Matt Corallo's avatar
Matt Corallo matt@bitcoin.ninja 11 months ago
Indeed, OCEAN’s approach leaves a long trail in the DB. I addressed this a bit more in the note below, but I think in practice the (bulk) withdraw you’d do with ecash would end up having similar privacy issues as today’s approach. You obviously can’t withdraw each single sat by itself (the fees would dominate, even on lightning), so you bulk-withdraw in batches. You’d have to have every user have the same bulk-withdraw randomization logic, with fresh BOLT12 (or different ecash mints) to withdraw to each time (otherwise you’d have clear fingerprints in the withdraw batches). And even then I’d bet with enough BOLT 12 blinded paths you’d be able to cluster most withdraws :/. This just isn’t as simple as you’re thinking. I agree there’s a world where on an extreme margin this could improve privacy, but it’s a really tiny margin and a pool motivated to go look would probably be able to see through almost all of it :/ View quoted note →
↑ Parent

Replies (2)

Rusty Russell's avatar
Rusty Russell rusty@rusty.ozlabs.org 11 months ago
If everyone withdraws every time, privacy gain is minimal. But (despite the obvious risk of a rug pull) using your ecash mining funds as a regular wallet to pay *other* things is a win. There's already something of a trust relationship, I guess BTW, @calle is there a standard way/protocol for a mint to announce a shutdown schedule? So wallets can (ideally automatically) move funds off?
2 replies ↓
calle's avatar
calle calle@cashu.me 11 months ago
This would also depend on the anonymity set. If many shares have the same reward, they should be indistinguishable. One could argue that the whole point about accounting is to delay withdrawals, so it's harder and harder for the mint to correlate your payments. To your second point: this was just very recently proposed and we are going to add an expiry date to each keyset so that wallets know when to rotate out into a new keyset or withdraw from the mint at an announced date.