joschisan

use bitcoin_hashes::{sha256, Hash, HashEngine};
use bls12_381::{G1Affine, G1Projective, Scalar};
use core::array;
use ff::Field;
use group::Curve;
use rand::{thread_rng, SeedableRng};
use rand_chacha::ChaChaRng;
use std::io::Write;

fn prove<const N: usize, const M: usize, const S: usize>(

harding

Re: https://twitter.com/super_testnet/status/1725239338533810410

WARNING: this is a five-minute write up in response to a post I saw on X. I haven't thought about this carefully.

Problem: a mobile wallet spender pays a hold invoice that doesn't settle immediately. The spender goes offline. The payment eventually times out far downstream, with each forwarding node settling it offchain until it reaches the initial downstream node. So far, so good, but then the mobile spender is offline when its downstream peer tries to settle with

moonsettler

Bitcoin denominated ecash without custodial risk

In this scheme the ecash notes don't represent IOUs, the spent ecash notes represent the liability of the User towards the Mint

Abstract

Bitcoin denominated ecash credit secured by publicly arbitrated escrow providing symmetric trust/incentive relationship between Mint and User. Works similar to a credit card top-up scheme. Instead of depositing bitcoin to the Mint to get ecash issued, the Mint issues credit in the form of ecash. The spent ecash tokens represent the User's liability towards the Mint. The User must periodically provide proof of the unspent balance (turning in expired tokens, which can no longer be spent) and

RubenSomsen

AdamISZ

Chaumian cash in a Bitcoin world - cashu, Fedimint

What's this for?

• More scalable/faster than a blockchain (not enough utxos)
• Much better privacy security model than a blockchain
• Same or better theft security model than TTP but much worse than a blockchain

If it's so great, why hasn't it been done yet?

RubenSomsen

Blind Diffie-Hellman Key Exchange (blind ecash)

The goal of this protocol is for Bob to get Alice to perform a Diffie-Hellman key exchange blindly, such that when the unblinded value is returned, Alice recognizes it as her own, but can’t distinguish it from others (i.e. similar to a blind signature).

Alice:
A = a*G
return A

Bob:
Y = hash_to_curve(secret_message)
r = random blinding factor

chris-belcher

Design for a CoinSwap Implementation for Massively Improving Bitcoin Privacy and Fungibility

25/5/2020

Abstract

Imagine a future where a user Alice has bitcoins and wants to send them with maximal privacy, so she creates a special kind of transaction. For anyone looking at the blockchain her transaction appears completely normal with her coins seemingly going from address A to address B. But in reality her coins end up in address Z which is entirely unconnected to either A or B.

Now imagine another user, Carol, who isn't too bothered by privacy and sends her bitcoin using a regular wallet which exists today. But because Carol's transaction looks exactly the same as Alice's, anybody analyzing the blockchain must now deal with the possibility that Carol's transaction actually sent her coins to a totally unconnected address. So Carol's privacy is improved even though she didn't change her behaviour, and perhaps had never even heard of this software.