Replying to Avatar SPA (Super Phat Arrow)

Not necessarily, if the token is tied to your public key, but it's a trade off, you need to trust the payer and the mint. Everything is a trade-off

nostr:nevent1qqsf2wk6wqv7khptp69s8gamegq55md883ag2p0wnr9qsrp5cdrzg5qppemhxue69uhkummn9ekx7mp0qgs9pk20ctv9srrg9vr354p03v0rrgsqkpggh2u45va77zz4mu5p6ccrqsqqqqqpkxxlvr

Avatar
calle 1y ago

not the payer, just the mint

Reply to this note

Please Login to reply.

Discussion

Avatar
SPA (Super Phat Arrow) 1y ago

How can you know that the payer isn't giving you a fake token?

Avatar
calle 1y ago

You check the DLEQ proof the payer includes in the token (which is a proof that the signature of the mint is correct):

https://github.com/cashubtc/nuts/blob/main/12.md

Avatar
calle 1y ago

Relevant section: Carol (another user) verifies DLEQ proof

Avatar
SPA (Super Phat Arrow) 1y ago

Avatar
calle 1y ago

it's a neat little trick. the DLEQ's original purpose was to prevent tagging by the mint but we noticed that it can also be used to make the signature publicly verifiable.