msc: Offline Digital Euro: a Minimum Viable CBDC using Groth-Sahai proofs

[synctext]

Currently doing a survey in spare 5 ECTS this Q3 quarter. (EU-ID or Euro) {also has part-time job} Aims to finish the 10 ECTS survey by end of Q1. Thesis start Q2 (29 Nov 2023).

Conduct a survey, from 1994 stuff onwards Untraceable Off-line Cash in Wallets with Observers ECB progress: https://www.ecb.europa.eu/press/pr/date/2023/html/ecb.pr230424_1~395626f0d9.en.html offline first: https://www.inkandswitch.com/local-first/

please note the survey @ Tribler lab methodology: https://github.com/Tribler/tribler/wiki/MasterThesis#10-ects-literature-survey-at-tribler-lab (e.g. try out all known open source offline Euro wallets for survey and grade them with stong/weak analysis in a table with screenshots { offline token teams }) {broad: offline cash, euro, wallets, zero-trust and ID; the entire ecosystem needs to work, that is the problem}

update brainstorm: get screenshots of banking apps using Android Play store. Understand the user experience, screens and flow. Devise a taxonomy, generalise and understand the design space. Make running Kotlin code for top-3/one approach {3 coding weeks??}. update2:

• prior offline Euro student
• Digital euro experimentation scope and key learnings
• Digital euro – Prototype summary and lessons learned five different front-end prototypes
• Is there anybody out there? Detecting operational outages from LVTS transaction data
• Operational Resilience in Digital Payments: Experiences and Issues
• Bolt: Anonymous Payment Channels for Decentralized Currencies
• Analysis of cryptocurrency transactions from a network perspective: An overview

[synctext]

Brainstorm: non-consumer Euro, business account type usage, B2B, enterprise wallet, organisational wallet, power of attorney, wallet rollout city hall Rott./Eind. trail possibilities. update: we seemed to have pole position for the European Commission ambitious plans for the digital Euro. They want exactly what we have been working on since 26 June 2019, with Wessel, Robbert, and many others later in the class of 2023:

https://www.euractiv.com/section/economy-jobs/news/leak-eu-commission-wants-digital-euro-accessible-to-everyone/

The European Commission wants to implement a digital euro that is accessible to all retail users for free, in an effort to strengthen financial inclusion and competition in digital payments

For both the payment services providers and the ECB, the draft proposal mandates “appropriate technical and organisational measures including state-of-the-art security and privacy-preserving measures.”

The draft proposal also regulates the front-end services provided to users of the digital euro. For example, they should be “interoperable with or integrated in the European Digital Identity Wallets.”

[synctext]

Updated planning. Rested after summer. Final master course of TUDelft for Q1. Finish survey by Nov. small part-time job, besides thesis. - idea of screenshots - wallet by European Comission is moving forward steadily. See [details of the EBSI server side](https://ec.europa.eu/digital-building-blocks/wikis/download/attachments/609583364/Node%20Operators%20Operational%20Book%20%28NOOB%29%202023.06.15%20%28Clean%29.pdf). This would give any wallet access to 400 million citizens and passport-grade security - What will be the core science (20-30 papers) - double spending - offline - privacy - The difficulty of getting it right - "realisation" are the core problem with digital money - combination of above - compare theory and reality (30 lines of Pseudo-code versus 5.5 million lines of code for real problem solving) - Classic from nearly 30 years ago: [Untraceable off-line cash in wallet with observers](https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=494f68ea362c88203e87306e729f1a669a2b491c) - [Actual operational tech for payments with largest NL retailer - digitale betaalpas](https://nieuws.ah.nl/albert-heijn-introduceert-de-digitale-betaalpas/) - https://tweakers.net/nieuws/171074/albert-heijn-en-ing-presenteren-digitale-betaalmethode-op-basis-van-tokens.html - Mastercard project, not ING: https://fd.nl/beurs/1354282/ing-en-albert-heijn-ontwikkelen-nieuwe-afrekenmethode - Polish origin: https://tweakers.net/nieuws/171074/albert-heijn-en-ing-presenteren-digitale-betaalmethode-op-basis-van-tokens.html?showReaction=14774496#r_14774496 - https://blik.com/en/324m-transactions-of-nearly-eur-9-1bn-12m-active-users-blik-sums-up-q3-2022 - https://www.adyen.com/en_GB/infrastructure and also : https://arxiv.org/pdf/2102.00701.pdf - Unique legal certainty of GoldEuro - founded on the bedrock of investment gold with remote digital transfer of ownership - bearer bonds, possession means legal ownership - Gold has intrinsic value - Focus for next sprint: small issue update post on progress and 1st early structure of Survey + first found literature.

[synctext]

brainstorm Gold is a unique metal with unique legal position and unique online culture. Below is a concrete master thesis direction with a deliberate sensational and provocative focus. This is an exercise to derive a properly boring, conventional, unimaginative, conservative and conformist Delft Thesis :-)

GoldEuro: an economic infrastructure for climate hell

We are on a highway to climate hell, according to UN chief Guterres [REF]. All critical infrastructure was build for a climate which no longer exists [REF]. We use the climate-triggered risk assessment from the "Climate endgame" publication by MIT as the starting point of this deliberately provocative work. Climate catastrophe is relatively under-studied and poorly understood field, especially in the climate-hardened infrastructure domain. Preparedness can no longer be considered an eccentric bureaucratic hobby (see UK risk registers), but effort we might critically depend on. In this work we propose to re-build the global critical infrastructure with possible societal collapse as a first-class requirement [REF]. We identified the three cardinal components of a minimalistic alternative. These primitives are a disaster-proof self-sovereign identity, web-of-trust, and gold-based global financial system. These primitives enable socio-economic activity without reliance of functioning governments, rule of law, banks, electricity, digital cloud, or even Internet itself. This master thesis successfully demonstrates a smartphone-centric architecture for generic value transfer with academically-pure decentralisation. We assume that the existing deployed base of billions of smartphones remains operational for the foreseeable future with existing solar and wind infrastructure. We expand the existing paradigm of "local-first software". Any two nearby smartphones can identify and authenticate themselves without risk of spoofing, if we assume cryptographic primitives based on elliptic curves are safe. State-of-the-art atomic swap approaches rely on infrastructure, we devised the first pair-wise atomic swap to secure a generic value transfer primitive. Sadly, mobile phone vendors lack incentives to engineering reliable communication primitives besides 4G and 5G. For instance, Bluetooth, QR codes, and acoustic data transfer all lack reliability. {ToDo: insert more real Tech Stuff Here}. We released our software to the Google play store cloud infrastructure. Finally, we conducted a tiny user study within our lab with three smartphone to transfer the ownership of an antique coin from 1875 made of 21,6 carat gold. For automated legal compliance in today's world, optional usage is made of the EBSI wallet infrastructure in an offline-first manner. This required invasive modifications to EBSI, as the architectural reference framework of this upcoming passport-level EU digital identity does not provide digital autonomy.

[LeonKempen]

These two weeks I have worked on reading into the topic more, putting more emphasis on researching offline e-cash. I have started gathering papers and articles (for now 13) describing solutions to the problems of offline e-cash. As for the structure of the survey I imagine it to be something like:

• Introduction (Describing general e-cash reasoning benefits)
• Desiberable Requirements (Anonymity/Double Spending handling / tranferability / etc.)
• Analysis of current solutions (With taxomy table)
• Conclusion

A Solution for the Offline Double-Spending Issue of Digital Currencies The offline digital currency puzzle solved by a local blockchain Combating Double-Spending Using Cooperative P2P Systems A practical anonymous off-line multi-authority payment scheme

[synctext]

• Climate angle or scientific angle: msc title/draft/direction: "Trust in Gold: decentralised offline payments"
  • experiment: decentralised gold vaults, picture of swapping a token for physical gold with multiple international storage locations. GoldKronor and GoldEuro EBSI wallet. {msc student has willingness to travel to Sweden for single demo picture}
  • Possible experimental trust focus. OR more architecture. Double spending simulation with transactions, cooperate/defect, and MeritRank??? Bitcoin history, Ethereum, dataset1, dataset2, etc.
• 13 papers found, that is solid progress. 25+ papers required. Also understand the importance of a taxonomy table. thought: no bank needed, no trusted third party needed, no trusted hardware needed, no Internet needed, trust needed?
• Indeed, as discussed, you need a trusted third party to store gold or keep it under your own pillow. Possibility of physical storage of gold in decentralised manner for GoldEuro or GoldKronor
• known legal issue: a piece of gold can only be transferred to another owner as a whole. Fractional ownership of investment gold is considered a collective investment and has strong legal requirements. Even MiCa perhaps, as a GoldEuro might be seen as a crypto asset.
• List five screenshots of e-cash user interfaces??? This is a next step for the maturing and deployment to 400 million users in EU of a generic wallet with money and passport-level identity. Beyond current literature state: pseudo-code of double spending without any code, no deployment or trail or efficiency.
• Planning, 10 ECTS survey + TPM 'low exam risk course'. Q2 start thesis ~13Nov, 20Dec: Problem description first draft. Wild ideas need to be come somewhat concrete. June/July 2024 graduation.
• Next sprint: "overleaf first draft" or just dump the citations inside Latex.

[LeonKempen]

Sprint update:

Last sprint I worked on writing the survey, more specifically on three sections:

• The 'desired properties'. For now unforgeability, unlinkability, anonymity and transferability
• The double spending problem, explaining the two generic solutions (detection and hardware),
• 'Evolution' of offline e-cash, listing the different e-cash schemes from literature.
  • Most of the time is spent on this section
  • For now big wall of text, I tried grouping them in a somewhat logical order as some schemes are built as extention of others, or are addressing the same subproblem.
  • Not all are included in the list yet. (At the time of writing, around 4 of the ones found in last sprint are missing)

Potential discussion points:

• Literature mostly mentions shops / merchants, should this be used in the study as well, or could this be extended to generic parties like regular cash?
• Possible definition of offline e-cash, as some schemes state that the bank, or trusted party, is offline/unreachable, however fully offline e-cash does imply that no other participant rather than the ones in relatively close proximity are reachable.

I just shared the Latex file with peer2peer

[synctext]

• first draft of survey :+1:
  • wealth of links can also be added with minimal space and attention. Keep focus {mostly}
  • ready for first draft taxonomy table on Page 2.
• remove all intermediaries; Section-level problem?
• Feasibility of design: speculative idea, unproven, simulations, real code, Internet-deployed, irrefutable performance analysis of real-world usage
• levels of offline: no networking ever just QR code scanning, isolated pair-wise networking, store-and-forward networking, real-time ad-hoc packet forwarding, mostly offline; occasional online
• The fifth EU anti-money laundering directive takes effect
  • https://www.technologyreview.com/2020/09/10/1008282/north-korea-hackers-money-laundering-cryptocurrency-bitcoin/
  • https://www.bloomberg.com/news/articles/2022-08-12/dutch-arrest-man-suspected-of-being-involved-in-tornado-cash
• Trusted Execution should never be trusted
  • Intel SGX is hacked in 2017!!
  • https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-lee-jaehyuk.pdf
  • all 15 TEE are deemed unsafe and untrusted https://arxiv.org/pdf/2109.01923.pdf
• Include the latest scientific and political developments. As part of the Chancellor of the Exchequer’s ambition to make the UK a global hub for crypto-asset technology and investment, The Royal Mint has been asked to produce an NFT for Britain.
  • https://www.royalmint.com/innovation/nft/
  • https://gold.tether.to/
  • https://lohkowallet.com/lohko-nft/ etc etc
  • Trust in secure physical storage and governance of whole eocsystem (e.g. Tether organised crime accusations)
• first-to-claim principle
  • we re-define double spending away. Remove all moral principles. Simply the "game" to get your transaction first approved by the majority and make it "irreversible".
  • Kadupul: Livin’ on the Edge with Virtual Currencies and Time-Locked Puzzles
• Scope? Launching your own currency system leads to trouble with kings and central banks, see Miracle of Wörgl from 1931
• Communications of the ACM puf piece Why You Should Be Able to Make Your Own Individualized, Digital Nano-Currency {indeed, very envious that something I worked on since Aug 2007 is getting this PR level from outsiders {just an infeasible idea published inside Communications of the ACM} } We propose the creation of individualized nano-currencies: small localized, self-resolving currencies specially designed to solve problems for ordinary people or small firms cut off or distanced from the resources of the traditional financial system.
• Aug 2007 Bandwidth-as-a-currency. The first publication of any distributed ledger {please check}??? Delft with Harvard researchers, paid seeding, pre-dates the existance of Bitcoin. No support for greed and speculation, bit of a mistake in hindsight :smile_cat:

Idea for master thesis: everything focused about arranging international vaults for GoldEuro experiment with EBSI wallet???

edit. micropayments are unsolved https://news.ycombinator.com/item?id=37808115

[LeonKempen]

Sprint update: Wrote introduction, worked on taxonomy table and added concluding remarks

by the way, for mechanical engineering the survey can (must) be re-used for the thesis: https://studiegids.tudelft.nl/a101_displayCourse.do?course_id=66012

[synctext]

Your GoldEuro, Bitcoin, and Bittorrent are optimal disruptors! Please go beyond your current boring requirements (unforgability,transferability). Motivation: If financial market competition is intense, why are financial firm profits so high? Reflections on the current 'golden age'of finance. See also IMF working paper {RANT warning :warning:} There is structural lack of true competition in finance (Rising concentration in many financial markets has made it possible for key firms to exercise pricing power). We see evidence of this today in the market with record profits, all banks refuse to give high interest rate of ECB back to consumers (see gentle wording in central bank report). There is a lack of policies that bank can simply go bankrupt, without compromising financial stability (Never-too-Big-to-Fail). This is observed in multiple markets, as consolidation and power concentration is structurally growing (see platform capitalism book.

• Add this macro level of lack of market competition versus micro-level of a GoldEuro?
  • macrolevel lack of true competition
  • motivates our permissionless GoldEuro architecture
  • Gold has intrinsic stability and value
  • investment gold can be traded electronically and remotely. Complete legal certainty
  • Not even the ECB has the power to stop this (?!?). Note, they thankfully stopped Facebook from printing their own money.
  • {obviously its not nice to bring this in at late stage of survey (7-pages); saved for master thesis}
  • GoldEuro: a true stablecoin without central bank permission (and some novel offline stuff) :rofl:
• IV. EVOLUTION OF OFFLINE E-CASH Solid wall of text. Split or add bullet points for clarity.
• LIST OF ALL DESCRIBED SCHEMES Great taxonomy table content. Little polish required, [ref], author names not needed. Nicer :heavy_check_mark: :no_entry_sign: signs. Academic wording: irrefutable timestamping, bank blinding.
• unbelievable cool survey example with 407 citation 44-pages by a TBM student "A Survey on Approximate Edge AI for Energy Efficient Autonomous Driving Services".

[LeonKempen]

Hereby the final version of my literature survey. After the last sprint update, the main focus was on rereading the survey for final reprashes and grammar and the feedback points above. Literature Survey Leon Kempen Offline e-cash.pdf

[synctext]

• Solid survey! Text could use more polish and smoother running sentences.
• "TABLE I LIST OF ALL DESCRIBED SCHEMES", add more informative 'offline transaction'
• Wall of text, not a single figure or illustration
• missing literature?
  • Dual-Anonymous Off-Line Electronic Cash for Mobile Payment
  • thesis: On the Viability of Digital Cash in Ofine Payments
• {repeating} all 15 TEE are deemed unsafe and untrusted https://arxiv.org/pdf/2109.01923.pdf

Thesis first sprint goal by X-Mas: 1-page Problem Description draft (direction, focus, scope, and ambition level of thesis).

[LeonKempen]

Sprint update for the past three weeks:

• I have integrated the feedback above in my survey. The Dual-Anonymous payment scheme was (initially) behind a paywall, however I could access it after downloading the lean library plugin. I have added the scheme to the list. Literature Survey Leon Kempen Offline e-cash.pdf

• I worked on my Problem description draft. Currently, I am not sure how formal this should be. Problem Description Leon Kempen Draft.pdf

• I started on implementing the scheme of Brands to get a more practical (and in-depth) feeling of how the schemes work. The very basic implementation (withdrawing and validating transactions) is not yet working. To get it working properly, I think that I have to revise group theory.

[synctext]

• Solid writing!
• III. Double Spending. Unlike online e-cash schemes, offline schemes do not have access to a trusted third party, or at least the entity responsible for issuing and retrieving e-cash, and can thus not verify whether a token is already spent. More direct and dramatic form: double spending is defined as unlimited money printing by adversaries. Repeatedly spending the same coins can either be prevented, detected with near certainty, or irrefutably linked to a person.
• According to the Dutch national bank, De Nederlandsche Bank, 79% of all payments in the euro area were settled with cash in 2016, which dropped to 59% in 2022 Long sentence going across 4-lines.
• However, those types of payments are heavily dependent on being able to contact one or more trusted third parties. Every payment is facilitated by a financial institution. Direct payments using cryptocurrency without any intermediary are negligible.
• When such a party can not be contacted, like during outages, which occur more often and with an increasing duration [4], the method is obsolete and void. too much complexity in 1-line: 1) no communication == no transaction 2) outages are often 3) outages happening more than in the past 4) centralisation is obsolete and void
• Record of 6 lines sentence!

  Another issue with these digital payment methods is that
  they are not anonymous, unlike cash, and thus require trust in
  a third party, most often a bank, to handle the personal data
  such as balance, transaction details and name and address
  details confidentially and not use them for commercial gain
  [5], and secure it adequately to prevent data breaches.

• Grammarly or 1-shot chatGPT polishment {not writing} with prompting Below is a paragraph from an academic paper. Polish the writing to meet the academic style, improve the spelling, grammar, clarity, concision and overall readability. When necessary, rewrite the whole sentence. Furthermore, list all modification and explain the reasons to do so in markdown table. Add a #INCLUDE(ChatGPT) in acknowledgements.
• "viability of untracable money", An effective system to combat money laundering and terrorist financing. Ook: De ontwikkeling van de bancaire zorgplicht
• Master thesis: gold or no gold! {emt money token} {gold-backed EMT???}

[LeonKempen]

This sprint:

• Thought more about direction of thesis and possible different solutions (Blockchain-based etc).

• Rewrote long sentences from my survey Literature Survey Leon_Kempen Offline e-cash.pdf

• Implemented solution of Eslami - A new untraceable off-line electronic cash system. Got running (and working) code in Python

• Presented at the Tax office

[synctext]

• TABLE I: List of all described offline e-cash schemes, you uncovered 30 years of evolving offline e-cash?
• Just 10 papers in 30 years? Add more, even the 'extreme' paper with silly hardware assumptions.
  • That is intro material!
  • like: despite the importance of an offline solution, surprisingly little research has been done within this area. Only 10 papers have been produced in exactly 30 years.
• Thesis: good to start with 12 year old algorithm
  • climate doom prepping, offline economy for GoldEuro motivation storyline, Science journal paper from Dec 2023. This requires transferability, not in this 2011 algorithm.

[LeonKempen]

This sprint:

• Put the focus on reading up on more complex cryptographic protocols. More specifically the ones mentioned in the following line: The basis of our transferable e-cash scheme is a randomizable extractable NIZK commit-and-prove scheme C to which we add compatible schemes: an M-structure-preserving signature scheme S that admits an M-commuting signature add-on SigCm, as well as a (standard) M0-structure preserving signature scheme S0 (all defined in Sect. 4.2). Source Bauer et al.
• Looked into a possible library to use for cryptographic protocols. A good candidate might be MIRACL core
• After the discussion on Thursday, I looked into designing a scheme which relies less on hard cryptography and came up with a starting design. However there are still some challenges left. Experimental_Design.pdf Description of main challenge, say we have users A B and C, when A sends its token to B a tag should be generated that is non-mallable by B, but verifiable by C

[synctext]

We discussed the various possible thesis directions: usability side with prior designs, real gold trail, or the hardcore crypto designs. Thesis has initial running code as of 18Dec 2023. In a few weeks we need to fixate the Problem Description, see the 29Nov version. Core: 4 Ambition My ambition would be to create a prototype implementation of an offline value transferral scheme that could serve as an example of CBCDs. Potentially, this prototype can also be demonstrated during a workshop.

EBSI is getting attention under the ongoing EU precidency of Belgium:

• https://sciencebusiness.net/news/ict/belgium-focus-public-sector-european-blockchain-during-its-eu-presidency
• https://crypto.news/belgium-leads-charge-to-renew-eu-blockchain-infrastructure-project/
• https://www.dlnews.com/articles/regulation/belgium-to-lead-eu-blockchain-project-that-mimics-ethereum/

So EBSI wallet exploration could be technical foundation of thesis, with Belgium taking care of political embedding. Idea of implementing Bauer et al.. For fancy crypto GoldEuro your need fancy zero-knowledge proofs. Groth, Jens and Sahai, Amit, Efficient Non-interactive Proof Systems for Bilinear Groups, Advances in Cryptology -- EUROCRYPT 2008: 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings (2008), Springer Berlin Heidelberg

• https://github.com/gijsvl/groth-sahai (12 stars)
• https://github.com/jdwhite48/groth-sahai-rs (8 stars)
• https://github.com/Mahdi171/Groth-Sahai (2 stars)

Probably good idea to first continue with a less complex system. Eslami - A new untraceable off-line electronic cash system. Already got running prototype code in Python (superapp==Kotlin). Upcoming sprint: take existing .py and translate into .kt files. Get working app in 1 sprint :monocle_face: ? Ensure a working .APK, with possibly nice features! Future: EBSI wallet?

Solid design idea! Atomic option, double spending reveals your identity once-concealed, twice-revealed. Even more strict requirement: just one-way communication for coin transfer (e.g. QR scan).

[LeonKempen]

This sprint:

• Main focus was on building the application:
  • Forked super app repository: Offline euro Github
  • Implemented Eslami protocol, with 100% double spending detection, but cannot always reveal identity. (In some cases a value is not invertable in a modulo will have to look into that more.)
  • Created a very basic UI for it. More functionality will be added: setting the name of your bank, balance with the bank and storing secret values somewhere such that subsequent runs have the same values instead of new random ones.
  • APK: Link to Google drive
  • Ran into a connectivity issue in IP-V8 where some peers could not find each other. My phone could find two emulators and my laptops, but the other apps could only find my phone. I have to look into this more.

For: 'Even more strict requirement: just one-way communication for coin transfer (e.g. QR scan)', as the challenge would have to be created by the receiver to prevent replay attacks this might be difficult to achieve.

Dump of screenshots:

[synctext]

• :tada: Running code !!!
• end-to-end test with mocked IPv8 community :+1:
• implemented crypto scheme is not offline transferable
• Two way or 1-way communication or both?
• NFC detailed deployments stories
• Aiming for, say, 4 July thesis defense.
• Target thesis outcome, select one:
  • 'offline tikkie' / Bitcoin integration ?
  • trail with supermarket
  • performance analysis
  • trail with GoldEuro
  • trail with EBSI EU wallet with offline digital Euro tokens
  • assume web-of-trust is available (pre-trusted, TOFU)
  • assume double spending is solved with signed IOU, debt tied to passport-grade offline ID
  • another offline algorithm
• This sprint: polish, explore another crypto scheme

Full Offline Toolbox thesis idea Store of value	ElGamal	crypto 2 scheme

Gold token Offline Euro offline Bitcoin

[LeonKempen]

This sprint:

• Bit less progress than anticipated
• Put a lot of effort in trying to understand Groth-Sahai proofs. The sources I could find all had different notations and specifications. It seems like GS proof as more like a flavour/framework for a proof, making it very hard to apply correctly in a protocol.
• Spend more time looking for possible scheme that is transferable but does not use GH proofs. At the end of the sprint I found an interesting one using XOR's for double spending detection: Multiple-Use_Transferable_E-Cash.pdf

[synctext]

• Funny story, when you're on page 7 of Scholar.Google you're really diving deep
• Can the design from Bengal be implemented?
  • this makes it 4-5 designs which can be implemented in the history of crypto for transferable offline tokens :open_mouth: :astonished:
  • Is this generalisation on the XOR one-time pad principle?
• {repeating} Sadly, mobile phone vendors lack incentives to engineering reliable communication primitives besides 4G and 5G. For instance, Bluetooth, QR codes, and acoustic data transfer all lack reliability. {ToDo: insert more real Tech Stuff Here}.
• How much time to spend on "nfc enabled in peer to peer mode android"? (NFC-F 424 kbps)
• idea:, go beyond prior Norway offline token trail photo
• Sprint idea: implement the 5-page Bengal design.

[LeonKempen]

This sprint:

• Quite early into the sprint I noticed that the Bengali paper could not be implemented easily, due to an undefined operator. To quote another paper: "We point out at this point that Sarkar does not explicitly define the algebraic nature of the dot product involving bij above. However, Equation 6 of (SARKAR,2013, Section 10) makes it clear that it must be distributive over the exclusive-orto enable the detection of double spending .... Therefore, rather than a plain integer or modular product (which would not be distributive over the exclusive-or operation), the dot must denote the product in the binary polynomial ring F2[x] or, more likely, some binary finite field F2m, so that the multiplicative inverse is defined for all nonzero values." From Efficient_Methods_for_Lattice-Based_Cryptography
• Designed a scheme in which the two participants in a transaction collaborate to create a ZK-proof of the transaction, with revokable anonymity when double spending is detected (Recommend reading chapter III of the thesis first, see below). Experimental_Design v2.pdf
• Started on writing part of my thesis based on my design. Master_s_Thesis___Leon_Kempen (WIP).pdf
• Found a cool website regarding CBDC's: https://www.atlanticcouncil.org/cbdctracker/

[synctext]

• evaluating progress for a 1 July or 30 Aug graduation :thinking:
• great find! 134 countries & currency unions, representing 98% of global GDP, are exploring a CBDC. In May 2020 that number was only 35. Currently, 68 countries are in the advanced phase of exploration—development, pilot, or launch.
  • Low-hanging fruit from offline crypto theory is gone.
  • Complex real-world requirements result in ugly non-intuitive real-world designs
  • stop the fantasy assumption of trusted third parties
  • stop the fantasy assumption of trusted hardware (it's all hacked!)
  • support offline transferability and fungibility
  • :cry: Guess we need to drop the one-way communication requirement for feasibility
    • put Bluetooth or Wifi as requirement
    • no simple and secure QR-code anymore. 2-way NFC??
  • Age of elegance is gone, no more nice theory-only proposals (all 11 of them in 30 years)
• The geo-political angle with codependency of America and China. Examples of Infrastructuralization by China of TikTok, WeChat, and e-CNY. Plus digital taxation infrastructure {the breadcrumbs of news that China is decoupling their infrastructure from US}
  • China’s central bank continues to take aggressive steps toward assimilating the digital yuan within its domestic financial system. China, the world’s largest bilateral creditor and leading trading partner, could use the digital yuan to elevate the status of the renminbi and challenge the dominance of the US dollar.
  • The United States is at risk of losing economic leverage and international financial power if Beijing continues to dictate the norms and regulations of digital currencies.
• RSA? :astonished: :face_with_thermometer: Maximize your "scientific contributions: Quantum-Resistant Cryptographic Hash Library with required protection against rainbow table attacks
• Double spending: (central) trusted third party (TTP) or (decentral) collaborative double spending detection
• Design your own offline crypto!
  • C. Groth-Sahai Proofs and non-interactive witness indistinguishable (NIWI) :+1:
  • Choose: theory thesis or experimental
• please publish your draft code !!
• Upcoming sprint: send 1st draft thesis to financial regulator, request field trail, and coding.

[LeonKempen]

This sprint:

• Most focus was on writing the draft thesis. Master_s_Thesis_Leon_Kempen.pdf. Some remarks:
  • The structure and content are there
  • Text will need to be polished, possibly add more figures.
  • For now still with blind (hashbased) RSA signatures. Once I got a working version of another blind signature protocol (like blind Schnorr). the section will be replaced.
  • Potentially add field trial section to implementation section.
  • Security assumptions still need to be finished
• Published very early POC code of the new protocol. GS proofs and simple wallets are there with functioning DS detection and anonymity revocation. This will be extended in the upcoming sprint.

[synctext]

• Solid progress towards graduation! :tada:
  • almost-ready thesis Latex
  • Experimental results focus
  • many options possible: GUI, crypto, EBSI, trial, etc.
• Your opening line could be more informative and opinionated: Current digital payment systems are extremely fragile when compared to cash. Traditional cash payments are robust by design. Digital payment systems can only be classified as fragile by design. Payments systems are significantly less robust due to their cheap design and complete reliance on Internet connectivity. The lack of robust transaction systems might be caused by the regulation and protectionism within the financial industry. underperforming banks can often not simply go bankrupt. For instance, a provincial bank such as SVB caused enormous uproar when it collapsed in 2023.
  • versus "Digital payments are becoming more important in the current financial system."
• "relies on zero-knowledge proof to transfer Digital Euros"
  • our architecture and initial implementation offers complete privacy of transactions using zero-knowledge proofs.
  • To provide privacy, but still guard against money laundering and other financial crimes we added the following privacy-guarding mechanism. The bank and trusted third parties need to collaborate with law enforcement officials to decrypt transactions.
• solid milestone: network emulator with 5 clients + bank + trusted third party
  • no IPv8
  • working: Groth-Sahai proofs!

update :

• Offline CBDC KYC https://www.eecg.toronto.edu/~veneris/ICBC241.pdf
• BiS offline polaris project https://www.bis.org/publ/othp79.pdf
• US White House, Executive Order (EO) 14067, US CBDC: https://www.whitehouse.gov/wp-content/uploads/2022/09/09-2022-Technical-Design-Choices-US-CBDC-System.pdf
• IMF: https://www.imf.org/-/media/Files/Publications/PP/2023/English/PPEA2023048.ashx
• EU EDPS https://www.edps.europa.eu/system/files/2023-03/23-03-29_techdispatch_cbdc_en.pdf

[LeonKempen]

This sprint:

• Replaced blind RSA signature with blind Schnorr Signatures
• Updated code to make use of databases again to store digital euro's (both for the bank and the user)
• Did some testing regarding the growth rate between transactions and the verification process with different type of elliptic curves.
• Integrated feedback and new sources in the thesis: Master_s_Thesis_Leon_Kempen.pdf

[synctext]

• 11 pages of IEEE 2-column text :tada:
• A digital Euro is political, so you have to mention popular stuff like quantum-resilient elliptic curves (e.g. IV. SECURITY ASSUMPTIONS sub-section IV.c).
• Early July graduation aim, green light next meeting :green_apple:
• building upon the Ethereum selected approach
  • https://crypto.ethereum.org/blog/groth-sahai-blogpost
  • mention in thesis why you selected this construct for the Digital Euro functional prototype
  • https://eprint.iacr.org/2013/662.pdf
  • https://mystenlabs.com/blog/groth-sahai-proofs-zero-to-hero
  • Embedding identity unlocks new venue for linking proofs, mention in Section V intro lines?
• Less modesty in design section: "We realised a complete system based on our novel Groth-Sahai proof approach"
• "VII. IMPLEMENTATION" and performance analysis
  • "Fully functional prototype", less modesty, it is running code of self-invented crypto
  • usually strictly forbidden :no_good_man:
  • Only allowed if there are 10 papers in 30 years. Like in your case.
  • Nobody succeeded!
  • Quality assurance mentioning...
  • unit tests: do you have industrial-grade unit testing framework?
  • if yes: sell it in thesis :money_mouth_face:
• Upcoming sprint: field trial focus? integrate uTP binary transfer for Superapp offline Euro? Transactions are beyond 1 UDP packet, I assume.

[LeonKempen]

This sprint:

Heavy focus on coding:

• Updated superapp fork with the latest changes to fix the start up bug. (IPV8 was updated in the meanwhile)

• Implemented an overlay over the trustchain community that watches a messagelist. The community can add messages to that list to be interpreted by the overlay. This makes it possible to fully mock the community by adding messages to the message of the receiving Peer.

• Created a full-on system test with the approach mentioned above

• Started working on the app (ran into quirks with android development) registration is now working. Implementing the rest should be less complicated.

• Not too impressive apk can be found here: Debug APK latest GH action or Google drive

[synctext]

• Offline Digital Euro: a Minimum Viable CBDC using Groth-Sahai proofs
• Related work: DOT-M: A Dual Offline Transaction Scheme of Central Bank Digital Currency for Trusted Mobile Devices
• Early July graduation is ambitions: your results are clearly beyond state-of-the-art, but not yet 'sold' sufficiently
• arXiv upload of your thesis work please
• wrap up results section
  • 3 screens, show that everything works. (like above related work; Fig. 9. A runtime instance of the implementation for the payee and payer respectively.)
  • offline screenshot: bluetooth, QR codes, wifi

[LeonKempen]

This sprint:

• Worked on implementing a demo (and presentation) for the EC lab visit. Latest APK can be found on Google Drive
• As communication protocol IPV8 is used. However no other third parties are contacted (or can read signed payloads), thus the protocol can be used in a fully offline scenario when IPV8 is replaced with NFC to transfer bytes.
• Worked on improving the thesis latex with feedback from Quinten: Master_s_Thesis___Leon_Kempen (3).pdf
• Written more tests (will be included in the thesis) (Coverage/Systemtests with Mockito)

[synctext]

• thesis is getting slowly ready for defense :checkered_flag:
• Single citation only in Problem Description
• Main Tribler pointer: https://github.com/Tribler/tribler/wiki#current-items-under-active-development
• More results then "Figure 2".
  • code coverage :+1:
  • line of code per function or something; breaking down in 10-20 parts (.kt files, classes,..)
  • no screenshot of the app you have operational :cry:
  • Even Google is incapable of making a good Wallet app
• try to upload to arXiv, preferably with your adviser as 2nd author :grin:
• Figure 2: transactions numbers are discrete, but continuous lines. of "actual encoded transactions in a byte array with default Kotlin serialiser"
• "Grotwh"
• too timid! To determine the limits of our design we performed an experiment with 1000 offline transactions.
• section openings
  • "The current protocol relies on a TTP to revoke the anonymity of users in case double spending is detected" Our double spending approach is limited by a trusted third party which should revoke anonymity. Collusion of bank which store private proofs and trusted third party which store a magic private key means everything is visible. :fearful:
  • "This thesis proposes an offline transferrable e-cash scheme that could be used as a prototype for the CBDC of the ECB." :point_right: We build the Digital Euro! :point_left:

[LeonKempen]

This sprint:

• Found and booked a room for the thesis defense.
• Integrated feedback
• Extended the implementation section with an introduction to the app and how everything is set up. Left out the code coverage and code breakdown as a feel like these do not fit the narrative of the storyline. PS: I think that code coverage and code quality are something 'normal', for reference these are the details now (ceiling not yet reached):
• Rewritten and repeated the experiments done, added a performance graph. Both experiments can be found on the repository as separate unit tests for repeatability. (Location in repo)
• Rewritten conclusion to be less of a summary and more 'conclusion-like'
• Draft thesis: Master_s_Thesis_Leon_Kempen_Draft.pdf

[synctext]

• arXiv.org upload please before defense
• Much progress with thesis :clap: :+1: :clap:
• Balancing privacy and fraud prevention, double spending and token transferability are three major problems regarding e-cash., start problem description with the word problem.
• When the protocol is implemented this way, when an architecture favours privacy instead of fraud prevention.
• results from having too much privacy. mention perhaps Chaum example, requires online check
• VII. IMPLEMENTATION also contains experiments
• The described protocol is implemented in Kotlin as a proof of concept, small bit of info on why and what
• As mentioned earlier, the size of the digital euro must grow for each transaction. More scientific: size of our primary data-structure. etc.
• (a) TTP, Figure 2, expand for clarity to trusted third party

[LeonKempen]

• Uploaded paper to ArXiv, current status is on hold.
• Made slides: Offline Digital Euro - Thesis Defense Presentation.pptx

[synctext]

Too many slides. Cut in half. Add more scientific content:

• Why implementation and experiments?
  • validate the theoretical models
  • performance analysis of real implementation
  • mature science towards large-scale societal usage
• "Offline e-cash is a niche - 10 papers since 1984"
  • Show your own table
  • italics Github PDF