Ecash is turning into an unavoidable subject lately. In a local weather of rivalry over just about each proposal floating round lately ecash stands out as a protocol that may be deployed at this time with none alterations or modifications to the Bitcoin protocol.
The flexibility to deploy an utility or protocol with out relying on modifications to Bitcoin is an extremely helpful factor within the present local weather, so it’s no shock that the Cashu ecash protocol is beginning to quickly take maintain on the fringes. Adoption is beginning to happen on platforms like Nostr, and inter-mint settlement throughout the Lightning Community makes Cashu wallets a viable various to issues like Pockets of Satoshi as straightforward to make use of Lightning wallets.
Ecash is probably going going to grow to be an more and more in style piece of the Bitcoin ecosystem, and Cashu specifically has been extremely profitable at encouraging a number of suitable implementations.
Cashu builders have a complete plan for an ecosystem constructed across the protocol to deal with among the elementary belief mannequin problems with ecash, in addition to completely different use circumstances particular wants. Let’s undergo the imaginative and prescient for the Cashu ecosystem.
Blinded Tokens
The core of all ecash protocols is a blind signature scheme. That is the mechanism that allows a centralized entity to course of ecash funds in a privateness preserving method.
To start out, customers minting a token should generate a random worth. That is the precise ecash token. Producing it themselves ensures that the token is securely held of their possession and nobody else’s. However that isn’t sufficient, anybody can simply generate a random worth. The ecash mint operator must notarize the token with a signature.
The issue is that if they see the token once they signal it, then they’ll know who they signed it for and might know who made a cost when another person involves them to redeem it. To handle this, a second random worth, a blinding issue, is generated by the person earlier than having the mint notarize a token. The binding issue is actually multiplying the token worth by the blinding worth.
The person then supplies the blinded token worth to the mint to signal it. This leaves you with an issue although, the mint signed the blinded token worth, not the plaintext one. Due to how the blinding protocol and underlying cryptography works, you are able to do the reverse operation carried out to blind the token within the first place to unblind the signature.
This leaves you with a sound signature for the plaintext token worth, and ensures that when it’s redeemed the mint has no thought when, what, or for whom it signed it. That’s ecash in a nutshell (get it?).
Small Native Mints
The purpose of Cashu is to be a lean and light-weight protocol that’s straightforward to implement, straightforward to combine, and straightforward to construct on. The imaginative and prescient is an ecosystem of huge numbers of very small mints operating regionally all interconnected over the Lightning Community. Somewhat than concentrate on bigger mints with community results permitting direct token transfers between customers, incentivizing the focus of large quantities of bitcoin within the arms of some trusted counterparties, the builders envision rather more small worth and localized operators.
This enables customers to put belief in individuals they’ve nearer relationships with, and every person to rely on an operator a lot nearer of their social circle of belief. Lightning permits this, as a result of reasonably than having to persuade everybody to just accept tokens out of your mint, you merely redeem them and permit them to obtain tokens kind their very own mint.
The technique right here tries to lean into the truth of Dunbar’s quantity, the utmost variety of individuals somebody can mentally have a significant relationship or diploma of belief with.
Mint Discovery Over Nostr
Feeding into the overall thought of encouraging quite a few mints native to individuals’s circle of belief, the newish Nostr discovery protocol is a large part of the long run functioning of a Cashu ecosystem. Nostr is constructed across the thought of customers’ identities being tied to self-custodied cryptographic keys, guaranteeing that nobody else however them can broadcast messages attributed to their identification.
Nostr’s major use case at the moment is social media, which mixed with the important thing based mostly identification scheme supplies a strong basis for a really outdated idea in cryptography: webs of belief. Cashu is leveraging this to permit customers to find mints that they may presumably use.
With their Nostr key, anybody utilizing a Cashu pockets supporting the function can find mints, and can have the ability to see what mints individuals they know, belief, and work together with use. This may kind a reputational system permitting them to make extra knowledgeable choices on which Cashu mints to belief their funds with reasonably than blindly guessing and hoping that they don’t get burned sooner or later.
The extra mints that come on-line, and the extra individuals utilizing them who’ve Nostr identities, the stronger this reputational internet of belief will grow to be additional time. This could naturally sift out malicious or unknown mints, and provides customers a strong set of reliable and trustworthy mint operators to select from.
Utilizing A number of Mints
The essential idea of a various ecosystem of mints for customers to select from is a strong basis for a market based mostly system of open and aggressive optionality for customers. However issues could be taken even additional. A single person could make use of a number of mints.
Customers can have their steadiness unfold throughout a number of mints, and using a variant of multipath funds, can provoke a cost over the Lightning Community to a single vacation spot with items of the cost originating from many alternative mints they’ve balances with. This enables the counterparty danger of storing your funds with custodians to be unfold throughout a lot of them, with out sacrificing the flexibility to make clean funds to individuals utilizing completely different mints than you.
That is made attainable by the mints operating personalized software program to allow a mint to solely partially pay a Lightning bill, permitting different mints you have got funds with to pay different chunks of the bill. So long as every mint efficiently routes their cost to the ultimate vacation spot, the cost will succeed.
It’s even attainable with additional customization of their Lightning nodes to permit customers to obtain a cost to a number of mints. If the mints help a customers pockets producing the preimage to finalize the cost as a substitute of the mint, every mint getting used to obtain funds can concern their very own invoices the place the receiving person controls the preimage launch. So long as every taking part mint receives the routed HTLC, the person can launch the preimage to all of them and efficiently distribute their obtained funds throughout the mints.
This scheme can massively scale back the chance of fund loss as a consequence of anybody mint, and together with the Nostr discovery protocol and related webs of belief can drastically enhance person safety.
Programming The Cash
One of the vital helpful facets of the Cashu is the flexibility to program script performance into an ecash token the identical method that an actual bitcoin UTXO is lockable with a program utilizing Bitcoin script. Cashu tokens can encode script circumstances earlier than blinding the token for the mint to notarize, and when they’re later redeemed the mint can refuse to redeem the token until these arbitrary script circumstances are fulfilled.
Presently Cashu has carried out a lock to public key script, requiring a signature from the desired public key with a purpose to redeem the token. This allows minting tokens which can be locked and solely redeemable by the holder of a selected non-public key. As soon as the token is minted with the general public key lock, it’s unimaginable for anybody else to redeem it.
This can be utilized to allow safe funds the place the receiver is offline. Even with out an web connection, as quickly as they obtain the token from the sender they are often certain as soon as they confirm the mint’s signature that nobody else can redeem the token. They’ll safely settle for it as cost realizing they’ll redeem it later at a handy time.
This introduces a little bit of complexity, as a sender has to lock tokens to a selected receiver forward of time if they don’t have an web connection in the intervening time of spending. Given that individuals very continuously don’t know precisely how a lot they’ll spend someplace, this creates an issue of doubtless allocating an excessive amount of cash with no option to take it again in the event that they don’t spend it.
However script can help many issues, tokens could possibly be created that require a signature from a selected public key, or anybody after a sure period of time has handed. One thing analogous to an HTLC. The Cashu spec additionally defines an precise HTLC token script.
As time goes on and extra use circumstances are desired, the scripts that individuals can lock Cashu tokens with could be expanded arbitrarily based mostly on the wants of customers and mint operators. I anticipate this to grow to be a really highly effective side of the protocol in the long run. It may help escrow companies, multisignature tokens, and a big number of arbitrary sensible contracts. Cashu mints can implement any script situation that Bitcoin can, and rather more.
The Massive Image
Folks use custodians, it’s one thing individuals have all the time carried out, and can probably all the time do no matter how a lot flexibility is obtainable by non-custodial options. It’s only a reality of life that some individuals can’t or don’t need to take the accountability or take care of the complexity of self custody.
Cashu goals to be a radical enchancment for customers of custodial companies. One thing that may deliver privateness, censorship resistance, and adaptability to customers who in any other case wouldn’t have entry to those issues with the best way conventional custodial companies are architected.
The purpose of the Cashu challenge is to not “scale Bitcoin” utilizing custodians, however to supply an improved and personal system for customers of custodial companies. I believe this can be a laudable purpose, and one which in the long run has large potential to be an enormous profit for these customers.