pull down to refresh

#intros #activity #announcements #L402 #legends-of-lightning
Read more about PROXNUT

Nutcases, Assemble!!

The nutcases from the cashu community have decided to enter the Legends of Lightning Hackathon.
Let's introduce our team:
Gandlaf, the Wizard
It is said that gandlaf has mastered that way of the nut. What is the secret to bending a nut? The secret to bending a nut is to realizing the truth. There is no nut...
Dr. Calle, the Doc
The Doc discovered the ways of the nut when he wrote his PhD thesis. From this day on he's carrying the message wide and far, and found his first followers not long after. Among them? You guessed it. Gandlaf.
Erik, the Architect
If you're gonna build something, you'll need an Erik. Or whatever you build is gonna look like crap.
M A R C, the Operator
You can't have a bunch of nutcases running wild without guidance. M A R C has been there done that before. He'll guide us to victory without casualties.
JK, the Hacker
Not much is known about this mysterious hacker's background. But give him a keyboard and he will turn bytes into nuts.

What are we building?

Well, revealing that has to wait a little bit longer. But it will include and make use of PROXNUT extensively.
This week the team assembled to get everyone up to speed...
Even dream a bit? .....
....Explain the setups...
and discuss tasks. We dissected PROXNUT and identified our targets.
Now, we started on prototyping a Proof of Concept.
To find out what exactly that is, stay tuned.
Sincerely,
šŸ„œ
great sucess, i like
reply
Basically like LL's middleware aperture project but with ecash as the API token instead of macaroons?
Really interested to seeing this work. Anonymous paid API tokens is critical work IMO, if I'm understanding it correctly. Nice write up.
reply
Yes! I think Very similar to LL's L402 but some nuanced differences.
Check this answer on the AMA post for more details: #268791
reply
Interesting, yup I like it. I can see it working for some use cases better than others. Some things work well stateless, but some might not.
Could you reuse the ecash token if you need to meter or retain history?
Example: support requests
1 paid support request per month, so give out one ecash token that expires at end of month. However, once that token is used to open a new issue, they should be able to keep hitting the API call. I can see a few ways to handle this.
  1. Only block the "/support/new" call behind ecash
  2. Each successful redemption will return a response containing a new ecash token
  3. Turn ecash into jwt to track / meter things once consumed
Either of those three ways would accomplish something I do find special about using ecash as an API token: cuts off source of identity from the original acquisition of the ecash, even if you need to associate after first consumption.
reply
I think you could definitely hack something like that, but IMO as soon as you strart to introduce statefulness, other protocols start to make more sense.
Therfore, In the above example, i like number 3 the most, it leverages another protocol that is great for managing state
Ecash is kinda inherently stateless, because links get broken after every token creation. So you would have to manually upkeep that state somehow, which kinda defeats the purpose.
But I think that's OK, because there are other things (like L402, JWT, etc..) that handle state well!
wow, i said state so many times.... We need to separate the web from the state
reply
One thing worth mentioning, the complexity of a stateless system is just so much lower than a stateful one, that it makes sense from an engineering perspective to consider if state is really necessary or if it's just an excuse to track users :P
But of course, sometimes you definitely need state/accounts/users , in which case PROXNUT may not help much
reply
Thanks for the feedback!
I know a few companies in the space looking for something that I've described above so I appreciate your thoughts there. I do like method 3 as well and like that ecash API tokens would still be useful even if it is not being used for a forward-looking privacy preserving method, for state requirement reasons.
reply
appreciate your insights too!
reply
Only block the "/support/new" call behind ecash Each successful redemption will return a response containing a new ecash token Turn ecash into jwt to track / meter things once consumed Either of those three ways would accomplish something I do find special about using ecash as an API token: cuts off source of identity from the original acquisition of the ecash, even if you need to associate after first consumption.
Ecash is perfect for this. You don't even need to recycle once. If you buy it with a payment (or some other "proof of humanity" or something), you can use it immediately (and privately). Ecash systems without the ability to transact between users definitely has applications people are interested in (such as resource access control).
reply