My IOU doesn't enter into the equation, because in my example I have traded it away. The end state of the example is that I control sats that used to be controlled by someone else and there is no on chain record that can be linked to me.
In the case of WoS they have knowledge of the specific balance change to my account. Ecash mint does not have the same level of insight.
because in my example I have traded it away
No, you just used a custodian to receive and spend Bitcoin
How long the buyer had an "account" on the same custodian is irrelevant
In the case of WoS they have knowledge of the specific balance change to my account
No different than if you created a new WoS account every time you received, it's all meaningless ephemeral keys and the custodian still has all in/out data.
reply
No different than if you created a new WoS account every time you received, it's all meaningless ephemeral keys and the custodian still has all in/out data.
This is a good example. However, there is nothing in WoS that is similar to the bearer-ness of an ecash token.
My understanding of ecash is that when I give a token to someone else they have to return it to the mint and get issued a new one in order to ensure that I don't double spend them.
This would be akin to taking my WoS account, giving someone else the login info and then that person logging in and sweeping it to some account they control.
With ecash my understanding is that the mint doesn't see all the various tokens that are in existence. Whereas in WoS they always see all balances.
It seems to me that it is possible to trade ecash tokens to someone else without the mint knowing such a trade has happened. More difficult with WoS.
reply
a JWT is literally a bearer token
transferring value from one JWT to another would require a DB tx, with ECash it requires a new signature
There's some added obfuscation by not using the DB, but thats only internally, and its not particularly useful relative to other method non-KYC custodians like WoS use... and you're left arguing the point that the usecase is large custodians, like the US Treasury or Coinbase
This means nothing for Bitcoin
reply
Again we come to this: am I wrong that the ecash mint cannot single out a specific token for freezing/blocking?
A web token can trivially be singled out.
A internal difference is important. I don't see how this would only apply to large custodians.
Not being able to selectively target tokens for some action seems very useful to me.
reply
single out a specific token
If that token was uniquely minted, yes, as mint events can use key-tweaking to distinguish mint rounds. Every ECash "buy" could be uniquely tainted, clients may have mitigations for that but it's ultimately a cat-mouse game that the NSA is likely steps ahead of.
web token can trivially be singled out.
A web token is still just another anonymous random string, so your point is moot
I don't see how this would only apply to large custodians.
Small custodians have insignificant anonset that is trivially undone by any kind of multi-stage hueristic
Not being able to selectively target tokens for some action seems very useful to me
You just want to believe that, there's no empirical rationale for it outside of KYC institutions
reply
Thanks for this comment. It's helpful. The idea of tainting every issued ecash token is something I have not heard about.
As to the size of the anonset: I do wish this was something there was more discussion about. Clearly there is some minimum number of users below which it's easy to disentangle different users.
reply
The whole narrative of ECash is propped up by spooks and scammers, so it's not allowed to be discussed generally in the podcastsphere
Reality is there's no use for this outside of the US Treasury and State-Banking, because even if you were concerned about your specific account getting nuked you simply wouldn't trust that custodian in the first place
reply
What's the evidence for spooks? You keep saying that, but it doesn't feel like a part of the real conversation here. When you make points about the mechanics of ecash protocols, it's interesting. When you say it's propped up by spooks and scammers...what is anyone supposed to say? It's not fruitful.
You seem to be missing the fact that the mint doesn't have any kind of sense for who has what token.
If I deposit 32 sats via lightning, the mint gives me an IOU for 32 sats. This IOU is mumble mumble some kind of random string mumble mumble that is signed by the mint but without the mint being able to see the random string. The mint signs it with its 32-sat key. Then I give this token to the merchant and the merchant presents the signed string to the mint and asks for sats to be sent via lightning in exchange (or simply for a new token to be created).
reply
That's not only not true it's pointless, why use a custodian you're worried about being targeted by?
The server can key tweak it use countless other 2nd stage heuristics.. or simply not issue tokens after deposit
If that's your usecase it's pathetic
reply
That's not only not true it's pointless, why use a custodian you're worried about being targeted by?
A government could force an otherwise trustworthy custodian to take action against a user.
[...] or simply not issue tokens after deposit
Fair point. Can anybody familiar with the ecash protocols say whether there's some kind of protection against this?
reply