Today I’d like to describe a way to use Chaumian Ecash to commit to a conditional payment using an Ecash mint as a blind but trusted intermediary.
Technical feedback appreciated - Comment on my PR here
Do you think this would make a good NUT on the Cashu spec?
What would you build if you had access to a DLC-enabled Ecash mint?
@calle Would love your opinion on this if you have a moment
@calle pops in here once in a while, but I guess you'll have more luck pinging him on NOSTR and telling him you posted here if you want to have quick feedback...
I love this and I'm happy to say that we have almost everything you need to build this.
NUT-10 specifies what scripts in general should look like:
NUT-11 is an example of a script. You can probably copy most of it (of the code) and replace relevant parts with your DLC ECC operations instead of the schnorr signature check. That's the easiest I can think of, maybe there are better approaches.
definitely join our discord though:
I don’t understand the technical aspect of this at all but the concept sounds promising.
Who wants a nut?
I like your articles, thanks! I am trying to understand the first part now - Ecash.
I am missing at least one feature that puzzles me. The Z = Q - rM. How can anybody proof that the Q (or Z) comes from the Mint? Also, I am missing the undeniability that this token comes from the particular Mint. Is this a part of the trust layer here?
(When briefly skimming over the paper Blind signatures for untracable payments from D. Chaum, I found the property "anybody can check that signature was formed using signer's private key".)
Disclaimer: I haven't actually read Chaum's original paper yet. My knowledge is derived from reading the cashu specs (called 'NUTs'). So I can't speak to Chaum's original design.
In Cashu though, the proof Z is not verifiable by anyone but the mint itself. In order to prove a token was indeed issued by the mint, either:
  • the recipient of Z must ask the mint to swap the ecash out, thus verifying its authenticity in the process
  • the mint must supply some extra information to allow offline verification of Z. See NUT-12 for that.
Man man man, ain't you a hardworking 🐝 !