pull down to refresh

Interesting thread from the cashu telegram channel about this:
Heidi says... so the operator can "rob you but not rug you"?
Super says... Rugging = robbing. The operator can help someone doublespend their money, which is a form of robbing/rugging one of the would-be recipients. You simply have to trust them not to rob you via that method, just like an ecash mint. The nice thing is, if the operator merely shuts down, no one loses their money -- which is an improvement over ecash imo
Jeroen says... How does that work? Did not watch the full video yet so if it's explained i'll find it out later.
Super says...
  • users "refresh" their coins every time they receive money, just like with ecash
  • during that refresh, the operator signs a timelocked withdrawal transaction for that user
  • if the operator ever goes down, the user can broadcast that transaction when the timelock expires to recover their funds
  • to stop "prior holders" from broadcasting the txs he signed for them, decrementing timelocks are used: each "new" holder has a smaller "wait time" than prior holders, ensuring the latest holder can withdraw first
E says... This is also significant because it can be argued that the operator is not really a custodian. If the operator disappears, the user has custody. It makes it less risks because if you have a catastopic hardware issue, no users will be terrible upset with you they will just be annoyed they have to fall back to onchain. Is this correct?
Super says... I agree with everything except this: if someone did argue that "the operator is not really a custodian," I would reply that you can never know this for sure. Each coin is held in a 2 of 2 multisig and the operator is "supposed to" only have 1 key, but you don't know the history of the coins you received. If the operator deposited those coins onto his own statechain, or if someone ever sent them to him, or if a prior holder of the coins colludes with him, then he could easily have both keys. But in theory -- if he's an honest operator and uses the software as I wrote it -- then he never has more than 1 key so he is never more than a "collaborative" custodian