Nostr Web Client

We’re working on an open communities spec at damus. one downside of lightning zaps is that they are not verifiable from random people, they are only verifiable if you trust the wallet that sent the zap.

I haven’t looked at the cashu zaps spec, but i wonder if you could you build a stacker-news like client where the community has their own cashu node? Then you could validate zaps against the community mint, enabling secure, Reddit-style top posts powered by ecash zaps.

Is this doable nostr:npub12rv5lskctqxxs2c8rf2zlzc7xx3qpvzs3w4etgemauy9thegr43sf485vg ? I guess the last ingredient is making sure the ecash wallet swaps the token for the community you are sending nuts to.

Maybe ya’ll are building something similar at chorus?

Reply to this note

Please Login to reply.

Discussion

semisol 7mo ago

This centralizes the entire zap flow to be not much better than stacker news and similar. All payments go through one server

jb55 7mo ago

Only for that community

semisol 7mo ago

so why don’t we make a zap attestation intermediary, or use preimage

jb55 7mo ago

how would that would work? preimages don’t help you validate a real payment…

semisol 7mo ago

you have an invoice committing to the zap via deschash, and a preimage to prove it was sent, completely trustless

well, what prevents me on a cashu mint from sending sats to my sock accounts and sending them back?

jb55 7mo ago

thats how zaps work already… the bolt11 could be fake so showing the preimage doesn’t mean anything, i thought you knew that.

I am just focusing on fixing zap validation, not zapwashing

semisol 7mo ago

then just validate it with the zap service npub? the receiving wallet publishes it so it’s trusted

semisol 7mo ago

if you cannot trust the receiver to not publish fake zaps, you cannot stop zapwashing.

and even then fake zaps can be filtered because they don’t come from real accounts

Garbage nsec 7mo ago

I think the point is with a token drawn on a mint at least you can be certain that x sats were drawn on y mint and locked to z pubkey. Which, while still game-able, is a level of certainty above what you can get with LN zaps.

jb55 7mo ago

i think i understand the misunderstanding? each community would hold the sats for the posts you make in that community. Similar to how stacker news works now. I don’t know how to validate post zaps otherwise.

atyh 7mo ago

nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s,

i really appreciate all you do for nostr, and freedom tech, and all of us.

thank you. 🙏

UNLICENSED MONEY TRANSMITTER 7mo ago

you must centralize locally if you want any sybil resistance. a federation is the least problematic centralization i guess

Tim Bouma 7mo ago

It’s the payment service the broadcasts the zap receipt. Don’t you have to trust the payment service not to send fake zap receipts as opposed to the wallet?

Diacone Frost 7mo ago

pardon my ignorance, but what you want to verify again?

jb55 7mo ago

i want to use zaps for ranking top posts in a reddit style community, you can’t use zaps for this now because people can create fake zaps. But if clients can validate an ecash zap against a mint that might be more reliable.

Diacone Frost 7mo ago

specialized mint emitting proofs of payments (and sacrificing privacy) might emit events or feed an oracle.

the oracle might be asked for attestation?

Garbage nsec 7mo ago

Thinking along the same lines. There'd have to be some way to link the cashu proofs to the pubkey that signed the event.

2f5de000... 7mo ago

What do you mean by 'people can create fake zaps'?

jb55 7mo ago

it means what it means. You can’t use zaps for ranking because you can create a fake bolt11 that isn’t associated with a real lightning payment.

So someone could create a new post, create a fake wallet, and upvote their own post with random pubkeys.

Zaps are only useful when you trust your own wallet to not lie about zaps received.

60822084... 7mo ago

What's stops people from self zapping to boost there post even if everything was verifiable?

jb55 7mo ago

might need algos to detect this

calle 7mo ago

Yes! We're also thinking about giving every community their own mint. Cashu zaps are verifiable by checking the p2pk lock against receiver pubkeys + dleq proofs against mint pubkeys.

You could do this with a "pure" Lightning wallet even that generates nuts only at time of zapping.

hasky 7mo ago

I see

the axiom 7mo ago

they're verifiable with dleq proofs

Boog 7mo ago

nostr:nprofile1qqsfy7f8d0lms08wxw2xu4jvxcq2x2zqy6dgypksrh05p3jr9w4qhjcpzamhxue69uhkzarvv9ejumn0wd68ytnvv9hxgtcpr9mhxue69uhhyetvv9ujuumwdae8gtnnda3kjctv9uk5f43l like client? What in the world?

nostr:nevent1qqsvn7u2v8yful88rwzusu5rntww8qwxk75cv6d4kh04rcc56sezj7cpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgn7znz4