[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Taler] Protecting coins (was Re: Taler and UBI)
|
From: |
Özgür Kesim |
|
Subject: |
Re: [Taler] Protecting coins (was Re: Taler and UBI) |
|
Date: |
Fri, 14 Oct 2022 13:10:50 +0200 |
So,
after talking to Christian and thinking some more, it is now clear to me
that my idea below is not the best tool to protect the coins in the
wallet: Simply encrypting the data in the wallet with standard
mechanisms should do the job.
I was seeing the FDH(C_p, somethingsomething) mechanism as a hammer, and
now every problem looks like a nail :)
Idea retracted.
Cheers,
oec
Thus spake Özgür Kesim (oec-taler@kesim.org):
> Thus spake Özgür Kesim (oec-taler@kesim.org):
>
> > Thus spake Christian Grothoff (grothoff@gnunet.org):
> >
> > > OTOH, assuming every individual's wallet is somehow registered as eligible
> > > for UBI, it should be trivial to distribute UBI to Taler wallets, and then
> > > one could spend that with privacy.
> >
> > That being said, it would change the threat model for the wallet
> > significantly. So far we operate under the assumption that the usual
> > amounts people will carry in their Taler wallets are small and losses of
> > wallets are bearable.
>
> That made me think of the following idea:
>
> We could optionally protect individual coins from abuse by theft by
> binding a coin to a secret PIN (or fingerprint), which must not be saved
> by the Taler wallet. Using the coin for purchase or refresh would
> require the PIN/fingerprint to be entered.
>
> Technically, we can bind the PIN to the coin the same way we bind age
> commitment to a coin. But here we would use something like
> P := HMAC(coin_priv, PIN)
> as the (coin-individual) commitment and let the exchange blindly sign
> FDH(C_p, P).
> Here, C_p is the public key of the coin.
>
> However, in contrast to age restriction, there would not be any
> cut-and-choose protocol involved for this feature during a refresh - it
> is completely up to the owner of the wallet to decide to enable
> protection or continue to protect a coin during refresh. Also, we could
> easily make this compatible with age restriction.
>
> If I'm not mistaken, this would give us the following benefits:
>
> - lost or stolen coins can be restored via Anastasis and
>
> - a thief or finder of a wallet could not use the coins without
> knowledge of the PIN,
>
> - anonymity and unlinkability of purchases are still preserved,
>
> - the user experience should be still acceptible as one would only need
> to enter the PIN/fingerprint once for a transaction.
>
>
> Cheers,
> oec
>
- [Taler] Taler and UBI, Thien-Thi Nguyen, 2022/10/13
- Re: [Taler] Taler and UBI, Christian Grothoff, 2022/10/13
- Re: [Taler] Taler and UBI, Özgür Kesim, 2022/10/14
- Re: [Taler] Taler and UBI, Martin Schanzenbach, 2022/10/14
- Re: [Taler] Taler and UBI, Özgür Kesim, 2022/10/14
- Re: [Taler] Taler and UBI, Christian Grothoff, 2022/10/14
- Re: [Taler] Taler and UBI, Martin Schanzenbach, 2022/10/14
- Re: [Taler] Taler and UBI, Özgür Kesim, 2022/10/14
- Re: [Taler] Taler and UBI, Sebastian Javier Marchano, 2022/10/14
- Re: [Taler] Taler and UBI, Jacob Bachmeyer, 2022/10/14
- Re: [Taler] Taler and UBI, Martin Schanzenbach, 2022/10/15