As both a #security #researcher and #OpenSource advocate, I say forget the secure element.
I'm not sure exactly how cashu fits in here, but if it's just a matter of storing the tokens you get from the eCash server: require a PGP pubkey and encrypt the tokens with that. Simple, effective, and easy to audit.
Or ECC encryption, if you prefer that. https://cryptobook.nakov.com/asymmetric-key-ciphers/ecc-encryption-decryption
Cashu tokens are a bearer instrument so if someone reads your unencrypted token they can spend it without your knowledge. There are many solutions: encrypt the token is an easy one but you pay up front in client side CPU cycles.
Another easy solution is to use NUT-11 p2pk locking. This is essentially a smart contract that lives server-side and adds an unlocking script to the tokens. This puts more of the CPU burden on the server in a pseudonymous way. Normally this would add a trust assumption but cashu is already a trusted system so it's generally a better tradeoff. You can also lock tokens to someone else's pubkey non-interactively. Yuge!
There is also an economic argument against a bitaxe SE. Secure enclaves are not cheap and the bitaxe hardware just isn't that powerful. It might take a decade to pay back the additional up front investment to add a SE to the hardware. Or it might never pay itself back. Not a great return on security investment.
With generic hardware that does more than mine or a much more powerful miner it might make sense. We're getting there! I saw NerdAxe has a 75W 5TH miner now (or soon?). 🤤 Somebody is working on a router with a built-in ASIC and ad-hoc WiFi pay-as-you-go API. Might be worthy of a SE...? idk
I don't get how trying to finding the next BTC block is connected to getting cashu tokens.
Is the idea that you'd be using a pool and instead of the pool paying out on chain, or over lightning, that they'd issue you cashu tokens instead?
Yeah the pool is a cashu mint. Your cashu balance slowly ticks up as you get paid ecash rewards. When you have enough saved up redeem via lightning or an on-chain UTXO.
That's vanilla ecash mining pool payouts. I'm working on something even cooler, ecash mining shares. I go into detail in this talk: nostr:note1z7ne9dd8yahmtvxyak3wz3mks7fx5c3lnl90levepdccmqdtpyrs2ucr0y
Impressive. I look forward to following your work even though I don't have a miner.
I don't totally get the epochs and things like what happens if the pool doesn't find a block in two epochs? Do all the old ehash tokens then become worthless? Or do you swap tokens from the old epoch to the new one (and lose your value if you fail to do so)?
I feel like some kind of diagram of that life cycle would be helpful in explaining how it works so plebs can understand where the risks are and whether there's anything they can do to mitigate them.
Thanks for the feedback! I agree I need to work on making that part more clear.
The epoch length is configurable by the pool. I haven't gotten far enough to know what a good default is but Ocean, I believe, targets an 8 block window for the share maturity period. So if blocks are found on schedule each share should pay out 8 times. With a large window like this the pool has to get really unlucky for any shares to be worthless, but it is possible.
This site has the best explanation of PPLNS that I have found: https://mintpond.com/b/prop-vs-pplns-vs-pps-mining-pool-reward-systems
The PPLNS visualization is randomized but you can usually see a share that never pays out as well as many shares that pay out multiple times. I should screen record a gif to make it easier to share on nostr.
