pull down to refresh

Cashu (or Fedimint) vs Tether

Let's think about the difference between minting ecash at a Cashu mint and buying USDT from Tether.
When you send your sats to a Cashu mint, the mint issues you ecash tokens that are pegged 1-to-1 to the value of satoshis. You can give these tokens to anyone who will accept them. You can also ask the mint to trade satoshis back to you in exchange for your tokens (although you can't make them trade with you).
When you send your dollars to Tether, the company issues you USDT tokens that are pegged 1-to-1 to the value of a US dollar. You can give these tokens to anyone who will accept them. You can also ask Tether to trade dollars back to you in exchange for your tokens (although you can't make them trade with you).
While I have glossed over a lot of details (eg. Cashu mints can't stop you from trading the tokens to someone else, while Tether can; Tether tokens are issued on one of their supported blockchains while Cashu tokens are bearer assets), at this high level, the two are actually pretty similar.
Now let's look at how they describe themselves:
This is from Cashu's FAQ:
Cashu wallets leverage the Cashu protocol to communicate with Cashu mints to integrate with Lightning. Therefore, the mint is running the Lightning infrastructure and custodies the satoshis for the mint's ecash users. Users have to trust the mint to redeem their ecash once they want to swap out to Lightning.
This is from Tether's webpage:
Tether only issues new Tether tokens when they are requested and purchased by customers who have followed our strict KYC procedure.
Note the difference: Tether users "purchase" tokens while the Cashu mint "custodies" their users' funds.
Fedimint's FAQ uses the pretty much the same language as Cashu:
A Fedimint - or "Federated Mint" is an implementation of Chaumian eCash with a federation of guardians to custody funds, instead of a centralized actor, and is natively interoperable with Bitcoin's Lightning Network. Custody & Redemption: Users can submit a request to deposit bitcoin, "pegging in", in exchange for fm-BTC eCash notes or use the fm-BTC eCash notes in their wallet in order to redeem on-chain bitcoin (note: users could also transfer out to themselves via the LN Gateway)

Why can't you just buy ecash tokens?

No doubt you've heard different people in the space discuss (or argue) about whether protocols like Cashu and Fedimint are custodial. @TonyGiorgio's post Fedimint is Self-Custodial and @calle's comments are probably the best discussion I've found of the issue.
But this question didn't come up there. I think answering it might help people understand the risks and benefits involved with ecash on bitcoin. So here's an attempt to do that.

Ecash is not bitcoin

This may seem obvious, but ecash tokens are not bitcoin. To demonstrate this point, let's compare ecash to the Lightning Network.
If you pay me for one of the posters I sell in sats via Lightning, I have to run a Lightning node with at least one channel to receive the sats. I can unilaterally close this channel and return the sats to an onchain utxo in my sole control (as long as there are enough sats to cover the fees).
If you pay me for a poster in ecash, all I need is an ecash wallet to receive the tokens. But I cannot turn the tokens into sats unless I convince someone to trade with me (my ecash tokens for their sats).
Clearly, if you don't have a private key that unilaterly controls a utxo recorded in the Bitcoin blockchain, you don't have any bitcoin.
Therefore, in my view ecash is not bitcoin. It can be pegged to bitcoin, it can interoperate with bitcoin, it can be useful to bitcoiners, but it is not bitcoin.

Ecash is not custodial

Let's compare ecash tokens to a balance in a custodial wallet like Wallet of Satoshi.
If I use Wallet of Satoshi to generate a Lightning invoice and some nice person pays that invoice, what actually happens is that they send sats to a Lightning channel WoS owns and I trust WoS to update a spreadsheet they have that credits those sats to my account.
If I use a Cashu wallet to generate a Lightning invoice and some nice person pays that invoice, what actually happens is that the mint owners receive the sats in a channel they own and do some fancy math to issue an ecash token worth that amount of sats to my wallet. As far as users are concerned, this interaction in Fedimint looks almost the same (except the channel owned by the mint is controlled by a group of people in a federation, rather than a single entity).
Now let's compare the process of asking for my sats back:
In the case of WoS, I am pretty much at WoS's mercy. They can refuse to give me the sats or they can show me an incorrect balance or they can simply turn off their servers and walk away.
In the case of Cashu and Fedimint, neither one can stop me from trading my ecash tokens to another person (unless they shut down the entire mint), nor can the mint show me a fake balance. The mint can issue more tokens than the number of satoshis they have received, and they can shut down completely and walk away.
Custody means the custodian holds the asset and you can't move it without their permission. I suppose I could sell my WoS account to someone else but they would be trusting me not to sweep them and they would still need WoS's permission to move any of the sats out of the account.
Therefore: Wallet of Satoshi is custodial. Cashu and Fedimint are not custodial.

TANGENT: Which asset are we talking about?

Hold up, wait a minute: Custody means the custodian holds the asset...which asset are we talking about here? The ecash mint isn't holding my ecash (proof is that I can give it to you and they can't stop me), but I did give them some bitcoin to get the ecash...so presumably they are holding that bitcoin. So here's the million dollar question: is it still my bitcoin?
This calls for another analogy.
When you buy a watermelon from a fruit stand, the merchant isn't custodying your money. They're trading a watermelon with you in exchange for some money.
When you give your money to a bank, they are custodying your money. They're not giving you something in exchange for your money.
The key differences are that at the fruitstand something is exchanged and at the bank I expect to be able to get my money back.
So which model better fits ecash mints? It seems clear that the reason I send sats to a mint in the first place is to get some ecash tokens to use. I may want to use them to buy watermelon or I may want to use them to zap my special internet friends on nostr. The idea seems to be that I will be able to spend my ecash tokens as ecash tokens. If the only way I can ever use them is to turn them back into sats, why give up the sats in the first place?
While my first instinct was to say that ecash mints are like banks, the more I think about it, the more they seem like a fruitstand. When I give the mint my sats I expect them to give me ecash. I want to be able to use that ecash to do other things, particularly, I want to use that ecash to do something I couldn't do with the sats. And I do not expect to turn my ecash back into sats. I think this means that I'm buying ecash from the mint and when I do, I give up my claim to the bitcoin.
And yet, as far as I can tell, the general understanding of what happens at a Fedimint or Cashu mint is not that they are selling me tokens.

Is custody good for ecash?

I can think of four reasons why Cashu and Fedimint developers might have decided to describe what happens at a mint as "deposit/redeem/custody" rather than simply selling ecash tokens for bitcoin.

1. Keeping up the peg

Ecash tokens built on bitcoin seem to be a lot more useful if they have a stable value in relation to bitcoin. On the surface it seems like this is particularly true when they are pegged 1-to-1 to sats. It at least makes them a lot easier to reason about. So perhaps the deposit/redeem/custody language helps users understand (and have faith in) this peg.
Yet, I don't think introducing this confusion is necessary. Tether does not claim USDT tokens are actually dollars. Indeed, the value proposition comes from them not being dollars (you can use them in ways that you can't use dollars). Another example might be gift cards (which I think have a lot of similarities with ecash): nobody is going around saying gift cards actually are dollars. It seems possible to peg one asset to another without demanding that everyone believe they are one in the same asset.
In my confusion on this issue, I've even spent some time trying convince myself that pegging an ecash mint to bitcoin might be like the fed's repo windows (you give the mint your bitcoin as collateral for a loan of ecash with the agreement that you will repurchase the bitcoin at some future date).

2. Interoperability

Ecash developers are doing some incredible things right now. A lot of the magic comes from the fact that ecash balances interoperate with Lightning so seamlessly. Perhaps some of the desire to tie ecash tokens more closely to bitcoin by saying users deposit bitcoin with the mint comes from a desire to make it easy for a thousand mints to bloom. If mints sell ecash tokens, would we need to start thinking about exchange rates between mints and discounts based on the trustworthiness of certain mints?

3. Regulation

Selling tokens for bitcoin seems like the kind of thing that would attract the attention of regulators. If mints sell ecash tokens, a bunch of questions about taxes and reporting suddenly pop up. Do mints become exchanges? I don't think so, but the Lightning gateways that serve different mint ecosystems might be considered exchanges. The question though is are these problems smaller than the regulatory turmoil of being a custodian?

4. Association with shitcoinery

The Bitcoin ecosystem has an immune response to any other coin. I suspect that ecash would have had a hard time gaining traction in the space if they announced their protocol as a way to create new tokens and sell them to people for sats. Ecash developers are not alone in contending with this problem. Liquid (perhaps the most successful altcoin pegged to bitcoin) also tries to describe the coins on Liquid as actual bitcoin and not an altcoin:
Liquid is a sidechain of Bitcoin that allows users of the Liquid Network to move Bitcoin between the two networks with a two-way peg. Bitcoin used in the Liquid Network is referred to as L-BTC, and each L-BTC has a verifiably equivalent amount of BTC secured by the Liquid members called functionaries.
The general understanding of the situation seems to be that if your coin pegs to bitcoin it can claim to be bitcoin. This is absurd to me. Bitcoin's value proposition is censorship resistance. All the various projects that produce a token pegged to bitcoin are giving up some of that censorship resistance (hopefully in order to gain something else) and it confuses people to claim that they are actually bitcoin just in another form.

Ecash is not a shitcoin

I don't think Liquid tokens are shitcoins. Nor do I think ecash tokens are shitcoins. Unfortunately, as I've been writing this, I haven't been able to come up with a very logical defense for why I believe this.
Here's my best shot at it: I am convinced that bitcoin is incredibly useful. It's money you can send to anyone anywhere anytime and no one can stop you. Not everything that takes advantage of this usefulness needs to be incorporated into Bitcoin itself. Ecash is also useful, but it becomes a lot more so when it gets pegged to bitcoin and interoperates with it. Cashu and Fedimint are both working on ways to establish this peg. Hopefully we will continue to develop new ways to minimize the trust such a peg requires. But useful things that further the mission of censorship resistant money seem to me to not be shitcoins. This gets into what is probably an entirely different post, so I'll stop here.

Conclusion

There may be good reasons for calling what happens at a Fedimint or Cashu mint custody but they come with a price and they are not the only model we can use to understand these protocols.
I want to be able to use that ecash to do other things, particularly, I want to use that ecash to do something I couldn't do with the sats. And I do not expect to turn my ecash back into sats. I think this means that I'm buying ecash from the mint and when I do, I give up my claim to the bitcoin.
I've been struggling to try to open minds to this possible framing. I will say, it's easier for myself personally to reason about it when the ecash issuance is based upon a network than a single issuer, though it could be argued that it's the same either way.
It's possible the value of it is always exactly 1:1 of the underlying pegged asset. It's also possible it's worth more during times of high demand, such as when there's high chain usage. We can't perfectly specify exact value between two assets because it's always based on free markets. And there's no such thing as a perfect amount of work on both ends, and value is derived upon work with S&D. Though I think one thing can be true and that there's no expectation that the ecash will go up based on a single entity's work, so it removes the securities concern.
When you start thinking about it as a separate networked asset, it could be considered another type of DLT, and if it is then the network interoperability starts to look like cryptocurrency swaps, which means the swapping function is an exchange, which does not imply custody or expectation that you can redeem the other asset for the same exact exchange rate at any point in the future.
I 100% sympathize with potential confusion trying to conceptualize this. I think we as a community need to find more nuanced differences when we talk about legal custodianship (or not) with what we mean by different trust levels. A non custodian cryptocurrency could not be very trusted. Almost all in my opinion are not trusted, but I wouldn't call a group of Ethereum PoS miners (or other PoW based crypto miners) a custodian.
--
Thank you for writing your thoughts on this matter and walking through them.
reply
I'm all for new tech, but I still feel like I need to see a commercial use of it, will people use these wallets is my question? The goal was to make certain trade offs to make custody simpler but i don't see that yet
Who will be spinning up federations or mints apart from exchanges or a few Bitcoin businesses?
So few people run nodes as it is, even less run LN, who will run this additional stack?
reply
I think one use case might be a website like SN. If we were all zapping ecash back and forth and SN promised to buy our ecash at a 1-to-1 value with sats, would things here be different? It might be a way to solve the regulatory problems of a custodial wallet while still preserving the ease-of-use of SN for people who don't want to run a LN wallet on their own. It's a different set of tradeoffs.
reply
I'm not yet sure how that skirts responsibility in the eyes of the regulators, you're still running the full stack in that SN example, so they could still come for you, even if you say well I don't now what they doing with the tokens, i just honour redemptions
Unless SN is just part of a federation with other coordinators maybe, that would work, we don't yet know
people trust custodians because they're regulated businesses and you can take legal action if they rug you not thats fared well for most but its still what people prefer.
Trusting a bunch of anons mints or federation members is a tough sell
reply
What if SN allowed you to sell your cowboy hat to another user for sats? This would be a sales transaction.
Now what if SN offered to buy cowboy hats from users at a 1-to-1 value with sats? Would that be a sale or a redemption?
And if SN sells us all ecash tokens to use on this platform, but then promises to buy them back for 1 sat each when we leave, are they like chucky cheese tokens and casino chips or like a deposit?
My interest is entirely in trying to understand if custody is actually what is happening here or if it is something else.
In the case of ecash, I think it is much more like a sales transaction than a deposit. I'm curious if something similar can apply to SN.
reply
I don't see how that argument stands up, digital goods are sold all the time, ebooks, courses, advertising inventory, streaming services, gaming, in-game currencies are already a thing and I just see them applying that logic
I don't get how masking balances or adding an IOU layer changes the fact that transactions are performed and that sats are held in a multi-sig or LN channel, where someone holds the keys, just sounds like a loophole that has already been closed
reply
ECash is an authentication scheme, not a currency.
Bitcoiners associating it with Bitcoin are scammers and it is a shitcoin they are selling you.
It has a single use-case, authenticating you to a server.
There may be rare cases where someone wants to trade for your account on a server, it allows for that without a database entry.
This does not make it an asset unto itself. It is inherently custodial, because its just a server credential. There is no peg, just a promise for something, could be anything or nothing.
It does not make Bitcoin transactions more private, the mint still sees everything in and out. Scammers cast diversions from this fact because large mints are bad for network privacy and small mints have no anonset.
It is not a programming layer or anything else beyond what SQL is, applications are inherently centralized and trusted.
The buzz around ECash isn't excitement over Uncle Jims, there's already better tools for that.
It isn't about privacy, because that's a lie.
It's astroturf by well-funded spooks to prepare you for the government-scale ECash mints, which needs a new payment spec because Lightning's native Bolt11 won't transact shitcoins.
reply
@justin_shocknet's point about the mint being able to deanonymize you by giving you a messed up key seems to be correct.
reply
Here is @calle's response:
reply
exactly!
reply
It does not make Bitcoin transactions more private large mints are bad for network privacy and small mints have no anonset.
This is a good insight that is easy to miss
reply
I don't agree with you. Anything that is pegged to another asset involves trust. A peg is always a promise of something. This doesn't mean it is useless.
If people are willing to believe in the value of a given mint's tokens, a lot if useful properties emerge.
I also disagree that it fails to make bitcoin transactions more private.
Say I sell a poster to some one for a set amount of ecash. Presumably they got the ecash by giving the mint some sats. If I then exit through a lightning gateway to my own LN channel, the mint has no way of associating the LN channel with me or even with the person who originally got the ecash from the mint.
I expect ecash to become an important part of how money works, especially if it can use bitcoin to help it work.
reply
I don't agree with you
You're free to be wrong, I'm stating fact not opinion.
Anything that is pegged to another asset involves trust
No, peg in these cryptographic contexts implies atomocity.
If people are willing to believe in the value of a given mint's tokens, a lot if useful properties emerge.
People value Microstrategy tokens and the US Treasury tokens, one is speculative that it outperforms Bitcoin and the other is by decree. ECash has no such properties
mint has no way of associating the LN channel
The mint received sats and sent sats, ECash didn't obviate that. Nothing about the Bitcoin TX became more private. Maybe you didn't have an KYC/EMAIL REGISTERED ACCOUNT with the custodian, but who's to say you would have without ECash, could have done the same with an ephemeral nostr key or even a json webtoken... ECash is just theatrics.
I expect ecash to become an important part of how DEBT works
ftfy but agree with the sentiment, international bankers are good at remaining influential even through periods of sovereign-state banking
reply
the mint received sats and sent sats, ecash didn't obviate that.
If the mint only has one user I could see your point. In my example the mint has more than one user: me and the person buying from me. Explain how privacy is not achieved here? The point is that the mint, nor anyone watching the bitoin chain can be sure if the sats that came out belong to me or to the purchaser. This is privacy.
reply
The Bitcoin transaction is where it came from and where it went, your IOU is not a Bitcoin transaction
Compare now to if you were using Wallet of Satoshi, what privacy was gained? Nothing
reply
My IOU doesn't enter into the equation, because in my example I have traded it away. The end state of the example is that I control sats that used to be controlled by someone else and there is no on chain record that can be linked to me.
In the case of WoS they have knowledge of the specific balance change to my account. Ecash mint does not have the same level of insight.
reply
because in my example I have traded it away
No, you just used a custodian to receive and spend Bitcoin
How long the buyer had an "account" on the same custodian is irrelevant
In the case of WoS they have knowledge of the specific balance change to my account
No different than if you created a new WoS account every time you received, it's all meaningless ephemeral keys and the custodian still has all in/out data.
reply
No different than if you created a new WoS account every time you received, it's all meaningless ephemeral keys and the custodian still has all in/out data.
This is a good example. However, there is nothing in WoS that is similar to the bearer-ness of an ecash token.
My understanding of ecash is that when I give a token to someone else they have to return it to the mint and get issued a new one in order to ensure that I don't double spend them.
This would be akin to taking my WoS account, giving someone else the login info and then that person logging in and sweeping it to some account they control.
With ecash my understanding is that the mint doesn't see all the various tokens that are in existence. Whereas in WoS they always see all balances.
It seems to me that it is possible to trade ecash tokens to someone else without the mint knowing such a trade has happened. More difficult with WoS.
You seem to be missing the fact that the mint doesn't have any kind of sense for who has what token.
If I deposit 32 sats via lightning, the mint gives me an IOU for 32 sats. This IOU is mumble mumble some kind of random string mumble mumble that is signed by the mint but without the mint being able to see the random string. The mint signs it with its 32-sat key. Then I give this token to the merchant and the merchant presents the signed string to the mint and asks for sats to be sent via lightning in exchange (or simply for a new token to be created).
There may be rare cases where someone wants to trade for your account on a server, it allows for that without a database entry
This argument is actually nonsense: if you're willing to phrase it like that then "Bitcoin is actually an account system where people exchange between each other the ability to exchange in the future some accounts". Moreover, there are no "accounts" in ecash. What the actual heck...
It does not make Bitcoin transactions more private
Ecash makes CUSTODIANS less invasive with respect to their users, nobody ever talked about "private bitcoin transactions" because there are no bitcoin transactions in ecash systems.
It does not make Bitcoin transactions more private, the mint still sees everything in and out.
This argument is actually nonsense: the mint only knows that someone requested some ecash tokens, does not know the tokens and does not know the person that requested that. can you prove that "the mint still sees everything?" If you can, please do it and submit a paper to some cryptograpy mailinglist proving it. If you cannot prove that the blinding is broken, don't say it.
The buzz around ECash isn't excitement over Uncle Jims, there's already better tools for that
Okay, if there are better tools to make users private in purely custodial systems then please name them. Can you name a few? Don't say "not using custodians" because that's not the point.
It isn't about privacy, because that's a lie
Where's the lie? Too easy to say it like that. Please, point to the lie.
government-scale ECash mints
These actually already exist and have pretty much infinite funding by damn fiat printers shitcoiners. Look at GNU Taler, that is a project of the EU Commission and YES, it is a fucking shitshow and shithole for privacy. If Fiat shitcoiners of the banking system would use fedimint or cashu as their ecash protocols for custodians the world would be in a much better place. Period.
Again, don't say "everyone shall be self custoding" because people just do not do it. Period. You can dream that but it's not happening. Thus we must ALSO make improvements on the custodian systems.
I don't agree with people that custodians are the way, but they are just here and they fucking sucks, so we're better off if a tiny tiny tiny group of developers is working on an alternative. That's not like "Core is pivoting to custodial", that's a bunch of devs doing very good implementations of a cryptographic system that certainly will improve custodians and, in the future, may help us to make better tools for bitcoin sovreign products.
As a remark, I just remind you that Wasabi uses blinded signatures for their coordinator...that's a good usage of that cryptographic fancy stuff that you dislike, innit?
Sorry for the rant.
reply
Bitcoin is actually an account system
An account with whom? ECash is literally an authentication token to a server (mint), your analogy sucks
nobody ever talked about "private bitcoin transactions"
That's literally what all the spooks and scammers are selling it as, but even for people that acknowledge its just about obfuscating accounts from the custodian that doesn't hold up for a number of reasons I outlined elsewhere in this thread
does not know the person that requested that
Yea and how is that any different than any other non-KYC key? You're still trusting the mint to not use key-tweaking and second stage hueristics, you also are implying a large anon-set such as an institution like the US Treasury, which is all this trash is good for
Fiat shitcoiners of the banking system would use fedimint or cashu as their ecash protocols for custodians the world would be in a much better place
No it wouldn't. There are valid cases for free-banking or state banking as opposed to central banking, but ECash doesn't add any particular benefit to those models. It's just LARP tech
Custody should be local, as in family level, not institutional.
Wasabi uses blinded signatures
Another centralized trash privacy LARP, pitty the fool who used that or Samourai or that thinking they were being private. You get the honeypot you deserve.
reply
A gift card is not an "account", thus ecash is not an account. Analogy may be a bit too squeezed but that's the point. The fact that
custody should be local, as in family level, not institutional.
is just a dream of yours, even though I agree with it. People just trust institutions, people just trust big custodians. That's the reality.
We need to procede the innovation for non custodial tools, but understand that people will always ALSO use custodians. Again, we look at the world from our naive perspective...who is actually going to open an LN node and mess with liquidity and onchain fees and balancing? Very few. The others will use "self-custodial-trust-minimized" LN wallets, which means that they'll be trapped into the need of buying services from an LSP.
LSPs will be institutionalized. I don't like it, but that's the reality. LSPs are just companies that run a liquidity-provider business for sats, regulators are going to catch them...at least the big ones and anyone that will became big enough. If using Wasabi was a foolish error from LARPers because you consider it an honeypot, what do you thing will be the fate of LSPs? They have big targets on their backs.
All this rant is to say that our push for decentralization is a need that we have as a community to make bitcoin actually usable without breaking it's properties, but the majority of people will not accept some tradeoffs that we are willing to accept. If they want to use custodians that's their business and their money, but if we have a tool to make privacy for custodians slightly better, why shouldn't we?
Yea and how is that any different than any other non-KYC key? You're still trusting the mint to not use key-tweaking and second stage hueristics, you also are implying a large anon-set such as an institution like the US Treasury, which is all this trash is good for
These issues are still better than plain text transaction logs of users, that are what custodians can see as of now.
There are valid cases for free-banking or state banking as opposed to central banking, but ECash doesn't add any particular benefit to those models.
Free banking is basically having reserves of amount X and giving out banknotes/promises for the X amount. What's the difference between this system and, say, an ecash mint? In the past examples of free banking (all dating back decades ago) there were banknotes, now we don't have banknotes anymore. How are you going to substitute banknotes in the digital realm? I guess that ecash adds some particular benefits to that ancient cash-based model.
Yes. The best thing out there is Bitcoin and self custody. How is the public dealing with it? Leaving coins in centralized platforms. What can we do? Build better tools for self custody and, in the meantime, make the fools using custodians a bit more private (if a custodian is ever going to using it, btw).
reply
A gift card is not an "account"
Yes it is
People just trust institutions
That doesnt justify affinity scamming ECash with Bitcoin, it doesnt even make better custodians... that narrative is just a scam
mess with liquidity and onchain fees and balancing
That's already automated even in shitwallet like mobile apps, also doesn't need to be everyone... a custodian of 100 or so extended family members is absolutely achievable
LSPs will be institutionalized
Wrong again, bootstrap peers will displace LSP's using nostr as a social graph and marketplace
Also your projection has nothing to do with whether or not ECash is a scam. Cope harder
still better than plain text transaction logs of users
In your imagination, but they are effectively the exact same. The cryptographic theater doesn't change the fact a custodian has countless ways, both known and unknown, to gain insights
By portraying ECash as better, you're lying yourself right into another trap... ECash is the real rat poison
What's the difference between this system and, say, an ecash mint?
An ECash mint can be used in free banking, that does not mean it's inherently free banking
banknotes
ECash is exactly like banknotes, that's the scam... it'll be used by the US Treasury and capture Bitcoin just like the central banks used notes to capture Gold
Centralization will always trend this way, hense decentralization is paramount above all else.. and that ain't aligned with ECash
What can we do? Build better tools for self custody
Yea, not ECash
ECASH IS LESS PRIVATE NOT MORE
reply
Is it "inherently custodial"? If the mint turns off its servers, everyone's ecash from the mint is gone. I don't think this is the standard definition of custody.
The mint can indeed stop me from trading my ecash or even from the ecash existing at all, but only on the condition that the mint commits suicide.
This is a different trade off than typical custodians where the custodian can interfere with a specific user.
reply
You remain with a nice useless gift card that you cannot redeem anywhere. Minter remain with your sats. That is pure rugpull definition. ecash are gift cards, that's all.
reply
It's true that the mint can rug or even just be dishonest like fiat banks. But unlike a fiat bank or a custodial wallet, a mint can't target a specific user.
reply
Wrong, the server has several ways it could target a user
And wtf would you use a custodian you're worried about being targeted by?
reply
Name two of those alleged ways.
reply
It's elsewhere in the thread already had you bothered to read before opining, but ill do you the courtesy and add some others
Key Tweaking/Tainted rounds Pattern Matching/Behavioral/Heuristics Destination Blacklists Behavioral Analysis Metadata/Network Spending Limits and Controls Side-Channel Attacks Fee Manipulation
If you think shitcoins somehow move the trust gradient of a custodian, it's time to get a clue
reply
Key Tweaking/Tainted rounds
Hmm, that's a fair point. Is anybody here familiar enough with the Cashu or Fedimint protocols to say whether or not this is a concern?
Pattern Matching/Behavioral/Heuristics
How so? All the mint ever knows is that someone is redeeming one token in exchange for another or in exchange for the payment of a lightning invoice.
Destination Blacklists
In this case, someone else could run a gateway connected to the same mint.
Spending Limits and Controls
This is only possible for outgoing lightning, AFAICT. Internally, the only thing that happens is trading one token for another. This could be limited, though.
Side-Channel Attacks
Not sure what they are.
Fee Manipulation
Again, only a problem when exchanging to lightning.
I'm not saying that ecash is trustless, but it's better than custodial lightning wallets.
You're effectively saying your coinbase account is non-custodial because there's a cookie in your browser
The mint can use any number of heuristics to programmatically block a specific redemption
Put down the kool-aid, it's a scam dude
reply
Did you read the Wallet of Satoshi example? There is a difference in trade offs between database entry and ecash from a mint.
The mint can use any number of heuristics to programmatically block a specific redemption
I'll accept this could be the case, but heuristics don't sound like a sure thing.
Do you at least acknowledge that an ecash mint can only rug if they rug all users at once, whereas something like coinbase of WoS can rug one specific user if they like?
reply
Yes and it demonstrates you have no idea how any of this works.
The trust level is the same, the privacy benefits are illusory.
Do you at least acknowledge that an ecash mint can only rug if they rug all users at once
No, that's retarded you would even think that. The gateway can execute any logic it wants.
reply
Rugging has nothing to do with the gateway. Mints can rug. Gateways just choose to act as a gateway or don't. They have no effect on whether I continue to hold the ecash.
You say you are stating facts:
The trust level is the same, the privacy benefits are illusory.
This is your opinion. Demonstrate it with an example or something. Or discuss it further. Just saying it isn't fact.
reply
From your OP
I trust WoS to update a spreadsheet they have that credits those sats to my account
do some fancy math to issue an ecash token
Before I make assumptions about what you are implying here, are you suggesting that Sats to ECash is less trusted than Sats to SQL Record?
reply
No, I'm suggesting it results in different levels of visibility into the transactions that happen within the mint versus those that happen within the SQL database.
When you give your money to a bank, they are custodying your money. They're not giving you something in exchange for your money.
Banks don't custody your money, they give you bank credit (/bank tokens) in exchange for your money. Because society has been psyoped by bankers&state to accept bank credit as if it were money. During financial panics people find out very quickly they are not the same thing.
reply
That's a good point. Can we say that fully reserved banks custody money?
I use the bank analogy because I've heard folks compare ecash mints to a free banking system.
reply
It makes the analogy more accurate I think. Original DigiCash was made to be used by banks.
reply
I’m bullish on fedimint and Liquid
reply
17 sats \ 1 reply \ @om 29 May 2024
Here's where I would draw the line between custody and a pegged token: if the pegged token is (or is supposed to be) backed up 1:1 by locking the underlying token, it's custody, otherwise just a peg. For example, USDT and USDC are custodial, but DAI and stablesats are just pegged.
So I would consider ecash and Liquid to be custodial.
This is absurd to me. Bitcoin's value proposition is censorship resistance.
If you want to sell pupusas for Bitcoin but you don't have any Bitcoin to begin with, you can't pay for a LN channel. So you either buy some L1 Bitcoin or sell pupusas for ecash until you can pay for a sovereign LN channel. It's not obvious that the former way is more censorship resistant than the latter. It depends on the availability of KYC-free exchange opportunities.
reply
mmmmm... pupusas
reply
Unless there is a community of interconnected minters as big and as decentralized as the bitcoin network, accepting ecash is risky in my opinon.
reply
It all comes down to trade offs.
Accepting zero conf bitcoin transactions is risky, but if you're a merchant maybe the risk is worth it to keep your customers happy.
Using a custodial LN wallet is very risky, but keeping a couple thousand sats in one for ease of zapping might be worth it.
Ecash clearly carries risks. You are trading away your bitcoin to get it. The question being worked on is will it be worth the risk.
reply
Yes, risk assesment is key. Anything "hosted" has risk of being taken down by the government. Maybe if something like bisq could be used to trade ecash or any p2p app with no central server.
reply
Great recap. Thanks
reply
Not for nothing but i just used a self hosted instance of Mutiny wallet, deposited some sats into a federation and used that ecash or eSATS to buy a cold stone ice cream gift card for my little one.
reply
Great post that generate intriguing comments, but if I may ask, what is the summary to a lay man understanding?
reply
If I deposit 32 sats via lightning, the mint gives me an IOU for 32 sats. This IOU is mumble mumble some kind of random string mumble mumble that is signed by the mint but without the mint being able to see the random string. The mint signs it with its 32-sat key. Then I give this token to the merchant and the merchant presents the signed string to the mint and asks for sats to be sent via lightning in exchange (or simply for a new token to be created).
reply
OK, more like a layman, thanks.
reply
"But I cannot turn the tokens into sats unless I convince someone to trade with me (my ecash tokens for their sats)."
you can just create a lightning invoice and pay yourself