Oddbean new post about login | logout If we want ecash to have any hope of working out, we need anonymous mints, but anonymous mints are likely to get stolen. Instead, we need anonymous mints that are operated by one of N well-known and trusted parties. Mint operator(s) should take N public keys known to be from N well-known and trusted persons in the bitcoin space, then create ring sig(s) across those N to reveal that they are one of those N parties, but not which one. Given many long-timers at one point or another had public donation addresses or some other key that is known to be theirs, this should actually be relatively doable, just don’t put too much money in the mint :)
So a blinded web of trust using nostr keys?
But then these people are not anonymous, so the mint can still be taken down by government. I don't get it.
Yes, it's not workable imo, either 1/ the group is small enough that LEA goes after and harrasses all individuals or 2/ large enough that nobody can place trust in it because nobody knows(of) all the members. Ring sigs usually have exculpability, meaning you can't be proven as the signer even if your key is coerced out of you. But similar to OTR, it sounds nice on paper, but (maybe?) doesn't help too much in practice if LEAs are harassing and intimidating you.
I mean certainly any sufficiently-large mint is never gonna last, the question is how to make small-ish mints that lots of people can put $20 in last. Fully public small mints probably still get smacked down, but maybe this gives you a sweet spot between private-enough ownership but still trusted-enough ownership?
Forgive me for slightly derailing, but .. isn't that a fascinating moral quandary, what I just mentioned? I am Mr Trusted Bitcoin Developer (MTBD) and I set up a mint anonymously, and the mint's key I ring-sign using 10 other famous people's keys. These are "SAG"s (spontaneous, no involvement of other 10). Then a year later police get warrants to search all the other 10 people's houses. Maybe it's unlikely that police power extends that far, but .. given history I would not doubt it. It seems pretty obvious that this is *not* OK, right? But it can't be stopped except by .. an ethical choice?
Seems like Mutiny is going in this general direction…
I thought mutiny didn’t want to run a mint?
I don’t know exactly how their fedimints work but I currently have some funds in one right now as party of my mutiny app and I am certainly not running a fedimint server
To be clear, the ring sig I suggest here isn’t about the custody of funds, but as a way to announce who is operating the mint without actually revealing specifically who is operating the mint. This could allow mints a new position in the privacy-transparency tradeoff. I don’t believe this has been implemented anywhere, all mints are either privately operated (and may steal your funds) or transparently operated (and the government may steal your funds in a seizure).
Neither are they - they act as a front end for any fedimint. The fedimints that show up are ones recommended by your WoT. They could modify their recommendation to show “one of these people proved they run this mint” though
What are the legal risks to the trusted persons being known? e.g. in Germany you need a BaFin license to be a cosigner for other people’s money.
The US will throw you in prison for operating a mixer, probably.
can’t hide behind being something for what done, and makes judging a hypocritical deviance. Oh wait https://image.nostr.build/5057ef39cd1a5b37ad17c4aa160647832f93f7a5f321d8b4f033c1700d52bf8f.jpg
@cf490880 I don’t know. https://image.nostr.build/5c804f28e56942ae442fb0ac32a89d8be228f9c8b403bb51a20a0f08126ab9ec.jpg
#DEA What’s that? Rules and laws? Let’s discuss this when niggers have followed their own advice. Destroying freedom Eat a vag, Matt https://image.nostr.build/881db2045b2fd49d01611c49828485c7e6c220492679775a9c8fef00272bc9c3.jpg
Yes, this works. You just need a 2/3rds honest majority. Harder than it looks, though. Also nostr keys are taproot keys anyway, so that's a good start. The challege comes with spam protection.
isn't fedimints specifically that?
They have multisig but not ring sig.
nostr:nevent1qqswtkn39eey8fhc6ngfh04efezf3ueq2vq80xa0kxr6rgt8j6nrdkqpzamhxue69uhhyetvv9ujucm4wfex2mn59en8j6gpramhxue69uhkummnw3ez6un9d3shjtnzd96xxmmfdchxu6twdfssz9rhwden5te0wfjkccte9ehx7um5wghxyecpzfmhxue69uhk7enxvd5xz6tw9ec82csp89uq3
a federation can join this ring signature scheme?
Yes, I understand that.
This is a great approach Matt
