What about Monero's cryptography makes it more private than Cashu's BDHKE?
Metadata from IP/ampunt/etc. is always a risk so pointing to that is pretty left curve, IMHO.
#asknostr
Discussion
Fine left curve, but in monero you need to be an active adversary to guess the transaction broadcaster, in cashu the mint absent any proxy always knows. There is an asymmetry there.
I'd say Monero's current cryptography is weaker, though that might change soon.
The lack of a middleman definitely makes XMR slightly better cryptography wise. With Cashu, you literally have to place trust in the mint not to deanonymize you.
Cashu is trusted, XMR is trustless.
How do you, as a mint, deanonymize?
Even an account based mint only can know amount at a given moment.
I bring you a cashu proof, how do you know its origin?
From "out-of-bound" transactions and using larger denominations. Not to mention that Cashu does not have privacy at the network level, which means mints can trace users from logs and timestamps, which can be used to correlate things such as the user themselves or their location.
Again, this is all information that Cashu's own developers have warned about on their site. https://docs.cashu.space/faq
Talking anonymous and privately to an http server is a fairly solved problem. VPN + TOR is a good first step among many.
Metadata, IP addresses, and amounts are always the most important factors when it comes to privacy, so I wouldn't consider calling out problems relating to them as left curve.
Short Answer: The fact that Monero doesn't rely on trust to function is why it's more private over Cashu and BDHKE. XMR is trust less, Cashu is not.
Long Answer: Monero uses different technologies to conceal metadata, such as ring signatures and stealth addresses, preventing the re-use of addresses, whereas Cashu uses blind signatures and relies upon trust of the mint used.
XMR also uses Dandelion++, which is essentially it's own onion routing network, to protect IP addresses. You can also take it a step further and incorporate I2P into transactions through Kovri. While Cashu is received offline, the only problem that is that off-layer protections Cashu has do not apply to the entire Bitcoin blockchain, so once a transaction from Cashu is done and the sats go back to being on-chain, more privacy risks arise.
Finally, XMR conceals amounts using RingCT. Much like with metadata concerns, Cashu's privacy is also reliant upon custodians to keep it private by not log or timestamp activities. If a mint does logging, then correlations for activities could be made.
Left curve is the correct but simple answer.
The mint trust is only for rug risk, not for privacy.
Please describe a correlation that would happen with mint logging? Assume I'm using Mullvad + TOR.
And yea, no shit bitcoin layer 1 is hard to do privately. That does make cashu less private. They're separate protocols.
The fact that the mint has the capacity to log Cashu users through things like timestamps can be used to determine what time zone a person is in and therefore their location, present an identifiability threat. It's a good thing so many people are smart enough to use some kind of protection with these kinds of applications.
Also, how is Cashu a separate protocol if it's built from Lightning and used for Bitcoin? It's a L3 application. That's like saying that BTC on-chain and BTC on the LN are separate protocols.
In the other thread I saw people complaining about anon set, amount correlation and metadata.
nothing about cashus cryptographic assurances.
and amount correlation isnt a problem on monero since it uses ringCT.
OTOH, monero is a blockchain so it's possible to use heuristics to analyze txs, whereas ecash is perfectly hiding (FCMP fixes this)
cashu's problematic because of its trust assumptions, not because its technically suspicious.
One thing that you have to give Cashu props for is that you can accept payments completely air-gapped. I hope we can get a feature like this on Monero for L2.
The name of the application: Brazilnus
Monero cryptography hides amounts. Though I think blinded amounts are being worked on for ecash. Once that is solved nothing in particular (besides maybe the anon set being fractured among different mints instead of a global unified set?)
The major issue that some people have though is not it's privacy, but the custodial nature of ecash which is obviously counter to the core ethos of Bitcoin.
Another point that doesn't get mentioned here (because it isn't about the cryptography) is that 'Ecash tokens are bearer asset tokens. This means the data that gets stored in the wallet represents the actual money itself. Should the storage be wiped, funds will be lost.'
With Monero your funds are safe as long as you have the seedphrase somewhere.
'the mint will almost certainly be able to identify a receiver that is getting paid through the mint.'
With Monero the receiver can't be linked to an address or any funds moved on the blockchain.
'Larger amounts most likely have less good privacy properties, due to their token denominations being rare. Cashu uses fixed (power-of-2) token denominations to create a hide-in-the-crowd effect. But the larger a token gets, the more likely it is that fewer and fewer of them exists, and at some point there is no crowd to hide anymore. If there is only one token of a specific denomination, it can always be linked back to its creation.'
Monero hides all amounts.
'Cashu does offer decent privacy at the protocol level, but it does not take into consideration network level privacy. mints may try to collect network data such as access time, IP addresses and or other metadata.'
That is a similar problem with Monero. Though it can either circumvented by using your own node or using a VPN/Tor/I2P with a public node.
BTW it's not recommended to use Tor + a VPN
https://support.torproject.org/faq/faq-5/
'Cashu transactions happen 'out-of-band', which shifts the responsibility to use secure channels for sending tokens. The most secure channel is to send tokens air-gapped (via QR codes), since it doesn't leave any trace of out-of-band data. If tokens need to be sent over a network, it should always be done over an end-to-end encrypted channel, preferably with self-destructing messages.'
So most everyday users will just send it through unsafe channels probably. With Monero even non-techy users profit from nearly all of the privacy features as TX gets handled/send by nodes.
(All points are from the cashu FAQ https://docs.cashu.space/faq )