My latest invention is StatechainJS:
Basically it's like ecash but if the operator goes down you can recover your sats. Being like ecash means transfers are fast & free, but the operator can rob you, so be careful! Try it here: https://github.com/supertestnet/statechainjs
It didn't occur to me until today but statechains have one very meaningful privacy advantage over ecash, which is this: an ecash mint can do "shotgun kyc" on its users by telling them, "I will not permit any more transfers or withdrawals unless you first submit your identification documents at this website <insert_chainalysis.com_equivalent_here>."
But if a statechain operator tried that, users could laugh in his face and use their already-signed unilateral withdrawal transactions to leave him behind forever. Protection from "shotgun kyc" seems to give statechains yet another advantage over ecash mints: you can leave without the operator's help, and you can dodge privacy invasions better than you can with ecash. Statechains FTW!
reply
21 sats \ 1 reply \ @random_ 23 Jul
the operator can rob you
I'm confused. How can this statement be compatible with your comment?
Edit: Nevermind. I see the other comments.
reply
For the sake of those who didn't see the other comments, let me elaborate:
Unlike ecash mints, which have full custody of your money, the only way a statechain operator can rob you is through a doublespend -- they can help someone "take back" money that they sent you. But if some authority figure demanded that a statechain operator confiscate coins from folks who don't kyc, they cannot help with that except if they first prepared a doublespend attack on every user.
Imagine this unlikely scenario: a government sleeper agent wants statechain user Ahmed to do kyc. The sleeper agent prepares to send a coin to Ahmed, but before doing so he convinces (or strong arms) the operator to setup a doublespend scenario. Namely, the sleeper agent modifies his software before sending his coin to Ahmed so that he can keep its private key after sending it. He also makes the statechain operator modify their software too to keep their private key. Then he sends Ahmed the coin. In this circumstance, the sleeper agent could threaten Ahmed to either do shotgun kyc or face the consequence: the sleeper agent will confiscate that one single coin. But that would be super weird, why would the government go through all the trouble of setting up a scenario where they can doublespend one suspect when they could just never send that person money in the first place? And would they really have the means to prepare and carry out that attack on every single user?
I don't think that scenario is realistic, so statechain users are almost entirely immune from the threat of shotgun kyc, whereas ecash users are not. Since it's impractical for an operator to steal (except via a doublespend), they also can't make the threat "I will steal your coins unless you do kyc!" which is all shotgun kyc really is.
reply
Interesting twitter thread about this:
[sounds like] the coordinator would see the history of all transactions, since the private keys are not blinded like ecash tokens. Of course you can use a new key for each coin, but you could still be identified by IP address.
"the coordinator would see the history of all transactions, since the private keys are not blinded like ecash tokens"
The coordinator does not see the transactions he is signing. You give him something called a "sighash," which means you hash the tx and have him sign that hash. Consequently, he signs the hash "blindly," i.e. without knowing the preimage, and thus he cannot see the history of the transactions.
"Of course you can use a new key for each coin"
I do
"but you could still be identified by IP address"
The operator does not see your ip address because you communicate with him using nostr dms, and you use a different nostr key for every message
reply
Interesting thread from the cashu telegram channel about this:
Heidi says... so the operator can "rob you but not rug you"?
Super says... Rugging = robbing. The operator can help someone doublespend their money, which is a form of robbing/rugging one of the would-be recipients. You simply have to trust them not to rob you via that method, just like an ecash mint. The nice thing is, if the operator merely shuts down, no one loses their money -- which is an improvement over ecash imo
Jeroen says... How does that work? Did not watch the full video yet so if it's explained i'll find it out later.
Super says...
  • users "refresh" their coins every time they receive money, just like with ecash
  • during that refresh, the operator signs a timelocked withdrawal transaction for that user
  • if the operator ever goes down, the user can broadcast that transaction when the timelock expires to recover their funds
  • to stop "prior holders" from broadcasting the txs he signed for them, decrementing timelocks are used: each "new" holder has a smaller "wait time" than prior holders, ensuring the latest holder can withdraw first
E says... This is also significant because it can be argued that the operator is not really a custodian. If the operator disappears, the user has custody. It makes it less risks because if you have a catastopic hardware issue, no users will be terrible upset with you they will just be annoyed they have to fall back to onchain. Is this correct?
Super says... I agree with everything except this: if someone did argue that "the operator is not really a custodian," I would reply that you can never know this for sure. Each coin is held in a 2 of 2 multisig and the operator is "supposed to" only have 1 key, but you don't know the history of the coins you received. If the operator deposited those coins onto his own statechain, or if someone ever sent them to him, or if a prior holder of the coins colludes with him, then he could easily have both keys. But in theory -- if he's an honest operator and uses the software as I wrote it -- then he never has more than 1 key so he is never more than a "collaborative" custodian
reply
I'm cross posting a question I received on nostr because I think it's interesting.
This would have to be used for higher amounts correct? As you at some point you might want to consolidate those UTXOs to basechain. I would not think you can make payments for 5 dollar values then right?
Since the last holder of the coins has to create one or possibly two base layer transactions to withdraw them, I don't think it makes much sense to create statechain utxos with a value lower than the cost of two transaction fees. And let's suppose transaction fees are $5 apiece. You might think "ok then the minimum value of a statechain utxo should be $10." But that would mean half the utxo gets consumed as fees (assuming a cooperative withdrawal) or up to the entire thing (if he has to do a unilateral withdrawal). If you want to keep 99% of your money (or 98% in case of a unilateral withdrawal) then the minimum reasonable size of a statechain utxo is $500, that way you'll still have $495 in case of a cooperative withdrawal (99% of $500) or $490 in case of a unilateral withdrawal (98% of $500).
"I would not think you can make payments for 5 dollar values then right?"
Under these assumptions, that sounds like a reasonable conclusion. Of course, right now, transaction fees are only like 50 cents or less, so utxos as small as $50 make good economic sense for now.
reply
StatechainJS: fast & free bitcoin transactions -- like ecash but a bit safer
Are statechains more safer than ecash? Or, you mean it otherwise.
reply
They are safer than ecash because this can't happen:
That mint operator took over 800k sats with him when he shut down his mint. Those users got rugged. If this had been a statechain, those users would probably still have their money because you can withdraw from a statechain even if the operator disappears
reply
150 sats \ 0 replies \ @ek 23 Jul
800k sats is a lot and 5 days aren’t much. I hope this was also announced on nostr earlier.
reply
100 sats \ 1 reply \ @grayruby 23 Jul
We learn so much from you super. Thanks for all you do.
reply
You're very welcome!
reply
They overdid it a bit and made some chemicals that are not what you want to use.
reply
I have some issues when testing this out. After I add the operators nprofile nothing happens?
reply
The errors I see in your console aren't very detailed but as a stab in the dark, they remind me of ones I got by running an operator and a user in the same browser, not in incognito mode. Try entering this into your console to clear your cookies: localStorage.clear(); location.reload();
Then make sure you only run the operator in an incognito window and the user only in a normal window. That should fix it unless something else is the problem.
reply
Thanks ST seems my crappy is struggling but its working. Hows does one run it on mainnet?
reply
I do not recommend it, you will probably lose all your money. If you want to use a statechain on mainnet I recommend mercurylayer.com which is actually built for mainnet usage. But if you run statechainjs.network="mainnet" I think that's all you need to change
reply
Thank you for building statechainjs 🙏
reply
You are very welcome! Thank you for building joinstr and that new privacy focused funding thingy
reply
Public Goods: These are things everyone can use, like a beautiful sunset or a radio broadcast. When you enjoy them, it doesn’t stop others from doing the same. Free Rider Problem: People often don’t want to pay for public goods because they’ll benefit anyway. Imagine not paying for a radio program – you can still listen! Solutions: Entrepreneurs get creative. They mix good things (like the radio program) with less desirable things (like ads) to fund public goods. Punishment: Sometimes, we need rules. In communities, if everyone shirks their duties (like not hunting), there won’t be enough food. So, punishment encourages cooperation. Remember, public goods challenge our usual thinking, but we find ways to make them work! 🌟
reply
Thank @supertestnet! We learn a lot from you.
reply
You are very welcome, sir!
reply
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.