Discreet Log Contracts settled with Chaumian ECash \ stacker news ~bitcoin

Discreet Log Contracts settled with Chaumian ECash conduition.io/cryptography/ecash-dlc/

4663 sats \ 9 comments \ @conduition 19 May bitcoin

Today I’d like to describe a way to use Chaumian Ecash to commit to a conditional payment using an Ecash mint as a blind but trusted intermediary.

Technical feedback appreciated - Comment on my PR here

Do you think this would make a good NUT on the Cashu spec?

What would you build if you had access to a DLC-enabled Ecash mint?

view all related items

124 sats \ 2 replies \ @conduition OP 19 May

@calle Would love your opinion on this if you have a moment

104 sats \ 0 replies \ @south_korea_ln 20 May

@calle pops in here once in a while, but I guess you'll have more luck pinging him on NOSTR and telling him you posted here if you want to have quick feedback...

250 sats \ 0 replies \ @calle 25 May

I love this and I'm happy to say that we have almost everything you need to build this.

NUT-10 specifies what scripts in general should look like: https://github.com/cashubtc/nuts/blob/main/10.md

NUT-11 is an example of a script. You can probably copy most of it (of the code) and replace relevant parts with your DLC ECC operations instead of the schnorr signature check. That's the easiest I can think of, maybe there are better approaches.

definitely join our discord though: https://discord.gg/rTGxfneh

10 sats \ 0 replies \ @grayruby 19 May

I don’t understand the technical aspect of this at all but the concept sounds promising.

121 sats \ 1 reply \ @BlokchainB 19 May

Who wants a nut?

0 sats \ 0 replies \ @Car 20 May

Lol

0 sats \ 1 reply \ @025738dda8 25 May

I like your articles, thanks! I am trying to understand the first part now - Ecash.

I am missing at least one feature that puzzles me. The Z = Q - rM. How can anybody proof that the Q (or Z) comes from the Mint? Also, I am missing the undeniability that this token comes from the particular Mint. Is this a part of the trust layer here?

(When briefly skimming over the paper Blind signatures for untracable payments from D. Chaum, I found the property "anybody can check that signature was formed using signer's private key".)

5 sats \ 0 replies \ @conduition OP 28 May

Disclaimer: I haven't actually read Chaum's original paper yet. My knowledge is derived from reading the cashu specs (called 'NUTs'). So I can't speak to Chaum's original design.

In Cashu though, the proof Z is not verifiable by anyone but the mint itself. In order to prove a token was indeed issued by the mint, either:

the recipient of Z must ask the mint to swap the ecash out, thus verifying its authenticity in the process
the mint must supply some extra information to allow offline verification of Z. See NUT-12 for that.

0 sats \ 0 replies \ @Fabs 20 May

Man man man, ain't you a hardworking 🐝 !