1526 sats \ 112 replies \ @justin_shocknet 28 May \ on: Why can't you buy ecash from a Cashu mint? bitcoin
ECash is an authentication scheme, not a currency.
Bitcoiners associating it with Bitcoin are scammers and it is a shitcoin they are selling you.
It has a single use-case, authenticating you to a server.
There may be rare cases where someone wants to trade for your account on a server, it allows for that without a database entry.
This does not make it an asset unto itself. It is inherently custodial, because its just a server credential. There is no peg, just a promise for something, could be anything or nothing.
It does not make Bitcoin transactions more private, the mint still sees everything in and out. Scammers cast diversions from this fact because large mints are bad for network privacy and small mints have no anonset.
It is not a programming layer or anything else beyond what SQL is, applications are inherently centralized and trusted.
The buzz around ECash isn't excitement over Uncle Jims, there's already better tools for that.
It isn't about privacy, because that's a lie.
It's astroturf by well-funded spooks to prepare you for the government-scale ECash mints, which needs a new payment spec because Lightning's native Bolt11 won't transact shitcoins.
@justin_shocknet's point about the mint being able to deanonymize you by giving you a messed up key seems to be correct.
reply
Here is @calle's response:
reply
exactly!
reply
It does not make Bitcoin transactions more private large mints are bad for network privacy and small mints have no anonset.
This is a good insight that is easy to miss
reply
I don't agree with you. Anything that is pegged to another asset involves trust. A peg is always a promise of something. This doesn't mean it is useless.
If people are willing to believe in the value of a given mint's tokens, a lot if useful properties emerge.
I also disagree that it fails to make bitcoin transactions more private.
Say I sell a poster to some one for a set amount of ecash. Presumably they got the ecash by giving the mint some sats. If I then exit through a lightning gateway to my own LN channel, the mint has no way of associating the LN channel with me or even with the person who originally got the ecash from the mint.
I expect ecash to become an important part of how money works, especially if it can use bitcoin to help it work.
reply
I don't agree with you
You're free to be wrong, I'm stating fact not opinion.
Anything that is pegged to another asset involves trust
No, peg in these cryptographic contexts implies atomocity.
If people are willing to believe in the value of a given mint's tokens, a lot if useful properties emerge.
People value Microstrategy tokens and the US Treasury tokens, one is speculative that it outperforms Bitcoin and the other is by decree. ECash has no such properties
mint has no way of associating the LN channel
The mint received sats and sent sats, ECash didn't obviate that. Nothing about the Bitcoin TX became more private. Maybe you didn't have an KYC/EMAIL REGISTERED ACCOUNT with the custodian, but who's to say you would have without ECash, could have done the same with an ephemeral nostr key or even a json webtoken... ECash is just theatrics.
I expect ecash to become an important part of how DEBT works
ftfy but agree with the sentiment, international bankers are good at remaining influential even through periods of sovereign-state banking
reply
the mint received sats and sent sats, ecash didn't obviate that.
If the mint only has one user I could see your point. In my example the mint has more than one user: me and the person buying from me. Explain how privacy is not achieved here? The point is that the mint, nor anyone watching the bitoin chain can be sure if the sats that came out belong to me or to the purchaser. This is privacy.
reply
The Bitcoin transaction is where it came from and where it went, your IOU is not a Bitcoin transaction
Compare now to if you were using Wallet of Satoshi, what privacy was gained? Nothing
reply
My IOU doesn't enter into the equation, because in my example I have traded it away. The end state of the example is that I control sats that used to be controlled by someone else and there is no on chain record that can be linked to me.
In the case of WoS they have knowledge of the specific balance change to my account. Ecash mint does not have the same level of insight.
reply
because in my example I have traded it away
No, you just used a custodian to receive and spend Bitcoin
How long the buyer had an "account" on the same custodian is irrelevant
In the case of WoS they have knowledge of the specific balance change to my account
No different than if you created a new WoS account every time you received, it's all meaningless ephemeral keys and the custodian still has all in/out data.
reply
No different than if you created a new WoS account every time you received, it's all meaningless ephemeral keys and the custodian still has all in/out data.
This is a good example. However, there is nothing in WoS that is similar to the bearer-ness of an ecash token.
My understanding of ecash is that when I give a token to someone else they have to return it to the mint and get issued a new one in order to ensure that I don't double spend them.
This would be akin to taking my WoS account, giving someone else the login info and then that person logging in and sweeping it to some account they control.
With ecash my understanding is that the mint doesn't see all the various tokens that are in existence. Whereas in WoS they always see all balances.
It seems to me that it is possible to trade ecash tokens to someone else without the mint knowing such a trade has happened. More difficult with WoS.
reply
a JWT is literally a bearer token
transferring value from one JWT to another would require a DB tx, with ECash it requires a new signature
There's some added obfuscation by not using the DB, but thats only internally, and its not particularly useful relative to other method non-KYC custodians like WoS use... and you're left arguing the point that the usecase is large custodians, like the US Treasury or Coinbase
This means nothing for Bitcoin
You seem to be missing the fact that the mint doesn't have any kind of sense for who has what token.
If I deposit 32 sats via lightning, the mint gives me an IOU for 32 sats. This IOU is mumble mumble some kind of random string mumble mumble that is signed by the mint but without the mint being able to see the random string. The mint signs it with its 32-sat key. Then I give this token to the merchant and the merchant presents the signed string to the mint and asks for sats to be sent via lightning in exchange (or simply for a new token to be created).
reply
That's not only not true it's pointless, why use a custodian you're worried about being targeted by?
The server can key tweak it use countless other 2nd stage heuristics.. or simply not issue tokens after deposit
If that's your usecase it's pathetic
There may be rare cases where someone wants to trade for your account on a server, it allows for that without a database entry
This argument is actually nonsense: if you're willing to phrase it like that then "Bitcoin is actually an account system where people exchange between each other the ability to exchange in the future some accounts".
Moreover, there are no "accounts" in ecash. What the actual heck...
It does not make Bitcoin transactions more private
Ecash makes CUSTODIANS less invasive with respect to their users, nobody ever talked about "private bitcoin transactions" because there are no bitcoin transactions in ecash systems.
It does not make Bitcoin transactions more private, the mint still sees everything in and out.
This argument is actually nonsense: the mint only knows that someone requested some ecash tokens, does not know the tokens and does not know the person that requested that. can you prove that "the mint still sees everything?" If you can, please do it and submit a paper to some cryptograpy mailinglist proving it. If you cannot prove that the blinding is broken, don't say it.
The buzz around ECash isn't excitement over Uncle Jims, there's already better tools for that
Okay, if there are better tools to make users private in purely custodial systems then please name them. Can you name a few? Don't say "not using custodians" because that's not the point.
It isn't about privacy, because that's a lie
Where's the lie? Too easy to say it like that. Please, point to the lie.
government-scale ECash mints
These actually already exist and have pretty much infinite funding by damn fiat printers shitcoiners. Look at GNU Taler, that is a project of the EU Commission and YES, it is a fucking shitshow and shithole for privacy. If Fiat shitcoiners of the banking system would use fedimint or cashu as their ecash protocols for custodians the world would be in a much better place. Period.
Again, don't say "everyone shall be self custoding" because people just do not do it. Period. You can dream that but it's not happening. Thus we must ALSO make improvements on the custodian systems.
I don't agree with people that custodians are the way, but they are just here and they fucking sucks, so we're better off if a tiny tiny tiny group of developers is working on an alternative. That's not like "Core is pivoting to custodial", that's a bunch of devs doing very good implementations of a cryptographic system that certainly will improve custodians and, in the future, may help us to make better tools for bitcoin sovreign products.
As a remark, I just remind you that Wasabi uses blinded signatures for their coordinator...that's a good usage of that cryptographic fancy stuff that you dislike, innit?
Sorry for the rant.
reply
Bitcoin is actually an account system
An account with whom? ECash is literally an authentication token to a server (mint), your analogy sucks
nobody ever talked about "private bitcoin transactions"
That's literally what all the spooks and scammers are selling it as, but even for people that acknowledge its just about obfuscating accounts from the custodian that doesn't hold up for a number of reasons I outlined elsewhere in this thread
does not know the person that requested that
Yea and how is that any different than any other non-KYC key? You're still trusting the mint to not use key-tweaking and second stage hueristics, you also are implying a large anon-set such as an institution like the US Treasury, which is all this trash is good for
Fiat shitcoiners of the banking system would use fedimint or cashu as their ecash protocols for custodians the world would be in a much better place
No it wouldn't. There are valid cases for free-banking or state banking as opposed to central banking, but ECash doesn't add any particular benefit to those models. It's just LARP tech
Custody should be local, as in family level, not institutional.
Wasabi uses blinded signatures
Another centralized trash privacy LARP, pitty the fool who used that or Samourai or that thinking they were being private. You get the honeypot you deserve.
reply
A gift card is not an "account", thus ecash is not an account. Analogy may be a bit too squeezed but that's the point.
The fact that
custody should be local, as in family level, not institutional.
is just a dream of yours, even though I agree with it. People just trust institutions, people just trust big custodians. That's the reality.
We need to procede the innovation for non custodial tools, but understand that people will always ALSO use custodians. Again, we look at the world from our naive perspective...who is actually going to open an LN node and mess with liquidity and onchain fees and balancing? Very few. The others will use "self-custodial-trust-minimized" LN wallets, which means that they'll be trapped into the need of buying services from an LSP.
LSPs will be institutionalized. I don't like it, but that's the reality. LSPs are just companies that run a liquidity-provider business for sats, regulators are going to catch them...at least the big ones and anyone that will became big enough. If using Wasabi was a foolish error from LARPers because you consider it an honeypot, what do you thing will be the fate of LSPs? They have big targets on their backs.
All this rant is to say that our push for decentralization is a need that we have as a community to make bitcoin actually usable without breaking it's properties, but the majority of people will not accept some tradeoffs that we are willing to accept. If they want to use custodians that's their business and their money, but if we have a tool to make privacy for custodians slightly better, why shouldn't we?
Yea and how is that any different than any other non-KYC key? You're still trusting the mint to not use key-tweaking and second stage hueristics, you also are implying a large anon-set such as an institution like the US Treasury, which is all this trash is good for
These issues are still better than plain text transaction logs of users, that are what custodians can see as of now.
There are valid cases for free-banking or state banking as opposed to central banking, but ECash doesn't add any particular benefit to those models.
Free banking is basically having reserves of amount X and giving out banknotes/promises for the X amount. What's the difference between this system and, say, an ecash mint? In the past examples of free banking (all dating back decades ago) there were banknotes, now we don't have banknotes anymore. How are you going to substitute banknotes in the digital realm? I guess that ecash adds some particular benefits to that ancient cash-based model.
Yes. The best thing out there is Bitcoin and self custody. How is the public dealing with it? Leaving coins in centralized platforms. What can we do? Build better tools for self custody and, in the meantime, make the fools using custodians a bit more private (if a custodian is ever going to using it, btw).
reply
A gift card is not an "account"
Yes it is
People just trust institutions
That doesnt justify affinity scamming ECash with Bitcoin, it doesnt even make better custodians... that narrative is just a scam
mess with liquidity and onchain fees and balancing
That's already automated even in shitwallet like mobile apps, also doesn't need to be everyone... a custodian of 100 or so extended family members is absolutely achievable
LSPs will be institutionalized
Wrong again, bootstrap peers will displace LSP's using nostr as a social graph and marketplace
Also your projection has nothing to do with whether or not ECash is a scam. Cope harder
still better than plain text transaction logs of users
In your imagination, but they are effectively the exact same. The cryptographic theater doesn't change the fact a custodian has countless ways, both known and unknown, to gain insights
By portraying ECash as better, you're lying yourself right into another trap... ECash is the real rat poison
What's the difference between this system and, say, an ecash mint?
An ECash mint can be used in free banking, that does not mean it's inherently free banking
banknotes
ECash is exactly like banknotes, that's the scam... it'll be used by the US Treasury and capture Bitcoin just like the central banks used notes to capture Gold
Centralization will always trend this way, hense decentralization is paramount above all else.. and that ain't aligned with ECash
What can we do? Build better tools for self custody
Yea, not ECash
ECASH IS LESS PRIVATE NOT MORE
reply
Is it "inherently custodial"? If the mint turns off its servers, everyone's ecash from the mint is gone. I don't think this is the standard definition of custody.
The mint can indeed stop me from trading my ecash or even from the ecash existing at all, but only on the condition that the mint commits suicide.
This is a different trade off than typical custodians where the custodian can interfere with a specific user.
reply
You remain with a nice useless gift card that you cannot redeem anywhere.
Minter remain with your sats.
That is pure rugpull definition.
ecash are gift cards, that's all.
reply
It's true that the mint can rug or even just be dishonest like fiat banks. But unlike a fiat bank or a custodial wallet, a mint can't target a specific user.
reply
Wrong, the server has several ways it could target a user
And wtf would you use a custodian you're worried about being targeted by?
reply
Name two of those alleged ways.
reply
It's elsewhere in the thread already had you bothered to read before opining, but ill do you the courtesy and add some others
Key Tweaking/Tainted rounds
Pattern Matching/Behavioral/Heuristics
Destination Blacklists
Behavioral Analysis
Metadata/Network
Spending Limits and Controls
Side-Channel Attacks
Fee Manipulation
If you think shitcoins somehow move the trust gradient of a custodian, it's time to get a clue
reply
Key Tweaking/Tainted rounds
Hmm, that's a fair point. Is anybody here familiar enough with the Cashu or Fedimint protocols to say whether or not this is a concern?
Pattern Matching/Behavioral/Heuristics
How so? All the mint ever knows is that someone is redeeming one token in exchange for another or in exchange for the payment of a lightning invoice.
Destination Blacklists
In this case, someone else could run a gateway connected to the same mint.
Spending Limits and Controls
This is only possible for outgoing lightning, AFAICT. Internally, the only thing that happens is trading one token for another. This could be limited, though.
Side-Channel Attacks
Not sure what they are.
Fee Manipulation
Again, only a problem when exchanging to lightning.
I'm not saying that ecash is trustless, but it's better than custodial lightning wallets.
reply
Is anybody here familiar enough
No, the implementations are all larps borrowing open libraries they don't understand
in exchange for the payment of a lightning invoice
Ingest of that invoice requires other metadata
someone else could run a gateway connected to the same mint
The mint is the chokepoint, daisy chaining them just makes it worse
This is only possible for outgoing lightning
No shit, what else are the shitcoins good for?
Not sure what they are.
ECash relies on ignorance to proliferate
it's better than custodial lightning wallets
No it isn't, it is custodial completely, with worse overhead, and is an attack on Lightning's network effect as a payment spec
You're effectively saying your coinbase account is non-custodial because there's a cookie in your browser
The mint can use any number of heuristics to programmatically block a specific redemption
Put down the kool-aid, it's a scam dude
reply
Did you read the Wallet of Satoshi example? There is a difference in trade offs between database entry and ecash from a mint.
The mint can use any number of heuristics to programmatically block a specific redemption
I'll accept this could be the case, but heuristics don't sound like a sure thing.
Do you at least acknowledge that an ecash mint can only rug if they rug all users at once, whereas something like coinbase of WoS can rug one specific user if they like?
reply
Yes and it demonstrates you have no idea how any of this works.
The trust level is the same, the privacy benefits are illusory.
Do you at least acknowledge that an ecash mint can only rug if they rug all users at once
No, that's retarded you would even think that. The gateway can execute any logic it wants.
reply
Rugging has nothing to do with the gateway. Mints can rug. Gateways just choose to act as a gateway or don't. They have no effect on whether I continue to hold the ecash.
You say you are stating facts:
The trust level is the same, the privacy benefits are illusory.
This is your opinion. Demonstrate it with an example or something. Or discuss it further. Just saying it isn't fact.
reply
From your OP
I trust WoS to update a spreadsheet they have that credits those sats to my account
do some fancy math to issue an ecash token
Before I make assumptions about what you are implying here, are you suggesting that Sats to ECash is less trusted than Sats to SQL Record?
reply
No, I'm suggesting it results in different levels of visibility into the transactions that happen within the mint versus those that happen within the SQL database.
reply
within the mint
That's not Bitcoin
Also WoS is just anonymous keys anyway so the benefit is a farce