x: private key
X: public key
m: message to sign
n: nonce extra
H: cryptographically secure hash committment
In this scheme the ecash notes don't represent IOUs, the spent ecash notes represent the liability of the User towards the Mint
Bitcoin denominated ecash credit secured by publicly arbitrated escrow providing symmetric trust/incentive relationship between Mint and User. Works similar to a credit card top-up scheme. Instead of depositing bitcoin to the Mint to get ecash issued, the Mint issues credit in the form of ecash. The spent ecash tokens represent the User's liability towards the Mint. The User must periodically provide proof of the unspent balance (turning in expired tokens, which can no longer be spent) and
Co-signers can provide economy of scale for both cyber and physical security beyond the means of the ordinary users, however traditional multisig comes at a heavy price regarding privacy. A co-signer would learn about the user's bitcoin holdings and all transactions. The user could blind a message, send it to the co-signer, authenticate via 2FA, receive blinded sig, unblind, then aggregate with the users signature piece, and calculate a signature the co-signer can't recognize, but satisfies the 2-of-2 shared public key. The co-signer would not know the public key of the user, nor would be able to recognize any signatures on-chain.
The Sponsor locks up a certain amount of liquidity for a certain number of blocks, like for example 10'000, which is roughly 3 months. For locking up his liquidity and allowing people to use it on the sidechain he is rewarded with interest, for example 1%. The Sponsor is also the primary market maker, his function is to provide a stable peg, thus make the sidechain desireable for people to use. The Sponsor has no way to claw back the coins he locked up, they are predetermined to go to the mainchain miners can only regain custody of his 10% escrow if the covenant chain is played out block by block all the way to the end.
duration: 10'000 blocks
bitcoin locked up: 100%
Darkpool: A chaumian blinded ecash like co-op mixing pool for self custodial savings accompanying Mints
Darkpool is a privacy preserving cooperative self-custody pool on bitcoin, utilizing taproot n-of-n musig on the key path and CTV (OP_CHECKTEMPLATEVERIFY) settlement tree on the script path. Tarpit is the name chosen for the proof of concept implementation project of darkpools.
- Economic: Single on-chain UTXO, fee for state transitions is shared by all participants, small on-chain footprint.