Merge branch 'update-slides'

slides/.gitignore

@@ -20,3 +20,5 @@ ProtestVerif-participating.png
 ProtestVerif-verified.png
 ProtestVerif-verifying.png
 
+preamble.tex
+revision.tex

slides/Makefile

@@ -1,4 +1,4 @@
-FIGS+= 	tposet.tikz
+FIGS+= 	trump.jpg
 FIGS+= 	proofshare.tikz
 FIGS+= 	Jacobs-method.jpg
 
@@ -8,6 +8,7 @@ FIGS+= 	ProtestVerif-endprotest.png
 FIGS+= 	ProtestVerif-verifying.png
 FIGS+= 	ProtestVerif-verified.png
 FIGS+= 	ProtestVerif-UN.png
+FIGS+= 	map-with-dots.png
 
 DEPENDS+=	bibsp.sty
 DEPENDS+=	crypto.bib
@@ -24,22 +25,29 @@ DEPENDS+=	ecurrency.bib
 .PHONY: all
 all: slides-short.pdf
 
-slides-short.pdf: slides-short.tex ${DEPENDS} ${FIGS}
+slides-short.pdf: slides-short.tex preamble.tex revision.tex ${DEPENDS} ${FIGS}
 slides-short.pdf: idea.tex
 
+preamble.tex: ../paper/preamble.tex
+revision.tex: ../paper/revision.tex
+
+preamble.tex revision.tex:
+	${LN} $< $@
+
 
 .PHONY: clean
 clean:
 	${MAKE} -C ../art clean
 	${RM} slides-full.pdf slides-short.pdf
 	${RM} ${FIGS}
+	${RM} preamble.tex revision.tex
 
 
 .PHONY: print
 print: slides-short.pdf
 
 
-tposet.tikz: ../fig/tposet.tikz
+trump.jpg: ../fig/trump.jpg
 proofshare.tikz: ../fig/proofshare.tikz
 Jacobs-method.jpg: ../fig/Jacobs-method.jpg
 
@@ -50,6 +58,9 @@ ProtestVerif-verified.png: ../art/ProtestVerif-verified.png
 ProtestVerif-verifying.png: ../art/ProtestVerif-verifying.png
 ProtestVerif-UN.png: ../art/ProtestVerif-UN.png
 
+map-with-dots.png:
+	curl -o $@ https://i.amz.mshcdn.com/IXXVklwgW0nwbCXSJb1tWHLx2H4=/fit-in/1200x9600/http%3A%2F%2Fmashable.com%2Fwp-content%2Fuploads%2F2014%2F05%2FScreen-Shot-2014-05-01-at-3.56.31-PM.png
+
 ${FIGS}:
 	${LN} $< $@
 

slides/idea.tex

@@ -1,5 +1,13 @@
 \mode*
 
+\section{What's the problem?}
+
+\begin{frame}
+  \centering
+  \includegraphics[height=\textheight]{trump.jpg}
+\end{frame}
+
+
 \section[Participating]{Participating in a protest}
 
 \subsection{Joining a protest}
@@ -9,13 +17,6 @@ \subsection{Joining a protest}
   \includegraphics[height=0.5\textheight]{ProtestVerif-join.png}
 \end{frame}
 
-\begin{frame}
-  \begin{align*}
-    cid &\gets H(\text{\enquote{WE MUST STAND UP \dots}}) \\
-    pid &\gets PRF_{k_P}(cid)
-  \end{align*}
-\end{frame}
-
 \subsection{During in a protest}
 
 \begin{frame}
@@ -28,60 +29,13 @@ \subsection{During in a protest}
   \includegraphics{proofshare.tikz}
 \end{frame}
 
-\begin{frame}
-  \begin{minipage}{\linewidth}
-    \begin{align*}
-      P\to W\colon & pid \\
-      W\leftrightarrow P\colon & \text{perform distance bounding} \\
-      W\colon & wid\gets PRF_{k_W}(pid), \\
-        & wsig\gets PRF_{k_W}(wid, t_s, l) \\
-      W\to P\colon & (wid, t_s, l, wsig) \\
-    \end{align*}
-  \end{minipage}
-\end{frame}
-
-\begin{frame}
-  % XXX Describe distance bounding
-  \centering
-  \procedure{Distance-bounding Schnorr}{%
-    \textbf{Prover}\colon g, q = |\langle g\rangle|, x\in \ZZ_q
-    \> \>
-    \textbf{Verifier}\colon g, q, X = g^x \\
-    \beta_i \sample \bin, y \sample \ZZ_q
-    \> \> \alpha_i \sample \bin \\
-    g^y, commit(\beta_1, \dotsc, \beta_n) \> \sendmessageright*{} \> \\
-    \> \text{Rapid phase} \> \\
-    \> \sendmessageleft*{\alpha_i} \> \\
-    \> \sendmessageright*{\beta_i} \> \\
-    \> \text{Verification phase} \> \\
-    c\gets \alpha_1|\beta_2|\dotsb|\alpha_n|\beta_n \\
-    r\gets y + cx \> \sendmessageright*{} \> g^r =^? X^cY\\
-  }
-\end{frame}
-
 \subsection{After the protest}
 
 \begin{frame}
   \centering
   \includegraphics[height=0.5\textheight]{ProtestVerif-endprotest.png}
 \end{frame}
 
-\begin{frame}
-  \begin{align*}
-    \{W, P\}\rightsquigarrow S\colon & H(pid, wid, t_s, l, wsig)
-  \end{align*}
-\end{frame}
-
-\begin{frame}
-  \begin{align*}
-    W\rightsquigarrow S\colon & (pid, wid, t_s, l, wsig),\\
-    & NIZK(wid = PRF_{k_W}(pid), wsig = PRF_{k_W}(wid, t_s, l),\\
-    & \exists sign(k_W)) \\
-    P\rightsquigarrow S\colon & (pid, wid, t_s, l, wsig),\\
-    & NIZK(pid = PRF_{k_P}(cid), \exists sign(k_P))
-  \end{align*}
-\end{frame}
-
 
 \section[Verifying]{Verifying a protest}
 
@@ -93,31 +47,41 @@ \subsection{After the protest}
 \subsection{Verifying proof shares}
 
 \begin{frame}
+  \vspace{-2em}
+  \begin{center}
+    \((\cid, \pid, \wid, t_s, t_s', l, \pi_P, \pi_W)\) on blockchain.
+  \end{center}
+
+  \pause
+
   \begin{columns}
-    \begin{column}{0.5\linewidth}
+    \begin{column}{0.6\linewidth}
       \tiny
       \includegraphics[width=\linewidth]{proofshare.tikz}
     \end{column}
 
     \begin{column}{0.5\linewidth}
-      \begin{itemize}
+      \begin{enumerate}
         \item Check that \(cid\) is what you're interested in.
+
+          \pause
+
         \item Verify the \ac{NIZK} proofs.
-        \item Each \(PRF\) is computed correctly.
+
+          \pause
+
+        \item Each \(\ACprf\) is computed correctly.
         \item The owner knows a signature on the key used.
-      \end{itemize}
+      \end{enumerate}
     \end{column}
   \end{columns}
 \end{frame}
 
 \subsection{Counting proofs}
 
 \begin{frame}
-  \begin{itemize}
-    \item Each \(pid\) with more than \(t\) valid proof shares is counted.
-    \item \(t\) is a threshold set to be higher than expected size of collusion 
-      clusters.
-  \end{itemize}
+  \centering
+  \includegraphics[width=\linewidth]{map-with-dots.png}
 \end{frame}
 
 \begin{frame}
@@ -127,22 +91,90 @@ \subsection{Counting proofs}
 \end{frame}
 
 
+\begin{figure}
+  \centering
+  %\footnotesize
+  \begin{minipage}{\linewidth}
+    \begin{align*}
+      O\to \text{all}\colon & \text{manifesto} \\
+      P\colon & t_s\gets \TSget \\
+        & \cid\gets \Hash[\text{manifesto}], \\
+        & \pid\gets \ACprf[_{\sk_P}][\cid] \\
+      W\colon & t_s'\gets \TSget
+      \\[-1em]
+      \noalign{\hfill Join}
+      \midrule
+      \noalign{\hfill Participation}
+      \\[-3em]
+      P\to W\colon & \pid \\
+      P\leftrightarrow W\colon &
+        \PPK\mleft\{ (\sk_P) : \mright. \\
+        & \qquad \pid = \ACprf[_{\sk_P}][\cid], \\
+        & \qquad \mleft. \sigma_P' = \ACblind[\ACsign[_{\ssk}][\sk_P]] \mright\} 
+        \\
+      W\colon & \wid\gets \ACprf[_{\sk_W}][\pid] \\
+      W\to P\colon & (\wid, t_s', l)
+      \\[-1em]
+      \noalign{\hfill Participation}
+      \midrule
+      \noalign{\hfill Submission}
+      \\[-2em]
+      P\colon & t_e\gets \TSstamp[\Hash[\pid, \wid, t_s, t_s', l]] \\
+      W\colon & t_e'\gets \TSstamp[\Hash[\pid, \wid, t_s, t_s', l]] \\
+      W\to S\colon & (\pid, \wid, t_s, t_s', t_e, l, \pi_{\wid}),\quad 
+      \text{where} \\
+        & \pi_{\wid} = \SPK\mleft\{ (\sk_W) : \mright. \\
+        & \qquad \wid = \ACprf[_{\sk_W}][\pid], \\
+        & \qquad \mleft. \sigma_W' = \ACblind[\ACsign[_{\ssk}][\sk_W]]\mright\} 
+        \\
+        & \qquad\qquad (\pid, \wid, t_s, t_s', l) \\
+      P\to S\colon & (\cid, \pid, \wid, t_s, t_s', t_e, l, \pi_{\pid}),\quad 
+      \text{where}\\
+        & \pi_{\pid} = \SPK\mleft\{ (\sk_P) : \mright. \\
+        & \qquad \pid = \ACprf[_{\sk_P}][\cid], \\
+        & \qquad \mleft. \sigma_P' = \ACblind[\ACsign[_{\ssk}][\sk_P]] \mright\} 
+        \\
+        & \qquad\qquad (\cid, \pid, \wid, t_s, t_s', l)
+    \end{align*}
+  \end{minipage}
+  \caption{%
+    An overview of the Join, Participation and Submission phases of \PRIVO.\@
+    The organizer \(O\) broadcasts the manifesto.
+    The protester \(P\), witness \(W\) and their computations are as in \cref{fig:ProofFig}.
+    Finally, both \(P\) and \(W\) submits the proof shares to a permanent storage \(S\).
+  }%
+  \label{fig:ProtocolOverview}
+\end{figure}
+
 \section{Conclusions}
 
 \begin{frame}
-  \begin{alertblock}{Limits}
+  \begin{block}{Contributions}
     \begin{itemize}
-      \item Cannot trust results that are pro-government if government issues 
-        identities (Sybil).
+      \item Distance-bounding Schnorr protocol
+      \item \Ie distance-bounding \acs{ZKP} and anonymous credentials
+      \item Solves crowd counting in adversarial setting.
+    \end{itemize}
+  \end{block}
+\end{frame}
 
-        \pause{}
+\begin{frame}
+  \begin{greenblock}{Possibilities}
+    \begin{itemize}
+      \item We can implement this by extending BankID.
+      \item There are blockchains (ledgers) with reasonable transaction 
+        throughput, \eg OmniLedger.
+    \end{itemize}
+  \end{greenblock}
 
-      \item If \emph{everyone} colludes we cannot verify the location.
+  \pause
 
-        \pause{}
+  \begin{alertblock}{Limits}
+    \begin{itemize}
+      \item Cannot trust results that are pro-government if government issues 
+        credentials (Sybil).
 
-      \item No terrorist-fraud resistance: some people can still stay at home, 
-        and relay responses to distance-bounding challenges.
+      \item Requires a chip in smartphones for distance bounding.
     \end{itemize}
   \end{alertblock}
 \end{frame}

slides/slides-short.tex

@@ -2,6 +2,7 @@
 %\documentclass[handout,ignorenonframetext]{beamer}
 %\usepackage{pgfpages}
 %\pgfpagesuselayout{4 on 1}[a4paper,border shrink=5mm]
+\usepackage[utf8]{inputenc}
 
 \usetheme{Berlin}
 \setbeamercovered{transparent}
@@ -37,20 +38,9 @@
 \input{preamble.tex}
 \input{preamble-slides.tex}
 
-\title[PRIVO\@: securely and PRIVately Verificable PROtests]{%
-  PR$^{^{\text{I}}\text{V}^{\text{ately}}_\text{erifiable}}_{\text{Otests}}$%
-  %PRIVO\@:
-  %SPRIVO\@:
-  %Securely and Privately Verifying Protests
-  %securely and PRIvately Verifiable PROtests
-  %Verifying Protests
-  %Verifying Demonstrations
-  %Verifying Real-World Protests
-  %Verifying Physical Protests
-  \thanks{%
-    An initial discussion of this work appeared in 
-    \citetitle{FutureProtests}~\cite{FutureProtests}.
-  }
+\title[\PRIVO]{%
+  From grassroots to \PRIVO: privacy-preserving CROwd Counting Using 
+  Smartphones and distance-bounding anonymous credentials
 }
 
 \author[D.~Bosk et al. <[email protected]>]{%
@@ -68,6 +58,7 @@
   \inst{2} Université de Quebec à Montreal\\
   \texttt{[email protected]}
 }
+\date{SWITS 2018}
 
 \begin{document}
 \begin{frame}