[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] Hello

From: Christian Grothoff
Subject: Re: [Taler] Hello
Date: Thu, 24 Nov 2016 17:11:04 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.4.0

Hi Joerg,

On 11/24/2016 11:30 AM, Joerg Baach wrote:
> Hi Christian,

I hope you understood that address@hidden is a public, archived
mailinglist with many members, and not an alias for me ;-).

> sorry for only replying now - your question got somehow lost, and I
> discovered it only now, for which I apologize.
> The link I sent you to the description of opencoin is the latest
> description, an matches the latest implementation of the prototype (the
> examples are all 'real'). It is basically what we have.
> As you can tell, the project is quite dormant atm, as you rightfully
> observed in the taler-draft.pdf.
> Speaking of which: in mapping2016 you mention that the paper (I assume
> in a less draft version) is available upon request. May I have a copy?

The TeX source is in the 'exchange.git' repository, a PDF is at

You may also enjoy:

> The reason is that I try to understand the taler system. The idea of the
> coin being a key pair is quite interesting to me, and I'd like to
> understand how exactly it works - but between taler-draft and the other
> 2016 papers I have seen I am not quite sure if I have understood the
> current state of the protocol.

I just today gave a presentation with a very visual representation of
the protocol, that might also help:


There is also https://api.taler.net/, but that might be too low-level.

> Also, if I may use this opportunity to ask two questions:
> 1) If the merchant has a rather unusual price for a rare item, the user
> pays for it, and refreshes the dirty coin after that - wouldn't the
> unusual reminder of the coin provide at least hints to trace the
> transaction?

No, as the refresh will convert the unusual reminder into many small
coins of more canonical denominations, i.e. if the reminder is 3.1415,
you may get three coins of value 1, one of value 0.1, four of value 0.01
and 5 coins of 0.001.  That's assuming coin values are powers of 10. In
practice, powers of two may of course be better.

> 2) Regarding the contract (fascinating idea as well): I assume the idea
> is to use the contract in the case of a dispute with a judge etc. How do
> you / the customer / the judge link the key to a real entity, ideally
> the right one?

Only the customer has the private coin key that signed the coin, so he
can (even in zero knowledge) show that he signed the contract.  If the
customer wants anonymity, he might send his lawyer to prove it on his
behalf.  Also, in the ordinary course of the protocol, the merchant
should sign a response saying that he received the payment "in good
order", which further shortcuts any discussions about the validity. And
while the payment is anonymous, the merchant and customer can of course
also decide to write the name (or address) of the customer into the
contract, if that is somehow relevant for disputes.

> Also, thank you for doing the project, quite happy to see it getting
> exposure!


Happy hacking!


Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]