I just gave it a little bit more thought and I think I'm wrong on this. I'm not a cryptographer so bear with me. my thought was this: my thought was to basically convert the blinding key into an adaptor signature: you would calculate the normal blinding factor and then append a timestamp to it as the digest of the adaptor signature. ``` blinded_factor + timestamp ``` the mint would sign this digest and encrypted to a public key that you control control. the mint would need to tell you separately about the contents of the digest that it used. (I think this is a problem) In theory you could then verify with the mint's public key that the message inside the adaptor signature is correct with out decrypting the signature. (as I understand this is the magic of adaptor signatures) When you want to pay somebody with Ecash you would then need to pass them the digest from the mint and the private key from the corresponding public key. So they could decrypt the signature used. problem I see: We don't actually need to do anything with this signature we only need the content it references so the adaptor signature might not be the tool for the job. sorry for the horrible explanation