main.tex (83679B)
1 \pdfminorversion=3 2 \documentclass[fleqn,xcolor={usenames,dvipsnames}]{beamer} 3 \input taler-macros 4 5 \newcommand{\TITLE}{NEXT \\ GENERATION \\ INTERNET} 6 \newcommand{\SUB}{The GNU Taler Payment System} 7 \newcommand{\AUTHOR}{Christian Grothoff} 8 \newcommand{\SPEAKER}{Christian Grothoff} 9 \newcommand{\INST}{The GNU Project} 10 \newcommand{\DATE}{Traffic Seminar --- ETHZ} 11 12 % Do not edit this part 13 \title{\TITLE} 14 \subtitle{\SUB} 15 \date{\DATE} 16 \author[\SPEAKER]{\AUTHOR} 17 \institute{\INST} 18 \usepackage{amsmath} 19 \usepackage{multimedia} 20 \usepackage[utf8]{inputenc} 21 \usepackage{framed,color,ragged2e} 22 \usepackage[absolute,overlay]{textpos} 23 \definecolor{shadecolor}{rgb}{0.8,0.8,0.8} 24 \usetheme{boxes} 25 \setbeamertemplate{navigation symbols}{} 26 \usepackage{xcolor} 27 \usepackage[normalem]{ulem} 28 \usepackage{listings} 29 \usepackage{adjustbox} 30 \usepackage{array} 31 \usepackage{bbding} 32 \usepackage{relsize} 33 \usepackage{graphicx} 34 \usepackage{tikz,eurosym,calc} 35 \usetikzlibrary{tikzmark} 36 \usetikzlibrary{shapes,arrows,arrows.meta} 37 \usetikzlibrary{positioning,fit,patterns} 38 \usetikzlibrary{calc} 39 \usepackage{multicol} 40 \usepackage{pgf-umlsd} 41 \usepackage{relsize} 42 43 44 % CSS 45 \lstdefinelanguage{CSS}{ 46 basicstyle=\ttfamily\scriptsize, 47 keywords={color,background-image:,margin,padding,font,weight,display,position,top,left,right,bottom,list,style,border,size,white,space,min,width, transition:, transform:, transition-property, transition-duration, transition-timing-function}, 48 sensitive=true, 49 morecomment=[l]{//}, 50 morecomment=[s]{/*}{*/}, 51 morestring=[b]', 52 morestring=[b]", 53 alsoletter={:}, 54 alsodigit={-} 55 } 56 57 % JavaScript 58 \lstdefinelanguage{JavaScript}{ 59 basicstyle=\ttfamily\scriptsize, 60 morekeywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break}, 61 morecomment=[s]{/*}{*/}, 62 morecomment=[l]//, 63 morestring=[b]", 64 morestring=[b]' 65 } 66 67 \lstdefinelanguage{HTML5}{ 68 basicstyle=\ttfamily\scriptsize, 69 language=html, 70 sensitive=true, 71 alsoletter={<>=-}, 72 morecomment=[s]{<!-}{-->}, 73 tag=[s], 74 otherkeywords={ 75 % General 76 >, 77 % Standard tags 78 <!DOCTYPE, 79 </html, <html, <head, <title, </title, <style, </style, <link, </head, <meta, />, 80 % body 81 </body, <body, 82 % Divs 83 </div, <div, </div>, 84 % Paragraphs 85 </p, <p, </p>, 86 % scripts 87 </script, <script, 88 % More tags... 89 <canvas, /canvas>, <svg, <rect, <animateTransform, </rect>, </svg>, <video, <source, <iframe, </iframe>, </video>, <image, </image> 90 }, 91 ndkeywords={ 92 % General 93 =, 94 % HTML attributes 95 charset=, src=, id=, width=, height=, style=, type=, rel=, href=, 96 % SVG attributes 97 fill=, attributeName=, begin=, dur=, from=, to=, poster=, controls=, x=, y=, repeatCount=, xlink:href=, 98 % CSS properties 99 margin:, padding:, background-image:, border:, top:, left:, position:, width:, height:, 100 % CSS3 properties 101 transform:, -moz-transform:, -webkit-transform:, 102 animation:, -webkit-animation:, 103 transition:, transition-duration:, transition-property:, transition-timing-function:, 104 } 105 } 106 107 \lstdefinelanguage{JavaScript}{ 108 basicstyle=\ttfamily\scriptsize, 109 keywords={typeof, new, true, false, catch, function, return, null, catch, switch, var, if, in, while, do, else, case, break, for}, 110 keywordstyle=\color{blue}\bfseries, 111 ndkeywords={class, export, boolean, throw, implements, import, this}, 112 ndkeywordstyle=\color{darkgray}\bfseries, 113 identifierstyle=\color{black}, 114 sensitive=false, 115 comment=[l]{//}, 116 morecomment=[s]{/*}{*/}, 117 commentstyle=\color{purple}\ttfamily, 118 stringstyle=\color{red}\ttfamily, 119 morestring=[b]', 120 morestring=[b]" 121 } 122 123 \setbeamersize{description width=1em} 124 125 \definecolor{blue}{rgb}{0,0,0.7} 126 \newcommand{\orange}[1]{{\color{orange}#1}} 127 \newcommand{\blue}[1]{{\color{blue}#1}} 128 \newcommand{\red}[1]{{\color{red}#1}} 129 \newcommand{\Guardian}{\mathcal{G}} 130 \newcommand{\Child}{\mathcal{C}} 131 \newcommand{\Customer}{\mathcal{C}} 132 \newcommand{\Merchant}{\mathcal{M}} 133 \newcommand{\Exchange}{\mathcal{E}} 134 135 \newcommand{\Commit}{\mathsf{Commit}} 136 \newcommand{\Attest}{\mathsf{Attest}} 137 \newcommand{\Verify}{\mathsf{Verify}} 138 \newcommand{\Derive}{\mathsf{Derive}} 139 \newcommand{\DeriveCompare}{\mathsf{DeriveCompare_\kappa}} 140 \newcommand{\Compare}{\mathsf{Compare}} 141 \newcommand{\AgeVer}{\mathsf{AgeVer}} 142 143 \newcommand{\HashF}{\mathsf{H}} 144 \newcommand{\Hash}{\mathsf{H}} 145 \newcommand{\Block}{\mathbb{B}} 146 \newcommand{\Pub}{\mathsf{Pub}} 147 \newcommand{\Sign}{\mathsf{Sig}} 148 \newcommand{\Ver}{\mathsf{Ver}} 149 \newcommand{\Encoding}{\mathsf{Encoding}} 150 \newcommand{\ECDSA}{\mathsf{ECDSA}} 151 \newcommand{\Null}{\mathcal{O}} 152 \newcommand{\EC}{\mathrm{ec}} 153 \newcommand{\Curve}{\mathsf{Curve25519}} 154 \newcommand{\SHA}{\mathsf{SHA256}} 155 \newcommand{\SHAF}{\mathsf{SHA252}} 156 \newcommand{\FDH}{\mathsf{FDH}} 157 158 \newcommand{\negl}{\epsilon} 159 160 \newcommand{\rand}{\mathsf{rand}} 161 \newcommand{\age}{\mathsf{a}} 162 \newcommand{\Age}{\mathsf{M}} 163 \newcommand{\bage}{\mathsf{b}} 164 \newcommand{\minage}{\mathsf{m}} 165 \newcommand{\attest}{\mathsf{T}} 166 \newcommand{\commitment}{\mathsf{Q}} 167 \newcommand{\pruf}{\mathsf{P}} 168 \newcommand{\Vcommitment}{\vec{\mathsf{Q}}} 169 \newcommand{\Vpruf}{\vec{\mathsf{P}}} 170 \newcommand{\blinding}{\beta} 171 172 \newcommand{\ZN}{\mathbb{Z}_N} 173 \newcommand{\Z}{\mathbb{Z}} 174 \newcommand{\N}{\mathbb{N}} 175 \newcommand{\A}{\mathbb{A}} 176 \newcommand{\E}{\mathbb{E}} 177 \newcommand{\F}{\mathbb{F}} 178 \newcommand{\seck}{\mathsf{s}} 179 \newcommand{\pubk}{\mathsf{P}} 180 \renewcommand{\H}{\mathbb{H}} 181 \newcommand{\K}{\mathbb{K}} 182 \newcommand{\Proofs}{\mathbb{P}} 183 \newcommand{\Commitments}{\mathbb{O}} 184 \newcommand{\Attests}{\mathbb{T}} 185 \newcommand{\Blindings}{\mathbb{B}} 186 \newcommand{\Nil}{\perp} 187 188 \newcommand{\p}{\mathsf{p}} 189 \newcommand{\com}{\mathsf{com}} 190 \newcommand{\prf}{\mathsf{prf}} 191 192 \newcommand{\Adv}{\mathcal{A}} 193 \newcommand{\PPT}{\mathfrak{A}} 194 \newcommand{\Probability}{\mathrm{Pr}} 195 \newcommand{\Algorithm}{f} 196 \renewcommand{\Game}[1]{G_\Adv^\mathsf{#1}} 197 198 \DeclareMathOperator{\Image}{Im} 199 \DeclareMathOperator{\Mod}{mod} 200 201 \newcommand{\Encode}[1]{\overbracket[0.5pt][2pt]{\,#1\,}} 202 \newcommand{\Decode}[1]{\underbracket[0.5pt][3pt]{\,#1\,}} 203 \newcommand{\FDHg}[1]{[#1]_g\,} 204 \newcommand{\logg}{{\breve{g}}} 205 206 207 \newcommand{\drawfrom}{\xleftarrow{\$}} 208 \newcommand\Exists{% 209 \mathop{\lower0.75ex\hbox{\ensuremath{% 210 \mathlarger{\mathlarger{\mathlarger{\mathlarger{\exists}}}}}}}% 211 \limits} 212 213 \newcommand\Forall{% 214 \mathop{\lower0.75ex\hbox{\ensuremath{% 215 \mathlarger{\mathlarger{\mathlarger{\mathlarger{\forall}}}}}}}% 216 \limits} 217 218 219 \title{GNU Taler} 220 %\subtitle{} 221 222 \setbeamertemplate{navigation symbols}{ \includegraphics[width=1cm]{tud-logo.pdf} \includegraphics[width=0.4cm]{logo-esen.pdf} \includegraphics[width=1cm]{logo-GlsBank.pdf} \includegraphics[width=0.6cm]{logo-MagNetBank.pdf} \includegraphics[width=0.4cm]{logo-ps.pdf} \includegraphics[width=0.4cm]{logo-nlnet.pdf} \includegraphics[width=0.4cm]{logo-HomoDigitalis.pdf} \includegraphics[width=0.4cm]{logo-codeblau.pdf} \includegraphics[width=1.4cm]{logo-tue.pdf} \includegraphics[width=0.6cm]{logo-visualvest.pdf} \includegraphics[width=1cm]{inria.pdf} \includegraphics[width=0.4cm]{logo-bfh.pdf} \includegraphics[width=1.6cm]{fub.pdf} \includegraphics[width=0.4cm]{ashoka.png} \includegraphics[width=0.4cm]{gnu.png} \includegraphics[width=1cm]{taler-logo-2021-inkscape.pdf} \hfill} 223 %\setbeamercovered{transparent=1} 224 225 % NOTE: adjust as needed! 226 \author[C. Grothoff]{F. Dold, C. Grothoff} 227 \date{} 228 \institute{The GNU Project} 229 230 231 \begin{document} 232 233 \justifying 234 235 \begin{frame}[plain] 236 \maketitle 237 \end{frame} 238 239 \begin{frame}{Agenda} 240 \tableofcontents 241 \end{frame} 242 243 \section{Motivation \& Background} 244 245 246 \begin{frame}{Surveilance concerns} 247 \begin{itemize} 248 \item Everybody knows about Internet surveilance. 249 \item But is it {\bf that} bad?\pause 250 \begin{itemize} 251 \item You can choose when and where to use the Internet 252 \item You can anonymously access the Web using Tor 253 \item You can find open access points that do not require authentication 254 \item IP packets do not include your precise location or name 255 \item ISPs typically store this meta data for days, weeks or months 256 \end{itemize} 257 \end{itemize} 258 \end{frame} 259 260 261 \begin{frame}{A Social Problem} 262 % \vfill 263 This was a question posed to RAND researchers in 1971: 264 265 \begin{quote} 266 ``Suppose you were an advisor to the head of the KGB. Suppose you are given the assignment of designing a system for the surveillance of all citizens and visitors within the boundaries of the USSR. The system is not to be too obtrusive or obvious. What would be your decision?'' 267 \end{quote} 268 %The result: an electronic funds transfer system that looks 269 %strikingly similar today's debit card system. 270 \end{frame} 271 272 \begin{frame}{A Social Problem} 273 ``I think one of the big things that we need to do, is we need 274 to get away from true-name payments on the Internet. The credit 275 card payment system is one of the worst things that happened for the 276 user, in terms of being able to divorce their access from their 277 identity.'' \hfill --Edward Snowden, IETF 93 (2015) 278 \end{frame} 279 280 281 \begin{frame}{What is worse:} 282 \begin{itemize} 283 \item When you pay by CC, the information includes your name 284 \item When you pay in person with CC, your location is also known 285 \item You often have no alternative payment methods available 286 \item You hardly ever can use someone else's CC 287 \item Anonymous prepaid cards are difficult to get and expensive 288 \item Payment information is typically stored for at least 6 years 289 \end{itemize} 290 \end{frame} 291 292 293 \begin{frame}{Banks have Problems, too!} 294 295 3D secure (``verified by visa'') is a nightmare: 296 297 \begin{minipage}{5cm} 298 \begin{itemize} 299 \item Complicated process 300 \item Shifts liability to consumer 301 \item Significant latency 302 \item Can refuse valid requests 303 \item Legal vendors excluded 304 \item No privacy for buyers 305 \end{itemize} 306 \end{minipage} 307 \begin{minipage}{5cm} 308 \includegraphics[width=\textwidth]{illustrations/cc3ds.pdf} 309 \end{minipage} 310 \vfill 311 Online credit card payments will be replaced, but with what? 312 \end{frame} 313 314 315 \begin{frame}{The Bank's Problem} 316 \begin{itemize} 317 \item Global tech companies push oligopolies 318 \item Privacy and federated finance are at risk 319 % \item 30\% fees are conceivable 320 \item Economic sovereignty is in danger 321 \end{itemize} 322 \vfill 323 \begin{textblock*}{4cm}(3.5cm,6.5cm) % {block width} (coords) 324 {\includegraphics[width=\textwidth]{../investors/competitor-logos/amazon.png}} 325 \end{textblock*} 326 \begin{textblock*}{2cm}(7cm,8cm) % {block width} (coords) 327 {\includegraphics[width=\textwidth]{../investors/competitor-logos/alipay.jpeg}} 328 \end{textblock*} 329 \begin{textblock*}{2cm}(1cm,5.5cm) % {block width} (coords) 330 {\includegraphics[width=\textwidth]{../investors/competitor-logos/paypal.jpeg}} 331 \end{textblock*} 332 \begin{textblock*}{2cm}(9cm,5cm) % {block width} (coords) 333 {\includegraphics[width=\textwidth]{../investors/competitor-logos/applepay.jpeg}} 334 \end{textblock*} 335 \begin{textblock*}{2cm}(7.5cm,5.9cm) % {block width} (coords) 336 {\includegraphics[width=\textwidth]{../investors/competitor-logos/samsungpay.jpeg}} 337 \end{textblock*} 338 \begin{textblock*}{1cm}(9.5cm,6.3cm) % {block width} (coords) 339 {\includegraphics[width=\textwidth]{../investors/competitor-logos/android_pay.png}} 340 \end{textblock*} 341 \end{frame} 342 343 344 \begin{frame}{Predicting the Future} 345 \begin{itemize} 346 \item Google and Apple will be your bank and run your payment system 347 \item They can target advertising based on your purchase history, location and 348 your ability to pay 349 \item They will provide more usable, faster and broadly available 350 payment solutions; our federated banking system will be history 351 % just like SMTP is now Gmail. 352 \item After they dominate the payment sector, they will start to charge fees 353 befitting their oligopoly size 354 \item Competitors and vendors not aligning with their corporate ``values'' 355 will be excluded by policy and go bankrupt 356 \item The imperium will have another major tool for its financial warfare 357 \end{itemize} 358 \end{frame} 359 360 361 \begin{frame}{The Distraction: Bitcoin} 362 363 \begin{itemize} 364 \item Unregulated payment system and currency: 365 \item[] $\Rightarrow$ lack of regulation is a feature! 366 \item Implemented in free software 367 \item Decentralised peer-to-peer system \pause 368 \item Decentralised banking requires solving Byzantine consensus 369 \item Creative solution: tie initial accumulation to solving consensus \pause 370 \item[] $\Rightarrow$ Proof-of-work advances ledger 371 \item[] $\Rightarrow$ Very expensive banking 372 \end{itemize} 373 \end{frame} 374 375 376 \begin{frame} 377 \frametitle{\includegraphics[height=0.5cm]{pics/bitcoin.png}?} 378 \framesubtitle{Background: \url{https://blockchain.com/charts/}} 379 \centering 380 \noindent 381 \includegraphics[width=\textwidth]{pics/btc-transaction-cost.png} 382 383 Current average transaction value: $\approx$ 1000 USD 384 \end{frame} 385 386 387 \begin{frame} 388 \frametitle{\includegraphics[height=0.5cm]{pics/zerocoin.png}?} 389 390 Bitcoin cryptography is rather primitive: 391 \begin{center} 392 {\bf All Bitcoin transactions are public and linkable!} 393 \end{center} 394 395 \begin{itemize} 396 \item[] $\Rightarrow$ no privacy guarantees 397 \item[] $\Rightarrow$ enhanced with ``laundering'' services 398 \end{itemize} 399 ZeroCoin, CryptoNote (Monero) and ZeroCash (ZCash) offer anonymity. 400 \end{frame} 401 402 403 \begin{frame} 404 \vfill 405 \begin{center} 406 {\bf Do you want to have a libertarian economy?} 407 \end{center} 408 \vfill 409 \begin{center} 410 {\bf Do you want to live under total surveillance?} 411 \end{center} 412 \vfill 413 \end{frame} 414 415 416 \begin{frame}{Central Bank Digital Currency?} 417 Speech by Augustus Carstens, Bank of International Settlements on the difference between Central Bank Digital Currencies and cash. 418 \end{frame} 419 420 421 \begin{frame}{Central Bank Digital Currency vs. Cash} 422 \begin{tikzpicture}[remember picture,overlay] 423 \node[anchor=south west, inner sep=0pt] at (current page.south west) {% 424 \movie[height = \paperheight, width = \paperwidth, poster, showcontrols]{Central Bank Digital Currency vs. Cash} 425 {bis-cbdc.mp4} 426 }; 427 \end{tikzpicture} 428 \end{frame} 429 430 431 \begin{frame}{Central Bank Digital Currency?} 432 Speech by Augustin Carstens, Bank of International Settlements (October 2020) on the difference between Central Bank Digital Currencies and cash. 433 \begin{center} 434 \movie[height = 0.5\paperheight, poster, showcontrols]{Central Bank Digital Currency vs. Cash} 435 {bis-cbdc.mp4} 436 437 {\tiny 438 \url{https://www.youtube.com/watch?v=R_E4Uu7ycqE} (10'2020)} 439 \end{center} 440 \end{frame} 441 442 443 444 \begin{frame}{The Emergency Act of Canada} 445 Speech by Premier Kenney, Alberta, February 2022. 446 \begin{center} 447 \movie[height = 0.5\paperheight, poster, showcontrols]{The Emergency Act of Canada} 448 {emergencyact.mp4} 449 450 {\tiny \url{https://www.youtube.com/watch?v=NehMAj492SA} (2'2022)} 451 \end{center} 452 \end{frame} 453 454 455 \section{GNU Taler: Introduction} 456 457 \begin{frame} 458 \vfill 459 \begin{center} 460 {\bf GNU Taler: Introduction} 461 \end{center} 462 \vfill 463 \end{frame} 464 465 466 \begin{frame}{GNU Taler} 467 \vfill 468 \begin{center} 469 {\huge {\bf Digital} cash, made \textbf{socially responsible}.} 470 \end{center} 471 \vfill 472 \begin{center} 473 \includegraphics[scale=0.3]{taler-logo-2021-inkscape.pdf} 474 \end{center} 475 \vfill 476 \begin{center} 477 Privacy-Preserving, Practical, Taxable, Free Software, Efficient 478 \end{center} 479 \vfill 480 \vfill 481 \ % 482 \end{frame} 483 484 485 \begin{frame}{What is Taler?} 486 \framesubtitle{\url{https://taler.net/en/features.html}} \noindent 487 Taler is 488 \vfill 489 \begin{itemize} 490 \item a Free/Libre software \emph{payment system} infrastructure project 491 \item ... with a surrounding software ecosystem 492 \item ... and a company (Taler Systems S.A.) and community that wants to deploy it 493 as widely as possible. 494 \end{itemize} 495 \vfill 496 \noindent 497 However, Taler is 498 \begin{itemize} 499 \item \emph{not} a currency or speculative asset 500 \item \emph{not} a long-term store of value 501 \item \emph{not} a network or instance of a system 502 \item \emph{not} based on proof-of-work or proof-of-stake 503 \end{itemize} 504 \end{frame} 505 506 507 \begin{frame}{Design principles} 508 \framesubtitle{https://taler.net/en/principles.html} 509 GNU Taler must ... 510 \begin{enumerate} 511 \item {... be implemented as {\bf free software}.} 512 \item {... protect the {\bf privacy of buyers}.} 513 \item {... enable the state to {\bf tax income} and crack down on 514 illegal business activities.} 515 \item {... prevent payment fraud.} 516 \item {... only {\bf disclose the minimal amount of information 517 necessary}.} 518 \item {... be usable.} 519 \item {... be efficient.} 520 \item {... avoid single points of failure.} 521 \item {... foster {\bf competition}.} 522 \end{enumerate} 523 \end{frame} 524 525 526 \begin{frame} 527 \frametitle{Taler Overview} 528 \begin{center} 529 \begin{tikzpicture} 530 \tikzstyle{def} = [node distance= 5em and 5em, inner sep=1em, outer sep=.3em]; 531 \node (origin) at (0,0) {}; 532 \node (exchange) [def,above=of origin,draw]{Exchange}; 533 \node (customer) [def, draw, below left=of origin] {Customer}; 534 \node (merchant) [def, draw, below right=of origin] {Merchant}; 535 \node (auditor) [def, node distance=5em and 6em, draw, above right=of origin]{Auditor}; 536 % \node (regulator) [def, draw, above=of auditor]{CSSF}; 537 538 \tikzstyle{C} = [color=black, line width=1pt] 539 540 \draw [<-, C] (customer) -- (exchange) node [midway, above, sloped] (TextNode) {withdraw coins}; 541 \draw [<-, C] (exchange) -- (merchant) node [midway, above, sloped] (TextNode) {deposit coins}; 542 \draw [<-, C] (merchant) -- (customer) node [midway, above, sloped] (TextNode) {spend coins}; 543 \draw [<-, C] (exchange) -- (auditor) node [midway, above, sloped] (TextNode) {verify}; 544 % \draw [<-, C] (regulator) -- (auditor) node [midway, above, sloped] (TextNode) {report}; 545 546 \end{tikzpicture} 547 \end{center} 548 \end{frame} 549 550 551 552 \begin{frame} 553 \frametitle{Architecture of Taler} 554 \begin{center} 555 \includegraphics[width=0.8\textwidth]{operations.png} 556 \end{center} 557 \end{frame} 558 559 560 \begin{frame}{Consumer Impact of Taler} 561 \begin{itemize} 562 \item {\bf Convenient:} pay with one click instantly --– in Euro, 563 Dollar, Yen or Bitcoin 564 \item {\bf Friction-free security:} Payments do not require sign-up, 565 login or multi-factor authentication 566 \item {\bf Privacy-preserving:} payment requires/shares no personal information 567 \item {\bf Bank account:} not required 568 \end{itemize} 569 \end{frame} 570 571 572 \begin{frame}{Merchant Impact of Taler} 573 \begin{itemize} 574 \item {\bf Instant clearance:} one-click transactions and instant clearance at par 575 \item {\bf Easy \& compliant:} GDPR \& PCI-DSS compliance-free and without any effort 576 \item {\bf Major profit increase:} efficient protocol $+$ no fraud $=$ extremely low costs 577 \item {\bf 1-click checkout:} without Amazon and without false 578 positives in fraud detection 579 \end{itemize} 580 \end{frame} 581 582 583 \begin{frame}{Taler for retail CBDCs} 584 \framesubtitle{{\tiny \url{https://www.snb.ch/en/mmr/papers/id/working_paper_2021_03}}} 585 \begin{itemize} 586 \item Privacy by cryptographic design \\ 587 $\Rightarrow$ Design does not facilitate mass-surveillance 588 \item Digital coins equivalent to issuing cash \\ 589 $\Rightarrow$ monetary policy remains under CB control 590 \item Consumer accounts only at retail banks \\ 591 $\Rightarrow$ no competition for retail banking (S\&L) \\ 592 $\Rightarrow$ commercial banks do KYC, customer support 593 \item Withdrawal limits and denomination expiration \\ 594 $\Rightarrow$ protects against bank runs and hoarding 595 \item Income transparency and possibility to set fees \\ 596 $\Rightarrow$ insights into economy and policy options 597 \item Revocation protocols and loss limitations \\ 598 $\Rightarrow$ exit strategy for catastrophic security incidents 599 \end{itemize} 600 \end{frame} 601 602 603 \begin{frame}{Usability of GNU Taler} 604 \vfill 605 \begin{center} 606 \url{https://demo.taler.net/} 607 \end{center} 608 \begin{enumerate} 609 \item Install browser extension. 610 \item Visit the {\tt bank.demo.taler.net} to withdraw coins. 611 \item Visit the {\tt shop.demo.taler.net} to spend coins. 612 \end{enumerate} 613 \vfill 614 \end{frame} 615 616 617 \begin{frame}{Social Impact of Taler} 618 \begin{center} 619 \includegraphics[height=0.9\textheight]{../social-impact.pdf} 620 \end{center} 621 \end{frame} 622 623 624 \begin{frame}{Use Case: Journalism} 625 Today: 626 \begin{itemize} 627 \item Corporate structure % ($\Rightarrow$ filter) 628 \item Advertising primary revenue % ($\Rightarrow$ dependence) 629 \item Tracking readers critical for business success 630 \item Journalism and marketing hard to distinguish 631 \end{itemize}\vfill\pause 632 With GNU Taler: 633 \begin{itemize} 634 \item One-click micropayments per article 635 \item Hosting requires no expertise % (no PCI DSS) 636 \item Reader-funded reporting separated from marketing 637 \item Readers can remain anonymous 638 \end{itemize} 639 \end{frame} 640 641 642 \begin{frame}[c]{Example: The Taler Snack Machine} 643 Integration of a MDB/ICP to Taler gateway with 644 NFC or QR-Code to Taler wallet interface by M. Boss and D. Hofer: 645 \begin{figure} 646 \centering 647 \includegraphics[width=0.7\textwidth]{design} 648 \end{figure} 649 \end{frame} 650 651 652 \begin{frame}[t]{Software architecture for the Taler Snack Machine} 653 \begin{figure} 654 \centering 655 \includegraphics[width=.7\textwidth]{software_stack} 656 \end{figure} 657 \begin{center} 658 Code at \url{https://git.taler.net/taler-mdb} 659 \end{center} 660 \end{frame} 661 662 663 \begin{frame}[c]{User story: Install App on Android} 664 \framesubtitle{\url{https://wallet.taler.net/}} 665 \begin{figure} 666 \includegraphics[width=0.7\textwidth]{download_wallet.png} 667 \end{figure} 668 \end{frame} 669 670 \begin{frame}{User story: Withdraw e-cash} 671 \begin{figure} 672 \includegraphics[width=0.7\textwidth]{get_taler_coins.png} 673 \end{figure} 674 \end{frame} 675 676 \begin{frame}{User story: Use machine!} 677 \begin{figure} 678 \includegraphics[width=0.7\textwidth]{get_snacks.png} 679 \end{figure} 680 \end{frame} 681 682 683 \begin{frame}{Real-world use} 684 \vfill 685 \begin{center} 686 \includegraphics[width=1.0\textwidth]{taler-in-use.png} 687 \end{center} 688 \vfill 689 \end{frame} 690 691 \input zoo.tex 692 \input protocol-basics.tex 693 \input refresh.tex 694 695 \section{Attacks \& Defenses} 696 697 \begin{frame} 698 \vfill 699 \begin{center} 700 \vfill 701 {\bf Attacks \& Defenses} 702 \vfill 703 \end{center} 704 \vfill 705 \end{frame} 706 707 708 \begin{frame}{Key management} 709 Taler has many types of keys: 710 \begin{itemize} 711 \item Coin keys 712 \item Denomination keys 713 \item Online message signing keys 714 \item Offline key signing keys 715 \item Merchant keys 716 \item Auditor key 717 \item Security module keys 718 \item Transfer keys 719 \item Wallet keys 720 \item {\em TLS keys, DNSSEC keys} 721 \end{itemize} 722 \end{frame} 723 724 725 \begin{frame}{Offline keys} 726 Both exchange and auditor use offline keys. 727 \begin{itemize} 728 \item Those keys must be backed up and remain confidential! 729 \item We recommend that computers that have ever had access to those 730 keys to NEVER again go online. 731 \item We recommend using a Raspberry Pi for offline key operations. 732 Store it in a safe under multiple locks. 733 \item Apply full-disk encryption on offline-key signing systems. 734 \item Have 3--5 full-disk backups. 735 \end{itemize} 736 \begin{center} 737 \includegraphics[scale=0.1]{pi.png} 738 \end{center} 739 \end{frame} 740 741 742 \begin{frame}{Online keys} 743 The exchange needs RSA and EdDSA keys to be available for online signing. 744 \begin{itemize} 745 \item Knowledge of these private keys will allow an adversary to 746 mint digital cash, possibly resulting in huge financial losses 747 (eventually, this will be detected by the auditor, but only 748 after some financial losses have been irrevocably incurred). 749 \item The corresponding public keys are certified using 750 Taler's public key infrastructure (which uses offline-only keys). 751 \end{itemize} 752 {\tt taler-exchange-offline} can also be used to {\bf revoke} the 753 online signing keys, if we find they have been compromised. 754 \end{frame} 755 756 757 \begin{frame}{Key architecture} 758 \vfill 759 \begin{center} 760 \includegraphics[width=0.75\textwidth]{taler-diagram-signatures.png} 761 \end{center} 762 \vfill 763 \end{frame} 764 765 766 \begin{frame}{Protecting online keys} 767 The exchange needs RSA and EdDSA keys to be available for online signing. 768 \begin{itemize} 769 \item {\tt taler-exchange-secmod-rsa} and {\tt taler-exchange-secmod-eddsa} 770 are the only processes that must have access to the private keys. 771 \item The secmod processes should run under a different UID, but share 772 the same GID with the exchange. 773 \item The secmods generate the keys, allow {\tt taler-exchange-httpd} to sign with 774 them, and eventually delete the private keys. 775 \item Communication between secmods and {\tt taler-exchange-httpd} is via 776 a UNIX domain socket. 777 \item Online private keys are stored on disk (not in database!) and should 778 NOT be backed up. 779 \end{itemize} 780 \note[item]{If disk is lost, we can always create fresh replacement keys!} 781 \end{frame} 782 783 784 \begin{frame}{Online keys} 785 \begin{itemize} 786 \item The exchange needs $d$ and $w$ to be available for online signing. 787 \item The corresponding public keys $W$ and $(e,n)$ are certified using 788 Taler's public key infrastructure (which uses offline-only keys). 789 \end{itemize} 790 \begin{center} 791 \includegraphics[width=0.5\textwidth]{taler-diagram-signatures.png} 792 \end{center} 793 \vfill 794 \begin{center} 795 {\bf What happens if those private keys are compromised?} 796 \end{center} 797 \vfill 798 \end{frame} 799 800 801 \begin{frame}{Denomination key $(e,n)$ compromise} 802 \begin{itemize} 803 \item An attacker who learns $d$ can sign an arbitrary number of illicit coins 804 into existence and deposit them. 805 \item Auditor and exchange can detect this once the total number of deposits 806 (illicit and legitimate) exceeds the number of legitimate coins the 807 exchange created. 808 \item At this point, $(e,n)$ is {\em revoked}. Users of {\em unspent} 809 legitimate coins reveal $b$ from their withdrawal operation and 810 obtain a {\em refund}. 811 \item The financial loss of the exchange is {\em bounded} by the number of 812 legitimate coins signed with $d$. 813 \end{itemize} 814 \end{frame} 815 816 \begin{frame}{Key rotation} 817 Taler frequently rotates denomination signing keys and 818 deletes $d$ after the signing period of the respective key expires: 819 \begin{center} 820 \includegraphics[width=0.7\textwidth]{taler-diagram-denom-expiration.png} 821 \end{center} 822 \end{frame} 823 824 825 \begin{frame}{Online signing key $W$ compromise} 826 \begin{itemize} 827 \item An attacker who learns $w$ can sign deposit confirmations. 828 \item Attacker sets up two (or more) merchants and customer(s) which double-spend 829 legitimate coins at both merchants. 830 \item The merchants only deposit each coin once at the exchange and get paid once. 831 \item The attacker then uses $w$ to fake deposit confirmations for the double-spent 832 transactions. 833 \item The attacker uses the faked deposit confirmations to complain to the auditor 834 that the exchange did not honor the (faked) deposit confirmations. 835 \end{itemize} 836 \note[item]{The auditor can then detect the double-spending, but cannot tell who is to blame, 837 and (likely) would presume an evil exchange, forcing it to pay both merchants.} 838 \end{frame} 839 840 841 \begin{frame}{Detecting online signing key $W$ compromise} 842 \begin{itemize} 843 \item Merchants are required to {\em probabilistically} report 844 signed deposit confirmations to the auditor. 845 \item Auditor can thus detect exchanges not reporting signed 846 deposit confirmations. 847 \item[$\Rightarrow$] Exchange can rekey if illicit key use is detected, 848 then only has to honor deposit confirmations it already provided 849 to the auditor {\em and} those without proof of double-spending 850 {\em and} those merchants reported to the auditor. 851 \item[$\Rightarrow$] Merchants that do not participate in reporting 852 to the auditor risk their deposit permissions being voided in 853 cases of an exchange's private key being compromised. 854 \end{itemize} 855 \end{frame} 856 857 858 \begin{frame}{Warranting deposit safety} 859 Exchange has {\em another} online signing key $W = wG$: 860 \begin{center} 861 Sends $EdDSA_w(M,H(D),FDH(C))$ to the merchant. 862 \end{center} 863 This signature means that $M$ was the {\em first} to deposit 864 $C$ and that the exchange thus must pay $M$. 865 \vfill 866 \begin{center} 867 Without this, an evil exchange could renege on the deposit 868 confirmation and claim double-spending if a coin were 869 deposited twice, and then not pay either merchant! 870 \end{center} 871 \end{frame} 872 873 874 \begin{frame}{Database} 875 The exchange needs the database to detect double spending. 876 \begin{itemize} 877 \item Loss of the database will allow technically skilled people 878 to double-spend their digital cash, possibly resulting in 879 significant financial losses. 880 \item The database contains total amounts customers withdrew and 881 merchants received, so sensitive private banking data. It 882 must thus not become public. 883 \item The auditor must have a (current) copy. Asynchronous replication 884 should be sufficient. This copy can also serve as an 885 additional (off-site?) backup. 886 \end{itemize} 887 \end{frame} 888 889 890 \begin{frame}{taler-exchange-wirewatch} 891 {\tt taler-exchange-wirewatch} needs credentials to access data about 892 incoming wire transfers from the Nexus. 893 \begin{itemize} 894 \item This tool should run as a separate UID and GID (from 895 {\tt taler-exchange-httpd}). 896 \item It must have access to the Postgres database (SELECT + INSERT). 897 \item Its configuration file contains the credentials to talk to Nexus. 898 \item[$\Rightarrow$] Configuration should be separate from {\tt taler-exchange-httpd}. 899 \end{itemize} 900 \end{frame} 901 902 903 \begin{frame}{taler-exchange-transfer} 904 Only {\tt taler-exchange-transfer} needs credentials to initiate wire 905 transfers using the Nexus. 906 \begin{itemize} 907 \item This tool should run as a separate UID and GID (from 908 {\tt taler-exchange-httpd}). 909 \item It must have access to the Postgres database (SELECT + INSERT). 910 \item Its configuration file contains the credentials to talk to Nexus. 911 \item[$\Rightarrow$] Configuration should be separate from {\tt taler-exchange-httpd}. 912 \end{itemize} 913 \end{frame} 914 915 916 \begin{frame}{libeufin-nexus} 917 libeufin-nexus has to be able to interact with the escrow account of the exchange. 918 \begin{itemize} 919 \item It must have the private keys to sign EBICS/FinTS messages. 920 \item It also has its own local database. 921 \item The Nexus user and database should be kept separate from 922 the other exchange users and the Taler exchange database. 923 \end{itemize} 924 \end{frame} 925 926 927 \begin{frame}{Hardware} 928 General notions: 929 \begin{itemize} 930 \item Platforms with disabled Intel ME \& disabled remote administration are safer. 931 \item VMs are not a security mechanism. Side-channel attacks abound. Avoid running any 932 Taler component in a virtual machine ``for security''. 933 \end{itemize} 934 \end{frame} 935 936 937 \begin{frame}{Operating system} 938 General notions: 939 \begin{itemize} 940 \item It should be safe to run the different Taler components (including Nginx, Nexus 941 and Postgres) all on the same physical hardware (under different UIDs/GIDs). 942 We would separate them onto different physical machines during scale-out, but not 943 necessarily for ``basic'' security. 944 \item Limiting and auditing system administrator access will be crucial. 945 \item We recommend to {\bf not} use any anti-virus. 946 \item We recommend using a well-supported GNU/Linux operating system (such as 947 Debian or Ubuntu). 948 \end{itemize} 949 \end{frame} 950 951 952 \begin{frame}{Network} 953 \begin{itemize} 954 \item We recommend to {\bf not} use any host-based firewall. 955 Taler components can use UNIX domain sockets (or bind to localhost). 956 \item A network-based 957 firewall is not required, but as long as TCP 80/443 are open Taler should 958 work fine. 959 \item Any firewall must be configured to permit connection to Auditor 960 for database synchronization. 961 \item Run Taler exchange behind an Nginx or Apache 962 proxy for TLS termination. 963 \item Use static IP address configurations (IPv4 and IPv6). 964 \item Use DNSSEC with DANE. 965 \item Use \url{https://observatory.mozilla.org}, etc.! 966 \end{itemize} 967 \end{frame} 968 969 970 \input offline.tex 971 972 \input age.tex 973 974 \input oim.tex 975 976 \section{Software development \& deployment} 977 978 \begin{frame} 979 \vfill 980 \begin{center} 981 {\bf Software development \& deployment} 982 \end{center} 983 \vfill 984 \end{frame} 985 986 987 \begin{frame}{Development Infrastructure} 988 \begin{itemize} 989 \item Borg: incremental backup 990 \item Buildbot: CI/CD ({\url https://buildbot.taler.net/}) 991 \item Davical: Caldav group calendar 992 \item Docker: virtualization, packaging 993 \item Git/Gitolite: distributed version control ({\url https://git.taler.net/}) 994 \item Mailman: public e-mail lists ({\url taler@gnu.org/}) 995 \item Mantis: bug tracker ({\url https://bugs.taler.net/}) 996 \item Mattermost: messaging, process management ({\url https://mattermost.taler.net/}) 997 \item Sphinx: documentation generation (HTML, PDF, info, man) ({\url https://docs.taler.net/}) 998 \item Weblate: collaborative AI-supported internationalization ({\url https://weblate.taler.net/}) 999 \end{itemize} 1000 \end{frame} 1001 1002 1003 \begin{frame}{Development Tools} 1004 \begin{itemize} 1005 \item Coverity: static analysis (C/C++) ({\url https://scan.coverity.com/}) 1006 \item GNU recutils: constant registration ({\url https://gana.gnunet.org/}) 1007 \item Twister: fault injection 1008 \item Valgrind: dynamic analysis (C/C++) 1009 \item zzuf: fuzzing 1010 \end{itemize} 1011 \end{frame} 1012 1013 1014 \begin{frame}{Cryptographic dependencies} 1015 \begin{itemize} 1016 \item libargon2 1017 \item libgcrypt 1018 \item libsodium 1019 \end{itemize} 1020 \end{frame} 1021 1022 1023 \begin{frame}{Additional dependencies} 1024 \begin{itemize} 1025 \item libsqlite3 1026 \item libpq / Postgres 1027 \item libjansson 1028 \item libcurl 1029 \item libunistring 1030 \item {\bf GNU libmicrohttpd} 1031 \item {\bf GNUnet} 1032 \end{itemize} 1033 \end{frame} 1034 1035 1036 \begin{frame} 1037 \frametitle{High-level Deployment Recipe} 1038 \dots as a bank 1039 \begin{enumerate} 1040 \item Create an escrow bank account for the exchange with EBICS access 1041 \item Provision offline signing machine 1042 \item Provision two PostgreSQL databases (for libeufin-nexus and exchange) 1043 \item Provision user-facing exchange service and secmod processes 1044 \item Provision libeufin-nexus (connected to escrow account and providing 1045 an internal API to the exchange) 1046 \item Test using the ``taler-wallet-cli`` 1047 \end{enumerate} 1048 \end{frame} 1049 1050 1051 \begin{frame}{Exchange escrow account access} 1052 The Taler exchange needs to communicate with a core banking system \dots 1053 \begin{itemize} 1054 \item to query for transactions into the exchange's escrow account 1055 \item to initiate payments of aggregated Taler deposits to merchants 1056 \end{itemize} 1057 1058 In a Taler deployment, the \emph{Taler Wire Gateway} provides an API to the exchange 1059 for Taler-specific access to the Exchange's escrow account. Multiple implementations 1060 of the Taler Wire Gateway exist: 1061 1062 \begin{itemize} 1063 \item libeufin-bank, a self-contained play money demo bank 1064 \item libeufin-nexus, an adapter to EBICS and other protocols 1065 \item Depolymerizer, an adapter to blockchains 1066 \end{itemize} 1067 \end{frame} 1068 1069 1070 \begin{frame}{libeufin-nexus setup overview} 1071 \framesubtitle{\url{https://docs.taler.net/libeufin/}} 1072 \begin{itemize} 1073 \item Obtain EBICS subscriber configuration (host URL, host ID, user ID, 1074 partner ID) for the bank account 1075 \item Create and back up the key material for the bank connection (contains 1076 EBICS subscriber configuration and private keys) 1077 \item Export key letter and activate subscriber in the EBICS host (physical mail) 1078 \item Confirm connection is active 1079 \item Set up scheduled tasks for ingesting new transactions / sending payment initiations 1080 \end{itemize} 1081 \end{frame} 1082 1083 1084 \begin{frame}{libeufin-nexus limitations at GLS Bank} 1085 The GLS accounts with EBICS access that we have access to have some limitations: 1086 \begin{itemize} 1087 \item SEPA instant credit transfers are not supported yet (by the bank) 1088 \item Erroneous payment initiations are accepted by the GLS EBICS host, 1089 but an error message is later sent only by paper mail (and not reported 1090 by the CRZ download request) 1091 \item Limited access to transaction history (3 months) 1092 \end{itemize} 1093 \end{frame} 1094 1095 1096 1097 \section{Performance} 1098 1099 \begin{frame} 1100 \vfill 1101 \begin{center} 1102 {\bf Performance}\footnote{Joint work with Marco Boss} 1103 \end{center} 1104 \vfill 1105 \end{frame} 1106 1107 1108 \begin{frame} \frametitle{Performance} \framesubtitle{Other Payment Systems} 1109 \centering 1110 \begin{minipage}{0.32\textwidth} 1111 \centering 1112 \visible<1->{Bitcoin}\\\vspace{1em} 1113 \only<1>{? TPS} 1114 \only<2->{4 TPS}\\ 1115 \visible<3->{ 1116 \vspace{2em} 1117 \includegraphics[width=0.2\linewidth]{performance.pdf}\hspace{1em} 1118 \includegraphics[width=0.2\linewidth]{mining.pdf} 1119 } 1120 \end{minipage} 1121 \begin{minipage}{0.32\textwidth} 1122 \centering 1123 \visible<4->{PayPal\\\vspace{1em}193 TPS}\\ 1124 \visible<5->{ 1125 \vspace{2em} 1126 \includegraphics[width=0.2\linewidth]{privacy.pdf} 1127 } 1128 \end{minipage} 1129 \begin{minipage}{0.32\textwidth} 1130 \centering 1131 \visible<6->{Visa\\\vspace{1em}1'667 TPS}\\ 1132 \visible<7->{ 1133 \vspace{2em} 1134 \includegraphics[width=0.2\textwidth]{privacy.pdf} 1135 } 1136 \end{minipage} 1137 \let\thefootnote\relax\footnote{ 1138 \tiny 1139 [06.22]\hspace{3em} 1140 - \href{https://www.researchgate.net/publication/330585021_Analysis_of_the_Possibilities_for_Improvement_of_BlockChain_Technology}{Researchgate} 1141 } 1142 \end{frame} 1143 1144 \begin{frame} \frametitle{Performance} \framesubtitle{CBDC Projects} 1145 \centering 1146 \begin{minipage}{0.32\textwidth} 1147 \centering 1148 \visible<1->{e-Krona (Sweden)\\\vspace{1em}100 TPS}\\ 1149 \visible<2->{ 1150 \vspace{2em} 1151 \includegraphics[width=0.2\linewidth]{performance.pdf}\hspace{1em} 1152 \includegraphics[width=0.2\linewidth]{privacy.pdf} 1153 } 1154 \end{minipage} 1155 \begin{minipage}{0.32\textwidth} 1156 \centering 1157 \visible<3->{e-CNY (China)\\\vspace{1em}10'000 TPS}\\ 1158 \visible<4->{ 1159 \vspace{2em} 1160 \includegraphics[width=0.2\linewidth]{privacy.pdf} 1161 } 1162 \end{minipage} 1163 \begin{minipage}{0.32\textwidth} 1164 \centering 1165 \visible<5->{Project Hamilton (MIT)\\\vspace{1em}1'700'000 TPS}\\ 1166 \visible<6->{ 1167 \vspace{2em} 1168 \includegraphics[width=0.2\textwidth]{privacy.pdf}\hspace{1em} 1169 \includegraphics[width=0.2\textwidth]{applicable.pdf} 1170 } 1171 \end{minipage} 1172 \let\thefootnote\relax\footnote{ 1173 \tiny 1174 [06.22]\hspace{3em} 1175 - \href{https://www.bostonfed.org/-/media/Documents/Project-Hamilton/Project-Hamilton-Phase-1-Whitepaper.pdf}{Bostonfed} 1176 \hspace{3em}- \href{https://www.atlanticcouncil.org/blogs/econographics/a-report-card-on-chinas-central-bank-digital-currency-the-e-cny/}{Atlatic Council} 1177 \hspace{3em}- \href{https://www.riksbank.se/globalassets/media/rapporter/e-krona/2022/e-krona-pilot-phase-2.pdf}{Riksbank} 1178 } 1179 \end{frame} 1180 1181 \note{ 1182 \href{https://www.cleanpng.com/png-computer-icons-privacy-policy-personally-identifia-956152/}{Privacy} 1183 \href{https://icon-library.com/png/116428.html}{Applicability} 1184 \href{https://www.pinclipart.com/pindetail/ibToJmx_vector-performance-icon-clipart/}{Performance} 1185 \href{https://www.clipartmax.com/middle/m2H7G6G6G6b1b1b1_icon-for-mining-clipart-mining-computer-icons-clip-miner-icon-png/}{Mining} 1186 } 1187 1188 1189 \begin{frame}[fragile]\frametitle{Grid'5000} 1190 \begin{multicols*}{2} 1191 \null \vfill 1192 \begin{itemize} 1193 \item <1-> Large-scale flexible testbed 1194 \item <2-> 800 nodes with total 15'000 cores 1195 \item <3-> Bare metal deployments 1196 \item <4-> Fully customizable software stack 1197 \end{itemize} 1198 \vfill \null 1199 \columnbreak 1200 \begin{center} 1201 \includegraphics[width=0.5\linewidth]{g5k.pdf}\\ 1202 \vspace{2em} 1203 \includegraphics[width=0.9\linewidth]{g5k-map.jpg} 1204 \end{center} 1205 \end{multicols*} 1206 \end{frame} 1207 \note{ 1208 Flexible Grossversuchsanlage 1209 } 1210 1211 \begin{frame}\frametitle{Platform Access} 1212 \framesubtitle{jFed - Java Based GUI and CLI} 1213 \begin{figure} 1214 \centering 1215 \includegraphics[width=0.7\textwidth]{jfed.png} 1216 \end{figure} 1217 \end{frame} 1218 1219 %\subsection{Setup} 1220 %\subsectionpage 1221 1222 \begin{frame}\frametitle{Architecture} 1223 \begin{figure} 1224 \centering 1225 \includegraphics[width=0.8\textwidth]{arch.pdf} 1226 \end{figure} 1227 \end{frame} 1228 1229 \begin{frame}\frametitle{Allocate an Experiment} 1230 \only<1>{\begin{figure} 1231 \includegraphics[width=0.9\textwidth]{flow-1} 1232 \end{figure} 1233 } 1234 \only<2>{\begin{figure} 1235 \includegraphics[width=0.9\textwidth]{flow-2} 1236 \end{figure} 1237 } 1238 \only<3>{\begin{figure} 1239 \includegraphics[width=0.9\textwidth]{flow-3} 1240 \end{figure} 1241 } 1242 \only<4>{\begin{figure} 1243 \includegraphics[width=0.9\textwidth]{flow-4} 1244 \end{figure} 1245 } 1246 \end{frame} 1247 1248 1249 \begin{frame}\frametitle{Horizontal Distribution} 1250 \begin{figure} 1251 \centering 1252 \includegraphics[width=0.75\linewidth]{dist-hori-more} 1253 \end{figure} 1254 \end{frame} 1255 1256 1257 \begin{frame}[fragile] \frametitle{Dashboard} 1258 \begin{center} 1259 \movie[poster, width=0.75\textwidth, showcontrols]{ 1260 \includegraphics[width=0.75\textwidth]{white.png}} 1261 {dashboards.mp4} 1262 \end{center} 1263 \end{frame} 1264 1265 1266 \section{Blockchain integration: Project Depolymerization} 1267 1268 \begin{frame} 1269 \vfill 1270 \begin{center} 1271 {\bf Blockchain integration: Project Depolymerization} 1272 \end{center} 1273 \vfill 1274 \end{frame} 1275 1276 1277 \begin{frame}{Blockchain based cryptocurrencies} 1278 \begin{tikzpicture}[remember picture,overlay] 1279 \node (N1)[above right=5mm and 25mm of current page.center] {\includegraphics[width=34mm]{media/news1.png}}; 1280 \node (N0)[below=-3mm of N1] {\includegraphics[width=34mm]{media/news0.png}}; 1281 \node (N2)[below left=-26mm and -2.5mm of N1] {\includegraphics[width=34mm]{media/news2.png}}; 1282 \end{tikzpicture} 1283 \begin{block}{Biggest cryptocurrencies} 1284 \begin{itemize} 1285 \item \textbf{BTC} Bitcoin 1286 \item \textbf{ETH} Ethereum 1287 \end{itemize} 1288 \end{block} 1289 \begin{block}{Common blockchain limitations} 1290 \begin{itemize} 1291 \item \textbf{Delay} block and confirmation delay 1292 \item \textbf{Cost} transaction fees 1293 \item \textbf{Scalability} limited amount of transaction per second 1294 \item \textbf{Ecological impact} computation redundancy 1295 \item \textbf{Privacy} 1296 \item \textbf{Regulatory risk} 1297 \end{itemize} 1298 \end{block} 1299 \end{frame} 1300 1301 \begin{frame}{Taler}{Architecture} 1302 \begin{columns} 1303 \column{0.5\paperwidth} 1304 \begin{tikzpicture}[ 1305 rect/.style={circle, draw=black}, 1306 sym/.style={-stealth, shorten >= 2pt, shorten <= 2pt} 1307 ] 1308 % Taler payment system 1309 \node[rect](1) {Exchange}; 1310 \node[rect,below left=1.5cm and 0.7cm of 1](2) {Customer}; 1311 \node[rect,below right=1.5cm and 0.7cm of 1](3) {Merchant}; 1312 1313 \draw[sym] (1) -- node [midway, above, sloped] {\tiny Withdraw coins} (2); 1314 \draw[sym] (2) -- node [midway, above, sloped] {\tiny Spend coins} (3); 1315 \draw[sym] (3) -- node [midway, above, sloped] {\tiny Deposit coins} (1); 1316 1317 % Settlement layer 1318 \node[left=2cm of 1](E1){}; 1319 \node[right=2cm of 1](E2){}; 1320 \draw[sym] (E1) -- node [midway, above] {\tiny Deposit money} (1); 1321 \draw[sym] (1) -- node [midway, above] {\tiny Withdraw money} (E2); 1322 1323 % Auditor 1324 \node[above= of 1](A){Auditor}; 1325 \draw[sym] (A) -- node [midway, right] {\tiny Verify} (1); 1326 1327 % Separator 1328 \node[below=1mm of E1] (S1S) {}; 1329 \node[below=1mm of E2] (S1E) {}; 1330 \node[above=6mm of E1] (S2S) {}; 1331 \node[above=6mm of E2] (S2E) {}; 1332 1333 \draw[dotted] (S1S) -- (S1E); 1334 \draw[dotted] (S2S) -- (S2E); 1335 1336 \node[below right=-2mm and -1.5mm of S2S] {\tiny{\emph{Settlement Layer}}}; 1337 \node[below right=-2mm and -1.5mm of S1S] {\tiny{\emph{Taler payment system}}}; 1338 \end{tikzpicture} 1339 \column{0.47\paperwidth} 1340 \begin{block}{Settlement layer} 1341 \begin{itemize} 1342 \item For Depolymerization: Blockchain! 1343 \end{itemize} 1344 \end{block} 1345 \begin{block}{Taler payment system} 1346 \begin{itemize} 1347 \item Realtime transactions, 1 RTT 1348 \item Scalable microtransactions 1349 \item Blind signatures (privacy) 1350 \end{itemize} 1351 \end{block} 1352 1353 \end{columns} 1354 \end{frame} 1355 1356 \begin{frame}{Taler}{Blockchain settlement layer} 1357 \begin{center} 1358 \begin{tikzpicture}[ 1359 rect/.style={rectangle, draw=black, minimum width=30mm}, 1360 sym/.style={stealth-stealth, shorten >= 2pt, shorten <= 2pt}, 1361 block/.style={rectangle,draw=black,fill=black!10,minimum size=7mm}, 1362 ] 1363 1364 %% Architecture 1365 \node(Tt){Taler}; 1366 \node[rect,below=0cm of Tt](Tc){Exchange}; 1367 \node[rect,fit={(Tt) (Tc)}](T){}; 1368 1369 \node[rect,below=7mm of Tc](D) {\textbf{Depolymerization}}; 1370 1371 \node[rect,below=7mm of D](Bc){Node}; 1372 \node[below=0cm of Bc](Bt){Blockchain}; 1373 \node[rect,fit={(Bt) (Bc)}](B){}; 1374 1375 \draw[sym] (T) -- (D); 1376 \draw[sym] (D) -- (B); 1377 1378 %% Blockchain 1379 \node[block,right=8mm of B] (1){}; 1380 \node[block,right=4mm of 1] (2){}; 1381 \node[block,right=4mm of 2] (3){}; 1382 \node[block,right=4mm of 3] (4){}; 1383 \node[block,right=4mm of 4] (5){}; 1384 \node[block,right=4mm of 5] (6){}; 1385 \draw[-stealth] (1) -- (2); 1386 \draw[-stealth] (2) -- (3); 1387 \draw[-stealth] (3) -- (4); 1388 \draw[-stealth] (4) -- (5); 1389 \draw[-stealth] (5) -- (6); 1390 1391 \node[left=4mm of 1] (S){}; 1392 \node[right=4mm of 6] (E){}; 1393 \draw[-stealth] (S) -- (1); 1394 \draw[-stealth] (6) -- (E); 1395 1396 %% Taler 1397 \node[block, below right=-7.5mm and 20.5mm of T] (off){Off-chain transactions}; 1398 \node[above=-0.5mm of off] {\includegraphics[height=7mm]{taler-logo-2021-inkscape.pdf}}; 1399 1400 %% Depolymerization 1401 \node[right=11mm of D] {\small{Credit}}; 1402 \node[right=50mm of D] {\small{Debit}}; 1403 \draw[dashed,-stealth] (1.north) |- (off.west); 1404 \draw[dashed,-stealth] (off.east) -| (6.north); 1405 \end{tikzpicture} 1406 \end{center} 1407 \end{frame} 1408 1409 \begin{frame}{Challenges} 1410 \begin{block}{Taler Metadata} 1411 \begin{itemize} 1412 \item Metadata are required to link a wallet to credits and 1413 allow merchant to link deposits to debits 1414 \item Putting metadata in blockchain transactions can be tricky 1415 \end{itemize} 1416 \end{block} 1417 \begin{block}{Blockchain based cryptocurrencies} 1418 \begin{itemize} 1419 \item Blockchain transactions lack finality (fork) 1420 \item Transactions can be stuck for a long time (mempool) 1421 \end{itemize} 1422 \end{block} 1423 \end{frame} 1424 1425 \begin{frame}{Blockchain challenges}{Chain reorganization} 1426 \begin{center} 1427 \begin{tikzpicture}[ 1428 block/.style={rectangle,draw=black,fill=black!10,minimum size=7mm}, 1429 ar/.style={-stealth} 1430 ] 1431 % Common 1432 \node[block](1){}; 1433 \node[block,right=5mm of 1](2){$D_0$}; 1434 \node[block,right=5mm of 2](3){}; 1435 \draw[ar] (1) -- (2); 1436 \draw[ar] (2) -- (3); 1437 1438 % Current 1439 \node [block,right=5mm of 3](4){}; 1440 \node[block,right=5mm of 4](5){}; 1441 \node[block,right=5mm of 5](6){$D_1$}; 1442 \draw[ar] (3) -- (4); 1443 \draw[ar] (4) -- (5); 1444 \draw[ar] (5) -- (6); 1445 1446 % Fork 1447 \node [block,above=7mm of 4](4p){}; 1448 \node[block,right=5mm of 4p](5p){$D_2$}; 1449 \node[block,right=5mm of 5p](6p){}; 1450 \node[block,right=5mm of 6p](7p){}; 1451 \draw[ar] (3.east) -- (4p.west); 1452 \draw[ar] (4p) -- (5p); 1453 \draw[ar] (5p) -- (6p); 1454 \draw[ar] (6p) -- (7p); 1455 1456 % Indication 1457 \node [right=5mm of 7p]{\emph{fork}}; 1458 \node [right=17mm of 6]{\emph{active}}; 1459 \end{tikzpicture} 1460 \end{center} 1461 A fork is when concurrent blockchain states coexist. Nodes will follow 1462 the longest chain, replacing recent blocks if necessary during a 1463 blockchain reorganization. If a deposit transaction disappears from the 1464 blockchain, an irrevocable withdraw transactions would no longer be backed 1465 by credit. 1466 \end{frame} 1467 1468 \begin{frame}{Blockchain challenges}{Stuck transactions} 1469 We want confirmed debits within a limited time frame. 1470 \begin{figure} 1471 \centering 1472 \only<1> { 1473 \begin{tikzpicture}[ 1474 dot/.style={circle,fill,inner sep=1pt,} 1475 ] 1476 \node (I) {\includegraphics[width=\textwidth]{media/fee.png}}; 1477 \node [below left=-2.5mm and -1.5cm of I] (Tx) {\small Tx}; 1478 \node [dot,above=8.4mm of Tx](D) {}; 1479 \draw [dotted,thick] (Tx) -- (D); 1480 \node [left=-4.5cm of Tx] (C) {\small conf}; 1481 \node [dot,above=8.4mm of C](D1) {}; 1482 \draw [dotted,thick] (C) -- (D1); 1483 \end{tikzpicture} 1484 } 1485 \only<2> { 1486 \includegraphics[width=\textwidth]{media/fee_var.png} 1487 \caption{Bitcoin average transaction fee over 6 months {\tiny (ychart)}} 1488 } 1489 \end{figure} 1490 \only<1>{When we trigger a debit with a fee too small, it may not be 1491 confirmed in a timely fashion.} 1492 \only<2>{However, transaction fees are unpredictable.} 1493 \end{frame} 1494 1495 1496 \begin{frame}{Depolymerization}{Architecture} 1497 \begin{center} 1498 \begin{tikzpicture}[ 1499 rect/.style={rectangle, draw=black, minimum height=6mm, minimum width=28mm}, 1500 sym/.style={stealth-stealth, shorten >= 2pt, shorten <= 2pt} 1501 ] 1502 \node[rect](1) {Taler Exchange}; 1503 \node[rect,below=of 1](2) {Wire Gateway}; 1504 \node[rect,right=of 2](3) {PostgreSQL}; 1505 \node[rect,right=of 3](4) {DLT Adapter}; 1506 \node[rect,above=of 4](5) {DLT Full Node}; 1507 1508 \draw[sym] (1) -- node [midway,right] {\tiny HTTP} (2); 1509 \draw[sym] (2) -- node [midway,above] {\tiny SQL} (3); 1510 \draw[sym] (3) -- node [midway,above] {\tiny SQL} (4); 1511 \draw[sym] (4) -- node [midway,left ] {\tiny RPC} (5); 1512 1513 1514 \node[above= 2mm of 1]{\small{\emph{Wire Gateway API}}}; 1515 \node[above= 2mm of 5]{\small{\emph{DLT specific}}}; 1516 \node[above=22mm of 3](T) {}; 1517 \draw[dotted] (3) -- (T); 1518 \end{tikzpicture} 1519 \end{center} 1520 \begin{itemize} 1521 \item Common database to store transactions state and communicate 1522 with notifications 1523 \item Wire Gateway for Taler API compatibility 1524 \item DLT specific adapter 1525 \end{itemize} 1526 \end{frame} 1527 1528 \begin{frame}{Storing metadata}{Bitcoin} 1529 \begin{block}{Bitcoin - Credit} 1530 \begin{itemize} 1531 \item Transactions from code 1532 \item Only 32B + URI 1533 \item \textbf{OP\_RETURN} 1534 \end{itemize} 1535 \end{block} 1536 \begin{block}{Bitcoin - Debit} 1537 \begin{itemize} 1538 \item Transactions from common wallet software 1539 \item Only 32B 1540 \item \textbf{Fake Segwit Addresses} 1541 \end{itemize} 1542 \end{block} 1543 \end{frame} 1544 \begin{frame}{Storing metadata}{Ethereum} 1545 \begin{block}{Smart contract ?} 1546 \begin{itemize} 1547 \item Logs in smart contract is the recommend way {\tiny (ethereum.org)} 1548 \item Expensive (additional storage and execution fees) 1549 \item Avoidable attack surface (error prone) 1550 \end{itemize} 1551 \end{block} 1552 \begin{block}{Custom input format} 1553 Use input data in transactions, usually used to call smart contract, to 1554 store our metadata. 1555 \end{block} 1556 \end{frame} 1557 1558 \begin{frame}{Handling blockchain reorganization} 1559 \begin{center} 1560 \begin{tikzpicture}[ 1561 block/.style={rectangle,draw=black,fill=black!10,minimum size=7mm}, 1562 conf/.style={draw=black!60!green,fill=black!60!green!10}, 1563 nconf/.style={dotted}, 1564 err/.style={draw=black!60!red,fill=black!60!red!10}, 1565 ar/.style={-stealth} 1566 ] 1567 % Common 1568 \node[block,conf](1){}; 1569 \node[block,conf,right=5mm of 1](2){$D_0$}; 1570 \node[block,conf,right=5mm of 2](3){}; 1571 \draw[ar] (1) -- (2); 1572 \draw[ar] (2) -- (3); 1573 1574 % Current 1575 \only<1>{ 1576 \node [block,nconf,right=5mm of 3](4){}; 1577 } 1578 \only<2->{ 1579 \node [block,conf,right=5mm of 3](4){\only<3>{$D_3$}}; 1580 } 1581 \node[block,nconf,right=5mm of 4](5){}; 1582 \node[block,nconf,right=5mm of 5](6){$D_1$}; 1583 \draw[ar] (3) -- (4); 1584 \draw[ar] (4) -- (5); 1585 \draw[ar] (5) -- (6); 1586 1587 % Fork 1588 \only<-2>{ 1589 \node [block,nconf,above=7mm of 4](4p){}; 1590 } 1591 \only<3>{ 1592 \node [block,dashed,err,above=7mm of 4](4p){$D_3'$}; 1593 } 1594 \node[block,nconf,right=5mm of 4p](5p){$D_2$}; 1595 \node[block,nconf,right=5mm of 5p](6p){}; 1596 \node[block,nconf,right=5mm of 6p](7p){}; 1597 \draw[ar] (3.east) -- (4p.west); 1598 \draw[ar] (4p) -- (5p); 1599 \draw[ar] (5p) -- (6p); 1600 \draw[ar] (6p) -- (7p); 1601 1602 % Indication 1603 \node [right=5mm of 7p]{\emph{fork}}; 1604 \node [right=17mm of 6]{\emph{active}}; 1605 \end{tikzpicture} 1606 \end{center} 1607 \only<1>{As small reorganizations are common, Satoshi already recommended to 1608 apply a confirmation delay to handle most disturbances and attacks.} 1609 \only<2>{If a reorganization longer than the confirmation delay happens, 1610 but it did not remove credits, Depolymerizer is safe and automatically 1611 resumes.} 1612 \only<3>{If a fork removed a confirmed debit, an attacker may create a 1613 conflicting transaction. Depolymerizer suspends operation until lost 1614 credits reappear.} 1615 \end{frame} 1616 1617 \begin{frame}{Adaptive confirmation} 1618 \begin{center} 1619 \begin{tikzpicture}[ 1620 block/.style={rectangle,draw=black,fill=black!10,minimum size=7mm}, 1621 conf/.style={draw=black!60!green,fill=black!60!green!10}, 1622 nconf/.style={dotted}, 1623 conft/.style={text=black!60!green}, 1624 confl/.style={draw=black!60!green}, 1625 ar/.style={-stealth} 1626 ] 1627 % Common 1628 \node(0){}; 1629 \node[block,conf,right=5mm of 0](1){}; 1630 \node[block,conf,right=5mm of 1](2){}; 1631 \draw[ar] (0) -- (1); 1632 \draw[ar] (1) -- (2); 1633 1634 % Current 1635 \node[block,conf,right=5mm of 2](3){}; 1636 \node[block,nconf,right=5mm of 3](4){}; 1637 \node[block,nconf,right=5mm of 4](5){}; 1638 \node[block,nconf,right=5mm of 5](6){}; 1639 \draw[ar] (2) -- (3); 1640 \draw[ar] (3) -- (4); 1641 \draw[ar] (4) -- (5); 1642 \draw[ar] (5) -- (6); 1643 1644 % Fork 1645 \node[block,nconf,above=7mm of 3](3p){}; 1646 \node[block,nconf,right=5mm of 3p](4p){}; 1647 \node[block,nconf,right=5mm of 4p](5p){}; 1648 \node[block,nconf,right=5mm of 5p](6p){}; 1649 \node[block,nconf,right=5mm of 6p](7p){}; 1650 \draw[ar] (2.east) -- (3p.west); 1651 \draw[ar] (3p) -- (4p); 1652 \draw[ar] (4p) -- (5p); 1653 \draw[ar] (5p) -- (6p); 1654 \draw[ar] (6p) -- (7p); 1655 1656 % Indication 1657 \node[right=5mm of 7p]{\emph{fork}}; 1658 \node[right=17mm of 6]{\emph{active}}; 1659 1660 % Confirmation 1661 \path (0) -- (1) node[conft,midway, below=6mm] (M) {Max}; 1662 \path (2) -- (3) node[conft,midway, below=6mm] (N) {New}; 1663 \path (3) -- (4) node[conft,midway, below=6mm] (I) {Initial}; 1664 \node[above=25mm of M] (Mp) {}; 1665 \node[above=25mm of N] (Np) {}; 1666 \node[above=25mm of I] (Ip) {}; 1667 \draw[confl,thick,dotted](M) -- (Mp); 1668 \draw[confl](N) -- (Np); 1669 \draw[confl,thick,dotted](I) -- (Ip); 1670 \end{tikzpicture} 1671 \end{center} 1672 If we experience a reorganization once, its dangerously likely for another 1673 one of a similar scope to happen again. Depolymerizer learns from reorganizations 1674 by increasing its confirmation delay. 1675 \end{frame} 1676 1677 1678 1679 \begin{frame}{DLT Adapter}{Architecture} 1680 \begin{block}{Event system} 1681 \begin{itemize} 1682 \item \textbf{Watcher} watch and notify for new blocks with credits 1683 \item \textbf{Wire Gateway} notify requested debits 1684 \item \textbf{Worker} operates on notifications updating state 1685 \end{itemize} 1686 \end{block} 1687 \end{frame} 1688 1689 1690 \begin{frame}{DLT Adapter state machine} 1691 \begin{columns} 1692 \column{0.5\paperwidth} 1693 \begin{figure} 1694 \begin{tikzpicture}[ 1695 rect/.style={rectangle, draw=black, minimum height=6mm, minimum width=50mm}, 1696 ] 1697 1698 \node[rect](wo1) {Wait for notifications}; 1699 \node[rect, below=4mm of wo1](wo2) {Reconcile local DB with DLT}; 1700 \node[rect, below=4mm of wo2](wo3) {Trigger debits}; 1701 \node[rect, below=4mm of wo3](wo4) {Reissue stuck debits}; 1702 \node[rect, below=4mm of wo4](wo5) {Bounce malformed credits}; 1703 \draw[-stealth] (wo1) -- (wo2); 1704 \draw[-stealth] (wo2) -- (wo3); 1705 \draw[-stealth] (wo3) -- (wo4); 1706 \draw[-stealth] (wo4) -- (wo5); 1707 \draw[-stealth] (wo5) .. controls ([xshift=-0.4cm] wo5.west) and ([xshift=-0.4cm] wo1.west) .. (wo1); 1708 \end{tikzpicture} 1709 \caption{Worker loop} 1710 \end{figure} 1711 \column{0.47\paperwidth} 1712 \begin{block}{DLT reconcialisation} 1713 \begin{itemize} 1714 \item List new and removed transactions since last reconciliation 1715 \item Check for confirmed credits removal 1716 \item Register new credits 1717 \item Recover lost debits 1718 \end{itemize} 1719 \end{block} 1720 \end{columns} 1721 \end{frame} 1722 1723 \begin{frame}{Related work} 1724 \begin{block}{Centralization - Coinbase off-chain sending} 1725 \begin{itemize} 1726 \item [$+$] Fast and cheap: off chain transaction 1727 \item [$-$] Trust in Coinbase: privacy, security \& transparency 1728 \end{itemize} 1729 \end{block} 1730 \begin{block}{Layering - Lightning Network} 1731 \begin{itemize} 1732 \item [$+$] Fast and cheap: off-chain transactions 1733 \item [$-$] Requires setting up bidirectional payment channels 1734 \item [$-$] Fraud attempts are mitigated via a complex penalty system 1735 \end{itemize} 1736 \end{block} 1737 \end{frame} 1738 1739 \begin{frame}{Conclusion} 1740 Blockchains can be used as a settlement layer for GNU Taler 1741 with Depolymerizer. 1742 1743 \begin{itemize} 1744 \item [$-$] Trust exchange operator or auditors 1745 \item [$+$] Fast and cheap 1746 \item [$+$] Realtime, ms latency 1747 \item [$+$] Linear scalability 1748 \item [$+$] Ecological 1749 \item [$+$] Privacy when it can, transparency when it must (avoid tax evasion and money laundering) 1750 \end{itemize} 1751 Future work: 1752 \begin{itemize} 1753 \item Universal auditability, using sharded transactions history 1754 \item Smarter analysis, update confirmation delay based on currency network behavior 1755 \item Multisig by multiple operator for transactions validation 1756 \end{itemize} 1757 \end{frame} 1758 1759 1760 \section{Future Work \& Conclusion} 1761 1762 \begin{frame} 1763 \vfill 1764 \begin{center} 1765 {\bf Future Work \& Conclusion} 1766 \end{center} 1767 \vfill 1768 \end{frame} 1769 1770 1771 \begin{frame}{Taler: Project Status} 1772 \framesubtitle{\url{https://docs.taler.net/}} 1773 \begin{itemize} 1774 \item Cryptographic protocols and core exchange component are stable 1775 \item Pilot project at Bern University of Applied Sciences cafeteria 1776 \item Regional currency projects in Switzerland preparing for launch 1777 \item Internal alpha deployment with GLS Bank (Germany) 1778 \end{itemize} 1779 \end{frame} 1780 1781 1782 \begin{frame}{Competitor comparison} 1783 \begin{center} \small 1784 \begin{tabular}{l||c|c|c|c|c} 1785 & Cash & Bitcoin & Zerocoin & Creditcard & GNU Taler \\ \hline \hline 1786 Online &$-$$-$$-$ & ++ & ++ & + & +++ \\ \hline 1787 Offline & +++ & $-$$-$ & $-$$-$ & + & $+$$+$ \\ \hline 1788 Trans. cost & + & $-$$-$$-$ & $-$$-$$-$ & $-$ & ++ \\ \hline 1789 Speed & + & $-$$-$$-$ & $-$$-$$-$ & o & ++ \\ \hline 1790 Taxation & $-$ & $-$$-$ & $-$$-$$-$ & +++ & +++ \\ \hline 1791 Payer-anon & ++ & o & ++ & $-$$-$$-$ & +++ \\ \hline 1792 Payee-anon & ++ & o & ++ & $-$$-$$-$ & $-$$-$$-$ \\ \hline 1793 Security & $-$ & o & o & $-$$-$ & ++ \\ \hline 1794 Conversion & +++ & $-$$-$$-$ & $-$$-$$-$ & +++ & +++ \\ \hline 1795 Libre & $-$ & +++ & +++ & $-$ $-$ $-$& +++ \\ 1796 \end{tabular} 1797 \end{center} 1798 \end{frame} 1799 1800 1801 \begin{frame}{Active collaborations} 1802 \begin{description} 1803 \item {\bf Freie Universit\"at Berlin:} \\ Programmability \& embedded systems 1804 \item {\bf The GNU Project}: \\ Integration into FLOSS software 1805 \item {\bf Fraunhofer Gesellschaft}: \\ Identity management \& SSI \& wallet-to-wallet communication 1806 \item {\bf NGI TALER}: \\ 11 partners deploying GNU Taler across Europe 1807 \end{description} 1808 \end{frame} 1809 1810 1811 \begin{frame}{NGI TALER PILOT} 1812 \framesubtitle{\url{https://taler.net/en/consortium.html}} 1813 1814 \begin{itemize} 1815 \item EU Project started December 2023 to deploy GNU Taler 1816 \item 3 financial institutions (GLS Bank, Magnet Bank, Visual Vest), 1817 2 academic institutions (Berner FH, TU Eindhoven), 3 SMEs (Taler Systems SA, Code Blau GmbH, Petit Singularites), 3 non-profits (NLnet Foundation, E-Seniors Association, Homo Digitalis) 1818 \item $\approx$ \EUR 5M budget over 3 years 1819 \item Objective: {\bf Deploy GNU Taler in Europe} 1820 \end{itemize} 1821 \end{frame} 1822 1823 1824 \begin{frame}{Key NGI PILOT Activities} 1825 \begin{itemize} 1826 \item Integration (core banking, online publishers, e-commerce, public transportation) 1827 \item Compliant (establish compliance processes at each bank) 1828 \item Availability (packaging, porting to more platforms, browsers) 1829 \item Hardware support (offline payments, vending machines) 1830 \item Security audits of code and design 1831 \item Accessible (old people, children, blind users) 1832 \item Future-proof (post-quantum, standardized) 1833 \item Widely known and used (community building, open calls) 1834 \end{itemize} 1835 \end{frame} 1836 1837 1838 \begin{frame}{Launch Timeline} 1839 \begin{description} 1840 \item[Q2'2022] Internal deployment at BFH 1841 % \item[Q1'2023] Deployment using Bitcoin at BFH (running, but not announced) 1842 \item[Q3'2024] Deployment of local currency Netzbon in Basel 1843 \item[Q4'2024] Public deployment of eCHF stablecoin in Switzerland, cleared by FINMA 1844 \item[Q1'2025] GLS bank launches in Eurozone 1845 \item[Q3'2025] Magnet bank launches in Hungary 1846 \end{description} 1847 \end{frame} 1848 1849 1850 \begin{frame}{Other ongoing developments} 1851 \begin{itemize} 1852 \item Privacy-preserving auctions (trading, currency exchange) ({\tt oezguer@taler.net}) 1853 \item Hardware and software support for embedded systems ({\tt mikolai@taler.net}) 1854 \item GNU Name System registry with GNU Taler payments ({\tt schanzen@gnunet.org}) 1855 \item Performance improvements for RSA in FLOSS crypto libraries (NLnet project) 1856 \item Parallel verification of RSA signatures on GPUs (libgpuverify.git) 1857 \item Tax-deductable receipts for donations to charities (donau.git) 1858 \item Unlinkable anonymous subscriptions and discount tokens (merchant.git, branch) 1859 \item Support for illiterate and innumerate users\footnote{Background: \url{https://myoralvillage.org/}} 1860 (not yet funded) 1861 \end{itemize} 1862 \end{frame} 1863 1864 1865 \begin{frame}{How to support?} 1866 \begin{description} 1867 \item[Join:] {\small \url{https://lists.gnu.org/mailman/listinfo/taler}} 1868 \item[Discuss:] {\small \url{https://ich.taler.net/}} 1869 \item[Develop:] \url{https://bugs.taler.net/}, \url{https://git.taler.net/} 1870 \item[Apply:] \url{https://nlnet.nl/propose}, \url{https://nlnet.nl/taler} 1871 \item[Translate:] \url{https://weblate.taler.net/}, \url{translation-volunteer@taler.net} 1872 \item[Integrate:] \url{https://docs.taler.net/} 1873 \item[Donate:] \url{https://gnunet.org/ev} 1874 \item[Partner:] \url{https://taler-systems.com/} 1875 \end{description} 1876 \end{frame} 1877 1878 1879 \begin{frame}{Conclusion} 1880 \begin{center} 1881 {\bf What can we do?} 1882 \end{center} 1883 \vfill 1884 \begin{itemize} 1885 \item{Suffer mass-surveillance enabled by credit card oligopolies with high fees, and} 1886 \item{Engage in arms race with deliberately unregulatable blockchains} 1887 % \item{Enjoy the ``benefits'' of cash \\ 1888 % \hfill \includegraphics[height=0.3\textheight]{atm-rupee.jpg} \hfill} 1889 \end{itemize} 1890 \vfill 1891 \begin{center} 1892 {\bf OR} 1893 \end{center} 1894 \vfill 1895 \begin{itemize} 1896 \item{Establish free software alternative balancing social goals!} 1897 \end{itemize} 1898 \vfill 1899 \end{frame} 1900 1901 1902 \begin{frame} 1903 \frametitle{Do you have any questions?} 1904 \vfill 1905 References: 1906 {\tiny 1907 \begin{enumerate} 1908 \item{Özgür Kesim, Christian Grothoff, Florian Dold and Martin Schanzenbach. 1909 {\em Zero-Knowledge Age Restriction for GNU Taler}. 1910 {\bf 27th European Symposium on Research in Computer Security (ESORICS), 2022}.} 1911 \item{David Chaum, Christian Grothoff and Thomas Moser. 1912 {\em How to issue a central bank digital currency}. 1913 {\bf SNB Working Papers, 2021}.} 1914 \item{Christian Grothoff, Bart Polot and Carlo von Loesch. 1915 {\em The Internet is broken: Idealistic Ideas for Building a GNU Network}. 1916 {\bf W3C/IAB Workshop on Strengthening the Internet Against Pervasive Monitoring (STRINT)}, 2014.} 1917 \item{Jeffrey Burdges, Florian Dold, Christian Grothoff and Marcello Stanisci. 1918 {\em Enabling Secure Web Payments with GNU Taler}. 1919 {\bf SPACE 2016}.} 1920 \item{Florian Dold, Sree Harsha Totakura, Benedikt M\"uller, Jeffrey Burdges and Christian Grothoff. 1921 {\em Taler: Taxable Anonymous Libre Electronic Reserves}. 1922 Available upon request. 2016.} 1923 \item{Eli Ben-Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer and Madars Virza. 1924 {\em Zerocash: Decentralized Anonymous Payments from Bitcoin}. 1925 {\bf IEEE Symposium on Security \& Privacy, 2016}.} 1926 \item{David Chaum, Amos Fiat and Moni Naor. 1927 {\em Untraceable electronic cash}. 1928 {\bf Proceedings on Advances in Cryptology, 1990}.} 1929 \item{Phillip Rogaway. 1930 {\em The Moral Character of Cryptographic Work}. 1931 {\bf Asiacrypt}, 2015.} \label{bib:rogaway} 1932 \end{enumerate} 1933 } 1934 \begin{center} 1935 {\bf Let money facilitate trade; but ensure capital serves society.} 1936 \end{center} 1937 \end{frame} 1938 1939 1940 \begin{frame}{Rights} 1941 \begin{itemize} 1942 \item GNUnet e.V. shared copyrights of their AGPLv3+ licensed code with Taler Systems SA 1943 \item Taler Systems SA holds copyrights to entire GNU Taler code base (AGPLv3+, GPLv3+, 1944 dual-licensing exclusive domain of Taler Systems SA) 1945 \item Taler Systems SA applied for patent on offline payment solution 1946 \item Taler Systems SA holds trademark on ``Taler''. 1947 \item FSF holds trademark on ``GNU'', we are authorized to use ``GNU Taler''. 1948 \item Taler Systems SA owns {\tt taler.net} and {\tt taler-systems.com}. 1949 \end{itemize} 1950 \end{frame} 1951 1952 \section*{References} 1953 \begin{frame}[allowframebreaks]{References} 1954 \bibliographystyle{plain} 1955 \bibliography{ref,extra,rfc,biblio-defqa} 1956 \end{frame} 1957 1958 1959 1960 % This should be last... 1961 \begin{frame}{Acknowledgments} 1962 1963 \begin{minipage}{0.45\textwidth} \ \\ 1964 {\tiny Funded by the European Union (Project 101135475).} 1965 1966 \begin{center} 1967 \includegraphics[width=0.5\textwidth]{../bandera.jpg} 1968 \end{center} 1969 \end{minipage} 1970 \hfill 1971 \begin{minipage}{0.45\textwidth} 1972 {\tiny Funded by SERI (HEU-Projekt 101135475-TALER).} 1973 1974 \begin{center} 1975 \includegraphics[width=0.65\textwidth]{../sbfi.jpg} 1976 \end{center} 1977 \end{minipage} 1978 1979 \vfill 1980 1981 {\tiny 1982 1983 Views and opinions expressed are however those of the author(s) only 1984 and do not necessarily reflect those of the European Union. Neither the 1985 European Union nor the granting authority can be held responsible for 1986 them. 1987 1988 } 1989 \end{frame} 1990 1991 1992 \end{document} 1993 1994 1995 1996 1997 \begin{frame}{Taler {\tt /withdraw/sign}} 1998 % Customer withdrawing coins with blind signatures 1999 % \bigskip 2000 \begin{figure}[th] 2001 \begin{minipage}[b]{0.45\linewidth} 2002 \begin{center} 2003 \begin{tikzpicture}[scale = 0.4, 2004 transform shape, 2005 msglabel/.style = { text = Black, yshift = .3cm, 2006 sloped, midway }, 2007 okmsg/.style = { ->, color = MidnightBlue, thick, 2008 >=stealth }, 2009 rstmsg/.style = { ->, color = BrickRed, thick, 2010 >=stealth } 2011 ] 2012 \node[draw = MidnightBlue, 2013 fill = CornflowerBlue, 2014 minimum width = .3cm, 2015 minimum height = 10cm 2016 ] (h1) at (-4, 0) {}; 2017 \node[draw = MidnightBlue, 2018 fill = CornflowerBlue, 2019 minimum width = .3cm, 2020 minimum height = 10cm 2021 ] (h2) at (4, 0) {}; 2022 \node[above = 0cm of h1] {Wallet}; 2023 \node[above = 0cm of h2] {Exchange}; 2024 2025 \path[->, color = MidnightBlue, very thick, >=stealth] 2026 (-5, 4.5) edge 2027 node[rotate=90, text = Black, yshift = .3cm] {Time} 2028 (-5, -4.5); 2029 \path[okmsg, dashed] 2030 ($(h1.east)+(0, 4.0)+(0, -1.0)$) edge 2031 node[msglabel] {SEPA(RK,A)} 2032 ($(h2.west)+(0, 3.5)+(0, -1.0)$); 2033 \path[okmsg] 2034 ($(h1.east)+(0, -1.0)$) edge 2035 node[msglabel] {POST {\tt /withdraw/sign} $S_{RK}(DK, B_b(C))$} 2036 ($(h2.west)+(0, -1.5)$); 2037 \path[okmsg] 2038 ($(h2.west)+(0, -2.0)$) edge 2039 node[msglabel] {200 OK: $S_{DK}(B_b(C))$)} 2040 ($(h1.east)+(0, -2.5)$); 2041 \path[rstmsg] 2042 ($(h2.west)+(0, -3.5)$) edge 2043 node[msglabel] {402 PAYMENT REQUIRED: $S_{RK}(DK, B_b(C))$)} 2044 ($(h1.east)+(0, -4)$); 2045 \node at (5.3, 0) {}; 2046 \end{tikzpicture} 2047 \end{center} 2048 Result: $\langle c, S_{DK}(C) \rangle$. 2049 \end{minipage} 2050 \hspace{0.5cm} 2051 \begin{minipage}[b]{0.45\linewidth} 2052 \tiny 2053 \begin{description} 2054 \item[$A$] Some amount, $A \ge A_{DK}$ 2055 \item[$RK$] Reserve key 2056 \item[$DK$] Denomination key 2057 \item[$b$] Blinding factor 2058 \item[$B_b()$] RSA-FDH blinding % DK supressed 2059 \item[$C$] Coin public key $C := cG$ 2060 \item[$S_{RK}()$] EdDSA signature 2061 \item[$S_{DK}()$] RSA-FDH signature 2062 \end{description} 2063 \end{minipage} 2064 \end{figure} 2065 \end{frame} 2066 2067 2068 \begin{frame}[t]{Taler {\tt /deposit}} 2069 Merchant and exchange see only the public coin $\langle C, S_{DK}(C) \rangle$. 2070 \bigskip 2071 \begin{figure}[th] 2072 \begin{minipage}[b]{0.45\linewidth} 2073 \begin{center} 2074 \begin{tikzpicture}[scale = 0.4, 2075 transform shape, 2076 msglabel/.style = { text = Black, yshift = .3cm, 2077 sloped, midway }, 2078 okmsg/.style = { ->, color = MidnightBlue, thick, 2079 >=stealth }, 2080 rstmsg/.style = { ->, color = BrickRed, thick, 2081 >=stealth } 2082 ] 2083 \node[draw = MidnightBlue, 2084 fill = CornflowerBlue, 2085 minimum width = .3cm, 2086 minimum height = 10cm 2087 ] (h1) at (-4, 0) {}; 2088 \node[draw = MidnightBlue, 2089 fill = CornflowerBlue, 2090 minimum width = .3cm, 2091 minimum height = 10cm 2092 ] (h2) at (4, 0) {}; 2093 \node[above = 0cm of h1] {Merchant}; 2094 \node[above = 0cm of h2] {Exchange}; 2095 2096 \path[->, color = MidnightBlue, very thick, >=stealth] 2097 (-5, 4.5) edge 2098 node[rotate=90, text = Black, yshift = .3cm] {Time} 2099 (-5, -4.5); 2100 \path[->, color = MidnightBlue, thick, >=stealth] 2101 ($(h1.east)+(0,3)$) edge 2102 node[text = Black, yshift = .3cm, sloped] {POST {\tt /deposit} $S_{DK}(C), S_{c}(D)$} 2103 ($(h2.west)+(0,2)$); 2104 \path[->, color = MidnightBlue, thick, >=stealth] 2105 ($(h2.west)+(0,0.5)$) edge 2106 node[text = Black, yshift = .3cm, sloped] {200 OK: $S_{SK}(S_{c}(D))$} 2107 ($(h1.east)+(0,-0.5)$); 2108 \path[rstmsg] 2109 ($(h2.west)+(0, -2.5)$) edge 2110 node[msglabel] {409 CONFLICT: $S_{c}(D')$} 2111 ($(h1.east)+(0, -3.5)$); 2112 \node at (5.3, 0) {}; 2113 \end{tikzpicture} 2114 \end{center} 2115 \end{minipage} 2116 \hspace{0.5cm} 2117 \begin{minipage}[b]{0.45\linewidth} 2118 \tiny 2119 \begin{description} 2120 \item[$DK$] Denomination key 2121 \item[$S_{DK}()$] RSA-FDH signature using $DK$ 2122 \item[$c$] Private coin key, $C := cG$. 2123 \item[$S_{C}()$] EdDSA signature using $c$ 2124 \item[$D$] Deposit details 2125 \item[$SK$] Exchange's signing key 2126 \item[$S_{SK}()$] EdDSA signature using $SK$ 2127 \item[$D'$] Conficting deposit details $D' \not= D$ 2128 \end{description} 2129 \end{minipage} 2130 \end{figure} 2131 \end{frame} 2132 2133 2134 \begin{frame}{Taler {\tt /refresh/melt}} 2135 \begin{figure}[th] 2136 \begin{minipage}[b]{0.45\linewidth} 2137 \begin{center} 2138 \begin{tikzpicture}[scale = 0.4, 2139 transform shape, 2140 msglabel/.style = { text = Black, yshift = .3cm, 2141 sloped, midway }, 2142 okmsg/.style = { ->, color = MidnightBlue, thick, 2143 >=stealth }, 2144 rstmsg/.style = { ->, color = BrickRed, thick, 2145 >=stealth } 2146 ] 2147 \node[draw = MidnightBlue, 2148 fill = CornflowerBlue, 2149 minimum width = .3cm, 2150 minimum height = 10cm 2151 ] (h1) at (-4, 0) {}; 2152 \node[draw = MidnightBlue, 2153 fill = CornflowerBlue, 2154 minimum width = .3cm, 2155 minimum height = 10cm 2156 ] (h2) at (4, 0) {}; 2157 \node[above = 0cm of h1] {Customer}; 2158 \node[above = 0cm of h2] {Exchange}; 2159 2160 \path[->, color = MidnightBlue, very thick, >=stealth] 2161 (-5, 4.5) edge 2162 node[rotate=90, text = Black, yshift = .3cm] {Time} 2163 (-5, -4.5); 2164 \path[->, color = MidnightBlue, thick, >=stealth] 2165 ($(h1.east)+(0,3)$) edge 2166 node[text = Black, yshift = .3cm, sloped] {POST {\tt /refresh/melt} $S_{DK}(C), S_c({\cal DK}, {\cal T},{\cal B})$} 2167 ($(h2.west)+(0,2)$); 2168 \path[->, color = MidnightBlue, thick, >=stealth] 2169 ($(h2.west)+(0,0.5)$) edge 2170 node[text = Black, yshift = .3cm, sloped] {200 OK: $S_{SK}(H({\cal T}, {\cal B}),\gamma)$} 2171 ($(h1.east)+(0,-0.5)$); 2172 \path[rstmsg] 2173 ($(h2.west)+(0, -2.5)$) edge 2174 node[msglabel] {409 CONFLICT: $S_{C}(X), \ldots$} 2175 ($(h1.east)+(0, -3.5)$); 2176 \node at (5.3, 0) {}; 2177 \end{tikzpicture} 2178 \end{center} 2179 \end{minipage} 2180 \hspace{0.5cm} 2181 \begin{minipage}[b]{0.45\linewidth} 2182 \tiny 2183 \begin{description} 2184 \item[$\kappa$] System-wide security parameter, usually 3. 2185 \\ \smallskip 2186 \item[$\cal DK$] $:= [DK^{(i)}]_i$ \\ List of denomination keys \\ 2187 $D + \sum_i A_{DK^{(i)}} < A_{DK}$ 2188 \item[$t_j$] Random scalar for $j<\kappa$ 2189 \item[${\cal T}$] $:= [T_j]_\kappa$ where $T_j = t_j G$ 2190 \item[$k_j$] $:= c T_j = t_j C$ is an ECDHE 2191 \item[$b_j^{(i)}$] $:= KDF_b(k_j,i)$ % blinding factor 2192 \item[$c_j^{(i)}$] $:= KDF_c(k_j,i)$ % coin secret keys 2193 \item[$C_j^{(i)}$] $: = c_j^{(i)} G$ % new coin publics % keys 2194 \item[${\cal B}$] $:= [H( \beta_j )]_\kappa$ where \\ 2195 $\beta_j := \left[ B_{b_j^{(i)}}(C_j^{(i)}) \right]_i$ 2196 \\ \smallskip 2197 \item[$\gamma$] Random value in $[0,\kappa)$ 2198 % \\ \smallskip 2199 % \item[$X$] Deposit or refresh 2200 \end{description} 2201 \end{minipage} 2202 \end{figure} 2203 \end{frame} 2204 2205 2206 \begin{frame}{Taler {\tt /refresh/reveal}} 2207 \begin{figure}[th] 2208 \begin{minipage}[b]{0.45\linewidth} 2209 \begin{center} 2210 \begin{tikzpicture}[scale = 0.4, 2211 transform shape, 2212 msglabel/.style = { text = Black, yshift = .3cm, 2213 sloped, midway }, 2214 okmsg/.style = { ->, color = MidnightBlue, thick, 2215 >=stealth }, 2216 rstmsg/.style = { ->, color = BrickRed, thick, 2217 >=stealth } 2218 ] 2219 \node[draw = MidnightBlue, 2220 fill = CornflowerBlue, 2221 minimum width = .3cm, 2222 minimum height = 10cm 2223 ] (h1) at (-4, 0) {}; 2224 \node[draw = MidnightBlue, 2225 fill = CornflowerBlue, 2226 minimum width = .3cm, 2227 minimum height = 10cm 2228 ] (h2) at (4, 0) {}; 2229 \node[above = 0cm of h1] {Customer}; 2230 \node[above = 0cm of h2] {Exchange}; 2231 2232 \path[->, color = MidnightBlue, very thick, >=stealth] 2233 (-5, 4.5) edge 2234 node[rotate=90, text = Black, yshift = .3cm] {Time} 2235 (-5, -4.5); 2236 \path[->, color = MidnightBlue, thick, >=stealth] 2237 ($(h1.east)+(0,3)$) edge 2238 node[text = Black, yshift = .3cm, sloped] {POST {\tt /refresh/reveal} $H({\cal T}, {\cal B}), {\tilde{\cal T}}, \beta_\gamma$} 2239 ($(h2.west)+(0,2)$); 2240 \path[->, color = MidnightBlue, thick, >=stealth] 2241 ($(h2.west)+(0,0.5)$) edge 2242 node[text = Black, yshift = .3cm, sloped] {200 OK: $\cal S$} 2243 ($(h1.east)+(0,-0.5)$); 2244 \path[rstmsg] 2245 ($(h2.west)+(0, -2.5)$) edge 2246 node[msglabel] {400 BAD REQUEST: $Z$} 2247 ($(h1.east)+(0, -3.5)$); 2248 \node at (5.3, 0) {}; 2249 \end{tikzpicture} 2250 \end{center} 2251 \end{minipage} 2252 \hspace{0.5cm} 2253 \begin{minipage}[b]{0.45\linewidth} 2254 \tiny 2255 \begin{description} 2256 \item[$\cal DK$] $:= [DK^{(i)}]_i$ 2257 \item[$t_j$] .. \\ \smallskip 2258 2259 \item[$\tilde{\cal T}$] $:= [t_j | j \in \kappa, j \neq \gamma]$ \\ \smallskip 2260 2261 \item[$k_\gamma$] $:= c T_\gamma = t_\gamma C$ 2262 \item[$b_\gamma^{(i)}$] $:= KDF_b(k_\gamma,i)$ 2263 \item[$c_\gamma^{(i)}$] $:= KDF_c(k_\gamma,i)$ 2264 \item[$C_\gamma^{(i)}$] $: = c_\gamma^{(i)} G$ 2265 2266 \item[$B_\gamma^{(i)}$] $:= B_{b_\gamma^{(i)}}(C_\gamma^{(i)})$ 2267 \item[$\beta_\gamma$] $:= \big[ B_\gamma^{(i)} \big]_i$ 2268 \item[$\cal S$] $:= \left[ S_{DK^{(i)}}( B_\gamma^{(i)} ) \right]_i$ \\ \smallskip 2269 2270 \item[$Z$] Cut-and-choose missmatch information 2271 \end{description} 2272 \end{minipage} 2273 \end{figure} 2274 \end{frame} 2275 2276 2277 \begin{frame}{Taler {\tt /refresh/link}} 2278 \begin{figure}[th] 2279 \begin{minipage}[b]{0.45\linewidth} 2280 \begin{center} 2281 \begin{tikzpicture}[scale = 0.4, 2282 transform shape, 2283 msglabel/.style = { text = Black, yshift = .3cm, 2284 sloped, midway }, 2285 okmsg/.style = { ->, color = MidnightBlue, thick, 2286 >=stealth }, 2287 rstmsg/.style = { ->, color = BrickRed, thick, 2288 >=stealth } 2289 ] 2290 \node[draw = MidnightBlue, 2291 fill = CornflowerBlue, 2292 minimum width = .3cm, 2293 minimum height = 10cm 2294 ] (h1) at (-4, 0) {}; 2295 \node[draw = MidnightBlue, 2296 fill = CornflowerBlue, 2297 minimum width = .3cm, 2298 minimum height = 10cm 2299 ] (h2) at (4, 0) {}; 2300 \node[above = 0cm of h1] {Customer}; 2301 \node[above = 0cm of h2] {Exchagne}; 2302 2303 \path[->, color = MidnightBlue, very thick, >=stealth] 2304 (-5, 4.5) edge 2305 node[rotate=90, text = Black, yshift = .3cm] {Time} 2306 (-5, -4.5); 2307 \path[->, color = MidnightBlue, thick, >=stealth] 2308 ($(h1.east)+(0,3)$) edge 2309 node[text = Black, yshift = .3cm, sloped] {POST {\tt /refresh/link} $C$} 2310 ($(h2.west)+(0,2)$); 2311 \path[->, color = MidnightBlue, thick, >=stealth] 2312 ($(h2.west)+(0,0.5)$) edge 2313 node[text = Black, yshift = .3cm, sloped] {200 OK: $T_\gamma$} 2314 ($(h1.east)+(0,-0.5)$); 2315 \path[rstmsg] 2316 ($(h2.west)+(0, -2.5)$) edge 2317 node[msglabel] {404 NOT FOUND} 2318 ($(h1.east)+(0, -3.5)$); 2319 \node at (5.3, 0) {}; 2320 \end{tikzpicture} 2321 \end{center} 2322 \end{minipage} 2323 \hspace{0.5cm} 2324 \begin{minipage}[b]{0.45\linewidth} 2325 \tiny 2326 \begin{description} 2327 \item[$C$] Old coind public key \\ \smallskip 2328 \item[$T_\gamma$] Linkage data $\cal L$ at $\gamma$ 2329 \end{description} 2330 \end{minipage} 2331 \end{figure} 2332 \end{frame} 2333 2334 2335 \begin{frame}{Operational security} 2336 \begin{center} 2337 \resizebox{\textwidth}{!}{ 2338 \begin{tikzpicture}[ 2339 font=\sffamily, 2340 every matrix/.style={ampersand replacement=\&,column sep=2cm,row sep=2cm}, 2341 source/.style={draw,thick,rounded corners,fill=green!20,inner sep=.3cm}, 2342 process/.style={draw,thick,circle,fill=blue!20}, 2343 sink/.style={source,fill=green!20}, 2344 datastore/.style={draw,very thick,shape=datastore,inner sep=.3cm}, 2345 dots/.style={gray,scale=2}, 2346 to/.style={->,>=stealth',shorten >=1pt,semithick,font=\sffamily\footnotesize}, 2347 every node/.style={align=center}] 2348 2349 % Position the nodes using a matrix layout 2350 \matrix{ 2351 \node[source] (wallet) {Wallet}; 2352 \& \node[process] (browser) {Browser}; 2353 \& \node[process] (shop) {Web shop}; 2354 \& \node[sink] (backend) {Taler backend}; \\ 2355 }; 2356 2357 % Draw the arrows between the nodes and label them. 2358 \draw[to] (browser) to[bend right=50] node[midway,above] {(4) signed contract} 2359 node[midway,below] {(signal)} (wallet); 2360 \draw[to] (wallet) to[bend right=50] node[midway,above] {(signal)} 2361 node[midway,below] {(5) signed coins} (browser); 2362 \draw[<->] (browser) -- node[midway,above] {(3,6) custom} 2363 node[midway,below] {(HTTPS)} (shop); 2364 \draw[to] (shop) to[bend right=50] node[midway,above] {(HTTPS)} 2365 node[midway,below] {(1) proposed contract / (7) signed coins} (backend); 2366 \draw[to] (backend) to[bend right=50] node[midway,above] {(2) signed contract / (8) confirmation} 2367 node[midway,below] {(HTTPS)} (shop); 2368 \end{tikzpicture} 2369 } 2370 \end{center} 2371 \end{frame} 2372 2373 2374 \begin{frame}{Use Cases: Refugee Camps} 2375 Today: 2376 \begin{itemize} 2377 \item Non-bankable 2378 \item Direct distribution of goods to population 2379 \item Limited economic activity in camps 2380 \item High level of economic dependence 2381 \end{itemize}\vfill\pause 2382 With GNU Taler: 2383 \begin{itemize} 2384 \item Local currency issued as basic income backed by aid 2385 \item Taxation possible based on economic status 2386 \item Local governance enabled by local taxes 2387 \item Increased economic independence and political participation 2388 \end{itemize} 2389 \end{frame} 2390 2391 2392 \begin{frame}{Use Case: Anti-Spam} 2393 \framesubtitle{Background: \url{https://pep.security/}} 2394 Today, p$\equiv$p provides authenticated encryption for e-mail: 2395 \begin{itemize} 2396 \item Free software 2397 \item Easy to use opportunistic encryption 2398 \item Available for Outlook, Android, Enigmail 2399 \item Spies \& spam filters can no longer inspect content 2400 \end{itemize}\vfill\pause 2401 With GNU Taler: 2402 \begin{itemize} 2403 \item Peer-to-peer payments via e-mail 2404 \item If unsolicited sender, hide messages from user \& 2405 automatically request payment from sender 2406 \item Sender can attach payment to be moved to inbox 2407 \item Receiver may grant refund to sender 2408 \end{itemize} 2409 \end{frame}