enabling secure web payments with gnu taler
play

Enabling Secure Web Payments with GNU Taler J. Burdges, F. Dold, C. - PowerPoint PPT Presentation

Feb 16, 2024 •131 likes •715 views

Enabling Secure Web Payments with GNU Taler J. Burdges, F. Dold, C. Grothoff , M. Stanisci Institut National de Recherche en Informatique et en Automatique (Inria) The GNU Project Ashoka Fellow 17.12.2016 I think one of the big things that

  1. Enabling Secure Web Payments with GNU Taler J. Burdges, F. Dold, C. Grothoff , M. Stanisci Institut National de Recherche en Informatique et en Automatique (Inria) The GNU Project Ashoka Fellow 17.12.2016 “I think one of the big things that we need to do, is we need to get a way from true-name payments on the Internet. The credit card payment system is one of the worst things that happened for the user, in terms of being able to divorce their access from their identity.” –Edward Snowden, IETF 93 (2015)

  2. Motivation Modern economies need currency ...

  3. This was a question posed to RAND researchers in 1971: “Suppose you were an advisor to the head of the KGB, the Soviet Secret Police. Suppose you are given the as- signment of designing a system for the surveillance of all citizens and visitors within the boundaries of the USSR. The system is not to be too obtrusive or obvious. What would be your decision?”

  4. This was a question posed to RAND researchers in 1971: “Suppose you were an advisor to the head of the KGB, the Soviet Secret Police. Suppose you are given the as- signment of designing a system for the surveillance of all citizens and visitors within the boundaries of the USSR. The system is not to be too obtrusive or obvious. What would be your decision?” Mastercard/Visa are too transparent.

  5. Bitcoin ◮ Unregulated payment system and currency: ⇒ lack of regulation is a feature! ◮ Implemented in free software ◮ Decentralised peer-to-peer system

  6. Bitcoin ◮ Unregulated payment system and currency: ⇒ lack of regulation is a feature! ◮ Implemented in free software ◮ Decentralised peer-to-peer system ◮ Decentralised banking requires solving Byzantine consensus ◮ Creative solution: tie initial accumulation to solving consensus

  7. Bitcoin ◮ Unregulated payment system and currency: ⇒ lack of regulation is a feature! ◮ Implemented in free software ◮ Decentralised peer-to-peer system ◮ Decentralised banking requires solving Byzantine consensus ◮ Creative solution: tie initial accumulation to solving consensus ⇒ Proof-of-work advances ledger ⇒ Very expensive banking

  8. ? Current average transaction value: ≈ 1000 USD

  9. ? Cryptography is rather primitive: All Bitcoin transactions are public and linkable! ⇒ no privacy guarantees ⇒ enhanced with “laundering” services ZeroCoin, CryptoNote (Monero) and ZeroCash (ZCoin) offer anonymity.

  10. Is society ready for an anarchistic economy?

  11. GNU Taler Digital cash, made socially responsible . Taxable, Anonymous, Libre, Practical, Resource Friendly

  12. Architecture of GNU Taler verify Exchange Auditor withdraw coins deposit coins spend coins Customer Merchant

  13. Usability of Taler https://demo.taler.net/ 1. Install Chrome extension. 2. Visit the bank.demo.taler.net to withdraw coins. 3. Visit the shop.demo.taler.net to spend coins.

  14. Value proposition: Customer ◮ Convenient: pay with one click ◮ Guaranteed: never fear being rejected by false-positives in the fraud detection ◮ Secure: like cash, except no worries about counterfeit ◮ Privacy-preserving: payment requires no personal information ◮ Stable: no currency fluctuations, pay in traditional currencies ◮ Free software: no hidden “gadgets”, third parties can verify

  15. Value proposition: Merchant ◮ Fast: transactions at Web-speed ◮ Secure: signed contracts, no legitimate customer rejected by fraud decection ◮ Free software: competitive pricing and support ◮ Low fees: efficient protocol + no fraud = low costs ◮ Flexible: any currency, any amount ◮ Ethical: no fluctuation risk, no pyramid scheme, not suitable for illegal business ◮ Legal: complies with Regulation (EU) 2016/679 (GDPR) 1 1 Requires privacy by design and data minimization for all data processing in Europe after 25.5.2018.

  16. Value proposition: Government ◮ Free software = commons: no monopoly, preserve independence ◮ Taxabiliy: reduces black markets ◮ Efficiency: high transaction costs hurt the economy ◮ Security: signed contracts, no counterfeit ◮ Audited: no bad banks ◮ Privacy: protection against foreign espionage

  17. Taxability We say Taler is taxable because: ◮ Merchant’s income is visible from deposits. ◮ Hash of contract is part of deposit data. ◮ State can trace income and enforce taxation.

  18. Taxability We say Taler is taxable because: ◮ Merchant’s income is visible from deposits. ◮ Hash of contract is part of deposit data. ◮ State can trace income and enforce taxation. Limitations: ◮ withdraw loophole ◮ sharing coins among family and friends

  19. Merchant Integration: Wallet Detection <script src="taler -wallet -lib.js" ></script > <script > taler.onPresent (() => { alert("Taler�wallet�is�installed"); }); taler.onAbsent (() => { alert("Taler�wallet�is�not�installed"); }); </script >

  20. Merchant Integration: Payment Request HTTP /1.1 402 Payment Required Content-Type : text/html; charset=UTF-8 X-Taler-Contract-Url : https :// shop/ generate-contract /42 <!DOCTYPE html> <html> -- > <!-- fallback for browsers without the Taler extension You do not seem to have Taler installed , here are other payment options ... </html>

  21. Merchant Integration: Contract { "H_wire":" YTH0C4QBCQ10VDNTJN0DCTTV2Z6JHT5NF43F0RQHZ8JYB5NG4W4G ...", "amount":{"currency":"EUR","fraction":1,"value":0}, "auditors":[{" auditor_pub ":"42 V6TH91Q83FB846DK1GW3JQ5E8DS273W4 ..."}], "exchanges":[{" master_pub":"1 T5FA8VQHMMKBHDMYPRZA2ZFK2S63AKF0Y ...", "url":"https :// exchange/"}], "expiry":"/Date (1480119270)/ ", " fulfillment_url ": "https :// shop/article /42? tid =249& time =14714744", "max_fee":{"currency":"EUR","fraction":01,"value":0}, "merchant":{"address":"Mailbox�4242"," jurisdiction ":"Jersey", "name":"Shop�Inc."}, " merchant_pub ":" Y1ZAR5346J3ZTEXJCHQY9NJN78EZ2HSKZK8M0MYTNRJG5N ...", "products":[{ " description ":"Essay:�The�GNU�Project", "price":{"currency":"EUR","fraction":1,"value":0}, " product_id":42,"quantity":1}] , " refund_deadline ":"/Date (1471522470)/ ", "timestamp":"/Date (1471479270)/ ", " transaction_id " :249960194066269 }

  22. How does it work? We use a few ancient constructions: ◮ Cryptographic hash function (1989) ◮ Blind signature (1983) ◮ Schnorr signature (1989) ◮ Diffie-Hellman key exchange (1976) ◮ Cut-and-choose zero-knowledge proof (1985) But of course we use modern instantiations.

  23. Global setup: Pick an Elliptic curve Need: G generator in ECC curve, a point o size of ECC group, o := | G | , o prime Now we can, for example, compute: A = G + G = 2 G B = A + G = 3 G C = cG for c ∈ Z Note: G = ( o + 1) G

  24. Exchange setup: Create a denomination key (RSA) 1. Pick random primes p , q . 2. Compute n := pq , φ ( n ) = ( p − 1)( q − 1) ( p , q ) 3. Pick small e < φ ( n ) such that d := e − 1 mod φ ( n ) exists. 4. Publish public key ( e , n ).

  25. Merchant: Create a signing key (EdDSA) ◮ pick random m mod o as private key m ◮ M = mG public key M Capability: m ⇒ M

  26. Customer: Create a planchet (EdDSA) c ◮ Pick random c mod o private key ◮ C = cG public key 0 Y D Y P 8 T S 8 T 7 Z 7 0 X P G 3 C S D W Z 5 8 2 X 5 N T A D G 8 N Y E G 6 N P 1 6 H 7 5 4 P 5 3 Capability: c ⇒ T 0 Y D Y P S T Z 8 7 8 7 X 0 G 3 P C S D W Z 8 2 5 X 5 N D T A 8 Y G N G 6 E N 1 6 P H 4 5 P 3 5 7

  27. Customer: Blind planchet (RSA) Y D Y 8 T 0 P S 8 Z T 7 7 X 0 P G 3 C S D W Z 8 5 2 X 5 N T A D G 8 Y N G E b N 6 P 1 H 7 5 6 4 P 5 3 1. Obtain public key ( e , n ) 2. Compute m := FDH ( C ), m < n . 3. Pick blinding factor b ∈ Z n b 4. Transmit m ′ := mb e mod n transmit Exchange

  28. Exchange: Blind sign (RSA) b 1. Receive m ′ . 2. Compute s ′ := m ′ d mod n . b 3. Send signature s ′ . transmit Customer

  29. Customer: Unblind coin (RSA) b b 1. Receive s ′ . 2. Compute s := s ′ b − 1 mod n . T 0 Y D Y P S T 8 8 7 Z 7 X 0 P G C 3 S D W Z 8 5 2 X 5 N T A D G 8 N Y G E N P 6 1 6 H 4 P 3 7 5 5

  30. Withdrawing coins on the Web Taler (W ithdraw coins) Bank Site Taler Exchange Customer Browser HTTPS HTTPS wire transfer 1 user authentication 2 send account portal 3 initiate withdrawal (specify amount and exchange) 4 request coin denomination keys and wire transfer data 5 send coin denomination keys and wire transfer data 6 execute withdrawal opt 7 request transaction authorization 8 transaction authorization 9 withdrawal confirmation 10 execute wire transfer 11 withdraw request 12 signed blinded coins 13 unblind coins Customer Browser Bank Site Taler Exchange

  31. Customer: Build shopping cart www transmit Merchant

  32. Merchant: Propose contract (EdDSA) m 1. Complete proposal D . 2. Send D , EdDSA m ( D ) M transmit Customer

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Barclaycard 12 th November 2013 Barclaycard is a leading consumer payments provider, enabling

Barclaycard 12 th November 2013 Barclaycard is a leading consumer payments provider, enabling

Barclaycard 12 th November 2013 Barclaycard is a leading consumer payments provider, enabling consumers to make payments &amp; businesses to take payments Consumers Paying Businesses c.440bn global revenue Consumers Businesses c.280bn

351 views • 14 slides
Cryptocurrencies Outline and Distributed Electronic payments Consensus Secure transactions

Cryptocurrencies Outline and Distributed Electronic payments Consensus Secure transactions

Cryptocurrencies and Distributed Consensus May 2019 Cryptocurrencies Outline and Distributed Electronic payments Consensus Secure transactions Secure execution: contracts PROF. DR. IR. BART PRENEEL COSIC KU LEUVEN, BELGIUM AND IMEC

248 views • 21 slides
From Intent to Action: Nudging Users Towards Secure Mobile Payments Peter Story , Daniel Smullen,

From Intent to Action: Nudging Users Towards Secure Mobile Payments Peter Story , Daniel Smullen,

From Intent to Action: Nudging Users Towards Secure Mobile Payments Peter Story , Daniel Smullen, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, Florian Schaub 1 Experts Advice Users Behavior Low adoption of secure mobile

632 views • 19 slides
Fostering an Enabling Policy Environment for Data-Utilizing Businesses: AI, payments, encryption,

Fostering an Enabling Policy Environment for Data-Utilizing Businesses: AI, payments, encryption,

Fostering an Enabling Policy Environment for Data-Utilizing Businesses: AI, payments, encryption, and accounting/tax services Nigel Cory Associate Director, Trade Policy, ITIF August 23, 2019 @Nigelcory ncory@itif.org @ITIFdc The

377 views • 20 slides
secure payments anywhere Contents Cont ents Who are MPP Global Solutions? eSuite

secure payments anywhere Contents Cont ents Who are MPP Global Solutions? eSuite

secure payments anywhere Contents Cont ents Who are MPP Global Solutions? eSuite Functionality Demonstrations Case Studies Under the Hood Wrapping it up About About MPP G MPP Global lobal Solut Solutions ions MPP are the leading

422 views • 29 slides
Enabling the Aviation CO 2 Allowance Trading Through Secure Market Mechanisms Massimiliano Zanin

Enabling the Aviation CO 2 Allowance Trading Through Secure Market Mechanisms Massimiliano Zanin

Enabling the Aviation CO 2 Allowance Trading Through Secure Market Mechanisms Massimiliano Zanin mz@innaxis.org Secure CO 2 allowance trading :: Introduction Secure CO 2 allowance trading :: Introduction Problem: Computing without trust

598 views • 25 slides
Enabling Secure Ad-hoc Group Collaboration over Bluetooth Scatternets Somil Asthana (

Enabling Secure Ad-hoc Group Collaboration over Bluetooth Scatternets Somil Asthana (

Enabling Secure Ad-hoc Group Collaboration over Bluetooth Scatternets Somil Asthana ( asthana@cse.buffalo.edu ) Dimitris Kalfonos ( dimitris.kalofonos@nokia.com ) Outline Introduction Related Work Motivating User Scenario

302 views • 18 slides
SuperMem: Enabling Application- transparent Secure Persistent Memory with Low Overheads Pengfei

SuperMem: Enabling Application- transparent Secure Persistent Memory with Low Overheads Pengfei

SuperMem: Enabling Application- transparent Secure Persistent Memory with Low Overheads Pengfei Zuo 1,2 , Yu Hua 1 , Yuan Xie 2 1 Huazhong University of Science and Technology, China 2 University of California at Santa Barbara, USA 52nd IEEE/ACM

494 views • 33 slides
More than payments ePassi Payments ePassi mobile payments ePassi Fringe Benefits Sport

More than payments ePassi Payments ePassi mobile payments ePassi Fringe Benefits Sport

More than payments ePassi Payments ePassi mobile payments ePassi Fringe Benefits Sport &amp; Culture 2008 Commuting 2013 Lunch 2014 Wellbeing 2015 General payments Alipay 2016 Siirto 2018

321 views • 17 slides
ENABLING SSH PROTOCOL VISIBILITY IN FLOW MONITORING Wednesday 10 th April, 2019 Pavel ELEDA

ENABLING SSH PROTOCOL VISIBILITY IN FLOW MONITORING Wednesday 10 th April, 2019 Pavel ELEDA

ENABLING SSH PROTOCOL VISIBILITY IN FLOW MONITORING Wednesday 10 th April, 2019 Pavel ELEDA Petr VELAN, Benjamin KRL Ondej KOZK Introduction SSH Secure Shell provides secure connection over an unsecured network remote command-line

543 views • 18 slides
NRCs Advanced Reactors Program Enabling the Safe and Secure Use of Nuclear Materials

NRCs Advanced Reactors Program Enabling the Safe and Secure Use of Nuclear Materials

NRCs Advanced Reactors Program Enabling the Safe and Secure Use of Nuclear Materials Commission Meeting April 24, 2018 Agenda NRCs Advanced Reactors Program Fred Brown Licensing Readiness and Potential Policy Issues

480 views • 25 slides
Snappy Ubuntu Core Enabling secure devices with app stores We are the company behind Ubuntu.

Snappy Ubuntu Core Enabling secure devices with app stores We are the company behind Ubuntu.

Snappy Ubuntu Core Enabling secure devices with app stores We are the company behind Ubuntu. Canonical and Ubuntu | Best of both worlds CANONICAL Ubuntu Commercial backing #1 Linux Desktop for the #1 general purpose Linux OS: #1 Cloud OS

1.41k views • 26 slides
CRA Cyber-Security Collaborative Research Alliance: MACRO: Models for Enabling Continuous

CRA Cyber-Security Collaborative Research Alliance: MACRO: Models for Enabling Continuous

CRA Cyber-Security Collaborative Research Alliance: MACRO: Models for Enabling Continuous Reconfigurability of Secure Missions Prof. Patrick McDaniel Initial Feedback Meeting ARL - Adelphi, MD October 15th, 2013 CRA: Models for Enabling

435 views • 7 slides
UNIFIED PAYMENTS AT A GLANCE DEAR MERCHANT, WELCOME TO UNIFIED PAYMENTS! At Unified Payments,

UNIFIED PAYMENTS AT A GLANCE DEAR MERCHANT, WELCOME TO UNIFIED PAYMENTS! At Unified Payments,

UNIFIED PAYMENTS AT A GLANCE DEAR MERCHANT, WELCOME TO UNIFIED PAYMENTS! At Unified Payments, we strive to make our customers our #1 priority. Running a busi - ness is already complicated enough, we're here to make it easier for you so that

105 views • 9 slides
Goals Enable consumers &amp; enterprises to move to a secure, password free world inclusive

Goals Enable consumers &amp; enterprises to move to a secure, password free world inclusive

Goals Enable consumers &amp; enterprises to move to a secure, password free world inclusive of device unlock, payments, and secure content Develop hardware solutions that meet or exceed customer expectations for seamlessness,

459 views • 27 slides
FEDERAL RESERVE BANK OF CHICAGO 2008 PAYMENTS CONFERENCE PAYMENTS FRAUD: PAYMENTS FRAUD:

FEDERAL RESERVE BANK OF CHICAGO 2008 PAYMENTS CONFERENCE PAYMENTS FRAUD: PAYMENTS FRAUD:

FEDERAL RESERVE BANK OF CHICAGO 2008 PAYMENTS CONFERENCE PAYMENTS FRAUD: PAYMENTS FRAUD: PERCEPTION VS. REALITY Duncan Douglass Partner Partner Alston &amp; Bird LLP 1201 W. Peachtree Street Atlanta, GA 30309-3424 (404) 881-7768

367 views • 7 slides
COVID-19 Survey Data Preliminary Findings Compiled by: Georgia Yee, VP Academic and University

COVID-19 Survey Data Preliminary Findings Compiled by: Georgia Yee, VP Academic and University

COVID-19 Survey Data Preliminary Findings Compiled by: Georgia Yee, VP Academic and University Affairs Shivani Mehta , AVP Academic Morgan Lorenz, AVP University Hannah Edward , Campaigns and Outreach Commissioner Chloei Andres , Policy and

481 views • 27 slides
GARNER FIRE-RESCUE STATION FIVE DISCUSSION POINTS Powered by WHY ARE WE BUILDING A FIRE

GARNER FIRE-RESCUE STATION FIVE DISCUSSION POINTS Powered by WHY ARE WE BUILDING A FIRE

GARNER FIRE-RESCUE STATION FIVE DISCUSSION POINTS Powered by WHY ARE WE BUILDING A FIRE STATION? TOWN OF GARNER INCREASED ITS ETJ 2016/2017 DEVELOPMENT OF 540 JUST SOUTH OF THIS AREA (BRIER CREEK ISSUES) INCREASED DEMAND OF

404 views • 14 slides
Neighbourhoods and the g creation, stability and success of mixed ethnic unions i d th i i

Neighbourhoods and the g creation, stability and success of mixed ethnic unions i d th i i

Neighbourhoods and the g creation, stability and success of mixed ethnic unions i d th i i Zhiqiang Feng Paul Boyle, Maarten van Ham, Gillian Raab 23-25 March UPTAP Workshop 2009 Mixed ethnic unions (MEUs) in Britain Non white

789 views • 35 slides
HOW A PERSONS LOVE LIFE CAN COMPLICATE THEIR ESTATE PLAN A. PAUL FIRUZ PFIRUZ@KHBBLAW.COM

HOW A PERSONS LOVE LIFE CAN COMPLICATE THEIR ESTATE PLAN A. PAUL FIRUZ PFIRUZ@KHBBLAW.COM

HOW A PERSONS LOVE LIFE CAN COMPLICATE THEIR ESTATE PLAN A. PAUL FIRUZ PFIRUZ@KHBBLAW.COM ESTATE PLANNING FOR WASHINGTONIANS OUTLINE 1. Community Property 2. Unmarried Couples &amp; the Committed Intimate Relationship Doctrine 3. Special

641 views • 27 slides
Three Types of Money Creation Haoqian Zhang, Supervised by Prof. Bryan Ford, EPFL Thanks Basescu

Three Types of Money Creation Haoqian Zhang, Supervised by Prof. Bryan Ford, EPFL Thanks Basescu

Three Types of Money Creation Haoqian Zhang, Supervised by Prof. Bryan Ford, EPFL Thanks Basescu Cristina and Marchal Alexis. *Data from numbeo.com This Talk: (1) Money Creation in Modern Economy (2) Cryptocurrency is Different (3)

610 views • 56 slides
GREAT START COLLABORATIVE AND LEGAL SERVICES Legal issues related to different

GREAT START COLLABORATIVE AND LEGAL SERVICES Legal issues related to different

GREAT START COLLABORATIVE AND LEGAL SERVICES Legal issues related to different custody/guardian/kinship care arrangements and much more Janet Welch, Executive Director State Bar of Michigan jwelch@michbar.org State Outcomes Lawyers Can

528 views • 13 slides
L A C ROSSE A REA F AMILY C OLLABORATIVE Presentation for Wisconsin Legislative Childrens

L A C ROSSE A REA F AMILY C OLLABORATIVE Presentation for Wisconsin Legislative Childrens

L A C ROSSE A REA F AMILY C OLLABORATIVE Presentation for Wisconsin Legislative Childrens Caucus March 10 th , 2017 A.Why Our Community Created LAFC T HE U RGENCY TO A CT : F AMILY S TABILITY A rise in child safety issues Number of CPS

576 views • 22 slides
Teekay LNG Partners Q2-2020 Earnings Presentation August 13, 2020 Forward Looking Statement

Teekay LNG Partners Q2-2020 Earnings Presentation August 13, 2020 Forward Looking Statement

Teekay LNG Partners Q2-2020 Earnings Presentation August 13, 2020 Forward Looking Statement This presentation contains forward-looking statements (as defined in Section 21E of the Securities Exchange Act of 1934, as amended) which reflect

371 views • 20 slides

More recommend