Smart Money and
Concrete Contracts
in GNU Taler
Özgür Kesim
oec-taler@kesim.org
Programmable Money and
Concrete Contracts
in GNU Taler
Özgür Kesim
oec-taler@kesim.org
GNU Taler is a payment system that makes
privacy-friendly online transactions
fast and easy.
✅ Payments without registration
✅ Data protection by default
✅ Fraud eliminated by design
✅ Not a new currency!
✅ Empowers communities to run their own payment infrastructure
✅ Free Software
- Be Free/Libre Software
- Protect the privacy of buyers
- Be Auditable
- Prevent payment fraud
- Collect the minimum information
- Be usable
- Be efficient
- Fault-tolerant design
- Foster competition
Core Protocols
(refresh protocol not shown)
Implementation Details
- Exchange signs tokens of value into existence via blind signatures
(Chaum-style e-cash with some extensions)
- Main innovation: Refresh protocol that allows efficient transactions while preserving unlinkability of purchases and income-transparency of merchants
- Based on proven constructions and primitives
(SHA512, X25519, Ed25519, cut-and-choose, RSA blind signatures)
- Agility: RSA blind signatures could be replaced by elliptic curve blind signatures (Clause Blind Schnorr Signatures)
- Other niceties like forgettable fields in digital contract between customer and merchant
Conditional Payments and Programmable Money
Definitions
Conditional payments are state-machines for the flow of money and
allow the transfer when predefined rules hold.
Programmable money are e-cash tokens, augmented with additional data.
They can further parameterize conditional payments.
Smart Contracts
is a term used in the context of DLT's for programs that implement conditional payments.
These programs are usually deployed in the DLT and
execute on a virtual computation environment specific to the payment system.
Concrete Contracts
GNU Taler's philosophy:
Code is not law and payment needs both.
Code for conditional payments must work and also be verified to
- protect the privacy of buyers
- be legally compliant and binding
GNU Taler defines a process for design, verification, implementation and deployment of
Concrete Contracts.
Age Restriction in GNU Taler
Programmable Money
Our goal
A design and implementation of an age restriction scheme with the following properties:
- It ties age restriction to the ability to pay (not to ID's),
- maintains the anonymity of buyers,
- maintains unlinkability of transactions,
- aligns with the principle of subsidiarity,
- is practical and efficient.
Sketch of scheme
Independent of a payment service protocol, the scheme is as follows:
- Guardians commit to a maximum age
- Minors attest their adequate age
- Merchants verify the attestations
- Minors derive age commitments from existing ones
- Exchanges compare the derived age commitments
GOTO 2
Sketch of Functions
Commit:
Attest & Verify:
Derive & Compare:
Achieving unlinkability
DeriveCompareĸ:
Integration with GNU Taler
Conditional Payments
(WIP)
Escrow service
Example scenario: Bike rental; user puts E-cash into escrow with the GNU Taler exchange, provides merchant with a proof.
Unlocking conditions and payee(s) are defined in contract, can be f. e. per signature or timeout.
Also, refund offering for purchases can be implemented this way.
Design Document exists, with general idea sketched out.
Finalizing design and implementation is future project.
Sealed Bid Auctions
We started integrating libbrandt as PoC,a privacy preserving, Vickrey-style auction protocol
Found better design: Bag et al. - 2020
SEAL Sealed-Bid Auction Without Auctioneers
Based on a Veto-protocol, extended to an auction.
Outlook:
- Integration into GNU Taler
- Making it scalable. Think: Ticketsell for UEFA cup.
Sponsors