2017-ubs.tex (62235B)
1 \documentclass[fleqn,xcolor={usenames,dvipsnames}]{beamer} 2 \usepackage{amsmath} 3 \usepackage{multimedia} 4 \usepackage[utf8]{inputenc} 5 \usepackage{framed,color,ragged2e} 6 \usepackage[absolute,overlay]{textpos} 7 \definecolor{shadecolor}{rgb}{0.8,0.8,0.8} 8 \usetheme{boxes} 9 \setbeamertemplate{navigation symbols}{} 10 \usepackage{xcolor} 11 \usepackage{tikz,eurosym} 12 \usepackage[normalem]{ulem} 13 \usepackage{listings} 14 15 % CSS 16 \lstdefinelanguage{CSS}{ 17 basicstyle=\ttfamily\scriptsize, 18 keywords={color,background-image:,margin,padding,font,weight,display,position,top,left,right,bottom,list,style,border,size,white,space,min,width, transition:, transform:, transition-property, transition-duration, transition-timing-function}, 19 sensitive=true, 20 morecomment=[l]{//}, 21 morecomment=[s]{/*}{*/}, 22 morestring=[b]', 23 morestring=[b]", 24 alsoletter={:}, 25 alsodigit={-} 26 } 27 28 % JavaScript 29 \lstdefinelanguage{JavaScript}{ 30 basicstyle=\ttfamily\scriptsize, 31 morekeywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break}, 32 morecomment=[s]{/*}{*/}, 33 morecomment=[l]//, 34 morestring=[b]", 35 morestring=[b]' 36 } 37 38 \lstdefinelanguage{HTML5}{ 39 basicstyle=\ttfamily\scriptsize, 40 language=html, 41 sensitive=true, 42 alsoletter={<>=-}, 43 morecomment=[s]{<!-}{-->}, 44 tag=[s], 45 otherkeywords={ 46 % General 47 >, 48 % Standard tags 49 <!DOCTYPE, 50 </html, <html, <head, <title, </title, <style, </style, <link, </head, <meta, />, 51 % body 52 </body, <body, 53 % Divs 54 </div, <div, </div>, 55 % Paragraphs 56 </p, <p, </p>, 57 % scripts 58 </script, <script, 59 % More tags... 60 <canvas, /canvas>, <svg, <rect, <animateTransform, </rect>, </svg>, <video, <source, <iframe, </iframe>, </video>, <image, </image> 61 }, 62 ndkeywords={ 63 % General 64 =, 65 % HTML attributes 66 charset=, src=, id=, width=, height=, style=, type=, rel=, href=, 67 % SVG attributes 68 fill=, attributeName=, begin=, dur=, from=, to=, poster=, controls=, x=, y=, repeatCount=, xlink:href=, 69 % CSS properties 70 margin:, padding:, background-image:, border:, top:, left:, position:, width:, height:, 71 % CSS3 properties 72 transform:, -moz-transform:, -webkit-transform:, 73 animation:, -webkit-animation:, 74 transition:, transition-duration:, transition-property:, transition-timing-function:, 75 } 76 } 77 78 \lstdefinelanguage{JavaScript}{ 79 basicstyle=\ttfamily\scriptsize, 80 keywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break, for}, 81 keywordstyle=\color{blue}\bfseries, 82 ndkeywords={class, export, boolean, throw, implements, import, this}, 83 ndkeywordstyle=\color{darkgray}\bfseries, 84 identifierstyle=\color{black}, 85 sensitive=false, 86 comment=[l]{//}, 87 morecomment=[s]{/*}{*/}, 88 commentstyle=\color{purple}\ttfamily, 89 stringstyle=\color{red}\ttfamily, 90 morestring=[b]', 91 morestring=[b]" 92 } 93 94 \usetikzlibrary{shapes,arrows} 95 \usetikzlibrary{positioning} 96 \usetikzlibrary{calc} 97 98 \title{GNU Taler} 99 %\subtitle{} 100 101 \setbeamertemplate{navigation symbols}{\includegraphics[width=1cm]{inria.pdf} \includegraphics[width=0.5cm]{gnu.png} \includegraphics[width=0.5cm]{ashoka.png}\hfill} 102 %\setbeamercovered{transparent=1} 103 104 \author[C. Grothoff]{J. Burdges, F. Dold, {\bf C. Grothoff}, M. Stanisci} 105 \date{\today} 106 \institute{The GNU Project} 107 108 109 \begin{document} 110 111 \justifying 112 113 \begin{frame} 114 \begin{center} 115 \LARGE {\bf GNU} 116 117 \vfill 118 % \includegraphics[width=0.66\textwidth]{logo-2017-fr.pdf} 119 \includegraphics[width=0.66\textwidth]{taler-logo-2018.pdf} 120 \end{center} 121 \begin{textblock*}{4cm}(.5cm,8.2cm) % {block width} (coords) 122 {\Large {\bf \url{taler.net}} \\ 123 twitter@taler } 124 \end{textblock*} 125 126 % Substitute based on who is giving the talk! 127 \begin{textblock*}{6cm}(6.7cm,8.2cm) % {block width} (coords) 128 {\hfill {\Large {\bf Christian Grothoff}} \\ 129 \hfill grothoff@taler.net } 130 \end{textblock*} 131 132 \end{frame} 133 134 135 \section{The Bank's Online Payment Problem} 136 \begin{frame}{The Bank's Online Payment Problem} 137 138 3D secure (``verified by visa'') is a nightmare: 139 140 \begin{minipage}{5cm} 141 \begin{itemize} 142 \item Complicated process 143 \item Shifts liability to consumer 144 \item Significant latency 145 \item Can refuse valid requests 146 \item Legal vendors excluded 147 \item No privacy for buyers 148 \end{itemize} 149 \end{minipage} 150 \begin{minipage}{5cm} 151 \includegraphics[width=\textwidth]{illustrations/cc3ds.pdf} 152 \end{minipage} 153 \vfill 154 Online credit card payments will be replaced, but with what? 155 \end{frame} 156 157 158 \begin{frame}{The Bank's Online Payment Problem} 159 \vfill 160 \begin{textblock*}{12cm}(0.5cm,1cm) % {block width} (coords) 161 \begin{itemize} 162 \item Global tech companies push oligopolies 163 \item Privacy and federated finance are at risk 164 % \item 30\% fees are conceivable 165 \item Economic sovereignty is in danger 166 \end{itemize} 167 \end{textblock*} 168 \begin{textblock*}{4cm}(3.5cm,5.2cm) % {block width} (coords) 169 {\includegraphics[width=\textwidth]{../investors/competitor-logos/amazon.png}} 170 \end{textblock*} 171 \begin{textblock*}{2cm}(7cm,3cm) % {block width} (coords) 172 {\includegraphics[width=\textwidth]{../investors/competitor-logos/alipay.jpeg}} 173 \end{textblock*} 174 \begin{textblock*}{2cm}(3cm,3.5cm) % {block width} (coords) 175 {\includegraphics[width=\textwidth]{../investors/competitor-logos/paypal.jpeg}} 176 \end{textblock*} 177 \begin{textblock*}{2cm}(9cm,5cm) % {block width} (coords) 178 {\includegraphics[width=\textwidth]{../investors/competitor-logos/applepay.jpeg}} 179 \end{textblock*} 180 \begin{textblock*}{2cm}(7.5cm,5.9cm) % {block width} (coords) 181 {\includegraphics[width=\textwidth]{../investors/competitor-logos/samsungpay.jpeg}} 182 \end{textblock*} 183 \begin{textblock*}{1cm}(9.5cm,6.3cm) % {block width} (coords) 184 {\includegraphics[width=\textwidth]{../investors/competitor-logos/android_pay.png}} 185 \end{textblock*} 186 \vfill 187 \end{frame} 188 189 190 \begin{frame}{The Distraction: Bitcoin} 191 192 \begin{itemize} 193 \item Unregulated payment system and currency: 194 \item[] $\Rightarrow$ lack of regulation is a feature! 195 \item Implemented in free software 196 \item Decentralised peer-to-peer system \pause 197 \item Decentralised banking requires solving Byzantine consensus 198 \item Creative solution: tie initial accumulation to solving consensus \pause 199 \item[] $\Rightarrow$ Proof-of-work advances ledger 200 \item[] $\Rightarrow$ Very expensive banking 201 \end{itemize} 202 \end{frame} 203 204 205 \begin{frame} 206 \frametitle{\includegraphics[height=0.5cm]{pics/bitcoin.jpeg}?} 207 \centering 208 \noindent 209 \includegraphics[width=\textwidth]{pics/btc-transaction-cost.pdf} 210 211 Average transaction value: $\approx$ 6575 USD (on 5.12.2017) 212 \end{frame} 213 214 215 \begin{frame} 216 \frametitle{\includegraphics[height=0.5cm]{pics/zerocoin.png}?} 217 218 Cryptography is rather primitive: 219 \begin{center} 220 {\bf All Bitcoin transactions are public and linkable!} 221 \end{center} 222 223 \begin{itemize} 224 \item[] $\Rightarrow$ no privacy guarantees 225 \item[] $\Rightarrow$ enhanced with ``laundering'' services 226 \end{itemize} 227 ZeroCoin, CryptoNote (Monero) and ZeroCash (ZCash) offer anonymity. 228 \end{frame} 229 230 231 \begin{frame} 232 \vfill 233 \begin{center} 234 {\bf Do you want to have a libertarian economy?} 235 \end{center} 236 \vfill 237 \begin{center} 238 {\bf Do you want to live under total surveillance?} 239 \end{center} 240 \vfill 241 \end{frame} 242 243 244 \begin{frame}{GNU Taler} 245 \vfill 246 \begin{center} 247 {\huge {\bf Digital} cash, made \textbf{socially responsible}.} 248 \end{center} 249 \vfill 250 \begin{center} 251 \includegraphics[scale=1.5]{taler-big-accent.pdf} 252 \end{center} 253 \vfill 254 \begin{center} 255 Privacy-Preserving, Practical, Taxable, Free Software, Efficient 256 \end{center} 257 \vfill 258 \vfill 259 \ % 260 \end{frame} 261 262 263 \section{What is Taler?} 264 \begin{frame}{What is Taler?} 265 \vfill 266 \begin{center} 267 Taler is an electronic instant payment system. 268 \end{center} 269 \begin{itemize} 270 \item Uses electronic coins stored in {\bf wallets} on customer's device 271 \item Like {\bf cash} 272 \item Pay in {\bf existing currencies} (i.e. EUR, USD, BTC), \\ 273 or use it to create new {\bf regional currencies} 274 \end{itemize} 275 \vfill 276 \end{frame} 277 278 279 \begin{frame} 280 \frametitle{Taler Overview} 281 \begin{center} 282 \begin{tikzpicture} 283 \tikzstyle{def} = [node distance= 5em and 6.5em, inner sep=1em, outer sep=.3em]; 284 \node (origin) at (0,0) {}; 285 \node (exchange) [def,above=of origin,draw]{Exchange}; 286 \node (customer) [def, draw, below left=of origin] {Customer}; 287 \node (merchant) [def, draw, below right=of origin] {Merchant}; 288 \node (auditor) [def, draw, above right=of origin]{Auditor}; 289 290 \tikzstyle{C} = [color=black, line width=1pt] 291 292 \draw [<-, C] (customer) -- (exchange) node [midway, above, sloped] (TextNode) {withdraw coins}; 293 \draw [<-, C] (exchange) -- (merchant) node [midway, above, sloped] (TextNode) {deposit coins}; 294 \draw [<-, C] (merchant) -- (customer) node [midway, above, sloped] (TextNode) {spend coins}; 295 \draw [<-, C] (exchange) -- (auditor) node [midway, above, sloped] (TextNode) {verify}; 296 297 \end{tikzpicture} 298 \end{center} 299 \end{frame} 300 301 302 \begin{frame} 303 % TODO: replace with simplified NEW architecture picture! 304 \frametitle{Architecture of Taler} 305 \begin{center} 306 \includegraphics[width=0.9\textwidth]{illustrations/taler-arch-full.pdf} 307 308 $\Rightarrow$ Convenient, taxable, privacy-enhancing, \& resource friendly! 309 \end{center} 310 \end{frame} 311 312 313 \begin{frame}{Usability of Taler} 314 \vfill 315 \begin{center} 316 \url{https://demo.taler.net/} 317 \end{center} 318 \begin{enumerate} 319 \item Install Browser extension. 320 \item Visit the {\tt bank.demo.taler.net} to withdraw coins. 321 \item Visit the {\tt shop.demo.taler.net} to spend coins. 322 \end{enumerate} 323 \vfill 324 \end{frame} 325 326 327 \begin{frame}{Use Case: Journalism} 328 Today: 329 \begin{itemize} 330 \item Corporate structure % ($\Rightarrow$ filter) 331 \item Advertising primary revenue % ($\Rightarrow$ dependence) 332 \item Tracking readers critical for business success 333 \item Journalism and marketing hard to distinguish 334 \end{itemize}\vfill\pause 335 With GNU Taler: 336 \begin{itemize} 337 \item One-click micropayments per article 338 \item Hosting requires no expertise % (no PCI DSS) 339 \item Reader-funded reporting separated from marketing 340 \item Readers can remain anonymous 341 \end{itemize} 342 \end{frame} 343 344 345 \begin{frame}{Use Cases: Refugee Camps} 346 Today: 347 \begin{itemize} 348 \item Non-bankable 349 \item Direct distribution of goods to population 350 \item Limited economic activity in camps 351 \item High level of economic dependence 352 \end{itemize}\vfill\pause 353 With GNU Taler: 354 \begin{itemize} 355 \item Local currency issued as basic income backed by aid 356 \item Taxation possible based on economic status 357 \item Local governance enabled by local taxes 358 \item Increased economic independence and political participation 359 \end{itemize} 360 \end{frame} 361 362 363 \begin{frame}{Use Case: Anti-Spam} 364 Today, p$\equiv$p provides authenticated encryption for e-mail: 365 \begin{itemize} 366 \item Free software 367 \item Easy to use opportunistic encryption 368 \item Available for Outlook, Android, Enigmail 369 \item Spies \& spam filters can no longer inspect content 370 \end{itemize}\vfill\pause 371 With GNU Taler: 372 \begin{itemize} 373 \item Peer-to-peer payments via e-mail 374 \item If unsolicited sender, hide messages from user \& 375 automatically request payment from sender 376 \item Sender can attach payment to be moved to inbox 377 \item Receiver may grant refund to sender 378 \end{itemize} 379 \end{frame} 380 381 382 \begin{frame}{Social Impact of Taler} 383 \begin{center} 384 \includegraphics[height=0.8\textheight]{../../social-impact.pdf} 385 \end{center} 386 \end{frame} 387 388 389 \begin{frame}{Taxability} 390 We say Taler is taxable because: 391 \begin{itemize} 392 \item Merchant's income is visible from deposits. 393 \item Hash of contract is part of deposit data. 394 \item State can trace income and enforce taxation. 395 \end{itemize}\pause 396 % Limitations: 397 % \begin{itemize} 398 % \item withdraw loophole 399 % \item {\em sharing} coins among family and friends 400 % \end{itemize} 401 \end{frame} 402 403 404 \begin{frame}{How does it work?} 405 We use a few ancient constructions: 406 \begin{itemize} 407 \item Cryptographic hash function (1989) 408 \item Blind signature (1983) 409 \item Schnorr signature (1989) 410 \item Diffie-Hellman key exchange (1976) 411 \item Cut-and-choose zero-knowledge proof (1985) 412 \end{itemize} 413 But of course we use modern instantiations. 414 \end{frame} 415 416 417 \begin{frame}{Exchange setup: Create a denomination key (RSA)} 418 \begin{minipage}{6cm} 419 \begin{enumerate} 420 \item Pick random primes $p,q$. 421 \item Compute $n := pq$, $\phi(n) = (p-1)(q-1)$ 422 \item Pick small $e < \phi(n)$ such that 423 $d := e^{-1} \mod \phi(n)$ exists. 424 \item Publish public key $(e,n)$. 425 \end{enumerate} 426 \end{minipage} 427 \begin{minipage}{6cm} 428 \begin{tikzpicture} 429 \tikzstyle{def} = [node distance=1em and 1em, inner sep=0em, outer sep=.3em]; 430 \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}}; 431 \node (primes) [draw=none, below = of origin] at (0,0) {$(p, q)$}; 432 \node (seal) [def, draw=none, below left=of primes]{\includegraphics[width=0.15\textwidth]{seal.pdf}}; 433 \node (hammer) [def, draw=none, below right=of primes]{\includegraphics[width=0.15\textwidth]{hammer.pdf}}; 434 435 \tikzstyle{C} = [color=black, line width=1pt] 436 437 \draw [<-, C] (primes) -- (origin) node [midway, above, sloped] (TextNode) {}; 438 \draw [<-, C] (seal) -- (primes) node [midway, above, sloped] (TextNode) {}; 439 \draw [<-, C] (hammer) -- (primes) node [midway, above, sloped] (TextNode) {}; 440 \end{tikzpicture} 441 % \includegraphics[width=0.4\textwidth]{seal.pdf} 442 \end{minipage} 443 \end{frame} 444 445 446 \begin{frame}{Merchant: Create a signing key (EdDSA)} 447 \begin{minipage}{6cm} 448 \begin{itemize} 449 \item pick random $m \mod o$ as private key 450 \item $M = mG$ public key 451 \end{itemize} 452 \end{minipage} 453 \begin{minipage}{6cm} 454 \begin{tikzpicture} 455 \tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer sep=.3em]; 456 \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}}; 457 \node (m) [draw=none, below = of origin] at (0,0) {$m$}; 458 \node (seal) [draw=none, below=of m]{M}; 459 \tikzstyle{C} = [color=black, line width=1pt] 460 461 \draw [<-, C] (m) -- (origin) node [midway, above, sloped] (TextNode) {}; 462 \draw [<-, C] (seal) -- (primes) node [midway, above, sloped] (TextNode) {}; 463 \end{tikzpicture} 464 \end{minipage} 465 \parbox[t]{3cm}{{\bf Capability:} $m \Rightarrow$ } 466 \raisebox{\dimexpr-\height+\baselineskip}{\includegraphics[width=0.1\textwidth]{merchant-sign.pdf}} 467 \end{frame} 468 469 470 \begin{frame}{Customer: Create a planchet (EdDSA)} 471 \begin{minipage}{8cm} 472 \begin{itemize} 473 \item Pick random $c \mod o$ private key 474 \item $C = cG$ public key 475 \end{itemize} 476 \end{minipage} 477 \begin{minipage}{4cm} 478 \begin{tikzpicture} 479 \tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer sep=.3em]; 480 \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}}; 481 \node (c) [draw=none, below = of origin] at (0,0) {$c$}; 482 \node (planchet) [draw=none, below=of c]{\includegraphics[width=0.4\textwidth]{planchet.pdf}}; 483 \tikzstyle{C} = [color=black, line width=1pt] 484 485 \draw [<-, C] (c) -- (origin) node [midway, above, sloped] (TextNode) {}; 486 \draw [<-, C] (planchet) -- (c) node [midway, above, sloped] (TextNode) {}; 487 \end{tikzpicture} 488 \end{minipage} 489 \parbox[t]{3cm}{{\bf Capability:} $c \Rightarrow$ } 490 \raisebox{\dimexpr-\height+\baselineskip}{\includegraphics[width=0.1\textwidth]{planchet-sign.pdf}} 491 \end{frame} 492 493 494 \begin{frame}{Customer: Blind planchet (RSA)} 495 \begin{minipage}{6cm} 496 \begin{enumerate} 497 \item Obtain public key $(e,n)$ 498 \item Compute $f := FDH(C)$, $f < n$. 499 \item Pick blinding factor $b \in \mathbb Z_n$ 500 \item Transmit $f' := f b^e \mod n$ 501 \end{enumerate} 502 \end{minipage} 503 \begin{minipage}{6cm} 504 \begin{tikzpicture} 505 \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em]; 506 \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}}; 507 \node (b) [def, draw=none, below = of origin] at (0,-0.2) {$b$}; 508 \node (blinded) [def, draw=none, below right=of b]{\includegraphics[width=0.2\textwidth]{blinded.pdf}}; 509 \node (planchet) [def, draw=none, above right=of blinded]{\includegraphics[width=0.15\textwidth]{planchet.pdf}}; 510 \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange}; 511 \tikzstyle{C} = [color=black, line width=1pt] 512 513 \draw [<-, C] (b) -- (origin) node [midway, above, sloped] (TextNode) {}; 514 \draw [<-, C] (blinded) -- (planchet) node [midway, above, sloped] (TextNode) {}; 515 \draw [<-, C] (blinded) -- (b) node [midway, above, sloped] (TextNode) {}; 516 \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}}; 517 \end{tikzpicture} 518 \end{minipage} 519 \end{frame} 520 521 522 \begin{frame}{Exchange: Blind sign (RSA)} 523 \begin{minipage}{6cm} 524 \begin{enumerate} 525 \item Receive $f'$. 526 \item Compute $s' := f'^d \mod n$. 527 \item Send signature $s'$. 528 \end{enumerate} 529 \end{minipage} 530 \begin{minipage}{6cm} 531 \begin{tikzpicture} 532 \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em]; 533 \node (hammer) [def, draw=none] at (0,0) {\includegraphics[width=0.15\textwidth]{hammer.pdf}}; 534 \node (signed) [def, draw=none, below left=of hammer]{\includegraphics[width=0.2\textwidth]{sign.pdf}}; 535 \node (blinded) [def, draw=none, above left=of signed]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; 536 \node (customer) [node distance=4em and 0.5em, draw, below =of signed]{Customer}; 537 \tikzstyle{C} = [color=black, line width=1pt] 538 539 \draw [<-, C] (signed) -- (hammer) node [midway, above, sloped] (TextNode) {}; 540 \draw [<-, C] (signed) -- (blinded) node [midway, above, sloped] (TextNode) {}; 541 \draw [<-, C] (customer) -- (signed) node [midway, above, sloped] (TextNode) {{\small transmit}}; 542 \end{tikzpicture} 543 \end{minipage} 544 \end{frame} 545 546 547 \begin{frame}{Customer: Unblind coin (RSA)} 548 \begin{minipage}{6cm} 549 \begin{enumerate} 550 \item Receive $s'$. 551 \item Compute $s := s' b^{-1} \mod n$ % \\ 552 % ($(f')^d = (f b^e)^d = f^d b$). 553 \end{enumerate} 554 \end{minipage} 555 \begin{minipage}{6cm} 556 \begin{tikzpicture} 557 \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em]; 558 \node (b) [def, draw=none] at (0,0) {$b$}; 559 \node (coin) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{coin.pdf}}; 560 \node (signed) [def, draw=none, above left=of coin]{\includegraphics[width=0.15\textwidth]{sign.pdf}}; 561 \tikzstyle{C} = [color=black, line width=1pt] 562 563 \draw [<-, C] (coin) -- (b) node [midway, above, sloped] (TextNode) {}; 564 \draw [<-, C] (coin) -- (signed) node [midway, above, sloped] (TextNode) {}; 565 \end{tikzpicture} 566 \end{minipage} 567 \end{frame} 568 569 \begin{frame}{Withdrawing coins on the Web} 570 \begin{center} 571 \includegraphics[height=0.9\textheight]{figs/taler-withdraw.pdf} 572 \end{center} 573 \end{frame} 574 575 576 \begin{frame}{Customer: Build shopping cart} 577 \begin{center} 578 \begin{tikzpicture} 579 \tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer sep=.3em]; 580 \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{shop.pdf}}; 581 \node (cart) [draw=none, below=of m]{\includegraphics[width=0.2\textwidth]{cart.pdf}}; 582 \node (merchant) [node distance=4em and 0.5em, draw, below =of cart]{Merchant}; 583 \tikzstyle{C} = [color=black, line width=1pt]; 584 \draw [<-, C] (cart) -- (origin) node [midway, above, sloped] (TextNode) {}; 585 \draw [<-, C] (merchant) -- (cart) node [midway, above, sloped] (TextNode) {{\small transmit}}; 586 \end{tikzpicture} 587 \end{center} 588 \end{frame} 589 590 591 \begin{frame}{Merchant Integration: Wallet Detection} 592 \lstset{language=JavaScript} 593 \lstinputlisting{figs/taler-presence-js.html} 594 % \caption{Sample code to detect the Taler wallet. Allowing the 595 % Web site to detect the presence of the wallet leaks one bit 596 % of information about the user. The above logic also works 597 % if the wallet is installed while the page is open.} 598 % \label{listing:presence} 599 \end{frame} 600 601 602 \begin{frame}{Merchant Integration: Payment Request} 603 % \begin{figure}[p!] 604 \lstset{language=HTML5} 605 \lstinputlisting{figs/taler-402.html} 606 % \caption{Sample HTTP response to prompt the wallet to show an offer.} 607 % \label{listing:http-contract} 608 % \end{figure} 609 610 % \begin{figure*}[p!] 611 % \lstset{language=HTML5} 612 % \lstinputlisting{figs/taler-contract.html} 613 % \caption{Sample JavaScript code to prompt the wallet to show an offer. 614 % Here, the contract is fetched on-demand from the server. 615 % The {\tt taler\_pay()} function needs to be invoked 616 % when the user triggers the checkout.} 617 % \label{listing:contract} 618 % \end{figure*} 619 \end{frame} 620 621 622 \begin{frame}{Merchant Integration: Contract} 623 % \begin{figure*}[t!] 624 {\tiny 625 \lstset{language=JavaScript} 626 \lstinputlisting{figs/taler-contract.json} 627 % \caption{Minimal Taler contract over a digital article with a value of \EUR{0.10}. The merchant will pay transaction fees up to \EUR{0.01}. The hash over the wire transfer information was truncated to make it fit to the page.} 628 % \label{listing:json-contract} 629 % \end{figure*} 630 } 631 \end{frame} 632 633 634 \begin{frame}{Merchant: Propose contract (EdDSA)} 635 \begin{minipage}{6cm} 636 \begin{enumerate} 637 \item Complete proposal $D$. 638 \item Send $D$, $EdDSA_m(D)$ 639 \end{enumerate} 640 \end{minipage} 641 \begin{minipage}{6cm} 642 \begin{tikzpicture} 643 \tikzstyle{def} = [node distance=2em and 0.5em, inner sep=0em, outer sep=.3em]; 644 \node (cart) [def, draw=none] at (0,0) {\includegraphics[width=0.15\textwidth]{cart.pdf}}; 645 \node (proposal) [def, draw=none, below right=of cart]{\includegraphics[width=0.5\textwidth]{merchant_propose.pdf}}; 646 \node (customer) [node distance=4em and 0.5em, draw, below =of proposal]{Customer}; 647 \tikzstyle{C} = [color=black, line width=1pt]; 648 \node (sign) [def, draw=none, above right=of proposal] {$m$}; 649 \tikzstyle{C} = [color=black, line width=1pt] 650 651 \draw [<-, C] (proposal) -- (sign) node [midway, above, sloped] (TextNode) {}; 652 \draw [<-, C] (proposal) -- (cart) node [midway, above, sloped] (TextNode) {}; 653 \draw [<-, C] (customer) -- (proposal) node [midway, above, sloped] (TextNode) {{\small transmit}}; 654 \end{tikzpicture} 655 \end{minipage} 656 \end{frame} 657 658 659 \begin{frame}{Customer: Spend coin (EdDSA)} 660 \begin{minipage}{6cm} 661 \begin{enumerate} 662 \item Receive proposal $D$, $EdDSA_m(D)$. 663 \item Send $s$, $C$, $EdDSA_c(D)$ 664 \end{enumerate} 665 \end{minipage} 666 \begin{minipage}{6cm} 667 \begin{tikzpicture} 668 \tikzstyle{def} = [node distance=2em and 0.4em, inner sep=0em, outer sep=.3em]; 669 \node (proposal) [def, draw=none] at (0,0) {\includegraphics[width=0.15\textwidth]{merchant_propose.pdf}}; 670 \node (contract) [def, draw=none, below right=of cart]{\includegraphics[width=0.3\textwidth]{contract.pdf}}; 671 \node (c) [def, draw=none, above=of contract] {$c$}; 672 \node (merchant) [node distance=4em and 0.5em, draw, below=of contract]{Merchant}; 673 \node (coin) [def, draw=none, right=of contract]{\includegraphics[width=0.2\textwidth]{coin.pdf}}; 674 \tikzstyle{C} = [color=black, line width=1pt] 675 676 \draw [<-, C] (contract) -- (c) node [midway, above, sloped] (TextNode) {}; 677 \draw [<-, C] (contract) -- (proposal) node [midway, above, sloped] (TextNode) {}; 678 \draw [<-, C] (merchant) -- (contract) node [midway, above, sloped] (TextNode) {{\small transmit}}; 679 \draw [<-, C] (merchant) -- (coin) node [midway, below, sloped] (TextNode) {{\small transmit}}; 680 \end{tikzpicture} 681 \end{minipage} 682 \end{frame} 683 684 685 \begin{frame}{Merchant and Exchange: Verify coin (RSA)} 686 \begin{minipage}{6cm} 687 \begin{equation*} 688 s^e \stackrel{?}{\equiv} m \mod n 689 \end{equation*} 690 \end{minipage} 691 \begin{minipage}{6cm} 692 \begin{minipage}{0.2\textwidth} 693 \includegraphics[width=\textwidth]{coin.pdf} 694 \end{minipage} 695 $\stackrel{?}{\Leftrightarrow}$ 696 \begin{minipage}{0.2\textwidth} 697 \includegraphics[width=\textwidth]{seal.pdf} 698 \end{minipage} 699 \end{minipage} 700 \end{frame} 701 702 703 \begin{frame}{Payment processing with Taler} 704 \begin{center} 705 \includegraphics[height=0.9\textheight]{figs/taler-pay.pdf} 706 \end{center} 707 \end{frame} 708 709 710 \begin{frame}{Giving change} 711 It would be inefficient to pay EUR 100 with 1 cent coins! 712 \begin{itemize} 713 \item Denomination key represents value of a coin. 714 \item Exchange may offer various denominations for coins. 715 \item Wallet may not have exact change! 716 \item Usability requires ability to pay given sufficient total funds. 717 \end{itemize}\pause 718 Key goals: 719 \begin{itemize} 720 \item maintain unlinkability 721 \item maintain taxability of transactions 722 \end{itemize}\pause 723 Method: 724 \begin{itemize} 725 \item Contract can specify to only pay {\em partial value} of a coin. 726 \item Exchange allows wallet to obtain {\em unlinkable change} 727 for remaining coin value. 728 \end{itemize} 729 \end{frame} 730 731 732 \begin{frame}{Refresh protocol} 733 \begin{itemize} 734 \item Customer asks exchange to convert old coin to new coin 735 \item Protocol ensures new coins can be recovered from old coin 736 \item[$\Rightarrow$] New coins are owned by the same entity! 737 \end{itemize} 738 Thus, the refresh protocol (details in paper) allows: 739 \begin{itemize} 740 \item To give unlinkable change. 741 \item To give refunds to an anonymous customer. 742 \item To expire old keys and migrate coins to new ones. 743 \item To handle protocol aborts. 744 \end{itemize} 745 \noindent 746 % \begin{center} 747 % \bf 748 % Transactions via refresh are equivalent to {\em sharing} a wallet. 749 %\end{center} 750 \end{frame} 751 752 753 \section{Competitor analysis} 754 \begin{frame}{Competitor comparison} 755 \begin{center} \small 756 \begin{tabular}{l||c|c|c|c|c} 757 & Cash & Bitcoin & Zerocoin & Creditcard & GNU Taler \\ \hline \hline 758 Online &$-$$-$$-$ & ++ & ++ & + & +++ \\ \hline 759 Offline & +++ & $-$$-$ & $-$$-$ & + & $-$$-$ \\ \hline 760 Trans. cost & + & $-$$-$$-$ & $-$$-$$-$ & $-$ & ++ \\ \hline 761 Speed & + & $-$$-$$-$ & $-$$-$$-$ & o & ++ \\ \hline 762 Taxation & $-$ & $-$$-$ & $-$$-$$-$ & +++ & +++ \\ \hline 763 Payer-anon & ++ & o & ++ & $-$$-$$-$ & +++ \\ \hline 764 Payee-anon & ++ & o & ++ & $-$$-$$-$ & $-$$-$$-$ \\ \hline 765 Security & $-$ & o & o & $-$$-$ & ++ \\ \hline 766 Conversion & +++ & $-$$-$$-$ & $-$$-$$-$ & +++ & +++ \\ \hline 767 Libre & $-$ & +++ & +++ & $-$ $-$ $-$ & +++ \\ 768 \end{tabular} 769 \end{center} 770 \end{frame} 771 772 773 \begin{frame}{How to support?} 774 \begin{itemize} 775 \item Join: \href{https://lists.gnu.org/mailman/listinfo/taler}{taler@gnu.org}, \href{irc://irc.freenode.net/\#taler}{\#taler} 776 \item Coding \& design: \url{https://gnunet.org/bugs/} 777 \item Translation: \url{https://git.taler.net/www.git/tree/locale/fr/LC_MESSAGES/messages.po} 778 \item Integration: \url{https://docs.taler.net/} 779 \item Donations: \url{https://gnunet.org/ev} 780 \item Funding: \url{https://taler.net/en/investors.html} 781 \end{itemize} 782 \vfill 783 \begin{center} 784 {\bf And of course we are looking for banks as partners!} 785 \end{center} 786 \end{frame} 787 788 789 \begin{frame} 790 \frametitle{Team \hfill \& \hfill Advisory Board \hfill} 791 \begin{minipage}{5cm} 792 \begin{description} 793 \item[Leon Schumacher]\ \\ co-founder 794 \item[Dr. Christian Grothoff]\ \\ co-founder 795 \item[Michael Widmer]\ \\ Jurist 796 \item[Dr. Jeff Burdges]\ \\ PostDoc 797 \item[Florian Dold]\ \\ PhD Student 798 \end{description} 799 800 \end{minipage} 801 \begin{minipage}{5.5cm} 802 {\tiny 803 \begin{description} 804 \item[Prof. Mikhail Atallah] \ \\ 805 Cryptographer, co-founder 806 Arxan Technologies Inc. 807 \item[Prof. Roberto Di Cosmo] \ \\ 808 Director IRILL 809 \item[Greg Framke] \ \\ 810 CIO Manulife, \\ 811 former COO Etrade 812 \item[Ante Gulam] \ \\ 813 Global Head of Information Security --- CISO \\ 814 MetaPack Group 815 \item[Dr. Richard Stallman]\ \\ 816 Founder of the \\ \mbox{Free Software movement} 817 \item[Chris Pagett] \ \\ 818 former Group Head Security/ \ \\ 819 Fraud/Geo Risk HSBC 820 \item[Prof. Alex Pentland] \ \\ 821 MIT Media Lab 822 \end{description} 823 } 824 \end{minipage} 825 \vfill 826 \includegraphics[height=0.1\textwidth]{../investors/team-images/leon-schumacher.jpg} \hfill 827 \includegraphics[height=0.1\textwidth]{../investors/team-images/christian-grothoff.jpg}\hfill 828 \includegraphics[height=0.1\textwidth]{../investors/team-images/michael-widmer.jpg}\hfill 829 \includegraphics[height=0.1\textwidth]{../investors/team-images/jeff-burdges.jpg}\hfill 830 \includegraphics[height=0.1\textwidth]{../investors/team-images/florian-dold.jpg}\hfill 831 \includegraphics[height=0.1\textwidth]{../investors/board-images/mja.jpg} \hfill 832 \includegraphics[height=0.1\textwidth]{../investors/board-images/roberto-di-cosmo.jpg} \hfill 833 \includegraphics[height=0.1\textwidth]{../investors/board-images/greg-framke.jpg} \hfill 834 \includegraphics[height=0.1\textwidth]{../investors/board-images/ante-gulam.jpg} \hfill 835 \includegraphics[height=0.1\textwidth]{../investors/board-images/alex-pentland.jpg} 836 %\note{Advisory board still under construction.} 837 \end{frame} 838 839 840 \begin{frame}{Conclusion} 841 \begin{center} 842 {\bf What can we do?} 843 \end{center} 844 \vfill 845 \begin{itemize} 846 \item{Suffer mass-surveillance enabled by credit card oligopolies with high fees, and} 847 \item{Engage in arms race with deliberately unregulatable blockchains, and} 848 \item{Enjoy the ``benefits'' of cash \\ 849 \hfill \includegraphics[height=0.3\textheight]{atm-rupee.jpg} \hfill} 850 \end{itemize} 851 \vfill 852 \begin{center} 853 {\bf OR} 854 \end{center} 855 \vfill 856 \begin{itemize} 857 \item{Establish free software alternative balancing social goals!} 858 \end{itemize} 859 \vfill 860 \end{frame} 861 862 863 \begin{frame} 864 \frametitle{Do you have any questions?} 865 \vfill 866 References: 867 {\tiny 868 \begin{enumerate} 869 \item{Christian Grothoff, Bart Polot and Carlo von Loesch. 870 {\em The Internet is broken: Idealistic Ideas for Building a GNU Network}. 871 {\bf W3C/IAB Workshop on Strengthening the Internet Against Pervasive Monitoring (STRINT)}, 2014.} 872 \item{Jeffrey Burdges, Florian Dold, Christian Grothoff and Marcello Stanisci. 873 {\em Enabling Secure Web Payments with GNU Taler}. 874 {\bf SPACE 2016}.} 875 \item{Florian Dold, Sree Harsha Totakura, Benedikt M\"uller, Jeffrey Burdges and Christian Grothoff. 876 {\em Taler: Taxable Anonymous Libre Electronic Reserves}. 877 Available upon request. 2016.} 878 \item{Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer and Madars Virza. 879 {\em Zerocash: Decentralized Anonymous Payments from Bitcoin}. 880 {\bf IEEE Symposium on Security \& Privacy, 2016}.} 881 \item{David Chaum, Amos Fiat and Moni Naor. 882 {\em Untraceable electronic cash}. 883 {\bf Proceedings on Advances in Cryptology, 1990}.} 884 \item{Phillip Rogaway. 885 {\em The Moral Character of Cryptographic Work}. 886 {\bf Asiacrypt}, 2015.} \label{bib:rogaway} 887 \end{enumerate} 888 } 889 \begin{center} 890 {\bf Let money facilitate trade; but ensure capital serves society.} 891 \end{center} 892 \end{frame} 893 894 895 896 897 \end{document} 898 899 900 901 902 \begin{frame}{Taler {\tt /withdraw/sign}} 903 % Customer withdrawing coins with blind signatures 904 % \bigskip 905 \begin{figure}[th] 906 \begin{minipage}[b]{0.45\linewidth} 907 \begin{center} 908 \begin{tikzpicture}[scale = 0.4, 909 transform shape, 910 msglabel/.style = { text = Black, yshift = .3cm, 911 sloped, midway }, 912 okmsg/.style = { ->, color = MidnightBlue, thick, 913 >=stealth }, 914 rstmsg/.style = { ->, color = BrickRed, thick, 915 >=stealth } 916 ] 917 \node[draw = MidnightBlue, 918 fill = CornflowerBlue, 919 minimum width = .3cm, 920 minimum height = 10cm 921 ] (h1) at (-4, 0) {}; 922 \node[draw = MidnightBlue, 923 fill = CornflowerBlue, 924 minimum width = .3cm, 925 minimum height = 10cm 926 ] (h2) at (4, 0) {}; 927 \node[above = 0cm of h1] {Wallet}; 928 \node[above = 0cm of h2] {Exchange}; 929 930 \path[->, color = MidnightBlue, very thick, >=stealth] 931 (-5, 4.5) edge 932 node[rotate=90, text = Black, yshift = .3cm] {Time} 933 (-5, -4.5); 934 \path[okmsg, dashed] 935 ($(h1.east)+(0, 4.0)+(0, -1.0)$) edge 936 node[msglabel] {SEPA(RK,A)} 937 ($(h2.west)+(0, 3.5)+(0, -1.0)$); 938 \path[okmsg] 939 ($(h1.east)+(0, -1.0)$) edge 940 node[msglabel] {POST {\tt /withdraw/sign} $S_{RK}(DK, B_b(C))$} 941 ($(h2.west)+(0, -1.5)$); 942 \path[okmsg] 943 ($(h2.west)+(0, -2.0)$) edge 944 node[msglabel] {200 OK: $S_{DK}(B_b(C))$)} 945 ($(h1.east)+(0, -2.5)$); 946 \path[rstmsg] 947 ($(h2.west)+(0, -3.5)$) edge 948 node[msglabel] {402 PAYMENT REQUIRED: $S_{RK}(DK, B_b(C))$)} 949 ($(h1.east)+(0, -4)$); 950 \node at (5.3, 0) {}; 951 \end{tikzpicture} 952 \end{center} 953 Result: $\langle c, S_{DK}(C) \rangle$. 954 \end{minipage} 955 \hspace{0.5cm} 956 \begin{minipage}[b]{0.45\linewidth} 957 \tiny 958 \begin{description} 959 \item[$A$] Some amount, $A \ge A_{DK}$ 960 \item[$RK$] Reserve key 961 \item[$DK$] Denomination key 962 \item[$b$] Blinding factor 963 \item[$B_b()$] RSA-FDH blinding % DK supressed 964 \item[$C$] Coin public key $C := cG$ 965 \item[$S_{RK}()$] EdDSA signature 966 \item[$S_{DK}()$] RSA-FDH signature 967 \end{description} 968 \end{minipage} 969 \end{figure} 970 \end{frame} 971 972 973 \begin{frame}[t]{Taler {\tt /deposit}} 974 Merchant and exchange see only the public coin $\langle C, S_{DK}(C) \rangle$. 975 \bigskip 976 \begin{figure}[th] 977 \begin{minipage}[b]{0.45\linewidth} 978 \begin{center} 979 \begin{tikzpicture}[scale = 0.4, 980 transform shape, 981 msglabel/.style = { text = Black, yshift = .3cm, 982 sloped, midway }, 983 okmsg/.style = { ->, color = MidnightBlue, thick, 984 >=stealth }, 985 rstmsg/.style = { ->, color = BrickRed, thick, 986 >=stealth } 987 ] 988 \node[draw = MidnightBlue, 989 fill = CornflowerBlue, 990 minimum width = .3cm, 991 minimum height = 10cm 992 ] (h1) at (-4, 0) {}; 993 \node[draw = MidnightBlue, 994 fill = CornflowerBlue, 995 minimum width = .3cm, 996 minimum height = 10cm 997 ] (h2) at (4, 0) {}; 998 \node[above = 0cm of h1] {Merchant}; 999 \node[above = 0cm of h2] {Exchange}; 1000 1001 \path[->, color = MidnightBlue, very thick, >=stealth] 1002 (-5, 4.5) edge 1003 node[rotate=90, text = Black, yshift = .3cm] {Time} 1004 (-5, -4.5); 1005 \path[->, color = MidnightBlue, thick, >=stealth] 1006 ($(h1.east)+(0,3)$) edge 1007 node[text = Black, yshift = .3cm, sloped] {POST {\tt /deposit} $S_{DK}(C), S_{c}(D)$} 1008 ($(h2.west)+(0,2)$); 1009 \path[->, color = MidnightBlue, thick, >=stealth] 1010 ($(h2.west)+(0,0.5)$) edge 1011 node[text = Black, yshift = .3cm, sloped] {200 OK: $S_{SK}(S_{c}(D))$} 1012 ($(h1.east)+(0,-0.5)$); 1013 \path[rstmsg] 1014 ($(h2.west)+(0, -2.5)$) edge 1015 node[msglabel] {409 CONFLICT: $S_{c}(D')$} 1016 ($(h1.east)+(0, -3.5)$); 1017 \node at (5.3, 0) {}; 1018 \end{tikzpicture} 1019 \end{center} 1020 \end{minipage} 1021 \hspace{0.5cm} 1022 \begin{minipage}[b]{0.45\linewidth} 1023 \tiny 1024 \begin{description} 1025 \item[$DK$] Denomination key 1026 \item[$S_{DK}()$] RSA-FDH signature using $DK$ 1027 \item[$c$] Private coin key, $C := cG$. 1028 \item[$S_{C}()$] EdDSA signature using $c$ 1029 \item[$D$] Deposit details 1030 \item[$SK$] Exchange's signing key 1031 \item[$S_{SK}()$] EdDSA signature using $SK$ 1032 \item[$D'$] Conficting deposit details $D' \not= D$ 1033 \end{description} 1034 \end{minipage} 1035 \end{figure} 1036 \end{frame} 1037 1038 1039 \begin{frame}{Taler {\tt /refresh/melt}} 1040 \begin{figure}[th] 1041 \begin{minipage}[b]{0.45\linewidth} 1042 \begin{center} 1043 \begin{tikzpicture}[scale = 0.4, 1044 transform shape, 1045 msglabel/.style = { text = Black, yshift = .3cm, 1046 sloped, midway }, 1047 okmsg/.style = { ->, color = MidnightBlue, thick, 1048 >=stealth }, 1049 rstmsg/.style = { ->, color = BrickRed, thick, 1050 >=stealth } 1051 ] 1052 \node[draw = MidnightBlue, 1053 fill = CornflowerBlue, 1054 minimum width = .3cm, 1055 minimum height = 10cm 1056 ] (h1) at (-4, 0) {}; 1057 \node[draw = MidnightBlue, 1058 fill = CornflowerBlue, 1059 minimum width = .3cm, 1060 minimum height = 10cm 1061 ] (h2) at (4, 0) {}; 1062 \node[above = 0cm of h1] {Customer}; 1063 \node[above = 0cm of h2] {Exchange}; 1064 1065 \path[->, color = MidnightBlue, very thick, >=stealth] 1066 (-5, 4.5) edge 1067 node[rotate=90, text = Black, yshift = .3cm] {Time} 1068 (-5, -4.5); 1069 \path[->, color = MidnightBlue, thick, >=stealth] 1070 ($(h1.east)+(0,3)$) edge 1071 node[text = Black, yshift = .3cm, sloped] {POST {\tt /refresh/melt} $S_{DK}(C), S_c({\cal DK}, {\cal T},{\cal B})$} 1072 ($(h2.west)+(0,2)$); 1073 \path[->, color = MidnightBlue, thick, >=stealth] 1074 ($(h2.west)+(0,0.5)$) edge 1075 node[text = Black, yshift = .3cm, sloped] {200 OK: $S_{SK}(H({\cal T}, {\cal B}),\gamma)$} 1076 ($(h1.east)+(0,-0.5)$); 1077 \path[rstmsg] 1078 ($(h2.west)+(0, -2.5)$) edge 1079 node[msglabel] {409 CONFLICT: $S_{C}(X), \ldots$} 1080 ($(h1.east)+(0, -3.5)$); 1081 \node at (5.3, 0) {}; 1082 \end{tikzpicture} 1083 \end{center} 1084 \end{minipage} 1085 \hspace{0.5cm} 1086 \begin{minipage}[b]{0.45\linewidth} 1087 \tiny 1088 \begin{description} 1089 \item[$\kappa$] System-wide security parameter, usually 3. 1090 \\ \smallskip 1091 \item[$\cal DK$] $:= [DK^{(i)}]_i$ \\ List of denomination keys \\ 1092 $D + \sum_i A_{DK^{(i)}} < A_{DK}$ 1093 \item[$t_j$] Random scalar for $j<\kappa$ 1094 \item[${\cal T}$] $:= [T_j]_\kappa$ where $T_j = t_j G$ 1095 \item[$k_j$] $:= c T_j = t_j C$ is an ECDHE 1096 \item[$b_j^{(i)}$] $:= KDF_b(k_j,i)$ % blinding factor 1097 \item[$c_j^{(i)}$] $:= KDF_c(k_j,i)$ % coin secret keys 1098 \item[$C_j^{(i)}$] $: = c_j^{(i)} G$ % new coin publics % keys 1099 \item[${\cal B}$] $:= [H( \beta_j )]_\kappa$ where \\ 1100 $\beta_j := \left[ B_{b_j^{(i)}}(C_j^{(i)}) \right]_i$ 1101 \\ \smallskip 1102 \item[$\gamma$] Random value in $[0,\kappa)$ 1103 % \\ \smallskip 1104 % \item[$X$] Deposit or refresh 1105 \end{description} 1106 \end{minipage} 1107 \end{figure} 1108 \end{frame} 1109 1110 1111 \begin{frame}{Taler {\tt /refresh/reveal}} 1112 \begin{figure}[th] 1113 \begin{minipage}[b]{0.45\linewidth} 1114 \begin{center} 1115 \begin{tikzpicture}[scale = 0.4, 1116 transform shape, 1117 msglabel/.style = { text = Black, yshift = .3cm, 1118 sloped, midway }, 1119 okmsg/.style = { ->, color = MidnightBlue, thick, 1120 >=stealth }, 1121 rstmsg/.style = { ->, color = BrickRed, thick, 1122 >=stealth } 1123 ] 1124 \node[draw = MidnightBlue, 1125 fill = CornflowerBlue, 1126 minimum width = .3cm, 1127 minimum height = 10cm 1128 ] (h1) at (-4, 0) {}; 1129 \node[draw = MidnightBlue, 1130 fill = CornflowerBlue, 1131 minimum width = .3cm, 1132 minimum height = 10cm 1133 ] (h2) at (4, 0) {}; 1134 \node[above = 0cm of h1] {Customer}; 1135 \node[above = 0cm of h2] {Exchange}; 1136 1137 \path[->, color = MidnightBlue, very thick, >=stealth] 1138 (-5, 4.5) edge 1139 node[rotate=90, text = Black, yshift = .3cm] {Time} 1140 (-5, -4.5); 1141 \path[->, color = MidnightBlue, thick, >=stealth] 1142 ($(h1.east)+(0,3)$) edge 1143 node[text = Black, yshift = .3cm, sloped] {POST {\tt /refresh/reveal} $H({\cal T}, {\cal B}), {\tilde{\cal T}}, \beta_\gamma$} 1144 ($(h2.west)+(0,2)$); 1145 \path[->, color = MidnightBlue, thick, >=stealth] 1146 ($(h2.west)+(0,0.5)$) edge 1147 node[text = Black, yshift = .3cm, sloped] {200 OK: $\cal S$} 1148 ($(h1.east)+(0,-0.5)$); 1149 \path[rstmsg] 1150 ($(h2.west)+(0, -2.5)$) edge 1151 node[msglabel] {400 BAD REQUEST: $Z$} 1152 ($(h1.east)+(0, -3.5)$); 1153 \node at (5.3, 0) {}; 1154 \end{tikzpicture} 1155 \end{center} 1156 \end{minipage} 1157 \hspace{0.5cm} 1158 \begin{minipage}[b]{0.45\linewidth} 1159 \tiny 1160 \begin{description} 1161 \item[$\cal DK$] $:= [DK^{(i)}]_i$ 1162 \item[$t_j$] .. \\ \smallskip 1163 1164 \item[$\tilde{\cal T}$] $:= [t_j | j \in \kappa, j \neq \gamma]$ \\ \smallskip 1165 1166 \item[$k_\gamma$] $:= c T_\gamma = t_\gamma C$ 1167 \item[$b_\gamma^{(i)}$] $:= KDF_b(k_\gamma,i)$ 1168 \item[$c_\gamma^{(i)}$] $:= KDF_c(k_\gamma,i)$ 1169 \item[$C_\gamma^{(i)}$] $: = c_\gamma^{(i)} G$ 1170 1171 \item[$B_\gamma^{(i)}$] $:= B_{b_\gamma^{(i)}}(C_\gamma^{(i)})$ 1172 \item[$\beta_\gamma$] $:= \big[ B_\gamma^{(i)} \big]_i$ 1173 \item[$\cal S$] $:= \left[ S_{DK^{(i)}}( B_\gamma^{(i)} ) \right]_i$ \\ \smallskip 1174 1175 \item[$Z$] Cut-and-choose missmatch information 1176 \end{description} 1177 \end{minipage} 1178 \end{figure} 1179 \end{frame} 1180 1181 1182 \begin{frame}{Taler {\tt /refresh/link}} 1183 \begin{figure}[th] 1184 \begin{minipage}[b]{0.45\linewidth} 1185 \begin{center} 1186 \begin{tikzpicture}[scale = 0.4, 1187 transform shape, 1188 msglabel/.style = { text = Black, yshift = .3cm, 1189 sloped, midway }, 1190 okmsg/.style = { ->, color = MidnightBlue, thick, 1191 >=stealth }, 1192 rstmsg/.style = { ->, color = BrickRed, thick, 1193 >=stealth } 1194 ] 1195 \node[draw = MidnightBlue, 1196 fill = CornflowerBlue, 1197 minimum width = .3cm, 1198 minimum height = 10cm 1199 ] (h1) at (-4, 0) {}; 1200 \node[draw = MidnightBlue, 1201 fill = CornflowerBlue, 1202 minimum width = .3cm, 1203 minimum height = 10cm 1204 ] (h2) at (4, 0) {}; 1205 \node[above = 0cm of h1] {Customer}; 1206 \node[above = 0cm of h2] {Exchagne}; 1207 1208 \path[->, color = MidnightBlue, very thick, >=stealth] 1209 (-5, 4.5) edge 1210 node[rotate=90, text = Black, yshift = .3cm] {Time} 1211 (-5, -4.5); 1212 \path[->, color = MidnightBlue, thick, >=stealth] 1213 ($(h1.east)+(0,3)$) edge 1214 node[text = Black, yshift = .3cm, sloped] {POST {\tt /refresh/link} $C$} 1215 ($(h2.west)+(0,2)$); 1216 \path[->, color = MidnightBlue, thick, >=stealth] 1217 ($(h2.west)+(0,0.5)$) edge 1218 node[text = Black, yshift = .3cm, sloped] {200 OK: $T_\gamma$} 1219 ($(h1.east)+(0,-0.5)$); 1220 \path[rstmsg] 1221 ($(h2.west)+(0, -2.5)$) edge 1222 node[msglabel] {404 NOT FOUND} 1223 ($(h1.east)+(0, -3.5)$); 1224 \node at (5.3, 0) {}; 1225 \end{tikzpicture} 1226 \end{center} 1227 \end{minipage} 1228 \hspace{0.5cm} 1229 \begin{minipage}[b]{0.45\linewidth} 1230 \tiny 1231 \begin{description} 1232 \item[$C$] Old coind public key \\ \smallskip 1233 \item[$T_\gamma$] Linkage data $\cal L$ at $\gamma$ 1234 \end{description} 1235 \end{minipage} 1236 \end{figure} 1237 \end{frame} 1238 1239 1240 \begin{frame}{Operational security} 1241 \begin{center} 1242 \resizebox{\textwidth}{!}{ 1243 \begin{tikzpicture}[ 1244 font=\sffamily, 1245 every matrix/.style={ampersand replacement=\&,column sep=2cm,row sep=2cm}, 1246 source/.style={draw,thick,rounded corners,fill=green!20,inner sep=.3cm}, 1247 process/.style={draw,thick,circle,fill=blue!20}, 1248 sink/.style={source,fill=green!20}, 1249 datastore/.style={draw,very thick,shape=datastore,inner sep=.3cm}, 1250 dots/.style={gray,scale=2}, 1251 to/.style={->,>=stealth',shorten >=1pt,semithick,font=\sffamily\footnotesize}, 1252 every node/.style={align=center}] 1253 1254 % Position the nodes using a matrix layout 1255 \matrix{ 1256 \node[source] (wallet) {Wallet}; 1257 \& \node[process] (browser) {Browser}; 1258 \& \node[process] (shop) {Web shop}; 1259 \& \node[sink] (backend) {Taler backend}; \\ 1260 }; 1261 1262 % Draw the arrows between the nodes and label them. 1263 \draw[to] (browser) to[bend right=50] node[midway,above] {(4) signed contract} 1264 node[midway,below] {(signal)} (wallet); 1265 \draw[to] (wallet) to[bend right=50] node[midway,above] {(signal)} 1266 node[midway,below] {(5) signed coins} (browser); 1267 \draw[<->] (browser) -- node[midway,above] {(3,6) custom} 1268 node[midway,below] {(HTTPS)} (shop); 1269 \draw[to] (shop) to[bend right=50] node[midway,above] {(HTTPS)} 1270 node[midway,below] {(1) proposed contract / (7) signed coins} (backend); 1271 \draw[to] (backend) to[bend right=50] node[midway,above] {(2) signed contract / (8) confirmation} 1272 node[midway,below] {(HTTPS)} (shop); 1273 \end{tikzpicture} 1274 } 1275 \end{center} 1276 \end{frame} 1277 \begin{frame}{Diffie-Hellman (ECDH)} 1278 \begin{minipage}{8cm} 1279 \begin{enumerate} 1280 \item Create private keys $c,t \mod o$ 1281 \item Define $C = cG$ 1282 \item Define $T = tG$ 1283 \item Compute DH \\ $cT = c(tG) = t(cG) = tC$ 1284 \end{enumerate} 1285 \end{minipage} 1286 \begin{minipage}{6cm} 1287 \begin{tikzpicture} 1288 \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em]; 1289 \node (t) [def, draw=none] at (0,0) {$t$}; 1290 \node (ct) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{dh.pdf}}; 1291 \node (c) [def, draw=none, above left= of ct] {$c$}; 1292 \tikzstyle{C} = [color=black, line width=1pt] 1293 1294 \draw [<-, C] (ct) -- (c) node [midway, above, sloped] (TextNode) {}; 1295 \draw [<-, C] (ct) -- (t) node [midway, above, sloped] (TextNode) {}; 1296 \end{tikzpicture} 1297 \end{minipage} 1298 \end{frame} 1299 1300 1301 \begin{frame}{Strawman solution} 1302 \begin{minipage}{8cm} 1303 Given partially spent private coin key $c_{old}$: 1304 \begin{enumerate} 1305 % \item Let $C_{old} := c_{old}G$ (as before) 1306 \item Pick random $c_{new} \mod o$ private key 1307 \item $C_{new} = c_{new}G$ public key 1308 \item Pick random $b_{new}$ 1309 \item Compute $f_{new} := FDH(C_{new})$, $m < n$. 1310 \item Transmit $f'_{new} := f_{new} b_{new}^e \mod n$ 1311 \end{enumerate} 1312 ... and sign request for change with $c_{old}$. 1313 \end{minipage} 1314 \begin{minipage}{4cm} 1315 \begin{tikzpicture} 1316 \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; 1317 \node (blinded) [def, draw=none]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; 1318 \node (planchet) [def, draw=none, above left= of blinded] {\includegraphics[width=0.15\textwidth]{planchet.pdf}}; 1319 \node (cnew) [def, draw=none, above= of planchet] {$c_{new}$}; 1320 \node (bnew) [def, draw=none, above right= of blinded] {$b_{new}$}; 1321 \node (dice1) [def, draw=none, above = of cnew]{\includegraphics[width=0.2\textwidth]{dice.pdf}}; 1322 \node (dice2) [def, draw=none, above = of bnew]{\includegraphics[width=0.2\textwidth]{dice.pdf}}; 1323 \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange}; 1324 1325 \tikzstyle{C} = [color=black, line width=1pt] 1326 1327 \draw [<-, C] (cnew) -- (dice1) node [midway, above, sloped] (TextNode) {}; 1328 \draw [<-, C] (planchet) -- (cnew) node [midway, above, sloped] (TextNode) {}; 1329 \draw [<-, C] (bnew) -- (dice2) node [midway, above, sloped] (TextNode) {}; 1330 \draw [<-, C] (blinded) -- (planchet) node [midway, above, sloped] (TextNode) {}; 1331 \draw [<-, C] (blinded) -- (bnew) node [midway, above, sloped] (TextNode) {}; 1332 \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}}; 1333 \end{tikzpicture} 1334 \end{minipage} 1335 \pause 1336 \vfill 1337 {\bf Problem: Owner of $c_{new}$ may differ from owner of $c_{old}$!} 1338 \end{frame} 1339 1340 1341 \begin{frame}{Customer: Transfer key setup (ECDH)} 1342 \begin{minipage}{8cm} 1343 Given partially spent private coin key $c_{old}$: 1344 \begin{enumerate} 1345 \item Let $C_{old} := c_{old}G$ (as before) 1346 \item Create random private transfer key $t \mod o$ 1347 \item Compute $T := tG$ 1348 \item Compute $X := c_{old}(tG) = t(c_{old}G) = tC_{old}$ 1349 \item Derive $c_{new}$ and $b_{new}$ from $X$ 1350 \item Compute $C_{new} := c_{new}G$ 1351 \item Compute $f_{new} := FDH(C_{new})$ 1352 \item Transmit $f_{new}' := f_{new} b_{new}^e$ 1353 \end{enumerate} 1354 \end{minipage} 1355 \begin{minipage}{4cm} 1356 \begin{tikzpicture} 1357 \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; 1358 \node (t) [def, draw=none] at (0,0) {$t$}; 1359 \node (dice) [def, draw=none, above = of t]{\includegraphics[width=0.2\textwidth]{dice.pdf}}; 1360 \node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; 1361 \node (d) [def, draw=none, above left= of dh] {$c_{old}$}; 1362 \node (cp) [def, draw=none, below left= of dh] {$c_{new}$}; 1363 \node (bp) [def, draw=none, below right= of dh] {$b_{new}$}; 1364 \node (blinded) [def, draw=none, below right=of cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; 1365 \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange}; 1366 1367 \tikzstyle{C} = [color=black, line width=1pt] 1368 1369 \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {}; 1370 \draw [<-, C] (dh) -- (t) node [midway, above, sloped] (TextNode) {}; 1371 \draw [<-, C] (t) -- (dice) node [midway, above, sloped] (TextNode) {}; 1372 \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; 1373 \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; 1374 \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {}; 1375 \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {}; 1376 \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}}; 1377 \end{tikzpicture} 1378 \end{minipage} 1379 \end{frame} 1380 1381 1382 \begin{frame}{Cut-and-Choose} 1383 \begin{minipage}{4cm} 1384 \begin{tikzpicture} 1385 \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; 1386 \node (t) [def, draw=none] at (0,0) {$t_1$}; 1387 \node (dice) [def, draw=none, above = of t]{\includegraphics[width=0.2\textwidth]{dice.pdf}}; 1388 \node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; 1389 \node (d) [def, draw=none, above left= of dh] {$c_{old}$}; 1390 \node (cp) [def, draw=none, below left= of dh] {$c_{new,1}$}; 1391 \node (bp) [def, draw=none, below right= of dh] {$b_{new,1}$}; 1392 \node (blinded) [def, draw=none, below right=of cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; 1393 \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange}; 1394 1395 \tikzstyle{C} = [color=black, line width=1pt] 1396 1397 \draw [<-, C] (t) -- (dice) node [midway, above, sloped] (TextNode) {}; 1398 \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {}; 1399 \draw [<-, C] (dh) -- (t) node [midway, above, sloped] (TextNode) {}; 1400 \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; 1401 \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; 1402 \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {}; 1403 \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {}; 1404 \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}}; 1405 \end{tikzpicture} 1406 \end{minipage} 1407 \begin{minipage}{4cm} 1408 \begin{tikzpicture} 1409 \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; 1410 \node (t) [def, draw=none] at (0,0) {$t_2$}; 1411 \node (dice) [def, draw=none, above = of t]{\includegraphics[width=0.2\textwidth]{dice.pdf}}; 1412 \node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; 1413 \node (d) [def, draw=none, above left= of dh] {$c_{old}$}; 1414 \node (cp) [def, draw=none, below left= of dh] {$c_{new,2}$}; 1415 \node (bp) [def, draw=none, below right= of dh] {$b_{new,2}$}; 1416 \node (blinded) [def, draw=none, below right=of cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; 1417 \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange}; 1418 1419 \tikzstyle{C} = [color=black, line width=1pt] 1420 1421 \draw [<-, C] (t) -- (dice) node [midway, above, sloped] (TextNode) {}; 1422 \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {}; 1423 \draw [<-, C] (dh) -- (t) node [midway, above, sloped] (TextNode) {}; 1424 \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; 1425 \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; 1426 \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {}; 1427 \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {}; 1428 \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}}; 1429 \end{tikzpicture} 1430 \end{minipage} 1431 \begin{minipage}{4cm} 1432 \begin{tikzpicture} 1433 \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; 1434 \node (t) [def, draw=none] at (0,0) {$t_3$}; 1435 \node (dice) [def, draw=none, above = of t]{\includegraphics[width=0.2\textwidth]{dice.pdf}}; 1436 \node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; 1437 \node (d) [def, draw=none, above left= of dh] {$c_{old}$}; 1438 \node (cp) [def, draw=none, below left= of dh] {$c_{new,3}$}; 1439 \node (bp) [def, draw=none, below right= of dh] {$b_{new,3}$}; 1440 \node (blinded) [def, draw=none, below right=of cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; 1441 \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange}; 1442 1443 \tikzstyle{C} = [color=black, line width=1pt] 1444 1445 \draw [<-, C] (t) -- (dice) node [midway, above, sloped] (TextNode) {}; 1446 \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {}; 1447 \draw [<-, C] (dh) -- (t) node [midway, above, sloped] (TextNode) {}; 1448 \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; 1449 \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; 1450 \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {}; 1451 \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {}; 1452 \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}}; 1453 \end{tikzpicture} 1454 \end{minipage} 1455 \end{frame} 1456 1457 1458 \begin{frame}{Exchange: Choose!} 1459 \begin{center} 1460 \item Exchange sends back random $\gamma \in \{ 1, 2, 3 \}$ to the customer. 1461 \end{center} 1462 \end{frame} 1463 1464 1465 \begin{frame}{Customer: Reveal} 1466 \begin{enumerate} 1467 \item If $\gamma = 1$, send $t_2$, $t_3$ to exchange 1468 \item If $\gamma = 2$, send $t_1$, $t_3$ to exchange 1469 \item If $\gamma = 3$, send $t_1$, $t_2$ to exchange 1470 \end{enumerate} 1471 \end{frame} 1472 1473 1474 \begin{frame}{Exchange: Verify ($\gamma = 2$)} 1475 \begin{minipage}{4cm} 1476 \begin{tikzpicture} 1477 \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; 1478 \node (h) [def, draw=none] at (0,0) {$t_1$}; 1479 \node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; 1480 \node (d) [def, draw=none, above left= of dh] {$C_{old}$}; 1481 \node (cp) [def, draw=none, below left= of dh] {$c_{new,1}$}; 1482 \node (bp) [def, draw=none, below right= of dh] {$b_{new,1}$}; 1483 \node (blinded) [def, draw=none, below right=of cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; 1484 1485 \tikzstyle{C} = [color=black, line width=1pt] 1486 1487 \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {}; 1488 \draw [<-, C] (dh) -- (h) node [midway, above, sloped] (TextNode) {}; 1489 \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; 1490 \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; 1491 \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {}; 1492 \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {}; 1493 \end{tikzpicture} 1494 \end{minipage} 1495 \begin{minipage}{4cm} 1496 \ 1497 \end{minipage} 1498 \begin{minipage}{4cm} 1499 \begin{tikzpicture} 1500 \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; 1501 \node (h) [def, draw=none] at (0,0) {$t_3$}; 1502 \node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; 1503 \node (d) [def, draw=none, above left= of dh] {$C_{old}$}; 1504 \node (cp) [def, draw=none, below left= of dh] {$c_{new,3}$}; 1505 \node (bp) [def, draw=none, below right= of dh] {$b_{new,3}$}; 1506 \node (blinded) [def, draw=none, below right=of cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; 1507 1508 \tikzstyle{C} = [color=black, line width=1pt] 1509 1510 \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {}; 1511 \draw [<-, C] (dh) -- (h) node [midway, above, sloped] (TextNode) {}; 1512 \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; 1513 \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; 1514 \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {}; 1515 \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {}; 1516 \end{tikzpicture} 1517 \end{minipage} 1518 \end{frame} 1519 1520 1521 \begin{frame}{Exchange: Blind sign change (RSA)} 1522 \begin{minipage}{6cm} 1523 \begin{enumerate} 1524 \item Take $f_{new,\gamma}'$. 1525 \item Compute $s' := f_{new,\gamma}'^d \mod n$. 1526 \item Send signature $s'$. 1527 \end{enumerate} 1528 \end{minipage} 1529 \begin{minipage}{6cm} 1530 \begin{tikzpicture} 1531 \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em]; 1532 \node (hammer) [def, draw=none] at (0,0) {\includegraphics[width=0.15\textwidth]{hammer.pdf}}; 1533 \node (signed) [def, draw=none, below left=of hammer]{\includegraphics[width=0.2\textwidth]{sign.pdf}}; 1534 \node (blinded) [def, draw=none, above left=of signed]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; 1535 \node (customer) [node distance=4em and 0.5em, draw, below =of signed]{Customer}; 1536 \tikzstyle{C} = [color=black, line width=1pt] 1537 1538 \draw [<-, C] (signed) -- (hammer) node [midway, above, sloped] (TextNode) {}; 1539 \draw [<-, C] (signed) -- (blinded) node [midway, above, sloped] (TextNode) {}; 1540 \draw [<-, C] (customer) -- (signed) node [midway, above, sloped] (TextNode) {{\small transmit}}; 1541 \end{tikzpicture} 1542 \end{minipage} 1543 \end{frame} 1544 1545 1546 \begin{frame}{Customer: Unblind change (RSA)} 1547 \begin{minipage}{6cm} 1548 \begin{enumerate} 1549 \item Receive $s'$. 1550 \item Compute $s := s' b_{new,\gamma}^{-1} \mod n$. 1551 \end{enumerate} 1552 \end{minipage} 1553 \begin{minipage}{6cm} 1554 \begin{tikzpicture} 1555 \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em]; 1556 \node (b) [def, draw=none] at (0,0) {$b_{new,\gamma}$}; 1557 \node (coin) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{coin.pdf}}; 1558 \node (signed) [def, draw=none, above left=of coin]{\includegraphics[width=0.15\textwidth]{sign.pdf}}; 1559 \tikzstyle{C} = [color=black, line width=1pt] 1560 1561 \draw [<-, C] (coin) -- (b) node [midway, above, sloped] (TextNode) {}; 1562 \draw [<-, C] (coin) -- (signed) node [midway, above, sloped] (TextNode) {}; 1563 \end{tikzpicture} 1564 \end{minipage} 1565 \end{frame} 1566 1567 1568 \begin{frame}{Exchange: Allow linking change} 1569 \begin{minipage}{7cm} 1570 \begin{center} 1571 Given $C_{old}$ 1572 1573 \vspace{1cm} 1574 1575 return $T_\gamma$, $s := s' b_{new,\gamma}^{-1} \mod n$. 1576 \end{center} 1577 \end{minipage} 1578 \begin{minipage}{5cm} 1579 \begin{tikzpicture} 1580 \tikzstyle{def} = [node distance= 3em and 0.5em, inner sep=0.5em, outer sep=.3em]; 1581 \node (co) [def, draw=none] at (0,0) {$C_{old}$}; 1582 \node (T) [def, draw=none, below left=of co]{$T_\gamma$}; 1583 \node (sign) [def, draw=none, below right=of co]{\includegraphics[width=0.15\textwidth]{sign.pdf}}; 1584 \node (customer) [def, draw, below right=of T] {Customer}; 1585 1586 \tikzstyle{C} = [color=black, line width=1pt] 1587 1588 \draw [<-, C] (T) -- (co) node [midway, above, sloped] (TextNode) {}; 1589 \draw [<-, C] (sign) -- (co) node [midway, above, sloped] (TextNode) {}; 1590 \draw [<-, C] (customer) -- (T) node [midway, above, sloped] (TextNode) {link}; 1591 \draw [<-, C] (customer) -- (sign) node [midway, above, sloped] (TextNode) {link}; 1592 \end{tikzpicture} 1593 \end{minipage} 1594 \end{frame} 1595 1596 1597 \begin{frame}{Customer: Link (threat!)} 1598 \begin{minipage}{6.3cm} 1599 \begin{enumerate} 1600 \item Have $c_{old}$. 1601 \item Obtain $T_\gamma$, $s$ from exchange 1602 \item Compute $X_\gamma = c_{old}T_\gamma$ 1603 \item Derive $c_{new,\gamma}$ and $b_{new,\gamma}$ from $X_\gamma$ 1604 \item Unblind $s := s' b_{new,\gamma}^{-1} \mod n$ 1605 \end{enumerate} 1606 1607 \end{minipage} 1608 \begin{minipage}{5.7cm} 1609 \begin{tikzpicture} 1610 \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; 1611 \node (T) [def, draw=none] at (0,0) {$T_\gamma$}; 1612 \node (exchange) [def, inner sep=0.5em, draw, above left=of T] {Exchange}; 1613 \node (signed) [def, draw=none, below left=of T]{\includegraphics[width=0.15\textwidth]{sign.pdf}}; 1614 \node (dh) [def, draw=none, below right=of T]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; 1615 \node (bp) [def, draw=none, below left= of dh] {$b_{new,\gamma}$}; 1616 \node (co) [def, draw=none, above right= of dh] {$c_{old}$}; 1617 \node (cp) [def, draw=none, below= of dh] {$c_{new,\gamma}$}; 1618 \node (coin) [def, draw=none, below left = of bp]{\includegraphics[width=0.2\textwidth]{coin.pdf}}; 1619 \node (psign) [def, node distance=2.5em and 0em, draw=none, below = of cp]{\includegraphics[width=0.2\textwidth]{planchet-sign.pdf}}; 1620 1621 \tikzstyle{C} = [color=black, line width=1pt] 1622 1623 \draw [<-, C] (dh) -- (co) node [midway, above, sloped] (TextNode) {}; 1624 \draw [<-, C] (dh) -- (T) node [midway, above, sloped] (TextNode) {}; 1625 \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; 1626 \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; 1627 \draw [<-, C] (coin) -- (signed) node [midway, above, sloped] (TextNode) {}; 1628 \draw [<-, C] (coin) -- (bp) node [midway, above, sloped] (TextNode) {}; 1629 \draw [<-, C] (T) -- (exchange) node [midway, above, sloped] (TextNode) {link}; 1630 \draw [<-, C] (signed) -- (exchange) node [midway, below, sloped] (TextNode) {link}; 1631 \draw [<-, C, double] (psign) -- (cp) node [midway, below, sloped] (TextNode) {}; 1632 \end{tikzpicture} 1633 \end{minipage} 1634 \end{frame}