $S_{SK}(H({\cal T}, {\cal B}),\gamma)$}
 	    ($(h1.east)+(0,-0.5)$);
 	  \path[rstmsg]
 	    ($(h2.west)+(0, -2.5)$) edge
 	    node[msglabel] {409 CONFLICT: $S_{C}(X), \ldots$}
 	    ($(h1.east)+(0, -3.5)$);
 	  \node at (5.3, 0) {};
 	\end{tikzpicture}
       \end{center}
     \end{minipage}
     \hspace{0.5cm}
     \begin{minipage}[b]{0.45\linewidth}
       \tiny
       \begin{description}
       \item[$\kappa$] System-wide security parameter, usually 3.
       \\ \smallskip
       \item[$\cal DK$] $:= [DK^{(i)}]_i$ \\ List of denomination keys \\
       $D + \sum_i A_{DK^{(i)}} < A_{DK}$
       \item[$t_j$] Random scalar for $j<\kappa$
       \item[${\cal T}$] $:= [T_j]_\kappa$ where $T_j = t_j G$
       \item[$k_j$] $:= c T_j = t_j C$ is an ECDHE
       \item[$b_j^{(i)}$] $:= KDF_b(k_j,i)$ % blinding factor
       \item[$c_j^{(i)}$] $:= KDF_c(k_j,i)$ % coin secret keys
       \item[$C_j^{(i)}$] $: = c_j^{(i)} G$ % new coin publics % keys
       \item[${\cal B}$] $:= [H( \beta_j )]_\kappa$ where \\
          $\beta_j := \left[ B_{b_j^{(i)}}(C_j^{(i)}) \right]_i$
       \\ \smallskip
       \item[$\gamma$] Random value in $[0,\kappa)$
 %      \\ \smallskip
 %      \item[$X$] Deposit or refresh
       \end{description}
     \end{minipage}
   \end{figure}
 \end{frame}
 
 
 \begin{frame}{Taler {\tt /refresh/reveal}}
   \begin{figure}[th]
     \begin{minipage}[b]{0.45\linewidth}
       \begin{center}
 	\begin{tikzpicture}[scale = 0.4,
             transform shape,
             msglabel/.style    = { text = Black, yshift = .3cm,
                                    sloped, midway },
             okmsg/.style       = { ->, color = MidnightBlue, thick,
                                    >=stealth },
             rstmsg/.style      = { ->, color = BrickRed, thick,
                                    >=stealth }
 	  ]
 	  \node[draw = MidnightBlue,
 	    fill = CornflowerBlue,
 	    minimum width = .3cm,
 	    minimum height = 10cm
 	  ] (h1) at (-4, 0) {};
 	  \node[draw = MidnightBlue,
 	    fill = CornflowerBlue,
 	    minimum width = .3cm,
 	    minimum height = 10cm
 	  ] (h2) at (4, 0) {};
 	  \node[above = 0cm of h1] {Customer};
 	  \node[above = 0cm of h2] {Exchange};
 
 	  \path[->, color = MidnightBlue, very thick, >=stealth]
 	    (-5, 4.5) edge
 	    node[rotate=90, text = Black, yshift = .3cm] {Time}
 	    (-5, -4.5);
 	  \path[->, color = MidnightBlue, thick, >=stealth]
 	    ($(h1.east)+(0,3)$) edge
 	    node[text = Black, yshift = .3cm, sloped] {POST {\tt /refresh/reveal} $H({\cal T}, {\cal B}), {\tilde{\cal T}}, \beta_\gamma$}
 	    ($(h2.west)+(0,2)$);
 	  \path[->, color = MidnightBlue, thick, >=stealth]
 	    ($(h2.west)+(0,0.5)$) edge
 	    node[text = Black, yshift = .3cm, sloped] {200 OK: $\cal S$}
 	    ($(h1.east)+(0,-0.5)$);
 	  \path[rstmsg]
 	    ($(h2.west)+(0, -2.5)$) edge
 	    node[msglabel] {400 BAD REQUEST: $Z$}
 	    ($(h1.east)+(0, -3.5)$);
 	  \node at (5.3, 0) {};
 	\end{tikzpicture}
       \end{center}
     \end{minipage}
     \hspace{0.5cm}
     \begin{minipage}[b]{0.45\linewidth}
       \tiny
       \begin{description}
       \item[$\cal DK$] $:= [DK^{(i)}]_i$
       \item[$t_j$] .. \\ \smallskip
 
       \item[$\tilde{\cal T}$] $:= [t_j | j \in \kappa, j \neq \gamma]$ \\ \smallskip
 
       \item[$k_\gamma$] $:= c T_\gamma = t_\gamma C$
       \item[$b_\gamma^{(i)}$] $:= KDF_b(k_\gamma,i)$
       \item[$c_\gamma^{(i)}$] $:= KDF_c(k_\gamma,i)$
       \item[$C_\gamma^{(i)}$] $: = c_\gamma^{(i)} G$
 
       \item[$B_\gamma^{(i)}$] $:= B_{b_\gamma^{(i)}}(C_\gamma^{(i)})$
       \item[$\beta_\gamma$] $:= \big[ B_\gamma^{(i)} \big]_i$
       \item[$\cal S$] $:= \left[ S_{DK^{(i)}}( B_\gamma^{(i)} ) \right]_i$ \\ \smallskip
 
       \item[$Z$] Cut-and-choose missmatch information
       \end{description}
     \end{minipage}
   \end{figure}
 \end{frame}
 
 
 \begin{frame}{Taler {\tt /refresh/link}}
   \begin{figure}[th]
     \begin{minipage}[b]{0.45\linewidth}
       \begin{center}
 	\begin{tikzpicture}[scale = 0.4,
             transform shape,
             msglabel/.style    = { text = Black, yshift = .3cm,
                                    sloped, midway },
             okmsg/.style       = { ->, color = MidnightBlue, thick,
                                    >=stealth },
             rstmsg/.style      = { ->, color = BrickRed, thick,
                                    >=stealth }
 	  ]
 	  \node[draw = MidnightBlue,
 	    fill = CornflowerBlue,
 	    minimum width = .3cm,
 	    minimum height = 10cm
 	  ] (h1) at (-4, 0) {};
 	  \node[draw = MidnightBlue,
 	    fill = CornflowerBlue,
 	    minimum width = .3cm,
 	    minimum height = 10cm
 	  ] (h2) at (4, 0) {};
 	  \node[above = 0cm of h1] {Customer};
 	  \node[above = 0cm of h2] {Exchagne};
 
 	  \path[->, color = MidnightBlue, very thick, >=stealth]
 	    (-5, 4.5) edge
 	    node[rotate=90, text = Black, yshift = .3cm] {Time}
 	    (-5, -4.5);
 	  \path[->, color = MidnightBlue, thick, >=stealth]
 	    ($(h1.east)+(0,3)$) edge
 	    node[text = Black, yshift = .3cm, sloped] {POST {\tt /refresh/link} $C$}
 	    ($(h2.west)+(0,2)$);
 	  \path[->, color = MidnightBlue, thick, >=stealth]
 	    ($(h2.west)+(0,0.5)$) edge
 	    node[text = Black, yshift = .3cm, sloped] {200 OK: $T_\gamma$}
 	    ($(h1.east)+(0,-0.5)$);
 	  \path[rstmsg]
 	    ($(h2.west)+(0, -2.5)$) edge
 	    node[msglabel] {404 NOT FOUND}
 	    ($(h1.east)+(0, -3.5)$);
 	  \node at (5.3, 0) {};
 	\end{tikzpicture}
       \end{center}
     \end{minipage}
     \hspace{0.5cm}
     \begin{minipage}[b]{0.45\linewidth}
       \tiny
       \begin{description}
       \item[$C$] Old coind public key \\ \smallskip
       \item[$T_\gamma$] Linkage data $\cal L$ at $\gamma$
       \end{description}
     \end{minipage}
   \end{figure}
 \end{frame}
 
 
 \begin{frame}{Operational security}
   \begin{center}
     \resizebox{\textwidth}{!}{
 \begin{tikzpicture}[
   font=\sffamily,
   every matrix/.style={ampersand replacement=\&,column sep=2cm,row sep=2cm},
   source/.style={draw,thick,rounded corners,fill=green!20,inner sep=.3cm},
   process/.style={draw,thick,circle,fill=blue!20},
   sink/.style={source,fill=green!20},
   datastore/.style={draw,very thick,shape=datastore,inner sep=.3cm},
   dots/.style={gray,scale=2},
   to/.style={->,>=stealth',shorten >=1pt,semithick,font=\sffamily\footnotesize},
   every node/.style={align=center}]
 
   % Position the nodes using a matrix layout
   \matrix{
     \node[source] (wallet) {Wallet};
       \& \node[process] (browser) {Browser};
       \& \node[process] (shop) {Web shop};
       \& \node[sink] (backend) {Taler backend}; \\
   };
 
   % Draw the arrows between the nodes and label them.
   \draw[to] (browser) to[bend right=50] node[midway,above] {(4) signed contract}
       node[midway,below] {(signal)} (wallet);
   \draw[to] (wallet) to[bend right=50] node[midway,above] {(signal)}
       node[midway,below] {(5) signed coins} (browser);
   \draw[<->] (browser) -- node[midway,above] {(3,6) custom}
       node[midway,below] {(HTTPS)} (shop);
   \draw[to] (shop) to[bend right=50] node[midway,above] {(HTTPS)}
       node[midway,below] {(1) proposed contract / (7) signed coins} (backend);
   \draw[to] (backend) to[bend right=50] node[midway,above] {(2) signed contract / (8) confirmation}
       node[midway,below] {(HTTPS)} (shop);
 \end{tikzpicture}
 }
 \end{center}
 \end{frame}