|
|
|
| e-Pub |
Previous | 
Home
Section: Research Program
Secure electronic payments
Online payment systems are an important building block as they can be used to sustain community efforts (such as software development, research or editorial work) and are necessary for commercial success. The most well-known contender in this context is the decentralized Bitcoin currency. However, Bitcoin has the disadvantage that payments are not anonymous, that the money supply is not controlled, and that its operation requires vast amounts of computational power, which is hardly environmentally friendly.
We are creating Taler, a startup offering untraceable payments to provide support for payments on the Internet, but also of course within the future GNUnet. The basic goal is that the person sending money remains anonymous, whereas the receiver is easily identified. Furthermore, the money supply is tied to traditional currencies via peers that operate as banks. As a result, the system provides anonymity for buyers, while allowing states to tax income. Taler supports a controlled money supply, and requires vastly less computational resources compared to Bitcoin.
A key technology for Taler is onion routing, as this will enable users to hide their IP address during transactions. Initially, Taler will use the Tor network to provide an anonymous 1:1 communication channel. Today, the Tor project is the most well-known and widely deployed onion routing system. However, in the medium term, we would like to investigate an alternative design. In the Tor project, eight trusted directory servers provide the foundation for the security of the entire network. The directory servers are used to allow peers to enumerate the set of all active Tor routers. Using that list of all routers, peers choose routers at random to construct the circuits that are fundamental for onion routing. An adversary that is able to compromise five of the directory servers can thus completely violate all security guarantees of the Tor network.
We are not saying that this is a terrible design per-se and would certainly not claim that users should avoid Tor for this reason. However, given recent revelations about the nature of real-world advanced persistent threats, it is prudent to develop a system that does not have this weakness. Hence, we propose to construct an onion routing system in GNUnet that uses a form of Byzantine fault-tolerant random peer sampling instead of directory servers for the selection of random peers.