cryptography n00b here, I just fell down the Chaumian / Cashu rabbit hole and I'm loving it. I have a few questions.
From the protocol:
SenderMintReceiver
AliceBobCarol
Let's say Alice wants to mint 10,000 sats through Bob.
Bob is a micromanager, so he decides to save her IP when she mint the tokens. He doesn't know how Alice will use her tokens, but he does know that Alice has minted a certain amount of tokens (provided Alice doesn't use Tor or a VPN).
Now, on the other hand, when Alice sends tokens to Carol and Carol redeems them, Bob has no clue where these tokens came from (provided the mint has many other users transacting). But when Carol redeems them, does the mint know now that Carol's IP has 10k sats? Also, when Carol decides to exchange these tokens for sats, can Micromanager Bob know through her IP that she is transacting with an outer LN? Or even if there is an inter-mint exchange.
I'm aware of the increased privacy as compared to the common user-friendly LN wallets who pretty much know all of our movements, but I'm curious about how more privacy can be achieved on the minting part. Tor is unfortunately not available in one of the jurisdictions where I live (and also can be DDoS'd often), so I am particularly interested in another workaround.
Would love to ask @calle or @gandlaf21 if you don't mind getting tagged (let me know if you do).
10,000 sats paid
handsome_latino's bounties
The mint does know the IP of the users that interact with it. But if the mint has no way to tie your identity to an IP, then it's not a problem. Since the user can also use TOR or a VPN, Bob can never be certain of whether Alice's or Carol's IP is actually "theirs" (if you are thinking in a simplistic way and you assume their home IP is "their" IP, for instance).
One example: I'm on a cafe with my phone. I'm connected to the wifi. I ask the mint for some tokens in exchange for my sats. The mint sees the cafe IP. Now I turn on my phone's wifi and connect through my own data. Repeat the same interaction. The mint sees a different IP. The mint has no way of knowing if both interactions are from the same person.
Another eaxmple: I have a VPN set up with my own VPS somewhere. I route my traffic through there, so online services, like the mint, see my VPS IP instead of my device's. I'm a generous guy and I share this VPN with 9 other friends who use it frequently. In this case, if all of us interact with the mint, the mint sees the same IP repeatedly, but has no way of telling who's who or even if there is one or multiple people interacting with it.
So, summing up: the mint is pretty much in the dark. A bunch of interactions with a bunch of IPs could hide all sorts of different combinations of people, devices and identities behind it.
Hope this helps. calle and gandlaf definitely will have better insights than I do.
reply
2500 sats \ 1 reply \ @l0k18 12 May 2023
It's how I understood it and it's also why Chaum devised mixnets. They replace the chain with a (semi) centralised issuer, so without a mixnet you are leaving traces of your network location.
Note that LN uses onion routing to forward payments.
reply
what's a mixnet? How does onion routing from LN apply to chaumian mints? In LN it makes sense because the routing goes through multiple nodes before reaching the destination.
reply
Sorry, I was away for the weekend, thanks for the thorough response. Indeed that makes a lot of sense -- minting through different IPs just because we can.
reply
2716 sats \ 0 replies \ @om 12 May 2023
But when Carol redeems them, does the mint know now that Carol's IP has 10k sats?
Sure. Every denomination issued by the mint has its own signing key.
Also, when Carol decides to exchange these tokens for sats, can Micromanager Bob know through her IP that she is transacting with an outer LN?
Carol's tokens are simply claims on the sats in Bob's channel. If Carol wants to take Bob's sats out of his channel, of course Bob will know.
reply
Chamiuan ecash does not solve things like network level privacy or things like timing analysis. But internal to the system every token looks the same.
You can use things like a tor, nostr, or a vpn to mitigate the networking analysis. Timing analysis is a hard problem.
Technically ecash can be done in a way with amount blinding so the amount analysis cannot be done and this should help the timing analysis problems as well if there are enough active users.
reply
Indeed nostr would be a good use. I guess if they relay is the middlemen between the user and the mint, even the IP could potentially be hidden?
reply
the relay would know the IP but yes, the mint would not know the IP then.
reply