The complete design of GNU Taler is comprehensively described in a PhD Thesis by Florian Dold.
When designing GNU Taler, we had the following design goals in mind.
1. Free Software implementation (+)
Free refers to “free as in free speech”, as opposed to “free as in free beer”.
More specifically, the four essential freedoms of free software must
be respected, namely users must have the freedom to (1) run the software,
(2) study and modify it, (3) redistribute copies, and (4) distribute copies of
the modified version.
For merchants this prevents vendor lock-in, as another payment provider can
take over, should the current one provide inadequate quality of service. As
the software of the payment provider itself is free, smaller or disadvantaged
countries or organizations can run the payment system without being
controlled by a foreign company. Customers benefit from this freedom,
as the wallet software can be made to run on a variety of platforms, and
user-hostile features such as tracking or telemetry could easily be removed
from wallet software.
This rules out the mandatory usage of specialized hardware such as smart
cards or other hardware security modules, as the software they run cannot
be modified by the user. These components can, however, be voluntarily
used by merchants, customers or payment processors to increase their
operational security.
2. Protect the privacy of buyers (+)
Privacy should be guaranteed via technical measures, as opposed to mere
policies. Especially with micropayments for online content, a disproportion-
ate amount of rather private data about buyers would be revealed, if the
payment system does not have privacy protections.
In legislations with data protection regulations (such as the recently introduced GDPR in Europe),
merchants benefit from this as well, as
no data breach of customers can happen if this information is, by design,
not collected in the first place. Obviously some private data, such as the
shipping address for a physical delivery, must still be collected according to
business needs.
3. Enable the state to tax income and crack down on illegal business activities (+)
As a payment system must still be legal to operate and use, it must comply
with these requirements. Furthermore, we consider levying of taxes as
beneficial to society.
4. Prevent payment fraud (+)
This imposes requirements on the security of the system, as well as on the
general design, as payment fraud can also happen through misleading user
interface design or the lack of cryptographic evidence for certain processes.
5. Only disclose the minimal amount of information nec-
essary (+)
The reason behind this goal is similar to (2). The privacy of buyers is given
priority, but other parties such as merchants still benefit from it, for example,
by keeping details about the merchant’s financials hidden from competitors.
6. Be usable (+)
Specifically it must be usable for non-expert customers. Usability also
applies to the integration with merchants, and informs choices about the
architecture, such as encapsulating procedures that require cryptographic
operations into an isolated component with a simple API.
7. Be efficient (+)
Approaches such as proof-of-work are ruled out by this requirement. Effi-
ciency is necessary for GNU Taler to be used for micropayments.
8. Avoid single points of failure (+)
While the design we present later is rather centralized, avoiding single
points of failure is still a goal. This manifests in architectural choices such
as the isolation of certain components, and auditing procedures.
9. Foster competition (+)
It must be relatively easy for competitors to join the systems. While the
barriers for this in traditional financial systems are rather high, the technical
burden for new competitors to join must be minimized. Another design
choice that supports this is to split the whole system into smaller compo-
nents that can be operated, developed and improved upon independently,
instead of having one completely monolithic system.
