///Hacking in Parallel – Berlin///

Your locale preferences have been saved. We like to think that we have excellent support for English in pretalx, but if you encounter issues or errors, please contact us!

Are you old enough to buy this? (Zero-knowledge age restriction with GNU Taler)
2022-12-29 , HIP - Track 1 - Room 5
Language: English

Today, age verification in e-commerce implies identity verification, one way or the other. In this talk, we first look at existing solutions for age restriction and their shortcomings. We then present a design for a privacy-friendly method that binds age restriction to the ability to pay (rather than identification) and that is aligned with the principle of subsidiarity. We show how this scheme is integrated with the GNU Taler payment system, making it the first fully privacy-friendly payment system with age restriction.


Privacy in e-commerce is currently a sad story, especially with respect to age-restriction and -verification. Existing commercial solutions are mostly implemented by identity verification. Even privacy-friendly approaches, using attribute-based credentials, anchor on an external, higher authority which verifies the identity of the consumer before issuing a certificate.

The principle of subsidiarity suggests that the appropriate level of authority to set age restriction is the level of parents and caretakers - not merchants, banks or governmental institutions. Our design for an age verification scheme fully aligns with this principle.

The design is presented as an extension of GNU Taler, a privacy-friendly payment protocol. The extension augments the protocol with a zero-knowledge scheme for age verification that cryptographically augments coins for this purpose. Our scheme enables buyers to prove to be of sufficient age for a particular transaction without disclosing the age. The modification preserves the privacy and security properties of GNU Taler, in particular the anonymity of buyers and unlinkability of transactions.

We show how our scheme can be instantiated with various cryptographic signature schemes, how it is integrated with the GNU Taler payment system and what work is left to do.

This work is funded by the project Concrete Contracts by the German Federal Ministry of Education and Research.

oec

Özgür's day job keeps him busy with reading code that others wrote. At night, he is a member of the dev-team of GNU Taler, helping to extend Taler with advanced features. He does this as PhD-candidate at the Internet Technologies research group at the Freie Univeristät Berlin.