fc
tolot 1y ago

Serious technical questions about #cashu

#cashu enhances privacy at the custodian level by leveraging ecash and blinded signatures, I got it and the inner worling ofnthe mechanism.

If I connect to a mint from the same IP (being that with VPN or my true IP) isn't that ruining my privacy that I supposedly gained with the cryptographic tweaking?

And if I use tor to connect to a mint, am I supposed to create a new tor connection every time in order to break any correlation and link between token requests?

Since creating a new tor connection for any interaction with the mint is a bit redundant and slow, could NWS somehow solve this issue? Is NWS a viable service for anonimizing the requests to mints?

#asknostr #cashu #ecash #bitcoin #tech #privacy

Reply to this note

Please Login to reply.

Discussion

98
Beiner 1y ago

At this point you shouldn't be on the internet 😒

fc
tolot 1y ago

This is not the question.

Since the #cashu protocol aims at solving a privacy problem by blinding the mint, I guess that's fair to say that if the mint can still correlate the IPs with the token requests, there's still a privacy leak.

98
Beiner 1y ago

Use monero i guess

fc
tolot 1y ago

That's not the question either.

Question: I need to take the bus to go from A to B, which specific bus number shall I take?

Answer: take the car lol

I mean, what?

Avatar
rfkill 1y ago

The blinded signatures protect you from this issue:

* Alice gets a coin from the mint and gives it to Bob

* Bob redeems it

* The mint now knows that the coin Bob redeemed is the same one that was given to Alice.

With blinded signatures, the mint only knows that the coin was minted and given to someone, but not to whom. Coins are fixed sizes, so your anonymity set is the number of people who have coins of the same size.

Of course there are probably tons of heuristics you could use to guess who sent coins to whom, which get harder the more users are using the mint.

fc
tolot 1y ago

Yep that's true. I give you an example about what I'm referring to

Suppose that you've a single token of 64 sats from a mint. Suppose that you need to send 30 sats: you need to contact the mint, return the 64 sats token and receive back:

1 token of 32 sats +

1 token of 16 sats +

1 token of 8 sats +

1 token of 4 sats +

2 token of 2 sats = 64 sats

With such "coins", you can add up 16 + 8 + 4 + 2 sats, create a payment of 30 sats and send it to the payee.

My issue is that if i contact a mint from the IP A.A.A.A and send it the token of 64, then receive back the splitted blinded tokens still with IP A.A.A.A, then the mint knows for sure that the first token of 64 didn't change owner and indeed was a "change creation" request and not a spending request. For sure the mint cannot know the exact "shape" of the blinded secrets, but knows that I'm due to creating a transaction.

Fair enough for the fact that the more the mint users the more difficult to do this reasoning, but still if every interaction with mint is from the same IP, the mint can possibly create an identity profile for their unique users.

Or am I missing something?