[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-marketing] branch master updated: presentation and poster for cla
|
From: |
gnunet |
|
Subject: |
[taler-marketing] branch master updated: presentation and poster for clause schnorr implementation |
|
Date: |
Sun, 13 Feb 2022 22:40:58 +0100 |
This is an automated email from the git hooks/post-receive script.
gian-demarmels pushed a commit to branch master
in repository marketing.
The following commit(s) were added to refs/heads/master by this push:
new c37b69d presentation and poster for clause schnorr implementation
new 5094724 Merge branch 'master' of ssh://git.taler.net/marketing
c37b69d is described below
commit c37b69df4521bdbb2c0f23ab3b11fdf88e38543f
Author: Gian Demarmels <gian@demarmels.org>
AuthorDate: Sun Feb 13 22:40:40 2022 +0100
presentation and poster for clause schnorr implementation
---
.../2022-cs/content/1-goals-projectmgmt.tex | 54 ++
presentations/2022-cs/content/2-preliminaries.tex | 591 +++++++++++++++++++++
.../2022-cs/content/3-protocol-redesign.tex | 162 ++++++
presentations/2022-cs/content/4-implementation.tex | 451 ++++++++++++++++
presentations/2022-cs/content/5-results.tex | 150 ++++++
.../2022-cs/images/architecture-exchange.jpg | Bin 0 -> 156215 bytes
presentations/2022-cs/images/blind-coin.png | Bin 0 -> 46246 bytes
presentations/2022-cs/images/blind-sign.png | Bin 0 -> 42301 bytes
presentations/2022-cs/images/coins.jpg | Bin 0 -> 3473569 bytes
presentations/2022-cs/images/curve25519.png | Bin 0 -> 19747 bytes
presentations/2022-cs/images/cutandchose.png | Bin 0 -> 36172 bytes
presentations/2022-cs/images/dh-lock.png | Bin 0 -> 30442 bytes
presentations/2022-cs/images/diagram-simple.png | Bin 0 -> 94255 bytes
presentations/2022-cs/images/final.JPG | Bin 0 -> 6356992 bytes
presentations/2022-cs/images/gnunet-logo.png | Bin 0 -> 27941 bytes
presentations/2022-cs/images/logo-2021.png | Bin 0 -> 40095 bytes
presentations/2022-cs/images/planchet.png | Bin 0 -> 43808 bytes
.../2022-cs/images/refresh-derive-rsa.png | Bin 0 -> 96819 bytes
presentations/2022-cs/images/refresh-derive.png | Bin 0 -> 111423 bytes
presentations/2022-cs/images/stock1s.jpg | Bin 0 -> 75595 bytes
presentations/2022-cs/images/taler-pki.png | Bin 0 -> 79910 bytes
presentations/2022-cs/images/unblind-coin.png | Bin 0 -> 41342 bytes
presentations/2022-cs/images/withdraw1.png | Bin 0 -> 122407 bytes
presentations/2022-cs/images/withdraw2.png | Bin 0 -> 130780 bytes
.../2022-cs/poster/Plakat Bachelorthesis.pdf | Bin 0 -> 374605 bytes
.../2022-cs/poster/Plakat Bachelorthesis.pptx | Bin 0 -> 3799589 bytes
presentations/2022-cs/presentation.pdf | Bin 0 -> 11137047 bytes
presentations/2022-cs/presentation.tex | 99 ++++
28 files changed, 1507 insertions(+)
diff --git a/presentations/2022-cs/content/1-goals-projectmgmt.tex
b/presentations/2022-cs/content/1-goals-projectmgmt.tex
new file mode 100644
index 0000000..e19be26
--- /dev/null
+++ b/presentations/2022-cs/content/1-goals-projectmgmt.tex
@@ -0,0 +1,54 @@
+\section{\faIcon{flag-checkered} Goals \& Project Management}
+
+\begin{frame}{\faIcon{flag-checkered} Motivation}
+ %TODO: Page should be more motivating!!
+ \begin{itemize}
+ \item \faIcon{feather} Elliptic curve cryptography allows smaller keys
+ \item \faIcon{bolt} Leads to huge performance benefits
+ \item \faIcon{lock} Cipher agility % Taler nicht abhängig von einem
Schema, macht Taler Protokolle stabiler und unabhängiger
+ \item \faIcon{newspaper} Recent topic
+ \end{itemize}
+ % Recent topic - Bitcoin added support for Schnorr signatures in 2021
+\end{frame}
+
+\begin{frame}{\faIcon{flag-checkered} Goals}
+ Our goal is to add support for Schnorr's Blind Signature scheme to GNU
Taler.\newline
+ \begin{itemize}
+ \item \faIcon{glasses} Analyze current state of research
+ \item \faIcon{pencil-alt} Redesign Taler's protocols
+ \item \faIcon{code} Implementation of redesigned protocols
+ \item \faIcon{eye} Comparison with RSA Blind Signatures
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}{\faIcon{project-diagram} Project Management}
+ \begin{columns}[T] % align columns
+ \begin{column}{.48 \textwidth}
+ Project Management:
+ \begin{itemize}
+ \item Waterfall vs. Agile % Explain that we used waterfall on
a high-level and agile on proposal or on
+ \item Project Analysis % SWOT, requirements
+ \item ClickUp with Kanban-Boards and Gantt-Chart % Git für
Thesis, deliverables etc.
+ \item Git to manage code and deliverables
+ \item Markdown notes for meetings, thoughts, etc.
+ \end{itemize}
+ \end{column}%
+ \hfill%
+ \begin{column}{.48\textwidth}
+ Project Phases:
+ \begin{itemize}
+ \item Phase 1: Initiation
+ \item Phase 2: Planning
+ \item Phase 3: Execution
+ \begin{itemize}
+ \item a) Design Phase
+ \item b) Specification Phase
+ \item c) Implementation Phase
+ \end{itemize}
+ \item Phase 4: Discussion
+ \item Phase 5: Closure
+ \end{itemize}
+ \end{column}%
+ \end{columns}
+\end{frame}
diff --git a/presentations/2022-cs/content/2-preliminaries.tex
b/presentations/2022-cs/content/2-preliminaries.tex
new file mode 100644
index 0000000..877a1ac
--- /dev/null
+++ b/presentations/2022-cs/content/2-preliminaries.tex
@@ -0,0 +1,591 @@
+\section{\faIcon{coins} Preliminaries}
+% Taler Intro, protocols
+
+% abort-idempotency, Blind Signatures, HKDF, CS scheme, ROS problem Chap 3
+\begin{frame}{\faIcon{coins} GNU Taler Overview}
+ \framesubtitle{A privacy-preserving, fast and intuitive payment system}
+ % Protokolle (achtung Flughöhe, Zeit)
+ \begin{columns}[c] % align columns
+ \begin{column}{.48\textwidth}
+ \includegraphics[width=6.3cm]{images/diagram-simple.png}
+ \end{column}%
+ \hfill%
+ \begin{column}{.48\textwidth}
+ Taler Components
+ \begin{itemize}
+ \item \faIcon{piggy-bank} Exchange \\
+ Payment service provider between customer and merchant
+ \item \faIcon{shopping-basket} Merchant \\
+ Accepts payments with Taler in exchange for goods and
services
+ \item \faIcon{wallet} Wallet \\
+ A customer holds coins in his electronic wallet
+ \item \faIcon{eye} Auditor \\
+ The auditors (financial regulators) monitor the
exchanges behaviour
+ \end{itemize}
+ \end{column}%
+ \end{columns}
+ {\tiny graphics source: \url{https://taler.net/images/diagram-simple.png}}
+\end{frame}
+
+\begin{frame}{\faIcon{coins} GNU Taler properties}
+ % Important because our redesigned protocols need to fulfill all of them!
+ % Income Transparency
+ \begin{columns}[T] % align columns
+ \begin{column}{.48\textwidth}
+ Properties:
+ \begin{itemize}
+ \item \faIcon{hand-holding-heart} Free Software
+ \item \faIcon{user-secret} Buyer Privacy Protection
+ \item \faIcon{coins} Merchant Taxability
+ \item \faIcon{eye} Auditability - Income Transparency %
Compliant to regulations AML/CFT/KYC
+ \item \faIcon{shield-alt} Prevent payment fraud
+ \end{itemize}
+ \end{column}
+ \hfill
+ \begin{column}{.48\textwidth}
+ \begin{itemize}
+ \item \faIcon{user-shield} Privacy by design
+ \item \faIcon{user} Easy to use
+ \item \faIcon{bolt} Efficient - Even more efficient with our
improvements! \faIcon{rocket}
+ \item \faIcon{anchor} Fault-tolerant design
+ \item \faIcon{briefcase} Foster competition
+ \end{itemize}
+ \end{column}
+ \end{columns}
+ \vspace{1cm}
+ {\scriptsize More details on \url{https://taler.net/en/principles.html}}
+\end{frame}
+
+\begin{frame}{\faIcon{code} Abort-Idempotency}
+
+ \begin{itemize}
+ \item \textbf{Idempotency}
+ \\ Idempotency ensures that the state of a system will not
change, no matter how many times the same request was made.
+ \\In other words: The same request will receive the same
response.\\
+ \item \textbf{Abort-Idempotency}
+ \\ Abort-Idempotency also ensures Idempotency in every abort
scenario.
+ \end{itemize}
+\end{frame}
+
+% \begin{frame}{\faIcon{coins} Taler PKI}
+% \begin{center}
+% \includegraphics[width=11cm]{images/taler-pki.png}
+% \end{center}
+% {\tiny graphics source:
\url{https://taler.net/papers/thesis-dold-phd-2019.pdf}}
+% \end{frame}
+
+
+\begin{frame}{\faIcon{coins} HKDF RFC5869}
+ %Can be used as PRNG
+ \framesubtitle{The HMAC-based Extract-and-Expand Key Derivation Function}
+ \begin{itemize}
+ \item HKDF can be used as a pseudo-random function, a deterministic
function whose output appears to be random
+ \item follows the \textbf{extract-then-expand} paradigm
+ \item A fixed-length high-entropy key $K$ is \textbf{extracted} from
potentially weaker input keying material
+ \item The key $K$ is then \textbf{expanded} to output a
variable-length, pseudo-random key
+ %\item HKDF makes use of HMAC instantiated with a hash function
together with a salt, the input keying material, output length and optional info
+ \end{itemize}
+
+\end{frame}
+
+\begin{frame}{\faIcon{coins} Curve25519}
+ \begin{columns}[T] % align columns
+ \begin{column}{.48\textwidth}
+ Curve25519:
+ \begin{itemize}
+ \item Curve25519 is a Montgomery-Curve over prime field
$2^{255} - 19$
+ \item Provides 128 bits of security
+ \item Well-known and trusted
+ \item Good choice in terms of security \& speed
+ \end{itemize}
+ Alternatives:
+ \begin{itemize}
+ \item Curve448-Goldilocks
+ \item Secp256k1 ("Bitcoin curve")
+ \end{itemize}
+ \end{column}%
+ \hfill%
+ \begin{column}{.48\textwidth}
+ \begin{figure}
+ \includegraphics[width=6.3cm]{images/curve25519.png}
+ \caption{\footnotesize Abbild der elliptischen Kurve $y2 = x3
+ 486662x2 + x $}
+ \end{figure}
+ \end{column}%
+ \end{columns}
+ {\vspace{1cm}\tiny graphics source:
\url{https://heise.cloudimg.io/v7/_www-heise-de_/imgs/18/1/4/5/9/6/8/9/curve25519-5b8d94dd2448661c.png}}
+\end{frame}
+
+\begin{frame}{\faIcon{coins} EdDSA}
+ \begin{columns}[c] % align columns
+ \begin{column}{.48\textwidth}
+ \begin{itemize}
+ \item The coin is a EdDSA keypair
+ \item Uses Curve25519
+ \item Public key is the planchet to be signed by the exchange
+ \item The coin can be spent by signing a contract with the
coin's private key
+ \end{itemize}
+ \end{column}%
+ \hfill%
+ \begin{column}{.48\textwidth}
+ \begin{center}
+ \includegraphics[height=4cm]{images/planchet.png}
+ \end{center}
+ \end{column}%
+ \end{columns}
+ {\vspace{1cm}\tiny graphics source:
\url{https://git.taler.net/marketing.git/plain/presentations/comprehensive/main.pdf}}
+\end{frame}
+
+\begin{frame}{\faIcon{coins} Blind Signatures}
+ % Was ist eine blinde Signatur?
+ % Was bringen einem blinde Signaturen?
+ % Zentral für Taler
+ % Privacy preserving
+ \framesubtitle{RSA Blind Signatures in Taler}
+ \begin{columns}[t]
+ \begin{column}{.33\textwidth}
+ \begin{center}
+ Customer:\\
+ \includegraphics[width=2.6cm]{images/blind-coin.png}
+ \end{center}
+ \end{column}
+ \begin{column}{.33\textwidth}
+ \begin{center}
+ Exchange:
+ \includegraphics[width=3cm]{images/blind-sign.png}
+ \end{center}
+ \end{column}
+ \begin{column}{.33\textwidth}
+ \begin{center}
+ Customer:
+ \includegraphics[width=3cm]{images/unblind-coin.png}
+ \end{center}
+ \end{column}
+ \end{columns}
+ \vspace{0.8cm}
+ {\tiny graphics source:
\url{https://git.taler.net/marketing.git/plain/presentations/comprehensive/main.pdf}}
+ % RSA blind signature scheme (, Nachteile von RSA)
+\end{frame}
+
+\begin{frame}{\faIcon{coins} RSA Blind Signatures}
+ \begin{center}
+ \resizebox{0.8\textwidth}{!}{\begin{minipage}{\textwidth}
+ \begin{figure}
+ \begin{equation*}
+ \begin{array}{ l c l }
+ \text{Alice} & & \text{Bob}
+ \\ \text{knows:} & & \text{knows:}
+ \\ \text{RSA public key } D_B = e, N & & \text{RSA
keys } d_B, D_B
+ \\ \text{message } m & &
+ \\ & &
+ \\ f = FDH(m) & &
+ \\ & &
+ \\ \text{blind:} & &
+ \\ r \leftarrow random \in \mathbb{Z}_N^* & &
+ \\ f' = f*r^{e} \mod N & &
+ \\ & \xrightarrow[\rule{2.5cm}{0pt}]{f'} &
+ \\ & & \text{sign:}
+ \\ & & s' = (f')^{d_B} \mod N
+ \\ & \xleftarrow[\rule{2.5cm}{0pt}]{s'} &
+ \\ \text{unblind:}& &
+ \\ s = s'*r^{-1} & &
+ \end{array}
+ \end{equation*}
+ \end{figure}
+ \end{minipage}}
+ \end{center}
+\end{frame}
+
+\begin{frame}{\faIcon{coins} Schnorr Signature Scheme}
+ \begin{center}
+ \resizebox{0.83\textwidth}{!}{\begin{minipage}{\textwidth}
+ \begin{figure}
+ \begin{equation*}
+ \begin{array}{ l c l }
+ % preliminaries
+ \text{User} & & \text{Signer}
+ \\ \text{knows:} & \text{public parameters:} &
\text{knows:}
+ \\ \text{public key } X & \langle p, \mathbb{G},
G, H\rangle & \text{private signing key } x, X := xG
+ \\ & & r \leftarrow random \in \mathbb{Z}_p
+ \\ & & R := rG
+ \\ & \xleftarrow[\rule{2.5cm}{0pt}]{R} &
+ \\ c := H(R,m)
+ \\ & \xrightarrow[\rule{2.5cm}{0pt}]{c} &
+ \\ & & s := r + cx \mod p
+ \\ & \xleftarrow[\rule{2.5cm}{0pt}]{s} &
+ \\ \text{check } sG = R + cX
+ \\ \sigma := \langle R,s \rangle
+ \end{array}
+ \end{equation*}
+ \end{figure}
+ \end{minipage}}
+ \end{center}
+\end{frame}
+
+\begin{frame}{\faIcon{coins} The (broken) Blind Schnorr Signature Scheme}
+ \begin{center}
+ \resizebox{0.83\textwidth}{!}{\begin{minipage}{\textwidth}
+ \begin{figure}[htp]
+ \begin{equation*}
+ \begin{array}{ l c l }
+ % preliminaries
+ \text{User} & & \text{Signer}
+ \\ \text{knows:} & \text{public parameters:} &
\text{knows:}
+ \\ \text{public key } X & \langle p, \mathbb{G},
G, H\rangle & \text{private signing key } x, X := xG
+ \\ & & r \leftarrow random \in \mathbb{Z}_p
+ \\ & & R := rG
+ \\ & \xleftarrow[\rule{2.5cm}{0pt}]{R} &
+ \\ \alpha, \beta \leftarrow random \in \mathbb{Z}_p
+ \\ R' := R + \alpha G + \beta X
+ \\ c' := H(R',m)
+ \\ c := c' + \beta \mod p
+ \\ & \xrightarrow[\rule{2.5cm}{0pt}]{c} &
+ \\ & & s := r+cx \mod p
+ \\ & \xleftarrow[\rule{2.5cm}{0pt}]{s} &
+ \\ \text{check } sG = R + cX
+ \\ s' := s + \alpha \mod p
+ \\ \sigma := \langle R',s' \rangle
+ \end{array}
+ \end{equation*}
+ \end{figure}
+ \end{minipage}}
+ \end{center}
+\end{frame}
+
+\begin{frame}{\faIcon{coins} ROS problem - (informally)}
+ \framesubtitle{Random inhomogeneities in an Overdetermined, Solvable
system of linear
+ equations}
+ \begin{columns}[T] % align columns
+ \begin{column}{.48\textwidth}
+ ROS problem:
+ \begin{itemize}
+ \item ROS depends on group order $p$, parameterized with
integer $\ell$
+ \item An adversary can produce $\ell + 1$ valid signatures
after $\ell > \log_2(p)$ parallel sessions by solving a linear equation system
+ \item $ \sum_{j=1}^{\ell} \rho_{i,j} c_j =
H_{ros}(\overrightarrow{p}_i), i \in [\ell + 1]$
+ \item There exist a polynomial-time attack against $ROS_\ell$
when $\ell > \log_2(p)$
+ \end{itemize}
+ \end{column}%
+ \hfill%
+ \begin{column}{.48\textwidth}
+ Modified ROS:
+ \begin{itemize}
+ \item Does not apply to the modified ROS problem
+ \item Queries oracle with two vectors instead of one
+ \item The signer returns a signature by randomly flipping a
bit $b$
+ \item Only the $c_b$ is signed and returned
+ \item An adversary would need to commit to $c_b$ before
learning about $b$
+ \end{itemize}
+ \end{column}%
+ \end{columns}
+ \vspace{1cm}
+ {\tiny See: Blind Schnorr Signatures and Signed ElGamal Encryption in the
Algebraic Group Model} {\tiny (\url{https://eprint.iacr.org/2019/877.pdf})\\}
+ {\tiny See: On the (in)security of ROS }
+ {\tiny (\url{https://eprint.iacr.org/2020/945})}
+\end{frame}
+
+\begin{frame}{\faIcon{coins} Clause Blind Schnorr Signature Scheme}
+ \begin{center}
+ \resizebox{0.65\textwidth}{!}{\begin{minipage}{\textwidth}
+ \begin{figure}
+ \begin{equation*}
+ \begin{array}{ l c l }
+ % preliminaries
+ \text{User} & & \text{Signer}
+ \\ \text{knows:} & \text{public parameters:} &
\text{knows:}
+ \\ \text{public key } X & \langle p, \mathbb{G},
G, H\rangle & \text{private signing key } x, X := xG
+ \\ & & r_0, r_1 \leftarrow random \in \mathbb{Z}_p
+ \\ & & R_0 := r_0G
+ \\ & & R_1 := r_1G
+ \\ & \xleftarrow[\rule{2.5cm}{0pt}]{R_0, R_1} &
+ \\ \alpha_0, \alpha_1, \beta_0, \beta_1 \leftarrow
random \in \mathbb{Z}_p
+ \\ R_0' := R_0 + \alpha_0 G + \beta_0 X
+ \\ R_1' := R_1 + \alpha_1 G + \beta_1 X
+ \\ c_0' := H(R_0',m)
+ \\ c_1' := H(R_1',m)
+ \\ c_0 := c_0' + \beta_0 \mod p
+ \\ c_1 := c_1' + \beta_1 \mod p
+ \\ & \xrightarrow[\rule{2.5cm}{0pt}]{c_0, c_1} &
+ \\ & & b \leftarrow random \in \{ 0,1\}
+ \\ & & s := r_b+c_bx \mod p
+ \\ & \xleftarrow[\rule{2.5cm}{0pt}]{b, s} &
+ \\ \text{check } sG = R + cX
+ \\ s' := s + \alpha_b \mod p
+ \\ \sigma := \langle R_b',s' \rangle
+ \end{array}
+ \end{equation*}
+ \end{figure}
+ \end{minipage}}
+ \end{center}
+\end{frame}
+
+\begin{frame}{\faIcon{coins} Taler Protocols}
+ \begin{columns}[T] % align columns
+ \begin{column}{.25\textwidth}
+ Protocols:
+ \begin{itemize}
+ \item \faIcon{money-bill-alt} Withdrawal
+ \item \faIcon{sync-alt} Refresh
+ \item \faIcon{shopping-bag} Spend
+ \item \faIcon{piggy-bank} Deposit
+ \item \faIcon{gift} Tipping
+ \item \faIcon{hand-holding-usd} Payback
+ \item \faIcon{undo} Recoup
+ \end{itemize}
+ \end{column}%
+ \hfill%
+ \begin{column}{.60\textwidth}
+ \includegraphics[width=6.3cm]{images/diagram-simple.png}
+ {\\\tiny graphics source:
\url{https://taler.net/images/diagram-simple.png}}
+ \end{column}%
+ \end{columns}
+\end{frame}
+
+\begin{frame}{\faIcon{coins} Withdrawal Protocol}
+ \begin{center}
+ \resizebox{0.64\textwidth}{!}{\begin{minipage}{\textwidth}
+ \begin{figure}[htp]
+ \begin{equation*}
+ \resizebox{1.0\textwidth}{!}{$\displaystyle
+ \begin{array}{ l c l }
+ \text{Customer} & & \text{Exchange}
+ \\ \text{reserve keys } w_s, W_p & &
\text{reserve public key } W_p
+ \\ \text{denomination public key } D_p =
e, N & & \text{denomination keys } d_s, D_p
+ \\ & &
+ \\\text{generate coin key pair:} & &
+ \\ c_s, C_p \leftarrow Ed25519.KeyGen() & &
+ \\ \text{blind:} & &
+ \\ r \leftarrow random \in \mathbb{Z}_N^*
& &
+ \\ m' = \text{FDH}(N, C_p)*r^{e} \mod N & &
+ \\ \text{sign with reserve private key:} &
&
+ \\ \rho_W = D_p, m' & &
+ \\ \sigma_W = \text{Ed25519.Sign}(w_s,
\rho_W) & &
+ \\ & \xrightarrow[\rule{2.5cm}{0pt}]{\rho
= W_p, \sigma_W, \rho_W} &
+ \\ & & \text{verify if denomination public
key}
+ \\ & & \text{is valid}
+ \\ & & \text{check }
\text{Ed25519.Verify}(W_p, \rho_W, \sigma_W)
+ \\ & & \text{decrease balance if
sufficient}
+ \\ & & \text{sign:}
+ \\ & & \sigma'_c = (m')^{d_s} \mod N
+ \\ &
\xleftarrow[\rule{2.5cm}{0pt}]{\sigma'_c} &
+ \\ \text{unblind:}& &
+ \\ \sigma_c = \sigma'_c*r^{-1} & &
+ \\ \text{verify signature:}& &
+ \\ \text{check } \sigma_c^{e} =
\text{FDH}(N, C_p) & &
+ \\ \text{resulting coin: } c_s, C_p,
\sigma_c, D_p & &
+ \end{array}$
+ }
+ \end{equation*}
+ \end{figure}
+ \end{minipage}}
+ \end{center}
+\end{frame}
+
+
+\begin{frame}{\faIcon{coins} Refresh Protocol - DH-Lock}
+ \begin{columns}[c] % align columns
+ \begin{column}{.48\textwidth}
+ Diffie-Hellman Lock:
+ \begin{itemize}
+ \item keypairs $C = cG$ and $T = tG$
+ \item Both keys can unlock the lock: $k = tC = cT$
+ \end{itemize}
+ \begin{center}
+ \includegraphics[width=2.6cm]{images/dh-lock.png}
+ \end{center}
+ \end{column}%
+ \hfill%
+ \begin{column}{.48\textwidth}
+ \includegraphics[width=5cm]{images/refresh-derive-rsa.png}
+ \end{column}%
+ \end{columns}
+ {\vspace{0.2cm}\tiny graphics source:
\url{https://git.taler.net/marketing.git/plain/presentations/comprehensive/main.pdf}}
+\end{frame}
+
+\begin{frame}{\faIcon{coins} Refresh Protocol - Cut and Choose}
+ \begin{itemize}
+ \item Customer sets up $k$ DH-Locks
+ \item Exchange sends back random $\gamma \in \{1,\dots,k\}$
+ \item Customer reveals transfer private keys, except $t_\gamma$
+ \item Exchange can detect fraud attempts with a probability of $1/k$
+ \end{itemize}
+ \begin{center}
+ \includegraphics[width=7cm]{images/cutandchose.png}
+ \end{center}
+ {\vspace{-0.2cm}\tiny graphics source:
\url{https://git.taler.net/marketing.git/plain/presentations/comprehensive/main.pdf}}
+\end{frame}
+
+\begin{frame}{\faIcon{coins} Refresh Protocol Commit Phase}
+ \begin{columns}[c] % align columns
+ \begin{column}{.43\textwidth}
+ \begin{itemize}
+ \item Customer creates $k$ RefreshDerives (DH-Locks)
+ \item Customer commits by calculating a commit hash \\
+ $h_T := H(T_1, \dots,T_k)$ \\
+ $h_{\overline{m}} := H(\overline{m}_1,
\dots,\overline{m}_k)$ \\
+ $h_C := H(h_T,h_{\overline{m}} )$
+ \item The exchange answers with a random $\gamma \in
\{1,\dots,k\}$
+ \end{itemize}
+ \end{column}%
+ \hfill%
+ \begin{column}{.53\textwidth}
+ \begin{center}
+ \vspace{-1cm}
+ \begin{figure}
+ \begin{equation*}
+ \resizebox{1.0\textwidth}{!}{$\displaystyle
+ \begin{array}{ l c l }
+ \text{Customer} & & \text{Exchange}
+ \\ \text{denomination public key }
D_{p(i)} & & \text{denomination keys } d_{s(i)}, D_{p(i)}
+ \\ \text{coin}_0 = \langle D_{p(0)},
c_s^{(0)}, C_p^{(0)}, \sigma_c^{(0)} \rangle & &
+ % refresh request
+ \\ \text{Select} \langle N_t, e_t\rangle
:= D_{p(t)} \in D_{p(i)}
+ \\ \textbf{for } i = 1, \dots, \kappa: %
generate k derives
+ \\ s_i \rightarrow \{0,1\}^{256} % seed
generation
+ \\ X_i := \text{RefreshDerive}(s_i,
D_{p(t)}, C_p^{(0)})
+ \\ (t_i, T_i, x_i, c_s^{(i)}, C_p^{(i)},
\overline{m}_i) := X_i
+ \\ \textbf{endfor}
+ \\ h_T := H(T_1, \dots, T_k)
+ \\ h_{\overline{m}} := H(\overline{m}_1,
\dots, \overline{m}_k)
+ \\ h_C := H(h_t, h_{\overline{m}})
+ \\ \rho_{RC} := \langle h_C, D_{p(t)},
D_{p(0)}, C_p^{(0)}, \sigma_C^{(0)} \rangle
+ \\ \sigma_{RC} :=
\text{Ed25519.Sign}(c_s^{(0), \rho_{RC}})
+ \\ \text{Persist refresh-request} \langle
\rho_{RC}, \sigma_{RC} \rangle
+ \\ &
\xrightarrow[\rule{2.5cm}{0pt}]{\rho_{RC}, \sigma_{RC}} &
+ % Exchange checks refresh request
+ \\ & & (h_C, D_{p(t)}, D_{p(0)},
C_p^{(0)}, \sigma_C^{(0)} = \rho_{RC})
+ \\ & & \textbf{check}
\text{Ed25519.Verify}(C_p^{(0)}, \sigma_{RC}, \rho_{RC})
+ \\ & & x \rightarrow
\text{GetOldRefresh}(\rho_{RC})
+ \\ & & \textbf{Comment:
}\text{GetOldRefresh} \\ &&(\rho_{RC} \mapsto \{\bot,\gamma\})
+ \\ & & \pcif x = \bot
+ \\ & & v := D(D_{p(t)})
+ \\ & & \langle e_0, N_0 \rangle := D_{p(0)}
+ \\ & & \textbf{check }
\text{IsOverspending}(C_p^{(0)}, D_ {p(0)}, v)
+ \\ & & \textbf{check } D_{p(t)} \in
\{D_{p(i)}\}
+ \\ & & \textbf{check } \text{FDH}(N_0,
C_p^{(0)}) \equiv_{N_0} (\sigma_0^{(0)})^{e_0}
+ \\ & &
\text{MarkFractionalSpend}(C_p^{(0)}, v)
+ \\ & & \gamma \leftarrow \{1, \dots,
\kappa\}
+ \\ & & \text{Persist refresh-record }
\langle \rho_{RC},\gamma \rangle
+ \\ & & \pcelse
+ \\ & & \gamma := x
+ \\ & & \textbf{endif}
+ \\ &
\xleftarrow[\rule{2.5cm}{0pt}]{\gamma} &
+ \end{array}$
+ }
+ \end{equation*}
+ \end{figure}
+ \end{center}
+ \end{column}%
+ \end{columns}
+\end{frame}
+
+\begin{frame}{\faIcon{coins} Refresh Protocol Reveal Phase}
+ \begin{columns}[c] % align columns
+ \begin{column}{.43\textwidth}
+ \begin{itemize}
+ \item Customer reveals every transfer key (seed), except
$t_\gamma$
+ \item The exchange now proves if the customer is honest by
recalculating the RefreshDerives
+ \item If the check succeeds, the exchange returns the
signature of the new coin
+ \item Fraud attempts are detected with probability of $1/k$
+ \end{itemize}
+ \end{column}%
+ \hfill%
+ \begin{column}{.53\textwidth}
+ \begin{center}
+ \begin{figure}
+ \begin{equation*}
+ \resizebox{1.0\textwidth}{!}{$\displaystyle
+ \begin{array}{ l c l }
+ \\ &
\xleftarrow[\rule{2.5cm}{0pt}]{\gamma} &
+ \\ \textbf{check }
\text{IsConsistentChallenge}(\rho_{RC}, \gamma)
+ \\ \textbf{Comment: }
\text{IsConsistentChallenge}\\(\rho_{RC}, \gamma) \mapsto \{ \bot,\top \}
+ \\
+ \\ \text{Persist refresh-challenge}
\langle \rho_{RC}, \gamma \rangle
+ \\ S := \langle s_1, \dots, s_{\gamma-1},
s_{\gamma+1}, \dots,s_x \rangle % all seeds without the gamma seed
+ \\ \rho_L = \langle C_p^{(0)}, D_{p(t)},
T_{\gamma},\overline{m}_\gamma \rangle
+ \\ \rho_{RR} = \langle T_\gamma,
\overline{m}_\gamma, S \rangle
+ \\ \sigma_{L} =
\text{Ed25519.Sign}(c_s^{(0)}, \rho_{L})
+ \\ &
\xrightarrow[\rule{2.5cm}{0pt}]{\rho_{RR},\rho_L, \sigma_{L}} &
+ % check revealed msgs and sign coin
+ \\ & & \langle T'_\gamma,
\overline{m}'_\gamma, S \rangle := \rho_{RR}
+ \\ & & \langle
s_1,\dots,s_{\gamma-1},s_{\gamma+1},\dots,s_\kappa \rangle ) := S
+ \\ & & \textbf{check }
\text{Ed25519.Verify}(C_p^{(0)}, \sigma_L, \rho_L)
+ \\ & & \pcfor i = 1,\dots, \gamma-1,
\gamma+1,\dots, \kappa
+ \\ & & X_i := \text{RefreshDerive}(s_i,
D_{p(t)}, C_p^{(0)})
+ \\ & & \langle t_i, T_i, x_i, c_s^{(i)},
C_p^{(i)}, \overline{m}_i \rangle := X_i
+ \\ & & \textbf{endfor}
+ \\ & & h_T' =
H(T_1,\dots,T_{\gamma-1},T'_{\gamma},T_{\gamma+1},\dots,T_\kappa)
+ \\ & & h_{\overline{m}}' =
H(\overline{m}_1,\dots,\overline{m}_{\gamma-1},\overline{m}'_{\gamma},\overline{m}_{\gamma+1},\dots,\overline{m}_\kappa)
+ \\ & & h_C' = H(h_T', h_{\overline{m}}')
+ \\ & & \textbf{check } h_C = h_C'
+ \\ & & \overline{\sigma}_C^{(\gamma)} :=
\overline{m}^{d_{s(t)}}
+ \\ &
\xleftarrow[\rule{2.5cm}{0pt}]{\overline{\sigma}_C^{(\gamma)}} &
+ % Check coin signature and persist coin
+ \\ \sigma_C^{(\gamma)} :=
r^{-1}\overline{\sigma}_C^{(\gamma)}
+ \\ \textbf{check }
(\sigma_C^{(\gamma)})^{e_t} \equiv_{N_t} C_p^{(\gamma)}
+ \\ \text{Persist coin} \langle D_{p(t)},
c_s^{(\gamma)}, C_p^{(\gamma)}, \sigma_C^{(\gamma)} \rangle
+ \end{array}$
+ }
+ \end{equation*}
+ \end{figure}
+ \end{center}
+ \end{column}%
+ \end{columns}
+\end{frame}
+
+\begin{frame}{\faIcon{coins} Link Protocol}
+ % Money Laundring
+ \begin{columns}[c] % align columns
+ \begin{column}{.43\textwidth}
+ \begin{itemize}
+ \item Threat: An evil customer sends the old coins private key
to a third party.
+ \item The third party refreshes the coin and receives a new
coin.
+ \item Solution: re-obtain refreshed coin with link protocol
from $c_{s(old)}$
+ \end{itemize}
+ \end{column}%
+ \hfill%
+ \begin{column}{.53\textwidth}
+ \begin{center}
+ \begin{figure}
+ \begin{equation*}
+ \resizebox{1.0\textwidth}{!}{$\displaystyle
+ \begin{array}{ l c l }
+ % preliminaries
+ \text{Customer} & & \text{Exchange}
+ \\ \text{knows:} & & \text{knows:}
+ \\ \text{coin}_0 = \langle D_{p(0)},
c_s^{(0)}, C_p^{(0)}, \sigma_{C}^{(0)} \rangle
+ \\ &
\xrightarrow[\rule{2.5cm}{0pt}]{C_{p(0)}} &
+ \\ & & L := \text{LookupLink}(C_{p(0)})
+ \\ & & \textbf{Comment: }
\text{LookupLink}(C_p) \mapsto \{\langle \rho_L^{(i)},
+ \\ & & \sigma_L^{(i)},
\overline{\sigma}_C^{(i)} \rangle\}
+ \\ & \xleftarrow[\rule{2.5cm}{0pt}]{L} &
+ \\ \pcfor \langle \rho_{L}^{(i)},
\overline{\sigma}_L^{(i)}, \sigma_C^{(i)} \rangle \in L
+ \\ \langle \hat{C}_p^{(i)},
D_{p(t)}^{(i)}, T_\gamma^{(i)}, \overline{m}_\gamma^{(i)} \rangle :=
\rho_L^{(i)}
+ \\ \langle e_t^{(i)}, N_t^{(i)} \rangle :=
D_{p(t)}^{(i)}
+ \\ \textbf{check } \hat{C}_p^{(i)} \equiv
C_p^{(0)}
+ \\ \textbf{check }
\text{Ed25519.Verify}(C_p^{(0)}, \rho_{L}^{(i)}, \sigma_L^{(i)})
+ \\ x_i := \text{ECDH}(c_s^{(0)},
T_{\gamma}^{(i)})
+ \\ r_i :=
\text{SelectSeeded}(x_i,\mathbb{Z}^*_{N_t})
+ \\ c_s^{(i)} := \text{HKDF}(256,x_i,"c")
+ \\ C_p^{(i)} :=
\text{Ed25519.GetPub}(c_s^{(i)})
+ \\ \sigma_C^{(i)} := (r_i)^{-1} \cdot
\overline{m}_\gamma^{(i)}
+ \\ \textbf{check }
(\sigma_C^{(i)})^{e_t^{(i)}} \equiv_{N_t^{(i)}} C_p^{(i)}
+ \\ \text{(Re-)obtain coin} \langle
D_{p(t)}^{(i)},c_s^{(i)}, C_p^{(i)}, \sigma_C^{(i)} \rangle
+ \end{array}$
+ }
+ \end{equation*}
+ \end{figure}
+ \end{center}
+ \end{column}%
+ \end{columns}
+\end{frame}
+
+\begin{frame}{\faIcon{coins} Challenges}
+ \begin{itemize}
+ \item \faIcon{hashtag} Two blinding factors
+ \item \faIcon{exchange-alt} Additional request
+ \item \faIcon{calculator} Many calculations are done twice
+ \item \faIcon{dice} Many random elements - What about
Abort-Idempotency?
+ \end{itemize}
+ \vspace{1cm}
+ How can we redesign Taler's protocols to work with the Clause Blind
Schnorr signature scheme while still preserving all properties?
+\end{frame}
+
diff --git a/presentations/2022-cs/content/3-protocol-redesign.tex
b/presentations/2022-cs/content/3-protocol-redesign.tex
new file mode 100644
index 0000000..9bec47a
--- /dev/null
+++ b/presentations/2022-cs/content/3-protocol-redesign.tex
@@ -0,0 +1,162 @@
+\section{\faIcon{clipboard-list} Protocol Redesign}
+
+\begin{frame}{\faIcon{clipboard-list} Protocol Redesign}
+ \begin{itemize}
+ \item \faIcon{eye} Analyze Taler protocols
+ \item \faIcon{user-secret} Integrate where blind signatures are used
+ \item \faIcon{scroll} Proposal
+ % FIXME: begin very early in the thesis
+ \item \faIcon{comments} Rounds of Feedback
+ \end{itemize}
+\end{frame}
+
+% CS R
+\begin{frame}{\faIcon{clipboard-list} CS R}
+ \begin{itemize}
+ \item Additional Request during signature creation
+ \item Introduces complexity
+ \item Challenge regarding abort-idempotency
+ \item Vanilla Clause Blind Schnorr Signature Scheme: \\
+ \begin{itemize}
+ \item $ r_0 \leftarrow random $
+ \item $ R_0 := rG $
+ \end{itemize}
+ \item Our Changes: \\
+ \begin{itemize}
+ \item Introduces Nonce $ n $ used for Derivation
+ \item Derives R: \\
+ $ r_0 := \text{HKDF}(256,n || d_s, " \text{r} 0 ") $ \\
+ $ R_0 := r_0G $
+ \item Denomination private key as long-term secret
+ % FIXME: Payback Protocol
+ \end{itemize}
+ \end{itemize}
+\end{frame}
+
+% Withdraw
+\begin{frame}{\faIcon{clipboard-list} Withdraw Protocol}
+ \begin{itemize}
+ \item Signature scheme related operations replaced
+ \item Additional round-trip introduced
+ \item Extensively uses HKDF to achieve abort-idempotency
+ \item Randomness in CS replaced with derivation $ \rightarrow $
unpredictable
+ \end{itemize}
+\end{frame}
+
+\begin{frame}{\faIcon{clipboard-list} Withdraw Protocol}
+ \framesubtitle{Protocol Changes}
+ \begin{columns}[c]
+ \begin{column}{.48\textwidth}
+ \begin{itemize}
+ \item Withdraw Nonce (Wallet): \\
+ $ c_s, C_p \leftarrow \text{Ed25519.KeyGen}() $ \\
+ $ n_w := \text{HKDF}(256, c_s, "\text{n}") $
+ \item Request R
+ \item Derive R (Exchange)
+ \item Derive Blinding Secrets (Wallet): \\
+ $ b_s := \text{HKDF}(256, c_s || R_0 ||
R_1,"\text{b-seed}") $ \\
+ $ \alpha_0 := \text{HKDF}(256, b_s, "\text{a}0") $ \\
+ $ \dots $ \\
+ $ \beta_1 := \text{HKDF}(256, b_s, "\text{b}1") $
+ % FIXME: Advantages for Payback
+ \end{itemize}
+ \end{column}
+ \hfill
+ \begin{column}{.48\textwidth}
+ \includegraphics[width=6.5cm]{images/withdraw1.png}
+ \end{column}
+ \end{columns}
+\end{frame}
+
+\begin{frame}{\faIcon{clipboard-list} Withdraw Protocol}
+ \framesubtitle{Protocol Changes}
+ \begin{columns}[c]
+ \begin{column}{.48\textwidth}
+ \begin{itemize}
+ \item Derive $b$ (exchange): \\
+ $ b := \text{HKDF}(1,n_w || d_s, "\text{b}") $
+ \item Re-derive $ r_b $
+ \item Calculate signature scalar
+ \item Unblind, construct signature $ \langle R_b', s' \rangle $
+ \end{itemize}
+ \end{column}
+ \hfill
+ \begin{column}{.48\textwidth}
+ \includegraphics[width=6.5cm]{images/withdraw2.png}
+ \end{column}
+ \end{columns}
+\end{frame}
+
+\begin{frame}{\faIcon{clipboard-list} Withdraw Protocol}
+ \framesubtitle{Nonce Check}
+ \begin{itemize}
+ \item Is this safe? (without nonce reuse check) \\
+ $ r_0 := \text{HKDF}(256,n || d_s, " \text{r} 0 ") $
+ \item (Hint $ \rightarrow $ no):
+ \begin{itemize}
+ \item $ s_2 - s_1 = d_s (c_1' - c_2') - (r_1 - r_2) $
+ \item if $ r_1 = r_2 $: \\
+ $ s_2 - s_1 = d_s (c_1' - c_2') $
+ \item Allows private key recovery
+ \item Happened before (Bitcoin, PlayStation 3)
+ \end{itemize}
+ \item Prevent $ r $ reuse $ \rightarrow $ do not allow nonce reuse
(per denomination)
+ \item Applies to withdraw AND refresh
+ \end{itemize}
+\end{frame}
+
+% Spend
+\begin{frame}{\faIcon{clipboard-list} Deposit Protocol}
+ \begin{itemize}
+ \item Only coin signature verification changes: \\
+ \begin{align*}
+ s'G & = R' + c' D_p
+ \\ &= R' + H(R', C_p) D_p
+ \end{align*}
+ \end{itemize}
+\end{frame}
+
+% Refresh
+\begin{frame}{\faIcon{clipboard-list} Refresh and Linking}
+ \begin{columns}[c]
+ \begin{column}{.48\textwidth}
+ \begin{itemize}
+ \item Integration similar to withdraw (additional round trip,
derivation, etc.)
+ \item Introduced new random refresh secret
+ \begin{itemize}
+ \item Transfer secret
+ \item Refresh nonce
+ \end{itemize}
+ \item Nonce check
+ \item Two commit hashes instead of one
+ \end{itemize}
+ \end{column}
+ \hfill
+ \begin{column}{.48\textwidth}
+ \includegraphics[width=4.5cm]{images/refresh-derive.png}
+ \end{column}
+ \end{columns}
+\end{frame}
+
+% Tipping
+\begin{frame}{\faIcon{clipboard-list} Tipping}
+ \begin{itemize}
+ \item Wallet: same changes as Withdraw
+ \item Merchant: Only message signed by merchant's reserve private key
changes
+ \end{itemize}
+\end{frame}
+
+% Payback
+\begin{frame}{\faIcon{clipboard-list} Payback Protocol}
+ \begin{itemize}
+ \item Three different cases:
+ \begin{itemize}
+ \item \textbf{Revoked coin has never been seen by exchange}:
\\
+ Adjust Withdraw Transcript
+ \item \textbf{Coin partially spent}: \\
+ Invoke Refresh Protocol
+ \item \textbf{Coin resulted from refresh, has never been
seen}: \\
+ Adjust refresh transcript
+ \end{itemize}
+ \end{itemize}
+\end{frame}
diff --git a/presentations/2022-cs/content/4-implementation.tex
b/presentations/2022-cs/content/4-implementation.tex
new file mode 100644
index 0000000..4700725
--- /dev/null
+++ b/presentations/2022-cs/content/4-implementation.tex
@@ -0,0 +1,451 @@
+\section{\faIcon{code} Specification \& Implementation}
+
+\begin{frame}{\faIcon{code} Overview}
+ % Implemented, tested and reviewed -> good state, but needs sec audit
+ \begin{columns}[T]
+ \begin{column}{.48\textwidth}
+ Implemented \& Tested:
+ \begin{itemize}
+ \item Cryptographic routines in GNUnet
+ \item Cryptographic utilities in the Exchange
+ \item Security Module for CS and crypto-helper
+ \item Key Management
+ \item New Endpoint to get $R_0,R_1$
+ \item Withdraw protocol
+ \item Deposit protocol
+ \end{itemize}
+ \end{column}
+ \hfill
+ \begin{column}{.48\textwidth}
+ Not Implemented:
+ \begin{itemize}
+ \item Merchant (primarily Spend Protocol)
+ \item Wallet support for two denomination types
+ \item Tipping protocol
+ \end{itemize}
+ \end{column}
+ \end{columns}
+\end{frame}
+
+\begin{frame}{\faIcon{code} Testing}
+ \begin{itemize}
+ \item Specification and test implementation hand in hand
+ \item Cryptographic routines: unit tests, benchmark, test vectors
+ \item Taler cryptographic utilities: unit tests
+ \item CS security module: functionality tests, benchmark
+ \item Exchange HTTP server: functionality tests (simulate wallet)
+ \end{itemize}
+\end{frame}
+
+
+
+% Übersicht allgemein (was implementiert, wie implementiert, wie getestet)
+% GNUnet
+% Testing, Test vectors, benchmarks
+% API, Data Types, special stuff
+
+% Taler cryptographic utilities
+\begin{frame}{\faIcon{code} Implementation of cryptographic routines}
+ \framesubtitle{Cryptographic routines in GNUnet}
+ % Implementation Signaturschema: GNUnet, free software, libsodium
+ \begin{columns}[T] % align columns
+ \begin{column}{.74\textwidth}
+ \vspace{0.5cm}
+ Cryptographic routines for Clause Blind Schnorr signatures:
+ \begin{itemize}
+ \item Programming language: C
+ \item Implemented as free software in the GNUnet project
+ \item Implemented on Curve25519
+ \item Libsodium is used for group operations
+ \item Implemented including testing, benchmarks and
test-vector generator
+ \item Other primitives from GNUnet reused
+ \begin{itemize}
+ \item HKDF
+ \item KDF mod
+ \item Hash functions
+ \end{itemize}
+ \end{itemize}
+ \end{column}%
+ \hfill%
+ \begin{column}{.25\textwidth}
+ \vspace{2cm}
+ \includegraphics[height=2cm]{images/gnunet-logo.png}
+ \end{column}%
+ \end{columns}
+ \vspace{0.2cm}
+ {\tiny graphics source:
https://www.gnunet.org/images/gnunet-logo-dark-no-text.png}
+\end{frame}
+
+\begin{frame}{\faIcon{code} Implementation of cryptographic routines}
+ \framesubtitle{Implementation details}
+ \begin{columns}[T]
+ \begin{column}{.48\textwidth}
+ \resizebox{0.58\textwidth}{!}{\begin{minipage}{\textwidth}
+ \begin{table}
+ \colorlet{BFH-table}{BFH-MediumBlue!10}
+ \colorlet{BFH-tablehead}{BFH-MediumBlue!50}
+ \setupBfhTabular
+ \begin{tabular}{ll}
+ \rowcolor{BFH-tablehead}
+ \textbf{Operation} & \textbf{API}
\\\hline
+ Key Generation & {\footnotesize
GNUNET\_CRYPTO\_cs\_private\_key\_generate()} \\\hline
+ Get public key & {\footnotesize
GNUNET\_CRYPTO\_cs\_private\_key\_get\_public($sk$)} \\\hline
+ Derive $r_0,r_1$ & {\footnotesize
GNUNET\_CRYPTO\_cs\_derive\_r(nonce, lts, $r$[2])} \\\hline
+ Get public $R$ & {\footnotesize
GNUNET\_CRYPTO\_cs\_r\_get\_public($r$)} \\\hline
+ Derive blinding secrets (bs) & {\footnotesize
GNUNET\_CRYPTO\_cs\_blinding\_secrets\_derive(seed)} \\\hline
+ Calculate blinded $c$ & {\footnotesize
GNUNET\_CRYPTO\_cs\_calc\_blinded\_c(bs, $R$[2], $pk$, msg)} \\\hline
+ Sign and get $b$ & {\footnotesize
GNUNET\_CRYPTO\_cs\_sign\_derive($sk$, $r$[2], $c$[2], nonce)} \\\hline
+ Unblind & {\footnotesize
GNUNET\_CRYPTO\_cs\_unblind(blind\_sig, $pk$, msg)} \\\hline
+ Verify & {\footnotesize
GNUNET\_CRYPTO\_cs\_verify(sig, $pk$, msg)} \\\hline
+ \end{tabular}
+ \end{table}
+ \begin{itemize}
+ \item {\normalsize API designed to prevent misuse}
+ \item {\normalsize API includes "Clause" part}
+ \item {\normalsize Internal functionality: CS-FDH,
clamping}
+ \end{itemize}
+ \end{minipage}}
+ \end{column}%
+ \hfill%
+ \begin{column}{.48\textwidth}
+ \hspace{1cm}
+ \resizebox{0.52\textwidth}{!}{\begin{minipage}{\textwidth}
+ \begin{table}
+ \colorlet{BFH-table}{BFH-MediumBlue!10}
+ \colorlet{BFH-tablehead}{BFH-MediumBlue!50}
+ \setupBfhTabular
+ \begin{tabular}{ll}
+ \rowcolor{BFH-tablehead}
+ \textbf{Values} & \textbf{Data
Structure} \\\hline
+ Curve25519 Scalar & {\small
GNUNET\_CRYPTO\_Cs25519Scalar} \\\hline
+ Curve25519 Point & {\small
GNUNET\_CRYPTO\_Cs25519Point} \\\hline
+ Private Key & {\small
GNUNET\_CRYPTO\_CsPrivateKey} \\\hline
+ Public Key & {\small
GNUNET\_CRYPTO\_CsPublicKey} \\\hline
+ $\alpha, \beta$ & {\small
GNUNET\_CRYPTO\_CsBlindingSecret} \\\hline
+ $r$ & {\small
GNUNET\_CRYPTO\_CsRSecret} \\\hline
+ $R$ & {\small
GNUNET\_CRYPTO\_CsRPublic} \\\hline
+ $c$ & {\small
GNUNET\_CRYPTO\_CsC} \\\hline
+ $s$ & {\small
GNUNET\_CRYPTO\_CsBlindS} \\\hline
+ $s'$ & {\small
GNUNET\_CRYPTO\_CsS} \\\hline
+ $\sigma := \langle s',R' \rangle$ & {\small
GNUNET\_CRYPTO\_CsSignature} \\\hline
+ Nonce & {\small
GNUNET\_CRYPTO\_CsNonce} \\\hline
+ \end{tabular}
+ \end{table}
+ \end{minipage}}
+ \end{column}%
+ \end{columns}
+\end{frame}
+
+\begin{frame}{\faIcon{code} Exchange Architecture}
+ % Exchange Architektur
+ \begin{center}
+ \includegraphics[width=8cm]{images/architecture-exchange.jpg}
+ \end{center}
+ {\tiny graphics source:
\url{https://git.taler.net/marketing.git/plain/presentations/comprehensive/main.pdf}}
+\end{frame}
+
+\begin{frame}{\faIcon{code} Taler cryptographic utilities}
+ \framesubtitle{Cryptographic utilities around crypto routines and
planchets}
+ \begin{columns}[T] % align columns
+ \begin{column}{.48\textwidth}
+ Cryptographic utilities to use the crypto routines
+ \begin{itemize}
+ \item sign
+ \item blind
+ \item unblind
+ \item key generation
+ \item derive\_r
+ \item various utility functions
+ \end{itemize}
+ \end{column}%
+ \hfill%
+ \begin{column}{.48\textwidth}
+ Utility functions around planchets
+ \begin{itemize}
+ \item derive/generate nonce
+ \item blinding secrets
+ \item planchet setup \& prepare
+ \item planchet to coin
+ \item coin ev hash
+ \end{itemize}
+ \end{column}%
+ \end{columns}
+\end{frame}
+
+\begin{frame}{\faIcon{code} CS Security Module}
+ \framesubtitle{CS Security Module \& corresponding crypto helper}
+ \begin{columns}[T] % align columns
+ \begin{column}{.48\textwidth}
+ CS Security Module:
+ \begin{itemize}
+ \item Standalone process
+ \item The CS Security Module have sole access to the
denomination private key
+ %on httpd compromise attacker has no access to priv key
+ % But can sign arbitrary messages
+ \item All operations requiring the private key are done by the
secuity module
+ \begin{itemize}
+ \item Generate new keypair
+ \item Sign a message
+ \item Revoke keys
+ \item Derive private $r$
+ \end{itemize}
+ \item API can use fixed-length structs (compared to RSA)
+ \end{itemize}
+ \end{column}%
+ \hfill%
+ \begin{column}{.48\textwidth}
+ CS Crypto Helper:
+ \begin{itemize}
+ \item Talks to the security module for operations requiring
the denominations private key
+ \item Is part of the httpd service
+ \item Unix Domain Sockets are used for Inter-Process
Communication with the security module
+ \end{itemize}
+ \end{column}%
+ \end{columns}
+\end{frame}
+
+\begin{frame}{\faIcon{code} Key Management}
+ \begin{itemize}
+ \item Collect new denominations, security module public key from CS
security module
+ \item {\color{blue}\texttt{GET /management/keys}}: Offer future keys
to exchange-offline
+ % FIXME: not yet signed
+ \item {\color{blue}\texttt{POST /management/keys}}: Return signatures
created with offline-signing key
+ \item {\color{blue}\texttt{GET /keys}}: Make new denominations
available for wallet:
+ \item Currently requires both RSA and CS security modules to be running
+ \end{itemize}
+\end{frame}
+
+\begin{frame}{\faIcon{code} Endpoint for $ R $}
+ \begin{itemize}
+ \item New endpoint used for withdraw and refresh protocols
+ \item Available under {\color{blue}\texttt{POST /csr}}
+ \item Request: \\
+ \begin{table}[ht]
+ \hspace{-1.5cm}
+ \resizebox{0.9\textwidth}{!}{\begin{minipage}{\textwidth}
+ \colorlet{BFH-table}{BFH-MediumBlue!10}
+ \colorlet{BFH-tablehead}{BFH-MediumBlue!50}
+ \setupBfhTabular
+ \begin{tabular}{lll}
+ \rowcolor{BFH-tablehead}
+ \textbf{Field} & \textbf{Type} &
\textbf{Value} \\
+ nonce & String & 32 Bytes
encoded in Crockford base32 Hex \\
+ denom\_pub\_hash & String & Denomination
Public Key encoded in Crockford base32 Hex \\
+ \end{tabular}
+ \end{minipage}}
+ \end{table}
+ \item Exchange checks denomination (including cipher type)
+ \end{itemize}
+\end{frame}
+
+\begin{frame}{\faIcon{code} Endpoint for $ R $}
+ \begin{itemize}
+ \item Exchange derives $ R $ based on supplied nonce and denomination
+ \item Request passed down to security module
+ \item No persistence necessary
+ \item Response: \\
+ \begin{table}[ht]
+ \hspace{-1.5cm}
+ \resizebox{0.9\textwidth}{!}{\begin{minipage}{\textwidth}
+ \colorlet{BFH-table}{BFH-MediumBlue!10}
+ \colorlet{BFH-tablehead}{BFH-MediumBlue!50}
+ \setupBfhTabular
+ \begin{tabular}{lll}
+ \rowcolor{BFH-tablehead}
+ \textbf{Field} & \textbf{Type} & \textbf{Value}
\\
+ r\_pub\_0 & String & 32 Bytes
encoded in Crockford base32 Hex \\
+ r\_pub\_1 & String & 32 Bytes
encoded in Crockford base32 Hex \\
+ \end{tabular}
+ \end{minipage}}
+ \end{table}
+ \end{itemize}
+\end{frame}
+
+\begin{frame}{\faIcon{code} Withdraw Protocol}
+ \begin{columns}[c]
+ \begin{column}{.48\textwidth}
+ \begin{itemize}
+ \item Available under {\color{blue}\texttt{POST
/reserves/[reserve]/withdraw}}
+ \item Request data: \\
+ \begin{table}[ht]
+ \hspace{-3cm}
+
\resizebox{0.55\textwidth}{!}{\begin{minipage}{\textwidth}
+ \colorlet{BFH-table}{BFH-MediumBlue!10}
+ \colorlet{BFH-tablehead}{BFH-MediumBlue!50}
+ \setupBfhTabular
+ \begin{tabular}{ll}
+ \rowcolor{BFH-tablehead}
+ \textbf{Field} & \textbf{Value}
\\
+ denom\_pub\_hash & Denomination Public
Key \\
+ coin\_ev & RSA blinded coin
public key \\
+ reserve\_sig & Signature over the
request using the reserve's private key \\
+ \end{tabular}
+ \end{minipage}}
+ \end{table}
+ \item Adjusted coin\_ev field (RSA): \\
+ \begin{table}[ht]
+ \hspace{-3cm}
+
\resizebox{0.58\textwidth}{!}{\begin{minipage}{\textwidth}
+ \colorlet{BFH-table}{BFH-MediumBlue!10}
+ \colorlet{BFH-tablehead}{BFH-MediumBlue!50}
+ \setupBfhTabular
+ \begin{tabular}{lll}
+ \rowcolor{BFH-tablehead}
+ \textbf{Field} & \textbf{Type} &
\textbf{Value} \\
+ cipher & Integer &
Denomination cipher: 1 stands for RSA \\
+ rsa\_blinded\_planchet & String &
RSA blinded coin public key \\
+ \end{tabular}
+ \end{minipage}}
+ \end{table}
+ \end{itemize}
+ \end{column}
+ \hfill
+ \begin{column}{.48\textwidth}
+ \begin{itemize}
+ \item CS coin\_ev field: \\
+ \begin{table}[ht]
+ \hspace{-3cm}
+
\resizebox{0.55\textwidth}{!}{\begin{minipage}{\textwidth}
+ \colorlet{BFH-table}{BFH-MediumBlue!10}
+ \colorlet{BFH-tablehead}{BFH-MediumBlue!50}
+ \setupBfhTabular
+ \begin{tabular}{lll}
+ \rowcolor{BFH-tablehead}
+ \textbf{Field} & \textbf{Type} &
\textbf{Value} \\
+ cipher & Integer &
Denomination cipher: 2 stands for CS \\
+ cs\_nonce & String & 32
Bytes encoded in Crockford base32 Hex \\
+ cs\_blinded\_c0 & String & 32
Bytes encoded in Crockford base32 Hex \\
+ cs\_blinded\_c1 & String & 32
Bytes encoded in Crockford base32 Hex \\
+ \end{tabular}
+ \end{minipage}}
+ \end{table}
+ \item Response: \\
+ \begin{table}[ht]
+ \hspace{-3.5cm}
+
\resizebox{0.5\textwidth}{!}{\begin{minipage}{\textwidth}
+ \colorlet{BFH-table}{BFH-MediumBlue!10}
+ \colorlet{BFH-tablehead}{BFH-MediumBlue!50}
+ \setupBfhTabular
+ \begin{tabular}{lll}
+ \rowcolor{BFH-tablehead}
+ \textbf{Field} & \textbf{Type} &
\textbf{Value} \\
+ cipher & Integer &
Denomination cipher: 2 stands for CS \\
+ b & Integer & CS
signature session identifier (either 0 or 1) \\
+ s & String &
signature scalar (32 Bytes encoded in Crockford base32 Hex) \\
+ \end{tabular}
+ \end{minipage}}
+ \end{table}
+ \end{itemize}
+ \end{column}
+ \end{columns}
+\end{frame}
+
+\begin{frame}{\faIcon{code} Withdraw Protocol}
+ \framesubtitle{Implementation details}
+ \begin{itemize}
+ \item Idempotency check - has the coin already been withdrawn?
+ \begin{itemize}
+ \item RSA: Hash over message (blinded coin)
+ \item CS: Hash over nonce and denomination public key
+ \end{itemize}
+ \item Additional denomination cipher check
+ \item Various changes related to parsing, persistence and response
+ \end{itemize}
+\end{frame}
+
+\begin{frame}{\faIcon{code} Minor Security Fix}
+ \begin{itemize}
+ \item Recap: RSA idempotency check uses blinded coin hash
+ \item Issue:
+ \begin{itemize}
+ \item Wallet withdraws a coin
+ \item Withdraw same coin referencing different denomination
+ \item Exchange returns signature of first withdraw due to
idempotency check
+ \item Invalid signature - open complaint at auditor
+ \item Auditor is able to disprove
+ \end{itemize}
+ \item Solution: add denomination to coin hash
+ \end{itemize}
+\end{frame}
+
+\begin{frame}{\faIcon{code} Deposit Protocol}
+ \begin{columns}[c]
+ \begin{column}{.48\textwidth}
+ \begin{itemize}
+ \item Available under {\color{blue}\texttt{POST /coins/[coin
public key]/deposit}}
+ \item Request: many fields, only coin\_sig relevant for CS
+ \item Content (RSA): \\
+ \begin{table}[ht]
+ \hspace{-2cm}
+
\resizebox{0.65\textwidth}{!}{\begin{minipage}{\textwidth}
+ \colorlet{BFH-table}{BFH-MediumBlue!10}
+ \colorlet{BFH-tablehead}{BFH-MediumBlue!50}
+ \setupBfhTabular
+ \begin{tabular}{lll}
+ \rowcolor{BFH-tablehead}
+ \textbf{Field} & \textbf{Type} &
\textbf{Value} \\
+ cipher & Integer &
Denomination cipher: 1 stands for RSA \\
+ rsa\_signature & String &
Unblinded RSA signature \\
+ \end{tabular}
+ \end{minipage}}
+ \end{table}
+ \end{itemize}
+ \end{column}
+ \hfill
+ \begin{column}{.48\textwidth}
+ \begin{itemize}
+ \item coin\_sig content for CS: \\
+ \begin{table}[ht]
+ \hspace{-3.3cm}
+
\resizebox{0.45\textwidth}{!}{\begin{minipage}{\textwidth}
+ \colorlet{BFH-table}{BFH-MediumBlue!10}
+ \colorlet{BFH-tablehead}{BFH-MediumBlue!50}
+ \setupBfhTabular
+ \begin{tabular}{lll}
+ \rowcolor{BFH-tablehead}
+ \textbf{Field} & \textbf{Type} &
\textbf{Value} \\
+ cipher & Integer &
Denomination cipher: 2 stands for CS \\
+ cs\_signature\_r & String & Curve
point $ R' $ (32 Bytes encoded in Crockford base32 Hex) \\
+ cs\_signature\_s & String &
Signature scalar (32 Bytes encoded in Crockford base32 Hex) \\
+ \end{tabular}
+ \end{minipage}}
+ \end{table}
+ \item Add denomination cipher check
+ \item Signature verification (CS security module)
+ \item Adjusted persistence
+ \end{itemize}
+ \end{column}
+ \end{columns}
+\end{frame}
+
+
+% TODO: Refresh
+
+
+% Wallet
+\begin{frame}{\faIcon{wallet} {\color{red} \textit{New:} } Wallet
Cryptographic Routines}
+ \framesubtitle{Wallet Implementation}
+ \begin{columns}[T] % align columns
+ \begin{column}{.48\textwidth}
+ \begin{itemize}
+ \item Programming language: Typescript
+ \item libsodium.js for group operations
+ \item cryptographic routines implemented
+ \item tested with test vectors from C implementation
+ \end{itemize}
+
+ Missing:
+ \begin{itemize}
+ \item Add support for two denomination types (together with
Taler team)
+ \item integration test with exchange
+ \end{itemize}
+ \end{column}%
+ \hfill%
+ \begin{column}{.48\textwidth}
+ \begin{center}
+ \includegraphics[width=4.8cm]{images/stock1s.jpg}
+ \end{center}
+ {\tiny graphics source: \url{https://taler.net/images/stock1s.jpg}}
+ \end{column}%
+ \end{columns}
+\end{frame}
diff --git a/presentations/2022-cs/content/5-results.tex
b/presentations/2022-cs/content/5-results.tex
new file mode 100644
index 0000000..555d857
--- /dev/null
+++ b/presentations/2022-cs/content/5-results.tex
@@ -0,0 +1,150 @@
+\section{\faIcon{gem} Results}
+% Discussion
+\begin{frame}{\faIcon{gem} Security Assumptions}
+ \framesubtitle{RSA Blind Signature's \& Clause Blind Schnorr Signature's}
+ Scheme comparison:
+ \begin{itemize}
+ \item \faIcon{hashtag} Number of blinding secrets
+ \item \faIcon{exchange-alt} Number of round trips
+ \item \faIcon{calculator} CS signatures do most computations twice
+ \end{itemize}
+ Security assumptions
+ \begin{itemize}
+ \item Both Schemes are considered \textbf{perfectly blind}
+ \item RSA depends on factoring large numbers being hard.
+ \item Schnorr Signatures depends on computing the discrete logarithm
being hard
+ \item Clause Blind Schnorr Signatures additionally rely on the
modified ROS problem being hard
+ \item ROS is a recent research topic, and not as well researched
+ \end{itemize}
+\end{frame}
+
+\begin{frame}{\faIcon{gem} CPU Performance}
+ \begin{center}
+ \resizebox{0.7\textwidth}{!}{\begin{minipage}{\textwidth}
+ \begin{bfhBox}[BFH-MediumBlue]{Setup}
+ CPU: 8-core AMD Ryzen 7 PRO 5850U \\
+ OS: Ubuntu 21.10 Linux 5.13.0-25-generic \\
+ \end{bfhBox}
+ \end{minipage}}
+ \resizebox{0.8\textwidth}{!}{\begin{minipage}{\textwidth}
+ \vspace{0.5cm}
+ \begin{table}[ht]
+ \centering
+ \colorlet{BFH-table}{BFH-MediumBlue!10}
+ \colorlet{BFH-tablehead}{BFH-MediumBlue!50}
+ \setupBfhTabular
+ \begin{tabular}{lrrr}
+ \rowcolor{BFH-tablehead}
+ \textbf{Operation} & \textbf{CS} & \textbf{RSA 1024
bit} & \textbf{RSA 3072 bit} \\\hline
+ 10x key generation & 0.204 ms & 126 ms
& 2684 ms \\\hline
+ 10x blind & 3.870 ms & 1.282 ms
& 5 ms \\\hline
+ 10x signing & 0.077 ms & 7 ms
& 86 ms \\\hline
+ 10x unblinding & 0.001 ms & 2.991 ms
& 24 ms \\\hline
+ 10x verifying & 1.358 ms & 0.876 ms
& 3.075 ms \\\hline
+ \end{tabular}
+ \end{table}
+ \end{minipage}}
+ \end{center}
+\end{frame}
+
+\begin{frame}{\faIcon{gem} Disk Space \& Bandwidth}
+ \begin{center}
+ Signatures: {\footnotesize $\langle s,R \rangle$}\\
+
+ \vspace{0.2cm}
+ \resizebox{0.65\textwidth}{!}{\begin{minipage}{\textwidth}
+ \begin{table}[ht]
+ \centering
+ \colorlet{BFH-table}{BFH-MediumBlue!10}
+ \colorlet{BFH-tablehead}{BFH-MediumBlue!50}
+ \setupBfhTabular
+ \begin{tabular}{lccr}
+ \rowcolor{BFH-tablehead}
+ \textbf{Signature Scheme} & \textbf{Disk Space} &
\textbf{Factor} & \textbf{Disk Space 1M signatures} \\\hline
+ CS & 512 bits & 1x
& 64 MB \\\hline
+ RSA 1024 bit & 1024 bits & 2x
& 128 MB \\\hline
+ RSA 2048 bit & 2048 bits & 4x
& 256 MB \\\hline
+ RSA 3072 bit & 3072 bits & 6x
& 384 MB \\\hline
+ RSA 4096 bit & 4096 bits & 8x
& 512 MB \\\hline
+ \end{tabular}
+ \end{table}
+ \end{minipage}}
+ \\Wallet disk space: {\footnotesize $\langle c_s,s,R_0,R_1,D_p
\rangle$}\\
+
+ \vspace{0.2cm}
+ \resizebox{0.65\textwidth}{!}{\begin{minipage}{\textwidth}
+ \begin{table}[ht]
+ \centering
+ \colorlet{BFH-table}{BFH-MediumBlue!10}
+ \colorlet{BFH-tablehead}{BFH-MediumBlue!50}
+ \setupBfhTabular
+ \begin{tabular}{lccr}
+ \rowcolor{BFH-tablehead}
+ \textbf{Signature Scheme} & \textbf{Disk Space} &
\textbf{Factor} & \textbf{Disk Space 1M coins} \\\hline
+ CS 256 bits & 150 bytes & 1x
& 160 MB \\\hline
+ RSA 1024 bit & 416 bytes & 2.6x
& 416 MB \\\hline
+ RSA 2048 bit & 800 bits & 5x
& 800 MB \\\hline
+ RSA 3072 bit & 1184 bits & 7.4x
& 1184 MB \\\hline
+ RSA 4096 bit & 1568 bits & 9.8x
& 1568 MB \\\hline
+ \end{tabular}
+ \end{table}
+ \end{minipage}}
+ \end{center}
+\end{frame}
+
+\begin{frame}{\faIcon{gem} Latency}
+ \begin{itemize}
+ \item CS introduces an additional round trip
+ \item A coin should not be spent immediately after withdrawal or
refresh
+ \item Additional round trip is therefore \textit{negligible}
+ \end{itemize}
+\end{frame}
+
+\begin{frame}{\faIcon{gem} Comparison Conclusion}
+ \begin{itemize}
+ \item \faIcon{bolt} CS has overall better performance regarding speed,
disk space and bandwidth
+ \item \faIcon{exchange-alt} Additional round-trip is negligible
+ \item \faIcon{calculator} CS has an additional, newer security
assumption called ROS
+ \item \faIcon{bomb} Risk can be calculated and capped by denomination
key lifetime
+ \end{itemize}
+ % Risk etc.
+ % better overall
+\end{frame}
+
+\begin{frame}{\faIcon{gem} Acknowledgement}
+ \begin{itemize}
+ \item Christian Grothoff
+ \item Jeffrey Burdges
+ \item Jacob Appelbaum
+ \item Florian Dold
+ \vspace{0.5cm}
+ {\\We would also like to thank Mr. Benoist and Mr. Voisard for the
guidance during our thesis.}
+ \end{itemize}
+\end{frame}
+
+\begin{frame}{\faIcon{gem} Future Work}
+ \begin{itemize}
+ \item Refresh and other protocols (tipping, deposit, refund, etc.)
+ \item Wallet
+ \item Merchant
+ \item Security Audit
+ \item CS implementation on other curves
+ \item Exchange API documentation
+ \item Exchange operator guideline for when to use CS
+ \end{itemize}
+\end{frame}
+
+\begin{frame}{\faIcon{gem} Personal Conclusion}
+ \begin{itemize}
+ \item \faIcon{sort-amount-down-alt} From high-level down to code
+ \item \faIcon{swimmer} Challenging at times, pushed through with
persistence
+ \item \faIcon{wind} Motivation grew with every completed step
+ \item \faIcon{code} C:
+ \begin{itemize}
+ \item Respect from it, but went well (cough macros cough)
+ \item Well designed APIs
+ \item Integrate new variables without RSA-counterpart
+ \end{itemize}
+ \item \faIcon{piggy-bank} Hope to pay with own code in the future!
+ \end{itemize}
+\end{frame}
diff --git a/presentations/2022-cs/images/architecture-exchange.jpg
b/presentations/2022-cs/images/architecture-exchange.jpg
new file mode 100644
index 0000000..7af1f42
Binary files /dev/null and
b/presentations/2022-cs/images/architecture-exchange.jpg differ
diff --git a/presentations/2022-cs/images/blind-coin.png
b/presentations/2022-cs/images/blind-coin.png
new file mode 100644
index 0000000..7684099
Binary files /dev/null and b/presentations/2022-cs/images/blind-coin.png differ
diff --git a/presentations/2022-cs/images/blind-sign.png
b/presentations/2022-cs/images/blind-sign.png
new file mode 100644
index 0000000..900d562
Binary files /dev/null and b/presentations/2022-cs/images/blind-sign.png differ
diff --git a/presentations/2022-cs/images/coins.jpg
b/presentations/2022-cs/images/coins.jpg
new file mode 100644
index 0000000..9f30384
Binary files /dev/null and b/presentations/2022-cs/images/coins.jpg differ
diff --git a/presentations/2022-cs/images/curve25519.png
b/presentations/2022-cs/images/curve25519.png
new file mode 100644
index 0000000..f068a53
Binary files /dev/null and b/presentations/2022-cs/images/curve25519.png differ
diff --git a/presentations/2022-cs/images/cutandchose.png
b/presentations/2022-cs/images/cutandchose.png
new file mode 100644
index 0000000..2ea29ee
Binary files /dev/null and b/presentations/2022-cs/images/cutandchose.png differ
diff --git a/presentations/2022-cs/images/dh-lock.png
b/presentations/2022-cs/images/dh-lock.png
new file mode 100644
index 0000000..30487ec
Binary files /dev/null and b/presentations/2022-cs/images/dh-lock.png differ
diff --git a/presentations/2022-cs/images/diagram-simple.png
b/presentations/2022-cs/images/diagram-simple.png
new file mode 100644
index 0000000..d6ad292
Binary files /dev/null and b/presentations/2022-cs/images/diagram-simple.png
differ
diff --git a/presentations/2022-cs/images/final.JPG
b/presentations/2022-cs/images/final.JPG
new file mode 100644
index 0000000..811c93b
Binary files /dev/null and b/presentations/2022-cs/images/final.JPG differ
diff --git a/presentations/2022-cs/images/gnunet-logo.png
b/presentations/2022-cs/images/gnunet-logo.png
new file mode 100644
index 0000000..1658455
Binary files /dev/null and b/presentations/2022-cs/images/gnunet-logo.png differ
diff --git a/presentations/2022-cs/images/logo-2021.png
b/presentations/2022-cs/images/logo-2021.png
new file mode 100644
index 0000000..da5c7dd
Binary files /dev/null and b/presentations/2022-cs/images/logo-2021.png differ
diff --git a/presentations/2022-cs/images/planchet.png
b/presentations/2022-cs/images/planchet.png
new file mode 100644
index 0000000..99c2883
Binary files /dev/null and b/presentations/2022-cs/images/planchet.png differ
diff --git a/presentations/2022-cs/images/refresh-derive-rsa.png
b/presentations/2022-cs/images/refresh-derive-rsa.png
new file mode 100644
index 0000000..adb3092
Binary files /dev/null and
b/presentations/2022-cs/images/refresh-derive-rsa.png differ
diff --git a/presentations/2022-cs/images/refresh-derive.png
b/presentations/2022-cs/images/refresh-derive.png
new file mode 100644
index 0000000..d73e738
Binary files /dev/null and b/presentations/2022-cs/images/refresh-derive.png
differ
diff --git a/presentations/2022-cs/images/stock1s.jpg
b/presentations/2022-cs/images/stock1s.jpg
new file mode 100644
index 0000000..8a1ec04
Binary files /dev/null and b/presentations/2022-cs/images/stock1s.jpg differ
diff --git a/presentations/2022-cs/images/taler-pki.png
b/presentations/2022-cs/images/taler-pki.png
new file mode 100644
index 0000000..f72d423
Binary files /dev/null and b/presentations/2022-cs/images/taler-pki.png differ
diff --git a/presentations/2022-cs/images/unblind-coin.png
b/presentations/2022-cs/images/unblind-coin.png
new file mode 100644
index 0000000..61730c4
Binary files /dev/null and b/presentations/2022-cs/images/unblind-coin.png
differ
diff --git a/presentations/2022-cs/images/withdraw1.png
b/presentations/2022-cs/images/withdraw1.png
new file mode 100644
index 0000000..a5f36d5
Binary files /dev/null and b/presentations/2022-cs/images/withdraw1.png differ
diff --git a/presentations/2022-cs/images/withdraw2.png
b/presentations/2022-cs/images/withdraw2.png
new file mode 100644
index 0000000..c4ee927
Binary files /dev/null and b/presentations/2022-cs/images/withdraw2.png differ
diff --git a/presentations/2022-cs/poster/Plakat Bachelorthesis.pdf
b/presentations/2022-cs/poster/Plakat Bachelorthesis.pdf
new file mode 100644
index 0000000..898424b
Binary files /dev/null and b/presentations/2022-cs/poster/Plakat
Bachelorthesis.pdf differ
diff --git a/presentations/2022-cs/poster/Plakat Bachelorthesis.pptx
b/presentations/2022-cs/poster/Plakat Bachelorthesis.pptx
new file mode 100644
index 0000000..b4a3460
Binary files /dev/null and b/presentations/2022-cs/poster/Plakat
Bachelorthesis.pptx differ
diff --git a/presentations/2022-cs/presentation.pdf
b/presentations/2022-cs/presentation.pdf
new file mode 100644
index 0000000..44b2b6f
Binary files /dev/null and b/presentations/2022-cs/presentation.pdf differ
diff --git a/presentations/2022-cs/presentation.tex
b/presentations/2022-cs/presentation.tex
new file mode 100644
index 0000000..82cd5f3
--- /dev/null
+++ b/presentations/2022-cs/presentation.tex
@@ -0,0 +1,99 @@
+\documentclass[
+ english,%globale Übergabe der Hauptsprache
+ aspectratio=169,%Beamer eigene Option zum Umschalten des Formates
+ % logofile=logo-2021, %Falls die Logo Dateien nicht vorliegen
+ authorontitle=true,
+]{bfhbeamer}
+
+%will also be acessible via option sidebar=true/false
+\useoutertheme{BFH-sidebar}
+
+\version{1.0}
+
+\usepackage[main=ngerman]{babel}
+% To use icons
+\usepackage{fontawesome5}
+
+% Der folgende Block ist nur bei pdfTeX auf Versionen vor April 2018 notwendig
+\usepackage{iftex}
+\ifPDFTeX
+\usepackage[utf8]{inputenc}%kompatibilität mit TeX Versionen vor April 2018
+\fi
+
+%Crypto Grafiken
+\usepackage{cryptocode}
+%\usepackage{amsmath}
+
+%BFH Boxes
+% see BFH example for usage, looks nice!<<
+\LoadBFHModule{listings,terminal,boxes}
+
+\usepackage{tikz}
+%Makros für Formatierungen der Doku
+%Im Allgemeinen nicht notwendig!
+\let\code\texttt
+
+\title{Adding Schnorr’s blind signature in Taler - Defence}
+% \subtitle{}
+\author{Gian Demarmels \and Lucien Heuzeveldt {\tiny\\ Advisor: Prof. Dr.
Emmanuel Benoist\newline Expert: Elektronikingenieur HTL Daniel Voisard}}
+\titlegraphic*{\includegraphics{images/logo-2021.png}}%is only used with
BFH-graphic and BFH-fullgraphic
+
+%Activate the output of a frame number:
+\setbeamertemplate{page number in head/foot}[framenumber]
+\setbeamertemplate{author in sidebar}
+
+% automatisch am Anfang einer Section eine Section-Folie anzeigen
+\AtBeginSection{\sectionpage}
+\setbeamertemplate{section page}[BFH-ruled]
+
+
+\begin{document}
+
+% Aufhänger - Welche der beiden Münzen wollt ihr lieber in eurer Brieftasche
herumtragen?
+% In den nächsten 15 Minuten erzählen wir euch, wie wir in Taler Unterstützung
für Clause Blind Schnorr Signaturen eingeführt haben und was das für Taler
bedeutet.
+% Mit diesen Signaturen erreichen wir unter anderem eine leichtgewichtigere
Münze
+
+% Zeit: 1min
+
+\setbeamertemplate{title page}[BFH-graphic]
+\maketitle
+
+\begin{frame}{\faIcon{bars} Content}
+ \begin{columns}[c] % align columns
+ \begin{column}{.45 \textwidth}
+ \begin{itemize}
+ \item \faIcon{flag-checkered} Goals \& Project
Management % Chap 1,2
+ \item \faIcon{coins} Preliminaries % Chap 3
+ \item \faIcon{clipboard-list} Protocol Redesign
% Chap 4
+ \item \faIcon{code} Specification \&
Implementation % Chap 5,6
+ \item \faIcon{gem} Results % Chap 7,8
+ \end{itemize}
+ \end{column}%
+ \hfill%
+ \begin{column}{.58\textwidth}
+ \includegraphics[width=6.9cm]{images/coins.jpg}
+ \end{column}%
+ \end{columns}
+\end{frame}
+
+% Gian
+\input{content/1-goals-projectmgmt.tex}
+
+% Gian
+\input{content/2-preliminaries.tex}
+
+% Lucien
+\input{content/3-protocol-redesign.tex}
+
+% beide
+\input{content/4-implementation.tex}
+
+% beide
+\input{content/5-results.tex}
+
+\begin{frame}{\faIcon{comments} Let's talk!}
+ \begin{center}
+ \includegraphics[width=10.5cm]{images/final.JPG}
+ \end{center}
+\end{frame}
+\end{document}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-marketing] branch master updated: presentation and poster for clause schnorr implementation,
gnunet <=