[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Taler] Support for payer-trustlessness and merchant-auditing

From: Rune K. Svendsen
Subject: [Taler] Support for payer-trustlessness and merchant-auditing
Date: Mon, 18 Sep 2017 21:11:50 +0200

Dear fellow GNU Taler enthusiasts,

In my opinion, GNU Taler is a great step in the right direction towards an open, ubiquitous internet payment system. For the past few years, I've been writing code with the goal of implementing the Stroem[1] payment system, which is very similar to GNU Taler. Both systems operate on essentially the same idea, which is consumers (payers) depositing funds with an "exchange" (in GNU Taler terminology) or "issuer" (in Stroem terminology), after which a payer can ask the exchange to issue a note which is redeemable (by the merchant) in whichever currency was deposited by the payer/consumer (and a reduced per-payment fee is achieved by merchants aggregating notes for redemption). GNU Taler interests me because it, in addition to what Stroem offers, adds anonymity for payers from snooping exchanges (via RSA blinding).

One thing, which I think is highly important, is allowing payers to connect via a trustless mechanism to the exchanges, such that unspent funds remain in control of the payer. With Bitcoin payments, this is possible using so-called "payment channels", and I've spent the past year or two implementing a payment channel server in Haskell, for this exact use[2] (open, RESTful protocol is documented here[3]). The idea behind a payment channel is fairly simple: rather than the payer depositing funds with the exchange (such that the exchange is in full control of the funds), the funds are sent to a Bitcoin address (an account, essentially) which requires a signature from *both* the payer and the exchange in order to transfer funds (from those deposited into the payment channel) to the exchange. This allows instant Bitcoin payments between two parties. One analogy from the world of banking would be a bank account where cheques, that transfer funds from this account, require the signature of both the payer and the payee (the exchange). This makes "bouncing" checks impossible, as the recipient of funds needs to sign the cheque as well in order for it to be valid. This construct makes it possible for payers to deposit funds with an exchange, while remaining in full control of it, and only signing over the amount required for each payment, when the payment occurs. It means that only the merchants (payees/payment receivers) take risks when they accept GNU Taler payments, instead of the payer/consumer also taking the risk that the exchange is hacked (and they thus lose their deposited funds). In my opinion, this is an important feature, because it means funds are stored in a decentralized manner, such that each payer's device needs to be compromised in order to steal funds (rather than only the exchange's wallet).
What is your view on this? Does the GNU Taler protocol already allow payers to deposit funds using this mechanism, or would the protocol need to be changed for this to be supported?

Another remark I have (a relatively minor one compared to allowing trustlessness for payers), is allowing merchants (and not just a government regulatory body) to audit exchanges (this would be particularly relevant for merchants located in countries with unreliable government institutions). Since merchants are the recipients of payments, they have a huge incentive in making sure that exchanges are honest, and consequently they should be able to audit the exchanges they choose to use, in my opinion. Is this supported by the GNU Taler protocol?

I look forward to hearing from you.

Rune K. Svendsen

[1] https://www.strawpay.com/docs/stroem-payment-system.pdf
[2] https://github.com/runeksvendsen/rbpcp-handler
[3] http://paychandoc.runeks.me/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]