pull down to refresh
0 sats \ 1 reply \ @025738dda8 25 May \ on: Discreet Log Contracts settled with Chaumian ECash bitcoin
I like your articles, thanks! I am trying to understand the first part now - Ecash.
I am missing at least one feature that puzzles me. The Z = Q - rM. How can anybody proof that the Q (or Z) comes from the Mint? Also, I am missing the undeniability that this token comes from the particular Mint. Is this a part of the trust layer here?
(When briefly skimming over the paper Blind signatures for untracable payments from D. Chaum, I found the property "anybody can check that signature was formed using signer's private key".)
Disclaimer: I haven't actually read Chaum's original paper yet. My knowledge is derived from reading the cashu specs (called 'NUTs'). So I can't speak to Chaum's original design.
In Cashu though, the proof
Z
is not verifiable by anyone but the mint itself. In order to prove a token was indeed issued by the mint, either:- the recipient of
Z
must ask the mint to swap the ecash out, thus verifying its authenticity in the process - the mint must supply some extra information to allow offline verification of
Z
. See NUT-12 for that.
reply