Replying to Avatar vnprc

nostr:npub1zthq85gksjsjthv8h6rec2qeqs2mu0emrm9xknkhgw7hfl7csrnq6wxm56 some ideas:

- spillman channel outputs in the coinbase

- spillman channel inputs to ecash mints

- why not both?

Avatar
vnprc 2mo ago 💬 2

Can we hold a cashu mint's bitcoin balance in a Spillman channel?

Alice opens a Spillman channel to Minnie the mint. Alice sends a channel update tx along with her blinded secrets when requesting some ecash. Alice trades this ecash to Bob. When Bob withdraws an ecash balance from Minnie the Spillman liquidity flows from the Alice-Minnie Spillman channel into Minnie's lightning node.

Bonus points if the lightning protocol is updated to recognize unidirectional channel liquidity natively. Good luck with that. 😅 I try to avoid solutions that require permission or consensus. You're gonna run face first into the anti-ecash mind virus and get shut down before you get started. Or, more likely, nobody listens or cares and you have to build your own solution.

The lesser solution is to unify Spillman and lightning liquidity at the app level. Now you have to close Spillman channels and move the balance on-chain into the lightning node wallet to reopen bidirectional channels. C for effort I guess.

Best solution: we don't even need lightning anymore. If Bob is a merchant who expects to consistently withdraw from the mint, Bob pays a fee for the mint to open a channel to him. Every withdrawal is a simple Spillman update. No liquidity management necessary. When the channel timeout approaches Bob pays an on-chain fee to refresh the channel. EZPZ. No permission needed. No convincing hostile parties. Lightning network found dead in Miami condo.

Let me know if you want to start vibing on a Spillman rust crate. I'm here for it. 🤙

Reply to this note

Please Login to reply.

Discussion

Avatar
c03rad0r 2mo ago

What about e-hash though? 😅

Avatar
vnprc 2mo ago

Lock up ehash tokens in a P2PK output. The pool treats that pubkey as a bitcoin address and includes it in the coinbase of the block templates it broadcasts. When a block reward is found that ehash gets swapped for a Spillman channel. Ehash without this locking condition can be swapped for ecash.

Open question: can you ever unlock this ehash? I think no because that complicates block template construction. What if the user unlocks their P2PK ehash, sells it, and then a block is found on an old template that included that coinbase output? The user has effectively double spent those coins.

Simplest solution is to lock the coins with a long (infinite?) timeout. Once you swap your ehash for a coinbase output you can't unlock it again.

Avatar
vnprc 2mo ago

If you are concerned that my offer to help build Spillman channels will delay work on ehash then my answer is that these solutions are all necessary to reinvent the mining stack and fix bitcoin.

Same with nostr mempool.

It's better to get a new builder off to a strong start in a promising direction than rush out an incomplete solution.

Lower your time preference. Build shit that will last. It takes many bricks to build a cathedral.

Avatar
SatsAndSports 2mo ago 💬 1

I'm confused, but I think it's just because I'm unclear what you mean in the first sentences.

You mean Alice funds a confirmed *on-chain* 2x2-multisig UTXO with Bob? With some refund to Alice after a given locktime? And then Alice signs transactions, which Bob need not immediately broad, giving more and more of the balance?

If that's exactly what you mean, then I'll try to re-read your message and understand it fully 😀

Avatar
vnprc 2mo ago 💬 1

Avatar
vnprc 2mo ago

https://en.bitcoin.it/wiki/Contract#Example_7:_Rapidly-adjusted_.28micro.29payments_to_a_pre-determined_party

We define the client to be the party sending value, and the server to be the party receiving it. This is written from the clients perspective.

Create a public key (K1). Request a public key from the server (K2).

Create and sign but do not broadcast a transaction (T1) that sets up a payment of (for example) 10 BTC to an output requiring both the server's private key and one of your own to be used. A good way to do this is use OP_CHECKMULTISIG. The value to be used is chosen as an efficiency tradeoff.

Create a refund transaction (T2) that is connected to the output of T1 which sends all the money back to yourself. It has a time lock set for some time in the future, for instance a few hours. Don't sign it, and provide the unsigned transaction to the server. By convention, the output script is "2 K1 K2 2 CHECKMULTISIG"

The server signs T2 using its private key associated with K2 and returns the signature to the client. Note that it has not seen T1 at this point, just the hash (which is in the unsigned T2).

The client verifies the servers signature is correct and aborts if not.

The client signs T1 and passes the signature to the server, which now broadcasts the transaction (either party can do this if they both have connectivity). This locks in the money.

The client then creates a new transaction, T3, which connects to T1 like the refund transaction does and has two outputs. One goes to K1 and the other goes to K2. It starts out with all value allocated to the first output (K1), ie, it does the same thing as the refund transaction but is not time locked. The client signs T3 and provides the transaction and signature to the server.

The server verifies the output to itself is of the expected size and verifies the client's provided signature is correct.

When the client wishes to pay the server, it adjusts its copy of T3 to allocate more value to the server's output and less to its own. It then re-signs the new T3 and sends the signature to the server. It does not have to send the whole transaction, just the signature and the amount to increment by is sufficient. The server adjusts its copy of T3 to match the new amounts, verifies the signature and continues.

This continues until the session ends, or the 1-day period is getting close to expiry. The AP then signs and broadcasts the last transaction it saw, allocating the final amount to itself. The refund transaction is needed to handle the case where the server disappears or halts at any point, leaving the allocated value in limbo. If this happens then once the time lock has expired the client can broadcast the refund transaction and get back all the money.

Avatar
thesimplekid 1mo ago

https://github.com/stevenroose/spillcash

We did spillman channels to a cashu gateway for a hackathon project. Could do directly too a mint too just a bit harder.