Abstract
We propose a design for a privacy-friendly method of age restriction in e-commerce that is aligned with the principle of subsidiarity. The design is presented as an extension of a privacy-friendly payment protocol with a zero-knowledge scheme that cryprographically augments coins for this purpose. Our scheme enables buyers to prove to be of sufficient age for a particular transaction without disclosing it. Our modification preserves the privacy and security properties of the payment system such as the anonymity of minors as buyers as well as unlinkability of transactions. We show how our scheme can be instantiated with ECDSA as well with a variant of EdDSA, respectively, and how it can be integrated with the GNU Taler payment system. We provide formal proofs and implementation of our proposal. Key performance measurements for various CPU architectures and implementations are presented.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Upper indices on variables are not exponents.
- 2.
Using ECDSA is also not required: we have created an instantiation based on Edx25519 (Appendix A); ECDSA is merely one that permits a concise description.
- 3.
- 4.
The private key of the master public key must simply be deleted after creation, as it would enable minors to defeat the cut-and-choose protocol. Deriving commitments from the master key implies that computing the private key corresponding to the commitment is equivalent of solving DLOG for the master public key.
References
Chaum, D.: Blind Signatures for Untraceable Payments. In: Advances in Cryptology Proceedings of Crypto82 (1989). https://doi.org/10.1007/978-1-4757-0602-4_18
Goldwasser, S., Micali, S., Rackoff, C.: The Knowledge Complexity of Interactive Proof Systems. SIAM J. Comput. 18(1), 186–208 (1989). https://doi.org/10.1137/0218012
Bellare, M., Rogaway, P.: The exact security of digital signatures-how to sign with RSA and Rabin. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_34
Boneh, D.: The decision Diffie-Hellman problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054851
Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_7
Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36–63 (2001). https://doi.org/10.1007/s102070100002
Bosnich, D.A.: The Principle of Subsidiarity. In: Religion & Liberty 6.4 (2010)
Poullet, Y.: e-Youth before its judges — legal protection of minors in cyberspace. Comput. Law Secur. Rev. 27(1), 6–20 (2011). https://doi.org/10.1016/j.clsr.2010.11.011
Au, M.H., et al.: Constant-size dynamic k-times anonymous authentication. IEEE Syst. J. 7(2), 249–26 (2012)
Bernstein, D.J., et al.: High-speed high-security signatures. J. Cryptogr. Eng. 2, 77–89 (2012). https://doi.org/10.1007/s13389-012-0027-1
Koning, M., et al.: The ABC of ABC: an analysis of attributebased credentials in the light of data protection, privacy and identity. In: Proceedings of the 10th International Conference on Internet, Law & Politics, pp. 357–374 (2014)
Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous attestation using the strong Diffie Hellman assumption revisited. In: Franz, M., Papadimitratos, P. (eds.) Trust 2016. LNCS, vol. 9824, pp. 1–20. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45572-3_1
World Wide Web Consortium: Verifiable credentials data model 1.0: Expressing verifiable information on the web (2019). https://www.w3.org/TR/vc-data-model/?#core-data-model
Dold, F.: GNU Taler - practical and provably secure electronic payments, Ph.D. thesis (2019). https://taler.net/papers/thesis-dold-phd-2019.pdf
Mejía-Ricart, R., Tellez-Merchan, C.: Distributed ledger technology and digital identity: prospects and pitfalls ahead. https://www.betterthancash.org/news/distributed-ledger-technology-and-digital-identity-prospects-and-pitfalls-ahead (2019)
Schanzenbach, M., et al.: ZKlaims: privacy-preserving attribute based credentials using non-interactive zero-knowledge techniques. In: Proceedings of the 16th International Joint Conference on e-Business and Telecommunications (2019). https://doi.org/10.5220/0007772903250332
Fauzia, M.: Fact check: Mastercard’s partnership on vaccination records is unrelated to finances. In: USA Today (2020)
Troncoso, C., et al.: Decentralized Privacy-Preserving Proximity Tracing. Tech. rep, EPFL (2020)
Banerjee, A.: A fully anonymous e-voting protocol employing universal ZK-snarks and smart contracts. Cryptology ePrint Archive, Report 2021/877. https://ia.cr/2021/877
The Liberty Beacon: Trust stamp vaccine record and payment system to be tested on low-income Africans (2021). https://www.thelibertybeacon.com/trust-stamp-vaccine-record-and-payment-system-to-be-tested-on-low-income-africans/
Bundeskanzlei BK: Vorlage Nr. 639: Resultate in den Kantonen. https://www.bk.admin.ch/ch/d/pore/va/20210307/can639.html (2021)
Chaum, D., Grothoff, C., Moser, T.: How to issue a central bank digital currency. In: SNB working paper series (2021). https://www.snb.ch/en/mmr/papers/id/working_paper_2021_03
Eder, D.: EU Digital COVID Certificates Project. https://github.com/eu-digital-green-certificates (2021)
Feathers, T.: Debit card apps for kids are collecting a shocking amount of personal data. In: Motherboard (2021)
Hern, A.: Can facial analysis technology create a child-safe internet? In: The Guardian (2021)
Bank of International Settlement: Central bank digital currencies herald a new chapter for the monetary system. https://www.bis.org/press/p210623.htm (2021)
Pavy, E.: The principle of subsidiarity. https://www.europarl.europa.eu/factsheets/en/sheet/7/the-principle-of-subsidiarity (2021)
Schanzenbach, M., et al.: Decentralized Identities for Self-sovereign End-users (DISSENS). In: Open Identity Summit. Gesellschaft für Informatik (2021)
Demarmels, G., Heuzeveldt, L.: Adding Schnorr’s Blind Signature in Taler, Bacherlor’s thesis (2022). https://taler.net/papers/cs-thesis.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A A Edx25519
A A Edx25519
Edx25519 is a signature scheme based on Ed25519 [Ber+12], but allows for derivation of private and public keys, independently, from existing ones. Private keys in Edx25519 are pairs (a, b) of 32 byte each. Initially they correspond to the result of the expansion and clamping in EdDSA. The scheme is as follows, in pseudo-code:
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Kesim, Ö., Grothoff, C., Dold, F., Schanzenbach, M. (2022). Zero-Knowledge Age Restriction for GNU Taler. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds) Computer Security – ESORICS 2022. ESORICS 2022. Lecture Notes in Computer Science, vol 13554. Springer, Cham. https://doi.org/10.1007/978-3-031-17140-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-17140-6_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17139-0
Online ISBN: 978-3-031-17140-6
eBook Packages: Computer ScienceComputer Science (R0)