 Okay, thank you. So this talk is about GNU Tyler and how to do secure web payments with it So GNU Tyler is a currently research project being developed at Inria, which is a French national research institution And it's also part of the GNU project. So it's completely free and open source software So I can I think we can all agree in this room that modern economies need some form of currency One form of currency is cash, but as you've noticed recently in India there quite a few problems with cash mainly revolving around a legitimate users and also in our lives where more and more things are becoming digital It's very cumbersome to have like Printed cash notes So what is the solution for that? Maybe credit or debit cards? I think the answer would be no because for Credit and debit card companies. They're mostly controlled by like a Oligopoly of very few big and foreign companies if we look at the chart So for credit cards, it's mostly visa mastercard union pay and other big American companies And for debit cards, it's even worse So this can result in quite high fees because only a few companies are in control of the infrastructure and also credit card payments are really cumbersome and Expensive especially if you're doing small and frequent online transaction So let's see you want to pay a journalist who wrote an article and purchase it It's really cumbersome if every time you want to do this you need to do some two-factor authentication and type in some number from your mobile phone and Also, this is especially relevant for merchants Are the false positives on fraud detection? So when a customer that has Money and wants to buy something in your shop, but their credit card company Things due to some heuristic maybe because you're in another country that this is a fraud and they deny the customer This really frustrates them and might drive them away from your shop So we've just seen a whole talk about Bitcoin. It's this completely unregulated payment system that kind of originates from the Crypto anarchist community and its lack of regulation is basically the main feature one thing that I personally really like about it is that it's implemented completely in free software and it's a decentralized peer-to-peer system and the problem that it solves is The Byzantine fault-tolerant agreement on this transaction ledger if we've just heard and the Creative solution that Bitcoin uses for it is that it ties the distribution of money and the creation of new nodes to Solving this consensus problem on the ledger as we just heard you need to compute a computational puzzle on the set of the new transactions that you want to commit to the ledger and then the node who finds this puzzle first gets rewarded with a mining fee But in my opinion this just results on a in a slow and very expensive banking system So I actually have numbers to support this claim This is the blockchain dot info site which just collects data and compute statistics on the publicly available blockchain so everyone can verify this data and Currently the cost for one bit coin transaction is around seven us dollars This is for one transaction. So at first it sounds like this contradicts the data that was given in the previous talk But it actually doesn't Because in this case the customer who buys something with Bitcoin pays a Relatively low fee just a few cents in us dollars but the cost for the whole system is much higher because the reward that the miners get is the Some of the individual transaction fees of the block plus this mining fee for the whole block so if you add all that together and Divided by the number of transaction in a block you actually get to this currently seven us dollars and in my opinion, this is not a way to run a Stable financial system of every single transaction costs the whole system seven dollars or sometimes up to sixteen or in good cases if you're lucky like four dollars and Also the transaction rate which is plotted here It's not really usable for really consumer transactions like here Six transactions per seconds or even only two compared to other systems like visa that handles thousands of transactions even per second and Also another indication why Bitcoin isn't really usable for the end user at all is that the current transaction value is 1,000 us dollars and this means that most people are using Bitcoin to transfer really large amounts of money, but they're not using it to buy ice cream or lunch and Another disadvantage of Bitcoin is that all transactions that you make are public and linkable back to your identity eventually and This means it's not privacy friendly at all and Some researchers have done lots of very interesting work on making Bitcoin more privacy friendly which resulted in systems like Zero cash which are really really good on the privacy aspects, but unfortunately they're even more expensive and they're even slower and The next question is our we as a society really ready for a system where we can do completely hidden bank transactions it's basically going back to the old system of cash even with Lesser fewer opportunities for regulations and I don't think that we should build on such systems So new tolerance our counter proposal to the current state of payment systems The tagline is digital cash made socially responsible Taller is actually an acronym. It stands for taxable anonymous leave for electronic reserves So for us taxable means that at least the income of merchants is visible and auditable by the government and Does it can be taxable anonymous on the other hand only applies to the customer or the citizen who? Can do payments without having to authenticate? This is not only very important for the user's privacy, but also for security reasons because this means that you Don't need to use an authentication system that has potential security issues and of course You want such a system to be practical so it should be fast and electronic and resource friendly So we don't want to do these huge proof of war calculations that eat a lot of energy and Another aspect is this Libre which means that it should be completely free and open source And this sounds minor, but in my opinion is something that's very important Because payment infrastructure is something that's so important that it should be that it should be a commons so We've heard this in a previous talk that it would be nice to have free and open source software Infrastructure that really everybody with enough technical abilities or countries organizations or in some cases even event individuals could run and review of course Unlike Bitcoin in our system. They're still government at restrictions that apply. So of course people who run it need to comply with the respective regulation and the system is designed in such a way that can be run on top of existing Legacy bank infrastructure for example in Europe sepa or you could run it on UPI in India This is the basic architecture So there's this triangle between the customer merchant and the exchange the exchange in this case is something like a payment service provider So when the customer wants to get Digital coins they send a payment from their bank account to the exchange and receive coins for it and These coins are withdrawn with a protocol that uses blind signatures So they're not any more with the customer once they're spent with the merchant So the customer sends those coins the merchant The merchant deposits those coins again at the exchange gets reimbursed for them by a normal bank transfer and the customer gets their product and in this system, of course the exchange serves as an escrow and We need to ensure that it's actually operating correctly So another component in the system is the auditor which allows governments or regulatory bodies to run completely automated audits on the database of the exchange and Verify that it didn't embezzle any funds or move any money somewhere where it shouldn't go and Now for the exciting part This is not just to we've actually implemented the system and I'm going to do the demo now But on a laptop that is not mine. So something could go wrong bear with me We go to a demo or taller.net by the way everybody here in the audience with a relatively recent version of Google Chrome can try this so the first step is to go to our wallet installation page and And Install our wallet. This should just take one click You now have to wait for the download and yeah, this button appears. This is our extension Now we can go back and now the first step is to Withdraw funds from your bank account into your wallet and for this demo, of course we need some form of example bank account. So you've implemented like a Very simple demo bank that just uses a non-existing currency called kudos instead of like euros or rupees and Let's register with P now if this bank account we have 100 kudos as a starting bonus and We can withdraw some amount from that into our wallet And Here the exchange provider gets some fees in order to pay for running the infrastructure Can accept those fees and then Here in with the normal bank you would receive like some kind of Pin tan thing where you would use second factor authentication Here we just have some step where the user needs to enter a capture and now this wheel should spin and We have our coins in our bank account in our wallet withdrawn from our bank account into the local wallet that runs in the browser and Now we can go to our site again and Go to a merchant that's actually Accepts taller payments This is a very simple store that just has a list of essays that are normally fully available But for demo purposes we offer them for a kudos payment So we click for the on them and now the wallet in a different security context prompts for confirmation with 0.1 kudos You can click confirm and Now I can read the article So this was the demo and of course our balance Decreased Okay, so what is the advantage of such system was the value for the customer as you've just seen it's very convenient It's just one click payments once you have the Balance in your wallet and it's also guaranteed payment. So once the money is in your wallet There's no fraud detection mechanism that can prevent your customers from Actually getting through the payment step Mmm, and it's secure. So unlike cash cash, you don't need to worry about counterfeit or something like that Privacy preserving so You don't even need to log in and the doesn't require any Personal information to be entered so this does away with this authentication step that is a potential security issue and By design of the system the privacy still holds Even when we are in legislations where the government mandates weakened encryption because we're using blind signatures and no encryption even if the encryption is weakened the privacy aspect still holds and as Tower is always bound to some existing currency Unlike Bitcoin, which is completely new currency. There's no additional fluctuation. So of course you still have the fluctuation that you have Yeah, okay Sorry for the interruption. Let's continue so it's always bound to some existing currency and some existing financial system and The wallet we've just seen is completely free software So there's no hidden things in there that might sell your information to some other party and other parties can verify that this functionality is correctly implemented and For the merchants as you've just seen the transactions are very fast So it's not like in Bitcoin where you need to wait ten minutes to get a transaction It's free software, which means that you have a competitive pricing and support model and The fees are quite low due to the efficient protocol that we use and the absence of fraud detection and As it's not bound to any specific currency you can do payments in any currency and with any amount and I'm So with Bitcoin in the past it has often been used for illegitimate purposes like buying drugs on tour or something and so Here we don't have the risk of Being associated with illegal businesses because due to the whole auditing that's going on it's much harder to actually use taller for illegitimate businesses like selling drugs and and From a security perspective, it's Very good for the merchant because they don't need to store or process any sensitive customer data and that makes it very easy to comply with data regular data minimization regulations like for example the recent Regulations that were passed in the EU That Legally mandate some form of data minimization And for the government as I mentioned earlier, it's free software. So it's a commons and there's no need to worry about some foreign company taking over your economy and it's of course much easier to do something against Legitimate payments that is with cash or with zero cash for example, and of course Efficient payments are always good for the economy With these automated audits, you can also ensure that the exchanges are operating correctly in an automated way and the privacy aspect means that foreign governments can Spy into your transaction system like it actually has happened in the past with Swift and the NSA espionage Okay, so now we've seen the high-level overview Let's dive a bit into the technical aspects of the system This is actually the expanded Architecture you so you can still see the basic triangle in the bottom with the customer the exchange and the merchant But now they're actually all connected to the banking system So these three banks might be in practice actually be the same bang but here just for completeness in the diagram there are different entities or The customers bang might often be actually associated with the exchange Just like in our case which makes it very very easy to withdraw cash into your wallet and Yeah, and the customers pledge into the browser and the wall extension which runs in a separate security context for the merchant you have your typical architecture some front and some order processing system and then the tower SDK which Connects to the tower back end Which is a component that? transparently implements all the cryptography and could either run on premise with a merchant or be some cloud service We have some API studies allow you to do the web integration So a very simple starting example would be detecting whether a wallet is present or not So it's just a simple JavaScript API The actual payments on a technical level are handled through HGP status code so the merchant would send a 402 payment required for the article with some URL that specifies where to get the digitally signed contract To pay for this article and the wall then acts on it So this is an example for a contract could look like you can see this is an example contract for The essay store like there's in the list of project. There's the essay that you would get So on a technical level it uses relatively proven and Well-known cryptography But of course modern instantiation for of them So it's not like in zero cash where it's very experimental protocols where people are sometimes not even sure if they actually work or not But it's very proven protocols Compared with other payment solutions One thing is that in good how you always have to be online So the merchant the exchange and the customer always have to communicate But We do a very low transaction cost and very high speed. We can Guarantee that income of merchants can be taxed and while the income of the merchant is known the payer can be anonymous and From a security perspective I mentioned that before because there's no authentication required from the users perspective It's quite secure because you're not prone anymore to things like phishing attacks where you can Accidentally enter authentication information on the wrong page And of course, it's free and open-source software so everybody can audit and deploy it So current development that we're doing is we're still improving the user interface of the wallet and some internal things we're working on the auditing for the exchange and We're writing tutorials for merchants on how to actually integrate child with their webshops and We're looking into making better marketing materials and explanations for people who are not technical in this originated from a research project and now we're trying to get more traction on the business side of it Okay, so what can you do is you can of course tell people what Tyler if you are a developer you can read the documentation and give us feedback and Maybe see how Tyler would integrate into your workshop if you're really crazy you can try to get a banking license and run an exchange in your legislation and you can always talk to us on the GNUNED IRC which is like the umbrella or sister project to Tyler and yeah talk to us on there so To conclude what are the options for the future of payment systems either we can keep using credit cards where like mass surveillance is possible and it's just controlled by a few huge US companies or We can really engage in this arms race between cryptographers and smarter surveillance and blockchain based technologies We can enjoy the in quotes benefits of cash or and this is of course the solution that we're trying to work towards really establish a free software alternatives that Balances the social goals between on the one hand enabling this taxation and on the other hand also Being privacy friendly Okay, thanks Thank you, Florian. We'll throw it up for a few questions. Can we start with one here? Just a second. We'll get to the mic Thank you Fabian. I'm Kaushik kind of the longest question I'll try to sort of make sense of it in about 15 seconds into it One of the things that caught my eye was when you said social and also taxation Typically how you do taxes is you file taxes you self ordered them You submit to the government and then there's been penalties for not being able to file them one time or not being able to File them right even with that even in spite of all that there's inconsistencies. It's how you file tax Now when you have an Orwellian system looking at your centralized surveillance system I'm guessing your taxation is automatic right because you said Yeah, I think I'm I understand where you're trying to get it. Thank you for the question So the point is we're not trying to replace any tax system We're just trying to make it harder for merchants to hide their income Of course, you would still keep the existing tax system everywhere But you as a government have a better way to actually verify the income of merchants and that they Didn't have any extra income for example with technologies like Bitcoin which make this very hard so the point is just that it's easier for Governments to know what the income of merchants is which would it not rock people of the idea of basic human Property of holding onto a property of being able to do things Having a centralized system looking to it right you how do you position yourself to sort of escape from the same kind of Fraud the cheese that I do when I file a tax off and what if I do a multi-party settlement? What if I have multiple accounts multiple remnants? You'd still not be able to catch them Would you be able to again? So the target audience for this project is more real end-user payments like on digital devices like your browser or your smartphone But also in contrast to Bitcoin We're not really trying to replace the other parts of the financial system or how things like taxation works So Tyler always rides on top of these other systems I can add a point on that. So if you look at the curve that they use It is not a transaction. So it's something that is specifically counter for So Not a transaction the UP doesn't have that right now if you look at it for instance Entirely, it's actually very well designed We'll get to the other question if you have there's some time we'll get back we can discuss this offline if you want So I have two parts one is how is international payments handled number one and What's the adoption? So for the second question This is really like moving out of a research project to establishing a business. So of course the adoption is basically zero And for the first question, this is actually one of the pain points that we haven't really solved yet so For I mean international payments are for us not really use case right now Yeah Anybody there are two questions at the back there and then I'll come to you. Can you send money to peers using taller? Yes, there are two ways to do this one of them if it's like your friend or your wife and you really trust them You could just cheer coins out of your wallet First this doesn't constitute a transaction because you need to trust the sender that they really deleted the coins out of their wallets And will not spend them before you get the chance to so these things are of course not taxable Just like if I share my complete bank account details with you then you can make a transaction on my behalf without that being visible in the system and What was the second part of your question? I think that was that was just the one part of the question There's another question. I mean it's a kind of continuation of this question because you did mention limitation Is that when you want to transfer money to friends and family? Why can't we incorporate that as a feature that you know, I'm transferring money to my wife So you kind of incorporate addition feature that it's you know, I know to whom I'm transferring Okay, but the my second question is on the blockchain part I'm always having doubts or you said it's proof of stick or proof of work proof of work Yeah, but proof of work isn't that a problem? I don't know how many nodes are there in India who's doing proof of work kind of stuff And if all the nodes that are like centralized in one country won't that kind of Breakdown the whole blockchain technology. Yeah, I mean I was basically arguing against the blockchain. So So if that didn't come through with the presentation, but we're not relying on a blockchain technology This was basically just a critique of blockchain Yeah, there was a question Can you shed some more light on How exactly the blind signatures work more on the privacy of the client who's trying to pay money to the margin So we use some additional things on top of blind signature, but basically how it works is you create a Serial number for your coin you do some cryptographic Computation in order to blind this you then send it to the exchange They will sign it and say that has a value return it to you and then you can unblind it So it's a cryptographic protocol that allows some party to give exactly one signature and Only one signature because otherwise you could create like an infinite supply of coins But on some data, we don't know what their data is. So you then have a just like a signed bank note, but the Bank only knows that signed one bank not not what the serial number is Yeah, any So where is the required of these clients kept This is kept in the exchange so we can go back to the architecture diagram. So in fact there's not one central exchange, but people who have the required licenses in their legislation can run an exchange and There needs to be some trust between merchants and exchange and customer and that is established by this auditing party that certifies certifies that this exchange is running correctly and is allowed to Operate in the legislation that this auditor is responsible for so in real world. What kind of company would be an exchange? For example banks, so this would be the most obvious way to just Have a bank run as an exchange We have any further questions No, okay, since we have a few minutes more if anybody has questions we make if you could take Some more questions for say both the week and Florian We could have those as well. We could have a discussion on the relative merits of blockchain versus dollar Yeah Just mentioned who you specifically for this is for week. Okay, so Isn't it ironic in India that? Bitcoin or blockchain is an open network It's an open source network and government does not have any regulations on top of it But whatever exchanges are there in India requires the KYC from anyone who is trying to buy or sell bitcoins We need to follow with Can you hear me? Yeah, we need to follow with the Compliance procedures in India because when we are touching Fiat that is where the actual We need to abide the rules and regulations of the Indian government If you are purely using Bitcoin for all your transactions and Because there is currently still no regulation that's being put out By RBI or any government entity as such on Bitcoin There's just a warning to be very careful about using Bitcoin because it's very new That way it's like very hard to comment on the specific question that you asked Yeah, there's a question This is just to build on what we make say most of the KYC is Brought on by the exchanges to protect themselves It's not a it's not mandatory right now for them to do KYC as well It's basically they're protecting themselves so that you know in case there is a regulation that comes in It is easier for them to just make sure that this is the trail and we're not doing something illegal So that's just a protection mechanism employed by Exchanges right now It's not compulsory to add to it in terms of Regulations in other parts of the world that are being Implemented on Bitcoin US basically takes the lead in any kind of a technological innovation and They already have a license that says bit license and a lot of exchanges Continue to operate in US are fully compliant with the US bit license, which has been a regulatory Framework issued for Bitcoin some of them however decided to move out of US just because they found that the Regulations or the norm set out for Bitcoin exchanges were a bit too much so it's it depends on the use cases and how governments want to Be open to this technology Yeah, there was a question at the back that yeah, my question is for Florian I Work for raise a pay which is a payments company So what we do is we build technology on Banks and wallets on merchants we have so that they can easily accept payments. How would such a company fit into the talent ecosystem? I mean one way with One path I could imagine is just them using taller as the infrastructure with Their custom wallets on top of it So that gives them those added privacy and security benefits that taller has and also the benefit of being part of a Common free and open software infrastructure With their customizations added on top Yeah, any further questions. Yeah, there's one here. Thank you The question about taller sorry if I missed this so does a customer actually choose what exchange he deals with or is that completely? hidden from the Customs himself and there are actually multiple exchanges and not just a single exchange Then how do they kind of sync up and make sure, you know, the balance is same everywhere So per defaults every currency has in the wallet a default exchange But the user is actually free to change that and choose another exchange. So per default, of course, we Don't want the user to have to select one But if they really care about that they can do so that we can establish this ecosystem of exchanges and If I do change my exchange after say five transactions, how does that? How do the two exchanges make sure they're in sync? Right now, this is this is kind of the same issue as for international payments at least right now We don't have any way to do this without Transferring back the coins into your normal bank account and just getting a Wallet balance at another exchange Any further questions No, sorry, this is so very good. Do we have any statistics of Where are most of the where is the most of the mining being done today or where are the biggest miners? China basically owns almost 42 30% of the Bitcoin mining ecosystem because Chinese government decided They are actually missing out on technology and it's always like the Catmouse race. So what happens is initially when Bitcoin was started off the US was more pro saw the biggest growth for Bitcoin and then came the European market and China basically immediately that actually tried to ban Bitcoin at one point. They did impose a actual legal ban on Bitcoin but due to the Revolve from the community the citizens of China and also a lot of other factors the economic Factors Chinese government realized that they are actually missing out on something big as big as the internet It's like India not being able to get a sufficient IP addresses IPv4 and We are we hopefully have enough in IPv6 So it's like a technology thing and everyone needs to get on board of that technology There's one more question Just to build on what we've excited China there are two parts to Bitcoin mining, which is one is the computing power which requires Mining power, right? So second is the electricity cost to run the miners So China in both cases has the lowest cost When it comes to buying technology for mining and also the electricity cost is really really low So that is why Bitcoin mining is actually more profitable to do in China than in other countries We have any for the last questions Okay, so I think we can wrap up this discussion. Thank you Vivek and thank you Florian. Please give him a round of applause