Oddbean new post about login | logout When I started my LN journey I posted a Lightning Meme on Reddit every day for a few months. Maybe now is the time for #Cashu memes? https://image.nostr.build/6c3cb9c98071be3b6b4cb2a601637396ddbc23ad5a05f8f36492d98e7a802869.jpg
the claim of untraceability of cashu tokens received versus spent is a big question for me how do i know that when i spend my nuts that the mint doesn't know when they were issued? i don't get that part, and i'm not stupid, it seems like a big black void of idk
Because the mint never learns how the secret (which is the crucial spending condition of a regular token) looks like. The signature is blinded. It can not correlate a mint and the act of redeeming a token. You can read more about this here: https://github.com/cashubtc/nuts/blob/main/00.md
so, it confirms two things: the amount and the truth of if it spent it in the first place? so it is a simple form of zero knowledge proof with one small associated value, ie, the amount, plus one bit of truth well, if that's exactly how it works, and i believe it could be, i never read deep into blinded signatures, then very cool, and that also means chaumian mints act as perfect mixers, because what goes in cannot be traced to what goes out in as far as the amounts differ
Yes, that’s exactly right. The amount is set in stone, as the mint has a different signing key for each amount. So only by verifying the signature the mint knows the amount is valid. And because the mint only signs notes that have been paid for, it can also trust that this token is actually spendable. When the mint creates a new output, it doesn’t actually know what the output looks like. So when I use that output as an input it can only verify that it’s valid, nothing more
ok, next question, so when it issues a token, does it do this on the prompt of a spender or does it do this independently and issue it to a spender upon the amount because that IP address is a trace, as is the spender who can verify spending it, how is this handled?
the amounts can definitely be correlated, is my point, i buy 2000 sats precisely, and then anyone who redeems 2000 sats could be my counterparty? no?
That’s why there is fixed amounts (imagine notes / coins) and the lower the amount you choose the better your anon set is
so, i correctly understood it... the mint can track the size of the token to the input and output IP addresses that is kinda important information for users of these things, isn't it? it means you can't have anon ecash without having a tor proxy or similar
i get it that you can mitigate some of that with breaking the spend into pieces but it's still pretty strong metadata
Thanks to Multi Mint Payments you can not only split the token across multiple amounts, but also multiple custodians reducing metadata leaks even further.
Great conversation
The mint only creates tokens when prompted for. The token receiver has to provide a blinded message to “receive” the token on in order to make it work. That does indeed mean that a mint can use metadata to trace. However that can be mitigated by privacy enhancing tools like Tor or a simple VPN.
Except that it's none of those things relative to a good old reliable SQL database with ephemeral key accounts
Idk what you mean
It's not private any more than an ephemeral key It's not permissionless any more than SQL is It's not offline, it's literally server credentials Multi-mint === Multi account Servers can always censor your redemption ECash is a total larp, and a digital dollar psyop
It seems you did not look at it at all. Nothing of the above makes any sense. It is private as the mint doesn’t learn its users balances or transaction history, It is permissionless as there is no access token, no accounts, no entry barrier Cashu Token can be transmitted offline. I’ll take this one, as the flow is not completely offline, as either sender or receiver need a connection right now. Multi-Mint is not multi account. As explained above there are no accounts. Multi Mint means that you can a) split your wallets balance across multiple mints and b) pay single invoices through multiple mints using MPP Servers can not censor YOUR redemption explicitly as the can not correlate your token to your identity It’s not, once you understand how it works.
I do understand how it works, apparently you do not and have just accepted the lies told by the spooks pushing it. I also explicitly compared to databases, which are capable of any of its properties. The privacy elements are a farce, just because it uses signatures instead of accounts does not prevent the mint from deanonymizing you and targeting your redemption.
It’s not signatures, it’s blind signatures… but I’ll let you cook. How would a mint do that?
still needs in and out metadata protection... the mint is a trusted third party
But you can have that. Use Tor. Use a VPN. Some wallets already have it built in.
it would help a lot to change the server to only give out a small set of common denominations as well
The wallet chooses the output size. The anonset is controlled by the wallet and there are actually already algorithms implemented that will increase the privacy of your “UTXO” set
well, the mint is a trusted third party, and the amounts are metadata, so go think about that
I don’t know if I am missing the point here, but didn’t I just answer this? Just like UTXO sizes are metadata in Bitcoin. The solution: Make sure that your is the same size as everyone elses. Most CoinJoin impl. did this
Make Eggs Trump Again 🙂↔️ #meta https://image.nostr.build/e88237a9e625767a8ac287e18d3e081da03ec43e9a04864062e2e41ea9da039b.jpg
do either of these two critical things appear in common marketing for ecash? that's a negative, don't lie
What marketing lol
well idk about you but i've always been bothered by the endless calle posts on twitter when i was there and now here i see it on nostr and NOTHING points these two points out: - denomination is metadata that the mint can link between spenders and redeemers - you should either use common denominations or use anonymizing proxies to do spending or redeeming now, are you going to tell me that is not disgustingly missing from the marketing of ecash, or are you going to back down?
Lmao… I can not back down, as I never made this claim. Do you realise the post was about comparing custodial Lightning with Cashu? With custodial Lightning you can not have privacy EVEN if you are using Tor. And claiming that @calle 👁️⚡👁️ would actively withhold this is just ridiculous…
um, no, it just isn't up front, it needs to be up front, are you retarded?
what problems does ecash solve that lightning and bitcoin don't solve? then you see the problem i am pointing out they solve both problems, actually, and ecash solves a different problem synchrony anyway, carry on, i've unfollowed
in case anyone is reading my reply, the whole thing about bitcoin was as a solution for what CHAUM's ecash did not solve and lightning solves what SATOSHI did not solve with bitcoin is it any more clear how retarded the ecash bullshit is? unless they address the issues that BTC and LN solved already they are just shilling snake oil
Chaums ecash did not fly at least in part because nobody had solved the unconfiscatable, scarce digital commodity problem, there were no reliable sources of value on computers. That Bitcoin and Lightning were invented makes dipping in and out of ecash possible, and makes Chaumian ecash suddenly a useful tool and solution for different problems than BTC and LN. Its IMO (maybe even in its current highly beta state) at the very least useful for local meatspace or trusted networks where you have small transactions, interactions and need to keep score. Caution obviously should be taken with it, balances kept low and temporary and trust (between mint&user) is necessary and not minimized in chaumian ecash. Even with its drawbacks I think it could power the thriving of circular economies, it's quite a good replacement for normal cash or (trad)Bank-transactions. Maybe a bad analogy could help illustrate: if you have an induction furnace and an oven for cooking your meals inside in a safe, reliable and comfortable way where only major fuckups get you burned, you might still want to add a barbecue. Although its harder to get the meal right, you then have to be outside and are more likely to get burned or get wet a BBQ is still not a useless tool. I think its clear whats what in the analogy? For the right job, circumstances, and with proper handling, something which is otherwise not very good can be a delightful tool.
i hate induction heating, give me carbon fuel any day, it's very crappy tech and the devices use clunky, noisy circuits not the kind of smooth, dynamic algorithms i would design and that's not easy to translate to hardware without some heavy capacitors and arrays of capacitors and FETs etc anyhow, i'm not saying ecash isn't useful, but it has two big, clear, and obvious deficiencies that make the mint a trusted third party and if you don't use a limited set of denominations, totally identifiable metadata build some tools to fix those two problems, and both are related, and i'm in
all forms of electrical heating are based on magnetic force causing deformation in materials (almost always ferromagnetic) or electric force (such as through carbon) and they are highly inefficient at releasing energy compared to burning carbon directly, and most forms are readily available near anyone anywhere, be it charcoal, wood, coal, gas, or oil there is no sense in centralizing the use of carbon based heat release technologies to drive kinetic force to again convert it back to heat, because the heat sources are cheaper to just deliver to my house instead, and don't get me started on the bullshit of using heat pumps for indoor environment control with the ridiculous nonsense that causes, eg damp winter microclimates outdoors and dessicated skin indoors (in bulgaria, where reverse cycle AC is the norm for winter heating every office has ultrasonic humidifiers!) if it has to be electric, then at least use carbon resistance to make IR and point the emitters towards the humans, but it's bullshit better, close the windows, insulate the walls, add mass that actually stores heat, cook with gas, gas is the best, outstanding quality cooking heat, and don't build buildings with north facing windows for fucks sake
Might be that induction devices are crappy and clunky because of the manufacturers standard fiat mindset of cost reduction. Regardin clunky, to bring it back to ecash, with all its drawbacks, it could be a very smooth payment method. Where lots of internet payment methods bring a lot of clunkiness, like the elaborate but unsafe credit card authorisation or all the blockchain or node-related mess of other cryptopayments.
yes but if the mint knows who issues and who spends it's not private, stop saying it's private, it's not private that would require some more complex coding of denominations and mixing processes, and it's no big deal but i knew there was something missing from the story
Did I say private?
For starters super just yesterday confirmed an implementation wasn't even doing basic mitigation for key tweaking (tainting mints to correlate to user metadata) Even with that mitigated, your still trusting a server not to use its upper hand to deanonymize you... Better to just use a database you trust directly without the bullshit, can always use ephemeral keys for access We do this using nostr notes only in lightning.pub
On a protocol level it is, isn’t it? It’s a public API, no questions asked. As there is no concept of a users identity / authentication. Of course a mint can choose to block certain IPs, user agents etc.
Any API can be public to random numbers, that's not an ECash feature
A system that is inherently driven by accounts and authentication (like custodial Lightning) can not. That’s the point
Very, very wrong. ECash is literally a server authentication mechanism for an API for a custodial Lightning app. Npubs, JWT's, Hashcash... all permissionless random numbers
How are they permissionless if access can be revoked at any given time by the issuer? A mint can not revoke a token
A mint can simply not redeem a token, based on any number of heuristics And if you're worried about your account getting nuked maybe you shouldn't be using that custodian ECash is nothing a database account isn't, it's not any more permission-less, or private, or asynchronous, it's literally a server authentication scheme. Transferring it offline is effectively writing down your password for someone. ... claiming it's more than that is being done intentionally by the central influencer agency to astroturf new banknotes being pushed by the government
Thank you for providing your perspective. 🤙💜
"ECash is nothing a database account isn't, it's not any more permission-less, or private, or asynchronous, it's literally a server authentication scheme. " If you have a "database account" at a server, and the server is hacked or seized, you have all the transactions listed between all the users of the service. A single point of failure. If you hack or seize the mint, you cannot see anything like what you could with a database of transactions. That single point of failure is much more private than a "database account" type SQL logged service.
A database account can just as easily be a random set of numbers, that transacts atomically disassociated from other random numbers, logless, encrypted, and so on There's no difference except that the database is reliable, performant, and doesn't lie to lull users into a false sense of privacy whilest slipstreaming edollars into the bitcoin ecosystem You are 100% trusting the operator in both scenarios, and you should never trust an ECasher
It seems like your argument here is, you can create a system that is *just as good* and you shouldn't trust those losers, you should *trust me bro*. If you build a better mousetrap I may use it. But I like the Uncle Jim scenario of cashu more than yours so far.
No, the argument is if you're going to trust someone, keep that trust local, as in uncle Jim... not big and centralized like an ECash mint so you can be moar private If ECash wants to shill itself as a payment spec and as privacy, that's EDollar spook bullshit- not Uncle Jim tech
Any API can be public to random numbers, that's not an ECash feature
A system that is inherently driven by accounts and authentication (like custodial Lightning) can not. That’s the point
Very, very wrong. ECash is literally a server authentication mechanism for an API for a custodial Lightning app. Npubs, JWT's, Hashcash... all permissionless random numbers
How are they permissionless if access can be revoked at any given time by the issuer? A mint can not revoke a token
A mint can simply not redeem a token, based on any number of heuristics And if you're worried about your account getting nuked maybe you shouldn't be using that custodian ECash is nothing a database account isn't, it's not any more permission-less, or private, or asynchronous, it's literally a server authentication scheme. Transferring it offline is effectively writing down your password for someone. ... claiming it's more than that is being done intentionally by the central influencer agency to astroturf new banknotes being pushed by the government
Thank you for providing your perspective. 🤙💜
"ECash is nothing a database account isn't, it's not any more permission-less, or private, or asynchronous, it's literally a server authentication scheme. " If you have a "database account" at a server, and the server is hacked or seized, you have all the transactions listed between all the users of the service. A single point of failure. If you hack or seize the mint, you cannot see anything like what you could with a database of transactions. That single point of failure is much more private than a "database account" type SQL logged service.
A database account can just as easily be a random set of numbers, that transacts atomically disassociated from other random numbers, logless, encrypted, and so on There's no difference except that the database is reliable, performant, and doesn't lie to lull users into a false sense of privacy whilest slipstreaming edollars into the bitcoin ecosystem You are 100% trusting the operator in both scenarios, and you should never trust an ECasher
It seems like your argument here is, you can create a system that is *just as good* and you shouldn't trust those losers, you should *trust me bro*. If you build a better mousetrap I may use it. But I like the Uncle Jim scenario of cashu more than yours so far.
No, the argument is if you're going to trust someone, keep that trust local, as in uncle Jim... not big and centralized like an ECash mint so you can be moar private If ECash wants to shill itself as a payment spec and as privacy, that's EDollar spook bullshit- not Uncle Jim tech
A system that is inherently driven by accounts and authentication (like custodial Lightning) can not. That’s the point
Very, very wrong. ECash is literally a server authentication mechanism for an API for a custodial Lightning app. Npubs, JWT's, Hashcash... all permissionless random numbers
How are they permissionless if access can be revoked at any given time by the issuer? A mint can not revoke a token
A mint can simply not redeem a token, based on any number of heuristics And if you're worried about your account getting nuked maybe you shouldn't be using that custodian ECash is nothing a database account isn't, it's not any more permission-less, or private, or asynchronous, it's literally a server authentication scheme. Transferring it offline is effectively writing down your password for someone. ... claiming it's more than that is being done intentionally by the central influencer agency to astroturf new banknotes being pushed by the government
Thank you for providing your perspective. 🤙💜
"ECash is nothing a database account isn't, it's not any more permission-less, or private, or asynchronous, it's literally a server authentication scheme. " If you have a "database account" at a server, and the server is hacked or seized, you have all the transactions listed between all the users of the service. A single point of failure. If you hack or seize the mint, you cannot see anything like what you could with a database of transactions. That single point of failure is much more private than a "database account" type SQL logged service.
A database account can just as easily be a random set of numbers, that transacts atomically disassociated from other random numbers, logless, encrypted, and so on There's no difference except that the database is reliable, performant, and doesn't lie to lull users into a false sense of privacy whilest slipstreaming edollars into the bitcoin ecosystem You are 100% trusting the operator in both scenarios, and you should never trust an ECasher
It seems like your argument here is, you can create a system that is *just as good* and you shouldn't trust those losers, you should *trust me bro*. If you build a better mousetrap I may use it. But I like the Uncle Jim scenario of cashu more than yours so far.
No, the argument is if you're going to trust someone, keep that trust local, as in uncle Jim... not big and centralized like an ECash mint so you can be moar private If ECash wants to shill itself as a payment spec and as privacy, that's EDollar spook bullshit- not Uncle Jim tech
