The mint is trusted in three ways:
it’s trusted not to lose/spend/steal all the funds backing the coins it issues;
it’s trusted to correctly use its private key when doing blind signatures; and
it’s trusted to accept coins it issues either to replace them for new coins when ecash is being transferred to a new owner, or to redeem it for the bitcoin it’s backed by.
Calle is a scammer that gets paid by NGO's to pretend ECash is a layer of Bitcoin so that the banks can backdoor digital dollars into the ecosystem.
Calle made a tweet on the subject of ECash being a trustless layer of Bitcoin
AJTowns is a Core contributor with cryptography chops and is referencing Calle's tweet
Towns exposes the LARP in a subtle way that doesn't sound dismissive, likely knowing that Bitcoin is full of closet shitcoiners who fall for this crap and will earnestly try to understand the cryptography
Because the mint is trusted anyway, it is probably fine for the mint to perform a trusted setup for the zero-knowledge proofs here. After all, if the mint wants to steal funds, it can just spend the bitcoin, and shut all its servers down – no fancy cryptography required.
Calle responds with "I thought of that but I got a solution, just wait"
The result of this is more shady grant money will be wasted on non-Bitcoin development because banks are terrified of Lightning's ability to foster an economy outside of their custody.
You can't really think Calle is a scammer. He's working on something that has a trust model with specific implications, and may in the end not be a great scaling solution. That doesn't mean he's a scammer.
I think there was confusion because of a stupid argument that "e-cash is a bearer asset". This is technically true, in exactly the same way that a dollar bill is. There is a layer of trust abstracted away.
I'm not particularly bullish on e-cash, but I think it's possible to have a solution where mints provide snapshots of their issuance that is contestable by all holders of e-cash created by that mint. It doesn't solve the rug risk, but it solves fractional reserves.
What he's working on would be fine for certain things if not for the dishonest narratives around it, but if he did then it also wouldn't be intriguing. That's the scam.
Because the mint is trusted anyway, it is probably fine for the mint to perform a trusted setup for the zero-knowledge proofs here. After all, if the mint wants to steal funds, it can just spend the bitcoin, and shut all its servers down – no fancy cryptography required.