Nostr Web Client

Questions:

- Initially I thought the end user has an 1-of-n trust model, but after reading it for a while it seems like in case of fraud the user has to trust an honest majority (n-of-m) of partners to give them their money

- Can we provide the user with privacy from the operator? Seems doable using blind signatures, and in that case we just created a Fedimint like system, but probably simpler

- It also seems like we can make Cashu mints trust minimized using this system, without any changes to the Cashu protocol itself, am I missing something here

ynniv 2mo ago

great questions! correct, the wallet has to rely on a majority of peers to defend their funds. but this is expected because they personally benefit from slashing the dishonest party's collateral.

we can't use blind signatures directly because they're not transferable across mints and would be orphaned when an operator exits. however we can easily move back and forth between this system and ecash mints, or use other privacy techniques. also note that there is no direct network connection between the wallet and the operator, which is a problem with cashu

Reply to this note

Please Login to reply.

Discussion

Basanta Goswami 2mo ago

More questions:

- Are you imagining it as a system where the channel partners are also operators of their own ledgers or do they only manage lightning routing stuff?

- How do intra-ledger payments work? Do you still sign some stuff saying this payment is for x, so that fraud can be proven?

ynniv 2mo ago

operators have ledgers that are tied to reserves and collateral in their own channels – it's lightning throughout. wallets request invoices that are confirmed by channel partners, making the pre-image of an unrecorded payment proof of dishonesty

Basanta Goswami 2mo ago

Another question, as I understand, the ledger that operators maintain should be transparent so that the channel partners can see fraud (fractional reserve, stealing of funds etc). Is this ledger a "blockchain" or something else? If it's going to be publicly available, could we do Monero style privacy stuff on it so that the balances of individual users stay private, but auditable. Or is that not needed at all?

ynniv 2mo ago

maybe, though i'm focused on delivering the basic framework. anything that works with keys on-chain should work here, and with low fees it's easy to limit keys to two uses: once to pay someone and once to pay the change to your own new address.

it may be possible to create more novel ledgers in the same system. the constraints are that fraud be prove-able, total funds under custody be calculable, and accounts be serviceable by anyone with the ledger. notably, the third requirement prevents us from implementing traditiona ecash

Basanta Goswami 2mo ago

Great! Really looking forward to seeing where this goes. I think even Liquid style confidential amounts could be done instead of Monero style complete privacy through obscurity. Good luck with the work