Cryptocurrency

Cashu: Vision for a Bitcoin-based Ecash ecosystem

These days, eCash has become an unavoidable topic. In a climate of debate about almost every proposal floating around these days, ecash stands out as a protocol that can be deployed today with or without changing the Bitcoin protocol.

The ability to deploy an application or protocol without relying on changes to Bitcoin is incredibly valuable in the current environment, so it is no surprise that the Cashu ecash protocol is quickly starting to dominate the periphery. Adoption is starting to pick up on platforms like Nostr, and mint-to-mint settlement over the Lightning Network makes the Cashu wallet a viable alternative to the likes of the Satoshi wallet, which has an easy-to-use Lightning wallet.

Ecash is likely to become an increasingly popular part of the Bitcoin ecosystem, and Cashu in particular has seen tremendous success in encouraging multiple compatible implementations.

Cashu developers have comprehensive plans for an ecosystem built around the protocol to address some of the fundamental trust model issues of ecash as well as various use case-specific requirements. Let’s take a look at the vision of the Cashu ecosystem.

blind token

At the core of all ecash protocols is blind signing. This is a mechanism that allows a centralized entity to process electronic cash payments in a privacy-preserving manner.

To start, the user issuing the token must generate a random value. This is the actual Ecash token. Creating your own tokens ensures that they are safely in your possession and not in someone else’s possession. But that alone isn’t enough. Anyone can generate random values. The ecash mint operator must notarize the token with a signature.

The problem is that by looking at the token when they sign, they can tell who they signed for, and when someone else comes to use the token, they can tell who paid for it. To solve this problem, the user generates a second random value, a blinding factor, before having Mint notarize the token. The binding factor essentially multiplies the token value by the blind value.

The user then provides the blind token value to Mint for signing. This causes problems. Mint signed blind token values ​​rather than plain text values. Because of how blinding protocols and underlying cryptography work, it is possible to unblind a signature by first performing the reverse operation of blinding the token.

This leaves a valid signature for the token value in plain text, and when the token is redeemed, Mint will have no idea when, what, or for whom it was signed. It’s simply cash (get it?).

small regional mints

Cashu’s goal is to be a concise and lightweight protocol that is easy to implement, easy to integrate, and easy to deploy. Vision is an ecosystem of many tiny Mints running locally, all interconnected via the Lightning Network. Rather than focusing on large-scale mints with network effects that enable direct token transfers between users and encourage the concentration of huge amounts of Bitcoin in the hands of a few trusted counterparties, developers are seeking to create a much smaller value and localized operator. I envision it.

This allows users to trust those with whom they have closer relationships, and allows each user to rely on operators who are much closer to them in their social trust circle. Lightning makes this possible. This is because instead of having to convince everyone to receive tokens from your mint, you simply redeem them and allow them to receive tokens from their mint.

The strategy here is to try to rely on the reality of Dunbar’s number: the maximum number of people with whom someone can have a psychologically meaningful relationship or degree of trust.

Mint Discovery for Nostr

The new Nostr discovery protocol, which reflects the general idea of ​​encouraging a large number of mints in people’s circle of trust, is a large component in the long-term functioning of the Cashu ecosystem. Nostr is built on the idea that a user’s identity is tied to self-managed encryption keys, ensuring that no one but the user can broadcast messages based on their identity.

Nostr’s primary use case is currently social media. This, combined with key-based identity schemes, provides a strong foundation for a very old concept in cryptography: the Web of Trust. Cashu leverages this to allow users to discover mints that are available to them.

The Nostr key allows anyone with a Cashu wallet that supports this feature to find Mint and see what Mint people know, trust, and interact with. This forms a reputation system, allowing you to make more informed decisions about which Cashu mints to trust with your funds, rather than blindly guessing and hoping that your Cashu mints will not be lost at some point.

As more Mints come online and more people with Nostr IDs use them, this web of reputation trust will become more powerful. This should naturally filter out malicious or unknown mints and provide users with trustworthy and honest mint operators to choose from.

Using multiple Mints

The concept behind the Mint ecosystem, with its diverse range of choices for users, is a solid foundation for a market-based system of open and competitive options for users. But things could be much better. One user can use multiple Mints.

Users can spread their balances across multiple mints and utilize a variety of multi-path payments to initiate payments to a single destination over the Lightning Network with payment pieces originating from multiple mints with balances. This allows the counterparty risk of holding your funds with a custodian to be spread across multiple custodians without sacrificing the ability to seamlessly make payments to those who use mints different from yours.

This is made possible by Mints running custom software that allows Mints to only partially pay Lightning invoices, while allowing other Mints with funds to pay other parts of the invoice. A payment will be successful as long as each mint successfully delivers the payment to its final destination.

It is also possible to further customize Lightning nodes so that users can: receive Payment for several mints. If a Mint supports user wallets that generate pre-images to complete payments on Mint’s behalf, each mint used to receive funds can issue its own invoice where the receiving user controls the release of pre-images. As long as each participating mint receives the routed HTLC, users can publish preimages to all participants and successfully distribute the received funds across mints.

This plan can significantly reduce the risk of losing funds due to a single mint and, combined with the Nostr discovery protocol and associated web of trust, can significantly improve user security.

money programming

One of the most useful aspects of Cashu is the ability to program script functions into ecash tokens, in the same way that real Bitcoin ​​UTXOs can be locked by programs using Bitcoin ​​Script. Cashu tokens can encode script conditions before the mint blinds the tokens for notarization, and when redeemed later, the mint can refuse to redeem the tokens unless arbitrary script conditions are met.

Currently, Cashu has implemented a lock on public key scripts that require the signature of a specified public key to redeem tokens. This allows you to issue tokens that are locked and can only be redeemed by holders of specific private keys. Once a token is created with a public key lock, no one else can use it.

This can be used to enable secure payments even when the recipient is offline. Even if you don’t have an internet connection, verifying the mint’s signature as soon as you receive the token from the sender ensures that no one else can use it. You can safely accept it as a payment method, knowing that you can use it later at your convenience.

This introduces some complexity as the sender must lock the token in advance to a specific recipient if there is no internet connection at the time of spending. Considering that people often don’t know exactly how much they’re going to spend on something, the problem arises that they’re likely to allocate too much money with no way of getting it back if they don’t spend it.

But the script can support a lot of things, it can even create tokens that require the signature of a specific public key, or can be created by anyone after some time. Something similar to HTLC. The Cashu specification also defines the actual HTLC token script.

As more use cases become necessary over time, the script that allows people to lock their Cashu tokens can be arbitrarily expanded based on the needs of users and Mint operators. I expect this to be a very strong aspect of the protocol in the long term. It can support escrow services, multi-signature tokens, and a variety of arbitrary smart contracts. Cashu Mint can enforce all script conditions that Bitcoin can, and more.

big picture

People use janitors. This is what people have always done and will always use unmanaged solutions, regardless of how much flexibility they offer. It’s just a fact of life that some people are unable to take responsibility or do not want to deal with the complexities of self-custody.

Cashu aims to bring groundbreaking improvements for users of managed services. The way traditional managed services are designed can provide privacy, censorship resistance, and flexibility to users who don’t have access to these features.

The goal of the Cashu project is not to “scale Bitcoin” using custodians, but to provide an improved private system for users of custodial services. I think this is a laudable goal and has tremendous potential to greatly benefit these users in the long term.

Related Articles

Back to top button