2019-of.tex (58031B)
1 \pdfminorversion=3 2 \documentclass[fleqn,xcolor={usenames,dvipsnames}]{beamer} 3 \usepackage{amsmath} 4 \usepackage{multimedia} 5 \usepackage[utf8]{inputenc} 6 \usepackage{framed,color,ragged2e} 7 \usepackage[absolute,overlay]{textpos} 8 \definecolor{shadecolor}{rgb}{0.8,0.8,0.8} 9 \usetheme{boxes} 10 \setbeamertemplate{navigation symbols}{} 11 \usepackage{xcolor} 12 \usepackage{tikz,eurosym} 13 \usepackage[normalem]{ulem} 14 \usepackage{listings} 15 16 % CSS 17 \lstdefinelanguage{CSS}{ 18 basicstyle=\ttfamily\scriptsize, 19 keywords={color,background-image:,margin,padding,font,weight,display,position,top,left,right,bottom,list,style,border,size,white,space,min,width, transition:, transform:, transition-property, transition-duration, transition-timing-function}, 20 sensitive=true, 21 morecomment=[l]{//}, 22 morecomment=[s]{/*}{*/}, 23 morestring=[b]', 24 morestring=[b]", 25 alsoletter={:}, 26 alsodigit={-} 27 } 28 29 % JavaScript 30 \lstdefinelanguage{JavaScript}{ 31 basicstyle=\ttfamily\scriptsize, 32 morekeywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break}, 33 morecomment=[s]{/*}{*/}, 34 morecomment=[l]//, 35 morestring=[b]", 36 morestring=[b]' 37 } 38 39 \lstdefinelanguage{HTML5}{ 40 basicstyle=\ttfamily\scriptsize, 41 language=html, 42 sensitive=true, 43 alsoletter={<>=-}, 44 morecomment=[s]{<!-}{-->}, 45 tag=[s], 46 otherkeywords={ 47 % General 48 >, 49 % Standard tags 50 <!DOCTYPE, 51 </html, <html, <head, <title, </title, <style, </style, <link, </head, <meta, />, 52 % body 53 </body, <body, 54 % Divs 55 </div, <div, </div>, 56 % Paragraphs 57 </p, <p, </p>, 58 % scripts 59 </script, <script, 60 % More tags... 61 <canvas, /canvas>, <svg, <rect, <animateTransform, </rect>, </svg>, <video, <source, <iframe, </iframe>, </video>, <image, </image> 62 }, 63 ndkeywords={ 64 % General 65 =, 66 % HTML attributes 67 charset=, src=, id=, width=, height=, style=, type=, rel=, href=, 68 % SVG attributes 69 fill=, attributeName=, begin=, dur=, from=, to=, poster=, controls=, x=, y=, repeatCount=, xlink:href=, 70 % CSS properties 71 margin:, padding:, background-image:, border:, top:, left:, position:, width:, height:, 72 % CSS3 properties 73 transform:, -moz-transform:, -webkit-transform:, 74 animation:, -webkit-animation:, 75 transition:, transition-duration:, transition-property:, transition-timing-function:, 76 } 77 } 78 79 \lstdefinelanguage{JavaScript}{ 80 basicstyle=\ttfamily\scriptsize, 81 keywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break, for}, 82 keywordstyle=\color{blue}\bfseries, 83 ndkeywords={class, export, boolean, throw, implements, import, this}, 84 ndkeywordstyle=\color{darkgray}\bfseries, 85 identifierstyle=\color{black}, 86 sensitive=false, 87 comment=[l]{//}, 88 morecomment=[s]{/*}{*/}, 89 commentstyle=\color{purple}\ttfamily, 90 stringstyle=\color{red}\ttfamily, 91 morestring=[b]', 92 morestring=[b]" 93 } 94 95 \usetikzlibrary{shapes,arrows} 96 \usetikzlibrary{positioning} 97 \usetikzlibrary{calc} 98 99 \title{GNU Taler} 100 %\subtitle{} 101 102 \setbeamertemplate{navigation symbols}{\includegraphics[width=1cm]{inria.pdf} \includegraphics[width=0.5cm]{gnu.png} \includegraphics[width=0.5cm]{ashoka.png}\hfill} 103 %\setbeamercovered{transparent=1} 104 105 \author[C. Grothoff]{J. Burdges, F. Dold, {\bf C. Grothoff}, M. Stanisci} 106 \date{\today} 107 \institute{The GNU Project} 108 109 110 \begin{document} 111 112 \justifying 113 114 \begin{frame} 115 \begin{center} 116 \LARGE {\bf GNU} 117 118 \vfill 119 % \includegraphics[width=0.66\textwidth]{logo-2017-fr.pdf} 120 \includegraphics[width=0.66\textwidth]{taler-logo-2018.pdf} 121 \end{center} 122 \begin{textblock*}{4cm}(.5cm,6.5cm) % {block width} (coords) 123 {\Large {\bf \url{taler.net}} \\ 124 IRC{\bf \#taler} \\ 125 {\small (on freenode)} \\ 126 twitter@taler \\ 127 mail@taler.net } 128 \end{textblock*} 129 130 % Substitute based on who is giving the talk! 131 \begin{textblock*}{6cm}(6.7cm,7.7cm) % {block width} (coords) 132 {\hfill {\Large {\bf Florian Dold \&} \\ 133 \hfill {\bf Christian Grothoff}} \\ 134 \hfill \{dold,grothoff\}@taler.net } 135 \end{textblock*} 136 137 \end{frame} 138 139 140 \begin{frame}{The World is Moving to Electronic Cash} 141 % \vfill 142 \begin{quote} 143 ``In future, cash may be so marginalised that it becomes difficult to 144 use as a means of payment. \\ 145 ($\ldots$) \\ 146 Many central banks are analysing central bank digital currencies (CBDC).\\ 147 ($\ldots$) \\ 148 The arguments in favour of analysing a CBDC to be offered to the 149 general public have been based on the idea that a CBDC is expected to 150 increase financial inclusion and reduce the use of cash, which is 151 considered costly, risky, to have negative environmental effects and 152 to facilitate the black economy.'' 153 -- Riskbank e-Krona Project Report 2 154 \end{quote} 155 \begin{center} 156 \Large \textbf{What will the technical foundation \\ 157 for CBDC look like?} 158 \end{center} 159 \end{frame} 160 161 162 163 \begin{frame}{The Distraction: Bitcoin} 164 165 \begin{itemize} 166 \item Unregulated payment system and currency: 167 \item[] $\Rightarrow$ lack of regulation is a feature! 168 \item Implemented in free software 169 \item Decentralised peer-to-peer system \pause 170 \item Decentralised banking requires solving Byzantine consensus 171 \item Creative solution: tie initial accumulation to solving consensus \pause 172 \item[] $\Rightarrow$ Proof-of-work advances ledger 173 \item[] $\Rightarrow$ Very expensive banking 174 \end{itemize} 175 \end{frame} 176 177 178 \begin{frame} 179 \frametitle{\includegraphics[height=0.5cm]{pics/bitcoin.jpeg}?} 180 \centering 181 \noindent 182 \includegraphics[width=\textwidth]{pics/btc-transaction-cost.png} 183 184 Current average transaction value: $\approx$ 1000 USD 185 \end{frame} 186 187 188 \begin{frame}{GNU Taler: Electronic payment system designed as CBDC} 189 \vfill 190 \begin{center} 191 {\huge {\bf Digital} cash, made \textbf{socially responsible}.} 192 \end{center} 193 \vfill 194 \begin{center} 195 \includegraphics[scale=1.5]{taler-logo-2018.pdf} 196 \end{center} 197 \vfill 198 \begin{center} 199 Privacy-Preserving, Practical, Taxable, Free Software, Efficient 200 \end{center} 201 \vfill 202 \vfill 203 \ % 204 \end{frame} 205 206 207 \section{What is Taler?} 208 \begin{frame}{What is Taler?} 209 \vfill 210 \begin{center} 211 Taler is an electronic instant payment system. 212 \end{center} 213 \begin{itemize} 214 \item Uses electronic coins stored in {\bf wallets} on customer's device 215 \item Like {\bf cash} 216 \item Pay in {\bf existing currencies} (i.e. EUR, USD, BTC), \\ 217 or use it to create new {\bf regional currencies} 218 \end{itemize} 219 \vfill 220 \end{frame} 221 222 223 \begin{frame} 224 \frametitle{Taler Overview} 225 \begin{center} 226 \begin{tikzpicture} 227 \tikzstyle{def} = [node distance= 5em and 6.5em, inner sep=1em, outer sep=.3em]; 228 \node (origin) at (0,0) {}; 229 \node (exchange) [def,above=of origin,draw]{Exchange}; 230 \node (customer) [def, draw, below left=of origin] {Customer}; 231 \node (merchant) [def, draw, below right=of origin] {Merchant}; 232 \node (auditor) [def, draw, above right=of origin]{Auditor}; 233 234 \tikzstyle{C} = [color=black, line width=1pt] 235 236 \draw [<-, C] (customer) -- (exchange) node [midway, above, sloped] (TextNode) {withdraw coins}; 237 \draw [<-, C] (exchange) -- (merchant) node [midway, above, sloped] (TextNode) {deposit coins}; 238 \draw [<-, C] (merchant) -- (customer) node [midway, above, sloped] (TextNode) {spend coins}; 239 \draw [<-, C] (exchange) -- (auditor) node [midway, above, sloped] (TextNode) {verify}; 240 241 \end{tikzpicture} 242 \end{center} 243 \end{frame} 244 245 246 \begin{frame} 247 % TODO: replace with simplified NEW architecture picture! 248 \frametitle{Architecture of Taler} 249 \begin{center} 250 \includegraphics[width=0.9\textwidth]{illustrations/taler-arch-full.pdf} 251 252 $\Rightarrow$ Convenient, taxable, privacy-enhancing, \& resource friendly! 253 \end{center} 254 \end{frame} 255 256 257 \begin{frame}{Usability of Taler} 258 \vfill 259 \begin{center} 260 \url{https://demo.taler.net/} 261 \end{center} 262 \begin{enumerate} 263 \item Install browser extension. 264 \item Visit the {\tt bank.demo.taler.net} to withdraw coins. 265 \item Visit the {\tt shop.demo.taler.net} to spend coins. 266 \end{enumerate} 267 \vfill 268 \end{frame} 269 270 271 \begin{frame}{Social Impact of Taler} 272 \begin{center} 273 \includegraphics[height=0.8\textheight]{../../social-impact.pdf} 274 \end{center} 275 \end{frame} 276 277 278 \begin{frame}{Use Case: Journalism} 279 Today: 280 \begin{itemize} 281 \item Corporate structure % ($\Rightarrow$ filter) 282 \item Advertising primary revenue % ($\Rightarrow$ dependence) 283 \item Tracking readers critical for business success 284 \item Journalism and marketing hard to distinguish 285 \end{itemize}\vfill\pause 286 With GNU Taler: 287 \begin{itemize} 288 \item One-click micropayments per article 289 \item Hosting requires no expertise % (no PCI DSS) 290 \item Reader-funded reporting separated from marketing 291 \item Readers can remain anonymous 292 \end{itemize} 293 \end{frame} 294 295 296 \begin{frame}{Use Cases: Refugee Camps} 297 Today: 298 \begin{itemize} 299 \item Non-bankable 300 \item Direct distribution of goods to population 301 \item Limited economic activity in camps 302 \item High level of economic dependence 303 \end{itemize}\vfill\pause 304 With GNU Taler: 305 \begin{itemize} 306 \item Local currency issued as basic income backed by aid 307 \item Taxation possible based on economic status 308 \item Local governance enabled by local taxes 309 \item Increased economic independence and political participation 310 \end{itemize} 311 \end{frame} 312 313 314 \begin{frame}{Use Case: Anti-Spam} 315 Today, p$\equiv$p provides authenticated encryption for e-mail: 316 \begin{itemize} 317 \item Free software 318 \item Easy to use opportunistic encryption 319 \item Available for Outlook, Android, Enigmail 320 \item Spies \& spam filters can no longer inspect content 321 \end{itemize}\vfill\pause 322 With GNU Taler: 323 \begin{itemize} 324 \item Peer-to-peer payments via e-mail 325 \item If unsolicited sender, hide messages from user \& 326 automatically request payment from sender 327 \item Sender can attach payment to be moved to inbox 328 \item Receiver may grant refund to sender 329 \end{itemize} 330 \end{frame} 331 332 333 \begin{frame}{Taxability} 334 We say Taler is taxable because: 335 \begin{itemize} 336 \item Merchant's income is visible from deposits. 337 \item Hash of contract is part of deposit data. 338 \item State can trace income and enforce taxation. 339 \end{itemize}\pause 340 Limitations: 341 \begin{itemize} 342 \item withdraw loophole 343 \item {\em sharing} coins among family and friends 344 \end{itemize} 345 \end{frame} 346 347 348 \begin{frame}{How does it work?} 349 We use a few ancient constructions: 350 \begin{itemize} 351 \item Cryptographic hash function (1989) 352 \item Blind signature (1983) 353 \item Schnorr signature (1989) 354 \item Diffie-Hellman key exchange (1976) 355 \item Cut-and-choose zero-knowledge proof (1985) 356 \end{itemize} 357 But of course we use modern instantiations. 358 \end{frame} 359 360 361 \begin{frame}{Exchange setup: Create a denomination key (RSA)} 362 \begin{minipage}{6cm} 363 \begin{enumerate} 364 \item Pick random primes $p,q$. 365 \item Compute $n := pq$, $\phi(n) = (p-1)(q-1)$ 366 \item Pick small $e < \phi(n)$ such that 367 $d := e^{-1} \mod \phi(n)$ exists. 368 \item Publish public key $(e,n)$. 369 \end{enumerate} 370 \end{minipage} 371 \begin{minipage}{6cm} 372 \begin{tikzpicture} 373 \tikzstyle{def} = [node distance=1em and 1em, inner sep=0em, outer sep=.3em]; 374 \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}}; 375 \node (primes) [draw=none, below = of origin] at (0,0) {$(p, q)$}; 376 \node (seal) [def, draw=none, below left=of primes]{\includegraphics[width=0.15\textwidth]{seal.pdf}}; 377 \node (hammer) [def, draw=none, below right=of primes]{\includegraphics[width=0.15\textwidth]{hammer.pdf}}; 378 379 \tikzstyle{C} = [color=black, line width=1pt] 380 381 \draw [<-, C] (primes) -- (origin) node [midway, above, sloped] (TextNode) {}; 382 \draw [<-, C] (seal) -- (primes) node [midway, above, sloped] (TextNode) {}; 383 \draw [<-, C] (hammer) -- (primes) node [midway, above, sloped] (TextNode) {}; 384 \end{tikzpicture} 385 % \includegraphics[width=0.4\textwidth]{seal.pdf} 386 \end{minipage} 387 \end{frame} 388 389 390 \begin{frame}{Merchant: Create a signing key (EdDSA)} 391 \begin{minipage}{6cm} 392 \begin{itemize} 393 \item pick random $m \mod o$ as private key 394 \item $M = mG$ public key 395 \end{itemize} 396 \end{minipage} 397 \begin{minipage}{6cm} 398 \begin{tikzpicture} 399 \tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer sep=.3em]; 400 \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}}; 401 \node (m) [draw=none, below = of origin] at (0,0) {$m$}; 402 \node (seal) [draw=none, below=of m]{M}; 403 \tikzstyle{C} = [color=black, line width=1pt] 404 405 \draw [<-, C] (m) -- (origin) node [midway, above, sloped] (TextNode) {}; 406 \draw [<-, C] (seal) -- (primes) node [midway, above, sloped] (TextNode) {}; 407 \end{tikzpicture} 408 \end{minipage} 409 \parbox[t]{3cm}{{\bf Capability:} $m \Rightarrow$ } 410 \raisebox{\dimexpr-\height+\baselineskip}{\includegraphics[width=0.1\textwidth]{merchant-sign.pdf}} 411 \end{frame} 412 413 414 \begin{frame}{Customer: Create a planchet (EdDSA)} 415 \begin{minipage}{8cm} 416 \begin{itemize} 417 \item Pick random $c \mod o$ private key 418 \item $C = cG$ public key 419 \end{itemize} 420 \end{minipage} 421 \begin{minipage}{4cm} 422 \begin{tikzpicture} 423 \tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer sep=.3em]; 424 \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}}; 425 \node (c) [draw=none, below = of origin] at (0,0) {$c$}; 426 \node (planchet) [draw=none, below=of c]{\includegraphics[width=0.4\textwidth]{planchet.pdf}}; 427 \tikzstyle{C} = [color=black, line width=1pt] 428 429 \draw [<-, C] (c) -- (origin) node [midway, above, sloped] (TextNode) {}; 430 \draw [<-, C] (planchet) -- (c) node [midway, above, sloped] (TextNode) {}; 431 \end{tikzpicture} 432 \end{minipage} 433 \parbox[t]{3cm}{{\bf Capability:} $c \Rightarrow$ } 434 \raisebox{\dimexpr-\height+\baselineskip}{\includegraphics[width=0.1\textwidth]{planchet-sign.pdf}} 435 \end{frame} 436 437 438 \begin{frame}{Customer: Blind planchet (RSA)} 439 \begin{minipage}{6cm} 440 \begin{enumerate} 441 \item Obtain public key $(e,n)$ 442 \item Compute $f := FDH(C)$, $f < n$. 443 \item Pick blinding factor $b \in \mathbb Z_n$ 444 \item Transmit $f' := f b^e \mod n$ 445 \end{enumerate} 446 \end{minipage} 447 \begin{minipage}{6cm} 448 \begin{tikzpicture} 449 \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em]; 450 \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{dice.pdf}}; 451 \node (b) [def, draw=none, below = of origin] at (0,-0.2) {$b$}; 452 \node (blinded) [def, draw=none, below right=of b]{\includegraphics[width=0.2\textwidth]{blinded.pdf}}; 453 \node (planchet) [def, draw=none, above right=of blinded]{\includegraphics[width=0.15\textwidth]{planchet.pdf}}; 454 \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange}; 455 \tikzstyle{C} = [color=black, line width=1pt] 456 457 \draw [<-, C] (b) -- (origin) node [midway, above, sloped] (TextNode) {}; 458 \draw [<-, C] (blinded) -- (planchet) node [midway, above, sloped] (TextNode) {}; 459 \draw [<-, C] (blinded) -- (b) node [midway, above, sloped] (TextNode) {}; 460 \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}}; 461 \end{tikzpicture} 462 \end{minipage} 463 \end{frame} 464 465 466 \begin{frame}{Exchange: Blind sign (RSA)} 467 \begin{minipage}{6cm} 468 \begin{enumerate} 469 \item Receive $f'$. 470 \item Compute $s' := f'^d \mod n$. 471 \item Send signature $s'$. 472 \end{enumerate} 473 \end{minipage} 474 \begin{minipage}{6cm} 475 \begin{tikzpicture} 476 \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em]; 477 \node (hammer) [def, draw=none] at (0,0) {\includegraphics[width=0.15\textwidth]{hammer.pdf}}; 478 \node (signed) [def, draw=none, below left=of hammer]{\includegraphics[width=0.2\textwidth]{sign.pdf}}; 479 \node (blinded) [def, draw=none, above left=of signed]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; 480 \node (customer) [node distance=4em and 0.5em, draw, below =of signed]{Customer}; 481 \tikzstyle{C} = [color=black, line width=1pt] 482 483 \draw [<-, C] (signed) -- (hammer) node [midway, above, sloped] (TextNode) {}; 484 \draw [<-, C] (signed) -- (blinded) node [midway, above, sloped] (TextNode) {}; 485 \draw [<-, C] (customer) -- (signed) node [midway, above, sloped] (TextNode) {{\small transmit}}; 486 \end{tikzpicture} 487 \end{minipage} 488 \end{frame} 489 490 491 \begin{frame}{Customer: Unblind coin (RSA)} 492 \begin{minipage}{6cm} 493 \begin{enumerate} 494 \item Receive $s'$. 495 \item Compute $s := s' b^{-1} \mod n$ % \\ 496 % ($(f')^d = (f b^e)^d = f^d b$). 497 \end{enumerate} 498 \end{minipage} 499 \begin{minipage}{6cm} 500 \begin{tikzpicture} 501 \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em]; 502 \node (b) [def, draw=none] at (0,0) {$b$}; 503 \node (coin) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{coin.pdf}}; 504 \node (signed) [def, draw=none, above left=of coin]{\includegraphics[width=0.15\textwidth]{sign.pdf}}; 505 \tikzstyle{C} = [color=black, line width=1pt] 506 507 \draw [<-, C] (coin) -- (b) node [midway, above, sloped] (TextNode) {}; 508 \draw [<-, C] (coin) -- (signed) node [midway, above, sloped] (TextNode) {}; 509 \end{tikzpicture} 510 \end{minipage} 511 \end{frame} 512 513 \begin{frame}{Withdrawing coins on the Web} 514 \begin{center} 515 \includegraphics[height=0.9\textheight]{figs/taler-withdraw.pdf} 516 \end{center} 517 \end{frame} 518 519 520 \begin{frame}{Customer: Build shopping cart} 521 \begin{center} 522 \begin{tikzpicture} 523 \tikzstyle{def} = [node distance= 1em and 1em, inner sep=0em, outer sep=.3em]; 524 \node (origin) at (0,0) {\includegraphics[width=0.2\textwidth]{shop.pdf}}; 525 \node (cart) [draw=none, below=of m]{\includegraphics[width=0.2\textwidth]{cart.pdf}}; 526 \node (merchant) [node distance=4em and 0.5em, draw, below =of cart]{Merchant}; 527 \tikzstyle{C} = [color=black, line width=1pt]; 528 \draw [<-, C] (cart) -- (origin) node [midway, above, sloped] (TextNode) {}; 529 \draw [<-, C] (merchant) -- (cart) node [midway, above, sloped] (TextNode) {{\small transmit}}; 530 \end{tikzpicture} 531 \end{center} 532 \end{frame} 533 534 535 \begin{frame}{Merchant Integration: Wallet Detection} 536 \lstset{language=JavaScript} 537 \lstinputlisting{figs/taler-presence-js.html} 538 % \caption{Sample code to detect the Taler wallet. Allowing the 539 % Web site to detect the presence of the wallet leaks one bit 540 % of information about the user. The above logic also works 541 % if the wallet is installed while the page is open.} 542 % \label{listing:presence} 543 \end{frame} 544 545 546 \begin{frame}{Merchant Integration: Payment Request} 547 % \begin{figure}[p!] 548 \lstset{language=HTML5} 549 \lstinputlisting{figs/taler-402.html} 550 % \caption{Sample HTTP response to prompt the wallet to show an offer.} 551 % \label{listing:http-contract} 552 % \end{figure} 553 554 % \begin{figure*}[p!] 555 % \lstset{language=HTML5} 556 % \lstinputlisting{figs/taler-contract.html} 557 % \caption{Sample JavaScript code to prompt the wallet to show an offer. 558 % Here, the contract is fetched on-demand from the server. 559 % The {\tt taler\_pay()} function needs to be invoked 560 % when the user triggers the checkout.} 561 % \label{listing:contract} 562 % \end{figure*} 563 \end{frame} 564 565 566 \begin{frame}{Merchant Integration: Contract} 567 % \begin{figure*}[t!] 568 {\tiny 569 \lstset{language=JavaScript} 570 \lstinputlisting{figs/taler-contract.json} 571 % \caption{Minimal Taler contract over a digital article with a value of \EUR{0.10}. The merchant will pay transaction fees up to \EUR{0.01}. The hash over the wire transfer information was truncated to make it fit to the page.} 572 % \label{listing:json-contract} 573 % \end{figure*} 574 } 575 \end{frame} 576 577 578 \begin{frame}{Merchant: Propose contract (EdDSA)} 579 \begin{minipage}{6cm} 580 \begin{enumerate} 581 \item Complete proposal $D$. 582 \item Send $D$, $EdDSA_m(D)$ 583 \end{enumerate} 584 \end{minipage} 585 \begin{minipage}{6cm} 586 \begin{tikzpicture} 587 \tikzstyle{def} = [node distance=2em and 0.5em, inner sep=0em, outer sep=.3em]; 588 \node (cart) [def, draw=none] at (0,0) {\includegraphics[width=0.15\textwidth]{cart.pdf}}; 589 \node (proposal) [def, draw=none, below right=of cart]{\includegraphics[width=0.5\textwidth]{merchant_propose.pdf}}; 590 \node (customer) [node distance=4em and 0.5em, draw, below =of proposal]{Customer}; 591 \tikzstyle{C} = [color=black, line width=1pt]; 592 \node (sign) [def, draw=none, above right=of proposal] {$m$}; 593 \tikzstyle{C} = [color=black, line width=1pt] 594 595 \draw [<-, C] (proposal) -- (sign) node [midway, above, sloped] (TextNode) {}; 596 \draw [<-, C] (proposal) -- (cart) node [midway, above, sloped] (TextNode) {}; 597 \draw [<-, C] (customer) -- (proposal) node [midway, above, sloped] (TextNode) {{\small transmit}}; 598 \end{tikzpicture} 599 \end{minipage} 600 \end{frame} 601 602 603 \begin{frame}{Customer: Spend coin (EdDSA)} 604 \begin{minipage}{6cm} 605 \begin{enumerate} 606 \item Receive proposal $D$, $EdDSA_m(D)$. 607 \item Send $s$, $C$, $EdDSA_c(D)$ 608 \end{enumerate} 609 \end{minipage} 610 \begin{minipage}{6cm} 611 \begin{tikzpicture} 612 \tikzstyle{def} = [node distance=2em and 0.4em, inner sep=0em, outer sep=.3em]; 613 \node (proposal) [def, draw=none] at (0,0) {\includegraphics[width=0.15\textwidth]{merchant_propose.pdf}}; 614 \node (contract) [def, draw=none, below right=of cart]{\includegraphics[width=0.3\textwidth]{contract.pdf}}; 615 \node (c) [def, draw=none, above=of contract] {$c$}; 616 \node (merchant) [node distance=4em and 0.5em, draw, below=of contract]{Merchant}; 617 \node (coin) [def, draw=none, right=of contract]{\includegraphics[width=0.2\textwidth]{coin.pdf}}; 618 \tikzstyle{C} = [color=black, line width=1pt] 619 620 \draw [<-, C] (contract) -- (c) node [midway, above, sloped] (TextNode) {}; 621 \draw [<-, C] (contract) -- (proposal) node [midway, above, sloped] (TextNode) {}; 622 \draw [<-, C] (merchant) -- (contract) node [midway, above, sloped] (TextNode) {{\small transmit}}; 623 \draw [<-, C] (merchant) -- (coin) node [midway, below, sloped] (TextNode) {{\small transmit}}; 624 \end{tikzpicture} 625 \end{minipage} 626 \end{frame} 627 628 629 \begin{frame}{Merchant and Exchange: Verify coin (RSA)} 630 \begin{minipage}{6cm} 631 \begin{equation*} 632 s^e \stackrel{?}{\equiv} FDH(C) \mod n 633 \end{equation*} 634 \end{minipage} 635 \begin{minipage}{6cm} 636 \begin{minipage}{0.2\textwidth} 637 \includegraphics[width=\textwidth]{coin.pdf} 638 \end{minipage} 639 $\stackrel{?}{\Leftrightarrow}$ 640 \begin{minipage}{0.2\textwidth} 641 \includegraphics[width=\textwidth]{seal.pdf} 642 \end{minipage} 643 \end{minipage} 644 \end{frame} 645 646 647 \begin{frame}{Payment processing with Taler} 648 \begin{center} 649 \includegraphics[height=0.9\textheight]{figs/taler-pay.pdf} 650 \end{center} 651 \end{frame} 652 653 654 \begin{frame}{Giving change} 655 It would be inefficient to pay EUR 100 with 1 cent coins! 656 \begin{itemize} 657 \item Denomination key represents value of a coin. 658 \item Exchange may offer various denominations for coins. 659 \item Wallet may not have exact change! 660 \item Usability requires ability to pay given sufficient total funds. 661 \end{itemize}\pause 662 Key goals: 663 \begin{itemize} 664 \item maintain unlinkability 665 \item maintain taxability of transactions 666 \end{itemize}\pause 667 Method: 668 \begin{itemize} 669 \item Contract can specify to only pay {\em partial value} of a coin. 670 \item Exchange allows wallet to obtain {\em unlinkable change} 671 for remaining coin value. 672 \end{itemize} 673 \end{frame} 674 675 676 \begin{frame}{Diffie-Hellman (ECDH)} 677 \begin{minipage}{8cm} 678 \begin{enumerate} 679 \item Create private keys $c,t \mod o$ 680 \item Define $C = cG$ 681 \item Define $T = tG$ 682 \item Compute DH \\ $cT = c(tG) = t(cG) = tC$ 683 \end{enumerate} 684 \end{minipage} 685 \begin{minipage}{6cm} 686 \begin{tikzpicture} 687 \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em]; 688 \node (t) [def, draw=none] at (0,0) {$t$}; 689 \node (ct) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{dh.pdf}}; 690 \node (c) [def, draw=none, above left= of ct] {$c$}; 691 \tikzstyle{C} = [color=black, line width=1pt] 692 693 \draw [<-, C] (ct) -- (c) node [midway, above, sloped] (TextNode) {}; 694 \draw [<-, C] (ct) -- (t) node [midway, above, sloped] (TextNode) {}; 695 \end{tikzpicture} 696 \end{minipage} 697 \end{frame} 698 699 700 \begin{frame}{Strawman solution} 701 \begin{minipage}{8cm} 702 Given partially spent private coin key $c_{old}$: 703 \begin{enumerate} 704 % \item Let $C_{old} := c_{old}G$ (as before) 705 \item Pick random $c_{new} \mod o$ private key 706 \item $C_{new} = c_{new}G$ public key 707 \item Pick random $b_{new}$ 708 \item Compute $f_{new} := FDH(C_{new})$, $m < n$. 709 \item Transmit $f'_{new} := f_{new} b_{new}^e \mod n$ 710 \end{enumerate} 711 ... and sign request for change with $c_{old}$. 712 \end{minipage} 713 \begin{minipage}{4cm} 714 \begin{tikzpicture} 715 \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; 716 \node (blinded) [def, draw=none]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; 717 \node (planchet) [def, draw=none, above left= of blinded] {\includegraphics[width=0.15\textwidth]{planchet.pdf}}; 718 \node (cnew) [def, draw=none, above= of planchet] {$c_{new}$}; 719 \node (bnew) [def, draw=none, above right= of blinded] {$b_{new}$}; 720 \node (dice1) [def, draw=none, above = of cnew]{\includegraphics[width=0.2\textwidth]{dice.pdf}}; 721 \node (dice2) [def, draw=none, above = of bnew]{\includegraphics[width=0.2\textwidth]{dice.pdf}}; 722 \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange}; 723 724 \tikzstyle{C} = [color=black, line width=1pt] 725 726 \draw [<-, C] (cnew) -- (dice1) node [midway, above, sloped] (TextNode) {}; 727 \draw [<-, C] (planchet) -- (cnew) node [midway, above, sloped] (TextNode) {}; 728 \draw [<-, C] (bnew) -- (dice2) node [midway, above, sloped] (TextNode) {}; 729 \draw [<-, C] (blinded) -- (planchet) node [midway, above, sloped] (TextNode) {}; 730 \draw [<-, C] (blinded) -- (bnew) node [midway, above, sloped] (TextNode) {}; 731 \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}}; 732 \end{tikzpicture} 733 \end{minipage} 734 \pause 735 \vfill 736 {\bf Problem: Owner of $c_{new}$ may differ from owner of $c_{old}$!} 737 \end{frame} 738 739 740 \begin{frame}{Customer: Transfer key setup (ECDH)} 741 \begin{minipage}{8cm} 742 Given partially spent private coin key $c_{old}$: 743 \begin{enumerate} 744 \item Let $C_{old} := c_{old}G$ (as before) 745 \item Create random private transfer key $t \mod o$ 746 \item Compute $T := tG$ 747 \item Compute $X := c_{old}(tG) = t(c_{old}G) = tC_{old}$ 748 \item Derive $c_{new}$ and $b_{new}$ from $X$ 749 \item Compute $C_{new} := c_{new}G$ 750 \item Compute $f_{new} := FDH(C_{new})$ 751 \item Transmit $f_{new}' := f_{new} b_{new}^e$ 752 \end{enumerate} 753 \end{minipage} 754 \begin{minipage}{4cm} 755 \begin{tikzpicture} 756 \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; 757 \node (t) [def, draw=none] at (0,0) {$t$}; 758 \node (dice) [def, draw=none, above = of t]{\includegraphics[width=0.2\textwidth]{dice.pdf}}; 759 \node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; 760 \node (d) [def, draw=none, above left= of dh] {$c_{old}$}; 761 \node (cp) [def, draw=none, below left= of dh] {$c_{new}$}; 762 \node (bp) [def, draw=none, below right= of dh] {$b_{new}$}; 763 \node (blinded) [def, draw=none, below right=of cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; 764 \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange}; 765 766 \tikzstyle{C} = [color=black, line width=1pt] 767 768 \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {}; 769 \draw [<-, C] (dh) -- (t) node [midway, above, sloped] (TextNode) {}; 770 \draw [<-, C] (t) -- (dice) node [midway, above, sloped] (TextNode) {}; 771 \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; 772 \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; 773 \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {}; 774 \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {}; 775 \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}}; 776 \end{tikzpicture} 777 \end{minipage} 778 \end{frame} 779 780 781 \begin{frame}{Cut-and-Choose} 782 \begin{minipage}{4cm} 783 \begin{tikzpicture} 784 \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; 785 \node (t) [def, draw=none] at (0,0) {$t_1$}; 786 \node (dice) [def, draw=none, above = of t]{\includegraphics[width=0.2\textwidth]{dice.pdf}}; 787 \node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; 788 \node (d) [def, draw=none, above left= of dh] {$c_{old}$}; 789 \node (cp) [def, draw=none, below left= of dh] {$c_{new,1}$}; 790 \node (bp) [def, draw=none, below right= of dh] {$b_{new,1}$}; 791 \node (blinded) [def, draw=none, below right=of cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; 792 \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange}; 793 794 \tikzstyle{C} = [color=black, line width=1pt] 795 796 \draw [<-, C] (t) -- (dice) node [midway, above, sloped] (TextNode) {}; 797 \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {}; 798 \draw [<-, C] (dh) -- (t) node [midway, above, sloped] (TextNode) {}; 799 \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; 800 \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; 801 \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {}; 802 \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {}; 803 \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}}; 804 \end{tikzpicture} 805 \end{minipage} 806 \begin{minipage}{4cm} 807 \begin{tikzpicture} 808 \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; 809 \node (t) [def, draw=none] at (0,0) {$t_2$}; 810 \node (dice) [def, draw=none, above = of t]{\includegraphics[width=0.2\textwidth]{dice.pdf}}; 811 \node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; 812 \node (d) [def, draw=none, above left= of dh] {$c_{old}$}; 813 \node (cp) [def, draw=none, below left= of dh] {$c_{new,2}$}; 814 \node (bp) [def, draw=none, below right= of dh] {$b_{new,2}$}; 815 \node (blinded) [def, draw=none, below right=of cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; 816 \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange}; 817 818 \tikzstyle{C} = [color=black, line width=1pt] 819 820 \draw [<-, C] (t) -- (dice) node [midway, above, sloped] (TextNode) {}; 821 \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {}; 822 \draw [<-, C] (dh) -- (t) node [midway, above, sloped] (TextNode) {}; 823 \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; 824 \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; 825 \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {}; 826 \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {}; 827 \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}}; 828 \end{tikzpicture} 829 \end{minipage} 830 \begin{minipage}{4cm} 831 \begin{tikzpicture} 832 \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; 833 \node (t) [def, draw=none] at (0,0) {$t_3$}; 834 \node (dice) [def, draw=none, above = of t]{\includegraphics[width=0.2\textwidth]{dice.pdf}}; 835 \node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; 836 \node (d) [def, draw=none, above left= of dh] {$c_{old}$}; 837 \node (cp) [def, draw=none, below left= of dh] {$c_{new,3}$}; 838 \node (bp) [def, draw=none, below right= of dh] {$b_{new,3}$}; 839 \node (blinded) [def, draw=none, below right=of cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; 840 \node (exchange) [node distance=4em and 0.5em, draw, below =of blinded]{Exchange}; 841 842 \tikzstyle{C} = [color=black, line width=1pt] 843 844 \draw [<-, C] (t) -- (dice) node [midway, above, sloped] (TextNode) {}; 845 \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {}; 846 \draw [<-, C] (dh) -- (t) node [midway, above, sloped] (TextNode) {}; 847 \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; 848 \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; 849 \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {}; 850 \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {}; 851 \draw [<-, C] (exchange) -- (blinded) node [midway, above, sloped] (TextNode) {{\small transmit}}; 852 \end{tikzpicture} 853 \end{minipage} 854 \end{frame} 855 856 857 \begin{frame}{Exchange: Choose!} 858 \begin{center} 859 \item Exchange sends back random $\gamma \in \{ 1, 2, 3 \}$ to the customer. 860 \end{center} 861 \end{frame} 862 863 864 \begin{frame}{Customer: Reveal} 865 \begin{enumerate} 866 \item If $\gamma = 1$, send $t_2$, $t_3$ to exchange 867 \item If $\gamma = 2$, send $t_1$, $t_3$ to exchange 868 \item If $\gamma = 3$, send $t_1$, $t_2$ to exchange 869 \end{enumerate} 870 \end{frame} 871 872 873 \begin{frame}{Exchange: Verify ($\gamma = 2$)} 874 \begin{minipage}{4cm} 875 \begin{tikzpicture} 876 \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; 877 \node (h) [def, draw=none] at (0,0) {$t_1$}; 878 \node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; 879 \node (d) [def, draw=none, above left= of dh] {$C_{old}$}; 880 \node (cp) [def, draw=none, below left= of dh] {$c_{new,1}$}; 881 \node (bp) [def, draw=none, below right= of dh] {$b_{new,1}$}; 882 \node (blinded) [def, draw=none, below right=of cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; 883 884 \tikzstyle{C} = [color=black, line width=1pt] 885 886 \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {}; 887 \draw [<-, C] (dh) -- (h) node [midway, above, sloped] (TextNode) {}; 888 \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; 889 \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; 890 \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {}; 891 \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {}; 892 \end{tikzpicture} 893 \end{minipage} 894 \begin{minipage}{4cm} 895 \ 896 \end{minipage} 897 \begin{minipage}{4cm} 898 \begin{tikzpicture} 899 \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; 900 \node (h) [def, draw=none] at (0,0) {$t_3$}; 901 \node (dh) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; 902 \node (d) [def, draw=none, above left= of dh] {$C_{old}$}; 903 \node (cp) [def, draw=none, below left= of dh] {$c_{new,3}$}; 904 \node (bp) [def, draw=none, below right= of dh] {$b_{new,3}$}; 905 \node (blinded) [def, draw=none, below right=of cp]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; 906 907 \tikzstyle{C} = [color=black, line width=1pt] 908 909 \draw [<-, C] (dh) -- (d) node [midway, above, sloped] (TextNode) {}; 910 \draw [<-, C] (dh) -- (h) node [midway, above, sloped] (TextNode) {}; 911 \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; 912 \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; 913 \draw [<-, C] (blinded) -- (cp) node [midway, above, sloped] (TextNode) {}; 914 \draw [<-, C] (blinded) -- (bp) node [midway, above, sloped] (TextNode) {}; 915 \end{tikzpicture} 916 \end{minipage} 917 \end{frame} 918 919 920 \begin{frame}{Exchange: Blind sign change (RSA)} 921 \begin{minipage}{6cm} 922 \begin{enumerate} 923 \item Take $f_{new,\gamma}'$. 924 \item Compute $s' := f_{new,\gamma}'^d \mod n$. 925 \item Send signature $s'$. 926 \end{enumerate} 927 \end{minipage} 928 \begin{minipage}{6cm} 929 \begin{tikzpicture} 930 \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em]; 931 \node (hammer) [def, draw=none] at (0,0) {\includegraphics[width=0.15\textwidth]{hammer.pdf}}; 932 \node (signed) [def, draw=none, below left=of hammer]{\includegraphics[width=0.2\textwidth]{sign.pdf}}; 933 \node (blinded) [def, draw=none, above left=of signed]{\includegraphics[width=0.15\textwidth]{blinded.pdf}}; 934 \node (customer) [node distance=4em and 0.5em, draw, below =of signed]{Customer}; 935 \tikzstyle{C} = [color=black, line width=1pt] 936 937 \draw [<-, C] (signed) -- (hammer) node [midway, above, sloped] (TextNode) {}; 938 \draw [<-, C] (signed) -- (blinded) node [midway, above, sloped] (TextNode) {}; 939 \draw [<-, C] (customer) -- (signed) node [midway, above, sloped] (TextNode) {{\small transmit}}; 940 \end{tikzpicture} 941 \end{minipage} 942 \end{frame} 943 944 945 \begin{frame}{Customer: Unblind change (RSA)} 946 \begin{minipage}{6cm} 947 \begin{enumerate} 948 \item Receive $s'$. 949 \item Compute $s := s' b_{new,\gamma}^{-1} \mod n$. 950 \end{enumerate} 951 \end{minipage} 952 \begin{minipage}{6cm} 953 \begin{tikzpicture} 954 \tikzstyle{def} = [node distance= 2em and 0.5em, inner sep=0em, outer sep=.3em]; 955 \node (b) [def, draw=none] at (0,0) {$b_{new,\gamma}$}; 956 \node (coin) [def, draw=none, below left=of b]{\includegraphics[width=0.2\textwidth]{coin.pdf}}; 957 \node (signed) [def, draw=none, above left=of coin]{\includegraphics[width=0.15\textwidth]{sign.pdf}}; 958 \tikzstyle{C} = [color=black, line width=1pt] 959 960 \draw [<-, C] (coin) -- (b) node [midway, above, sloped] (TextNode) {}; 961 \draw [<-, C] (coin) -- (signed) node [midway, above, sloped] (TextNode) {}; 962 \end{tikzpicture} 963 \end{minipage} 964 \end{frame} 965 966 967 \begin{frame}{Exchange: Allow linking change} 968 \begin{minipage}{7cm} 969 \begin{center} 970 Given $C_{old}$ 971 972 \vspace{1cm} 973 974 return $T_\gamma$, $s := s' b_{new,\gamma}^{-1} \mod n$. 975 \end{center} 976 \end{minipage} 977 \begin{minipage}{5cm} 978 \begin{tikzpicture} 979 \tikzstyle{def} = [node distance= 3em and 0.5em, inner sep=0.5em, outer sep=.3em]; 980 \node (co) [def, draw=none] at (0,0) {$C_{old}$}; 981 \node (T) [def, draw=none, below left=of co]{$T_\gamma$}; 982 \node (sign) [def, draw=none, below right=of co]{\includegraphics[width=0.15\textwidth]{sign.pdf}}; 983 \node (customer) [def, draw, below right=of T] {Customer}; 984 985 \tikzstyle{C} = [color=black, line width=1pt] 986 987 \draw [<-, C] (T) -- (co) node [midway, above, sloped] (TextNode) {}; 988 \draw [<-, C] (sign) -- (co) node [midway, above, sloped] (TextNode) {}; 989 \draw [<-, C] (customer) -- (T) node [midway, above, sloped] (TextNode) {link}; 990 \draw [<-, C] (customer) -- (sign) node [midway, above, sloped] (TextNode) {link}; 991 \end{tikzpicture} 992 \end{minipage} 993 \end{frame} 994 995 996 \begin{frame}{Customer: Link (threat!)} 997 \begin{minipage}{6.3cm} 998 \begin{enumerate} 999 \item Have $c_{old}$. 1000 \item Obtain $T_\gamma$, $s$ from exchange 1001 \item Compute $X_\gamma = c_{old}T_\gamma$ 1002 \item Derive $c_{new,\gamma}$ and $b_{new,\gamma}$ from $X_\gamma$ 1003 \item Unblind $s := s' b_{new,\gamma}^{-1} \mod n$ 1004 \end{enumerate} 1005 1006 \end{minipage} 1007 \begin{minipage}{5.7cm} 1008 \begin{tikzpicture} 1009 \tikzstyle{def} = [node distance= 1.5em and 0.5em, inner sep=0em, outer sep=.3em]; 1010 \node (T) [def, draw=none] at (0,0) {$T_\gamma$}; 1011 \node (exchange) [def, inner sep=0.5em, draw, above left=of T] {Exchange}; 1012 \node (signed) [def, draw=none, below left=of T]{\includegraphics[width=0.15\textwidth]{sign.pdf}}; 1013 \node (dh) [def, draw=none, below right=of T]{\includegraphics[width=0.2\textwidth]{ct.pdf}}; 1014 \node (bp) [def, draw=none, below left= of dh] {$b_{new,\gamma}$}; 1015 \node (co) [def, draw=none, above right= of dh] {$c_{old}$}; 1016 \node (cp) [def, draw=none, below= of dh] {$c_{new,\gamma}$}; 1017 \node (coin) [def, draw=none, below left = of bp]{\includegraphics[width=0.2\textwidth]{coin.pdf}}; 1018 \node (psign) [def, node distance=2.5em and 0em, draw=none, below = of cp]{\includegraphics[width=0.2\textwidth]{planchet-sign.pdf}}; 1019 1020 \tikzstyle{C} = [color=black, line width=1pt] 1021 1022 \draw [<-, C] (dh) -- (co) node [midway, above, sloped] (TextNode) {}; 1023 \draw [<-, C] (dh) -- (T) node [midway, above, sloped] (TextNode) {}; 1024 \draw [<-, C] (cp) -- (dh) node [midway, above, sloped] (TextNode) {}; 1025 \draw [<-, C] (bp) -- (dh) node [midway, above, sloped] (TextNode) {}; 1026 \draw [<-, C] (coin) -- (signed) node [midway, above, sloped] (TextNode) {}; 1027 \draw [<-, C] (coin) -- (bp) node [midway, above, sloped] (TextNode) {}; 1028 \draw [<-, C] (T) -- (exchange) node [midway, above, sloped] (TextNode) {link}; 1029 \draw [<-, C] (signed) -- (exchange) node [midway, below, sloped] (TextNode) {link}; 1030 \draw [<-, C, double] (psign) -- (cp) node [midway, below, sloped] (TextNode) {}; 1031 \end{tikzpicture} 1032 \end{minipage} 1033 \end{frame} 1034 1035 1036 \begin{frame}{Refresh protocol summary} 1037 \begin{itemize} 1038 \item Customer asks exchange to convert old coin to new coin 1039 \item Protocol ensures new coins can be recovered from old coin 1040 \item[$\Rightarrow$] New coins are owned by the same entity! 1041 \end{itemize} 1042 Thus, the refresh protocol allows: 1043 \begin{itemize} 1044 \item To give unlinkable change. 1045 \item To give refunds to an anonymous customer. 1046 \item To expire old keys and migrate coins to new ones. 1047 \item To handle protocol aborts. 1048 \end{itemize} 1049 \noindent 1050 \begin{center} 1051 \bf 1052 Transactions via refresh are equivalent to {\em sharing} a wallet. 1053 \end{center} 1054 \end{frame} 1055 1056 1057 1058 \section{Competitor analysis} 1059 \begin{frame}{Competitor comparison} 1060 \begin{center} \small 1061 \begin{tabular}{l||c|c|c|c|c} 1062 & Cash & Bitcoin & Zerocoin & Creditcard & GNU Taler \\ \hline \hline 1063 Online &$-$$-$$-$ & ++ & ++ & + & +++ \\ \hline 1064 Offline & +++ & $-$$-$ & $-$$-$ & + & $-$$-$ \\ \hline 1065 Trans. cost & + & $-$$-$$-$ & $-$$-$$-$ & $-$ & ++ \\ \hline 1066 Speed & + & $-$$-$$-$ & $-$$-$$-$ & o & ++ \\ \hline 1067 Taxation & $-$ & $-$$-$ & $-$$-$$-$ & +++ & +++ \\ \hline 1068 Payer-anon & ++ & o & ++ & $-$$-$$-$ & +++ \\ \hline 1069 Payee-anon & ++ & o & ++ & $-$$-$$-$ & $-$$-$$-$ \\ \hline 1070 Security & $-$ & o & o & $-$$-$ & ++ \\ \hline 1071 Conversion & +++ & $-$$-$$-$ & $-$$-$$-$ & +++ & +++ \\ \hline 1072 Libre & $-$ & +++ & +++ & $-$ $-$ $-$ & +++ \\ 1073 \end{tabular} 1074 \end{center} 1075 \end{frame} 1076 1077 1078 \begin{frame}{Conclusion} 1079 \begin{center} 1080 {\bf What can we do?} 1081 \end{center} 1082 \vfill 1083 \begin{itemize} 1084 \item{Suffer mass-surveillance enabled by credit card oligopolies with high fees, and} 1085 \item{Engage in arms race with deliberately unregulatable blockchains, and} 1086 \item{Enjoy the ``benefits'' of cash \\ 1087 \hfill \includegraphics[height=0.3\textheight]{atm-rupee.jpg} \hfill} 1088 \end{itemize} 1089 \vfill 1090 \begin{center} 1091 {\bf OR} 1092 \end{center} 1093 \vfill 1094 \begin{itemize} 1095 \item{Establish free software alternative balancing social goals!} 1096 \end{itemize} 1097 \vfill 1098 \end{frame} 1099 1100 1101 \begin{frame} 1102 \frametitle{Do you have any questions?} 1103 \vfill 1104 References: 1105 {\tiny 1106 \begin{enumerate} 1107 \item{Christian Grothoff, Bart Polot and Carlo von Loesch. 1108 {\em The Internet is broken: Idealistic Ideas for Building a GNU Network}. 1109 {\bf W3C/IAB Workshop on Strengthening the Internet Against Pervasive Monitoring (STRINT)}, 2014.} 1110 \item{Jeffrey Burdges, Florian Dold, Christian Grothoff and Marcello Stanisci. 1111 {\em Enabling Secure Web Payments with GNU Taler}. 1112 {\bf SPACE 2016}.} 1113 \item{Florian Dold, Sree Harsha Totakura, Benedikt M\"uller, Jeffrey Burdges and Christian Grothoff. 1114 {\em Taler: Taxable Anonymous Libre Electronic Reserves}. 1115 Available upon request. 2016.} 1116 \item{Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer and Madars Virza. 1117 {\em Zerocash: Decentralized Anonymous Payments from Bitcoin}. 1118 {\bf IEEE Symposium on Security \& Privacy, 2016}.} 1119 \item{David Chaum, Amos Fiat and Moni Naor. 1120 {\em Untraceable electronic cash}. 1121 {\bf Proceedings on Advances in Cryptology, 1990}.} 1122 \item{Phillip Rogaway. 1123 {\em The Moral Character of Cryptographic Work}. 1124 {\bf Asiacrypt}, 2015.} \label{bib:rogaway} 1125 \end{enumerate} 1126 } 1127 \begin{center} 1128 {\bf Let money facilitate trade; but ensure capital serves society.} 1129 \end{center} 1130 \end{frame} 1131 1132 1133 1134 1135 \end{document} 1136 1137 1138 1139 1140 \begin{frame}{Taler {\tt /withdraw/sign}} 1141 % Customer withdrawing coins with blind signatures 1142 % \bigskip 1143 \begin{figure}[th] 1144 \begin{minipage}[b]{0.45\linewidth} 1145 \begin{center} 1146 \begin{tikzpicture}[scale = 0.4, 1147 transform shape, 1148 msglabel/.style = { text = Black, yshift = .3cm, 1149 sloped, midway }, 1150 okmsg/.style = { ->, color = MidnightBlue, thick, 1151 >=stealth }, 1152 rstmsg/.style = { ->, color = BrickRed, thick, 1153 >=stealth } 1154 ] 1155 \node[draw = MidnightBlue, 1156 fill = CornflowerBlue, 1157 minimum width = .3cm, 1158 minimum height = 10cm 1159 ] (h1) at (-4, 0) {}; 1160 \node[draw = MidnightBlue, 1161 fill = CornflowerBlue, 1162 minimum width = .3cm, 1163 minimum height = 10cm 1164 ] (h2) at (4, 0) {}; 1165 \node[above = 0cm of h1] {Wallet}; 1166 \node[above = 0cm of h2] {Exchange}; 1167 1168 \path[->, color = MidnightBlue, very thick, >=stealth] 1169 (-5, 4.5) edge 1170 node[rotate=90, text = Black, yshift = .3cm] {Time} 1171 (-5, -4.5); 1172 \path[okmsg, dashed] 1173 ($(h1.east)+(0, 4.0)+(0, -1.0)$) edge 1174 node[msglabel] {SEPA(RK,A)} 1175 ($(h2.west)+(0, 3.5)+(0, -1.0)$); 1176 \path[okmsg] 1177 ($(h1.east)+(0, -1.0)$) edge 1178 node[msglabel] {POST {\tt /withdraw/sign} $S_{RK}(DK, B_b(C))$} 1179 ($(h2.west)+(0, -1.5)$); 1180 \path[okmsg] 1181 ($(h2.west)+(0, -2.0)$) edge 1182 node[msglabel] {200 OK: $S_{DK}(B_b(C))$)} 1183 ($(h1.east)+(0, -2.5)$); 1184 \path[rstmsg] 1185 ($(h2.west)+(0, -3.5)$) edge 1186 node[msglabel] {402 PAYMENT REQUIRED: $S_{RK}(DK, B_b(C))$)} 1187 ($(h1.east)+(0, -4)$); 1188 \node at (5.3, 0) {}; 1189 \end{tikzpicture} 1190 \end{center} 1191 Result: $\langle c, S_{DK}(C) \rangle$. 1192 \end{minipage} 1193 \hspace{0.5cm} 1194 \begin{minipage}[b]{0.45\linewidth} 1195 \tiny 1196 \begin{description} 1197 \item[$A$] Some amount, $A \ge A_{DK}$ 1198 \item[$RK$] Reserve key 1199 \item[$DK$] Denomination key 1200 \item[$b$] Blinding factor 1201 \item[$B_b()$] RSA-FDH blinding % DK supressed 1202 \item[$C$] Coin public key $C := cG$ 1203 \item[$S_{RK}()$] EdDSA signature 1204 \item[$S_{DK}()$] RSA-FDH signature 1205 \end{description} 1206 \end{minipage} 1207 \end{figure} 1208 \end{frame} 1209 1210 1211 \begin{frame}[t]{Taler {\tt /deposit}} 1212 Merchant and exchange see only the public coin $\langle C, S_{DK}(C) \rangle$. 1213 \bigskip 1214 \begin{figure}[th] 1215 \begin{minipage}[b]{0.45\linewidth} 1216 \begin{center} 1217 \begin{tikzpicture}[scale = 0.4, 1218 transform shape, 1219 msglabel/.style = { text = Black, yshift = .3cm, 1220 sloped, midway }, 1221 okmsg/.style = { ->, color = MidnightBlue, thick, 1222 >=stealth }, 1223 rstmsg/.style = { ->, color = BrickRed, thick, 1224 >=stealth } 1225 ] 1226 \node[draw = MidnightBlue, 1227 fill = CornflowerBlue, 1228 minimum width = .3cm, 1229 minimum height = 10cm 1230 ] (h1) at (-4, 0) {}; 1231 \node[draw = MidnightBlue, 1232 fill = CornflowerBlue, 1233 minimum width = .3cm, 1234 minimum height = 10cm 1235 ] (h2) at (4, 0) {}; 1236 \node[above = 0cm of h1] {Merchant}; 1237 \node[above = 0cm of h2] {Exchange}; 1238 1239 \path[->, color = MidnightBlue, very thick, >=stealth] 1240 (-5, 4.5) edge 1241 node[rotate=90, text = Black, yshift = .3cm] {Time} 1242 (-5, -4.5); 1243 \path[->, color = MidnightBlue, thick, >=stealth] 1244 ($(h1.east)+(0,3)$) edge 1245 node[text = Black, yshift = .3cm, sloped] {POST {\tt /deposit} $S_{DK}(C), S_{c}(D)$} 1246 ($(h2.west)+(0,2)$); 1247 \path[->, color = MidnightBlue, thick, >=stealth] 1248 ($(h2.west)+(0,0.5)$) edge 1249 node[text = Black, yshift = .3cm, sloped] {200 OK: $S_{SK}(S_{c}(D))$} 1250 ($(h1.east)+(0,-0.5)$); 1251 \path[rstmsg] 1252 ($(h2.west)+(0, -2.5)$) edge 1253 node[msglabel] {409 CONFLICT: $S_{c}(D')$} 1254 ($(h1.east)+(0, -3.5)$); 1255 \node at (5.3, 0) {}; 1256 \end{tikzpicture} 1257 \end{center} 1258 \end{minipage} 1259 \hspace{0.5cm} 1260 \begin{minipage}[b]{0.45\linewidth} 1261 \tiny 1262 \begin{description} 1263 \item[$DK$] Denomination key 1264 \item[$S_{DK}()$] RSA-FDH signature using $DK$ 1265 \item[$c$] Private coin key, $C := cG$. 1266 \item[$S_{C}()$] EdDSA signature using $c$ 1267 \item[$D$] Deposit details 1268 \item[$SK$] Exchange's signing key 1269 \item[$S_{SK}()$] EdDSA signature using $SK$ 1270 \item[$D'$] Conficting deposit details $D' \not= D$ 1271 \end{description} 1272 \end{minipage} 1273 \end{figure} 1274 \end{frame} 1275 1276 1277 \begin{frame}{Taler {\tt /refresh/melt}} 1278 \begin{figure}[th] 1279 \begin{minipage}[b]{0.45\linewidth} 1280 \begin{center} 1281 \begin{tikzpicture}[scale = 0.4, 1282 transform shape, 1283 msglabel/.style = { text = Black, yshift = .3cm, 1284 sloped, midway }, 1285 okmsg/.style = { ->, color = MidnightBlue, thick, 1286 >=stealth }, 1287 rstmsg/.style = { ->, color = BrickRed, thick, 1288 >=stealth } 1289 ] 1290 \node[draw = MidnightBlue, 1291 fill = CornflowerBlue, 1292 minimum width = .3cm, 1293 minimum height = 10cm 1294 ] (h1) at (-4, 0) {}; 1295 \node[draw = MidnightBlue, 1296 fill = CornflowerBlue, 1297 minimum width = .3cm, 1298 minimum height = 10cm 1299 ] (h2) at (4, 0) {}; 1300 \node[above = 0cm of h1] {Customer}; 1301 \node[above = 0cm of h2] {Exchange}; 1302 1303 \path[->, color = MidnightBlue, very thick, >=stealth] 1304 (-5, 4.5) edge 1305 node[rotate=90, text = Black, yshift = .3cm] {Time} 1306 (-5, -4.5); 1307 \path[->, color = MidnightBlue, thick, >=stealth] 1308 ($(h1.east)+(0,3)$) edge 1309 node[text = Black, yshift = .3cm, sloped] {POST {\tt /refresh/melt} $S_{DK}(C), S_c({\cal DK}, {\cal T},{\cal B})$} 1310 ($(h2.west)+(0,2)$); 1311 \path[->, color = MidnightBlue, thick, >=stealth] 1312 ($(h2.west)+(0,0.5)$) edge 1313 node[text = Black, yshift = .3cm, sloped] {200 OK: $S_{SK}(H({\cal T}, {\cal B}),\gamma)$} 1314 ($(h1.east)+(0,-0.5)$); 1315 \path[rstmsg] 1316 ($(h2.west)+(0, -2.5)$) edge 1317 node[msglabel] {409 CONFLICT: $S_{C}(X), \ldots$} 1318 ($(h1.east)+(0, -3.5)$); 1319 \node at (5.3, 0) {}; 1320 \end{tikzpicture} 1321 \end{center} 1322 \end{minipage} 1323 \hspace{0.5cm} 1324 \begin{minipage}[b]{0.45\linewidth} 1325 \tiny 1326 \begin{description} 1327 \item[$\kappa$] System-wide security parameter, usually 3. 1328 \\ \smallskip 1329 \item[$\cal DK$] $:= [DK^{(i)}]_i$ \\ List of denomination keys \\ 1330 $D + \sum_i A_{DK^{(i)}} < A_{DK}$ 1331 \item[$t_j$] Random scalar for $j<\kappa$ 1332 \item[${\cal T}$] $:= [T_j]_\kappa$ where $T_j = t_j G$ 1333 \item[$k_j$] $:= c T_j = t_j C$ is an ECDHE 1334 \item[$b_j^{(i)}$] $:= KDF_b(k_j,i)$ % blinding factor 1335 \item[$c_j^{(i)}$] $:= KDF_c(k_j,i)$ % coin secret keys 1336 \item[$C_j^{(i)}$] $: = c_j^{(i)} G$ % new coin publics % keys 1337 \item[${\cal B}$] $:= [H( \beta_j )]_\kappa$ where \\ 1338 $\beta_j := \left[ B_{b_j^{(i)}}(C_j^{(i)}) \right]_i$ 1339 \\ \smallskip 1340 \item[$\gamma$] Random value in $[0,\kappa)$ 1341 % \\ \smallskip 1342 % \item[$X$] Deposit or refresh 1343 \end{description} 1344 \end{minipage} 1345 \end{figure} 1346 \end{frame} 1347 1348 1349 \begin{frame}{Taler {\tt /refresh/reveal}} 1350 \begin{figure}[th] 1351 \begin{minipage}[b]{0.45\linewidth} 1352 \begin{center} 1353 \begin{tikzpicture}[scale = 0.4, 1354 transform shape, 1355 msglabel/.style = { text = Black, yshift = .3cm, 1356 sloped, midway }, 1357 okmsg/.style = { ->, color = MidnightBlue, thick, 1358 >=stealth }, 1359 rstmsg/.style = { ->, color = BrickRed, thick, 1360 >=stealth } 1361 ] 1362 \node[draw = MidnightBlue, 1363 fill = CornflowerBlue, 1364 minimum width = .3cm, 1365 minimum height = 10cm 1366 ] (h1) at (-4, 0) {}; 1367 \node[draw = MidnightBlue, 1368 fill = CornflowerBlue, 1369 minimum width = .3cm, 1370 minimum height = 10cm 1371 ] (h2) at (4, 0) {}; 1372 \node[above = 0cm of h1] {Customer}; 1373 \node[above = 0cm of h2] {Exchange}; 1374 1375 \path[->, color = MidnightBlue, very thick, >=stealth] 1376 (-5, 4.5) edge 1377 node[rotate=90, text = Black, yshift = .3cm] {Time} 1378 (-5, -4.5); 1379 \path[->, color = MidnightBlue, thick, >=stealth] 1380 ($(h1.east)+(0,3)$) edge 1381 node[text = Black, yshift = .3cm, sloped] {POST {\tt /refresh/reveal} $H({\cal T}, {\cal B}), {\tilde{\cal T}}, \beta_\gamma$} 1382 ($(h2.west)+(0,2)$); 1383 \path[->, color = MidnightBlue, thick, >=stealth] 1384 ($(h2.west)+(0,0.5)$) edge 1385 node[text = Black, yshift = .3cm, sloped] {200 OK: $\cal S$} 1386 ($(h1.east)+(0,-0.5)$); 1387 \path[rstmsg] 1388 ($(h2.west)+(0, -2.5)$) edge 1389 node[msglabel] {400 BAD REQUEST: $Z$} 1390 ($(h1.east)+(0, -3.5)$); 1391 \node at (5.3, 0) {}; 1392 \end{tikzpicture} 1393 \end{center} 1394 \end{minipage} 1395 \hspace{0.5cm} 1396 \begin{minipage}[b]{0.45\linewidth} 1397 \tiny 1398 \begin{description} 1399 \item[$\cal DK$] $:= [DK^{(i)}]_i$ 1400 \item[$t_j$] .. \\ \smallskip 1401 1402 \item[$\tilde{\cal T}$] $:= [t_j | j \in \kappa, j \neq \gamma]$ \\ \smallskip 1403 1404 \item[$k_\gamma$] $:= c T_\gamma = t_\gamma C$ 1405 \item[$b_\gamma^{(i)}$] $:= KDF_b(k_\gamma,i)$ 1406 \item[$c_\gamma^{(i)}$] $:= KDF_c(k_\gamma,i)$ 1407 \item[$C_\gamma^{(i)}$] $: = c_\gamma^{(i)} G$ 1408 1409 \item[$B_\gamma^{(i)}$] $:= B_{b_\gamma^{(i)}}(C_\gamma^{(i)})$ 1410 \item[$\beta_\gamma$] $:= \big[ B_\gamma^{(i)} \big]_i$ 1411 \item[$\cal S$] $:= \left[ S_{DK^{(i)}}( B_\gamma^{(i)} ) \right]_i$ \\ \smallskip 1412 1413 \item[$Z$] Cut-and-choose missmatch information 1414 \end{description} 1415 \end{minipage} 1416 \end{figure} 1417 \end{frame} 1418 1419 1420 \begin{frame}{Taler {\tt /refresh/link}} 1421 \begin{figure}[th] 1422 \begin{minipage}[b]{0.45\linewidth} 1423 \begin{center} 1424 \begin{tikzpicture}[scale = 0.4, 1425 transform shape, 1426 msglabel/.style = { text = Black, yshift = .3cm, 1427 sloped, midway }, 1428 okmsg/.style = { ->, color = MidnightBlue, thick, 1429 >=stealth }, 1430 rstmsg/.style = { ->, color = BrickRed, thick, 1431 >=stealth } 1432 ] 1433 \node[draw = MidnightBlue, 1434 fill = CornflowerBlue, 1435 minimum width = .3cm, 1436 minimum height = 10cm 1437 ] (h1) at (-4, 0) {}; 1438 \node[draw = MidnightBlue, 1439 fill = CornflowerBlue, 1440 minimum width = .3cm, 1441 minimum height = 10cm 1442 ] (h2) at (4, 0) {}; 1443 \node[above = 0cm of h1] {Customer}; 1444 \node[above = 0cm of h2] {Exchagne}; 1445 1446 \path[->, color = MidnightBlue, very thick, >=stealth] 1447 (-5, 4.5) edge 1448 node[rotate=90, text = Black, yshift = .3cm] {Time} 1449 (-5, -4.5); 1450 \path[->, color = MidnightBlue, thick, >=stealth] 1451 ($(h1.east)+(0,3)$) edge 1452 node[text = Black, yshift = .3cm, sloped] {POST {\tt /refresh/link} $C$} 1453 ($(h2.west)+(0,2)$); 1454 \path[->, color = MidnightBlue, thick, >=stealth] 1455 ($(h2.west)+(0,0.5)$) edge 1456 node[text = Black, yshift = .3cm, sloped] {200 OK: $T_\gamma$} 1457 ($(h1.east)+(0,-0.5)$); 1458 \path[rstmsg] 1459 ($(h2.west)+(0, -2.5)$) edge 1460 node[msglabel] {404 NOT FOUND} 1461 ($(h1.east)+(0, -3.5)$); 1462 \node at (5.3, 0) {}; 1463 \end{tikzpicture} 1464 \end{center} 1465 \end{minipage} 1466 \hspace{0.5cm} 1467 \begin{minipage}[b]{0.45\linewidth} 1468 \tiny 1469 \begin{description} 1470 \item[$C$] Old coind public key \\ \smallskip 1471 \item[$T_\gamma$] Linkage data $\cal L$ at $\gamma$ 1472 \end{description} 1473 \end{minipage} 1474 \end{figure} 1475 \end{frame} 1476 1477 1478 \begin{frame}{Operational security} 1479 \begin{center} 1480 \resizebox{\textwidth}{!}{ 1481 \begin{tikzpicture}[ 1482 font=\sffamily, 1483 every matrix/.style={ampersand replacement=\&,column sep=2cm,row sep=2cm}, 1484 source/.style={draw,thick,rounded corners,fill=green!20,inner sep=.3cm}, 1485 process/.style={draw,thick,circle,fill=blue!20}, 1486 sink/.style={source,fill=green!20}, 1487 datastore/.style={draw,very thick,shape=datastore,inner sep=.3cm}, 1488 dots/.style={gray,scale=2}, 1489 to/.style={->,>=stealth',shorten >=1pt,semithick,font=\sffamily\footnotesize}, 1490 every node/.style={align=center}] 1491 1492 % Position the nodes using a matrix layout 1493 \matrix{ 1494 \node[source] (wallet) {Wallet}; 1495 \& \node[process] (browser) {Browser}; 1496 \& \node[process] (shop) {Web shop}; 1497 \& \node[sink] (backend) {Taler backend}; \\ 1498 }; 1499 1500 % Draw the arrows between the nodes and label them. 1501 \draw[to] (browser) to[bend right=50] node[midway,above] {(4) signed contract} 1502 node[midway,below] {(signal)} (wallet); 1503 \draw[to] (wallet) to[bend right=50] node[midway,above] {(signal)} 1504 node[midway,below] {(5) signed coins} (browser); 1505 \draw[<->] (browser) -- node[midway,above] {(3,6) custom} 1506 node[midway,below] {(HTTPS)} (shop); 1507 \draw[to] (shop) to[bend right=50] node[midway,above] {(HTTPS)} 1508 node[midway,below] {(1) proposed contract / (7) signed coins} (backend); 1509 \draw[to] (backend) to[bend right=50] node[midway,above] {(2) signed contract / (8) confirmation} 1510 node[midway,below] {(HTTPS)} (shop); 1511 \end{tikzpicture} 1512 } 1513 \end{center} 1514 \end{frame}