Yup, the any-amount ecash will be based on KVAC also used in WabiSabi and Signal! The mint only needs a single private key, and the entire wallet can be stored in just a single nut. All that while also vastly improving privacy (blinded amounts, like confidential transactions). 

It's going to be so fucking beautiful 🥹 

 nostr:nprofile1qqs04xzt6ldm9qhs0ctw0t58kf4z57umjzmjg6jywu0seadwtqqc75sprfmhxue69uhhq7tjv9kkjepwve5kzar2v9nzucm0d5hsz9thwden5te0wfjkccte9ejxzmt4wvhxjme0qythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0y8qdrm 

 🥹 

 It's easily the biggest change in Cashu we ever attempted but it's worth it. 

 nuts 

 Is the WabiSabi Whitepaper the best Place to learn about KVAC? I found the sand & envelope metaphor pretty entertaining, but I’d like to go a bit more in depth 

 WabiSabi paper section 6 🤙 

 Yeah. ‘Working’ might be a generous description, but I implemented several working methods - like keyforamount, swapforamount, mint/bolt11foramount. I stopped when I was told it was a bad idea, but it greatly simplified the proof management and payment.


I hacked it all in nutshell Cashu mint. 

Proof of work is in this branch below. Bottom line, I was successful in deriving the public/private key for any arbitrary amount and issuing the promises. 


https://github.com/trbouma/cashu/tree/amount_key 

 Yeah but that's the easy mode with broken privacy. 

 I was just proving the math worked. Didn’t get as far as working on privacy implications. Could easily be addressed  by a wallet by breaking an amount into the sum of two random components, etc. Anyway, very keen to see this idea is still alive. 

 No, the issue is that once you have individual keys for every amount everything becomes easily trackable. 

 Understand. That’s why I stuck with the power of 2 amounts. A bit of a pain to manage for arbitrary amounts, but I got that all working in my wallet implementation, so no longer an issue. I am intrigued on the new approach, though, and keen to learn more!