Oddbean new post about | logout
 How can ecash holders verify that the mint fully & effectively blinded the signature?

If I'm selling you eggs in El Zonte for ecash, but we realise there's no connection to the mint after you've paid me (ie revealed the tokens) what happens? 
 I can’t speak to the first one

But the second one is not that different from the days of writing checks or the risk of counterfeit bills or the rare times when the credit card machine goes down

Social responsibility will always be part of the equation in any economy. Trust minimization is a good goal, trust elimination is a pipe dream

There’s still trust involved in the eggs not being rotten, for example 
 Second one isn't an issue with Lightning. No ambiguity. Either the payment is made or the payment is not made. None of this fuzzy awkward  state where both people have seen the secret so nobody knows who has value.  
 I expect most ecash transactions will be redeemed as a Lightning transfer anyway, which as you said resolves the ambiguity in most cases

If you want essentially the same assurance with strict ecash though, you can just code your wallet to check for a connection with the mint before unblinding, right? 
 Surely it's more important for the receiver to check for a connection. 
 Why? If I check that the mint is available, and then send you coins, and you say “I can’t redeem these, therefore I won’t give you eggs” then I just redeem them myself and cancel the transaction.

If the mint is not available to him, the seller simply need not hand over the goods. 

And btw this is why I think it’s totally probable for most ecash to settle via lightning to the receiver’s preferred lightning provider (whether self-hosted, blind mint, or custodian) before goods are released. In this case, ecash issuance is just the method to bring a great degree of privacy to what would otherwise be a custodial relationship