Thread

Zero-JS Hypermedia Browser

Relays: 5
Replies: 6
Generated: 23:13:08
avatar
calle calle@cashu.me npub12rv5...85vg
very cool idea, haven't seen anyone think about this yet. generally, unidirectional channels make everything a lot easier. here is how it might work with the current protocol: - user A wants to open a channel to tollgate B with 1000 sats capacity - user A obtains B's public key - user A mints a 1000 sat coin with 2-of-2 multisig and SIG_ALL signature flag that requires signatures from and B also on the outputs - outputs are the BlindedMessage's that are created when this coin (input) is swapped with the mint - thus, the outputs determine the channel state (distribution of funds), so to make payments, we need to update the outputs and sign them again - to open the channel, the initial state is A=1000 and B=0 (sats), A signs both, the input (the coin itself) and two outputs (the enforced distribution) and sends all this to B. - B signs the input+outputs as well. now B could close the channel. - to make a 10 sat payment, A creates new outputs A=990 and B=10 and signs them, sends them over to B. now B can enforce the new state. - when they're both done with the channel, B can close the channel with the latest state (the one where she gets most). some notes: - after closing the channel, B should be nice enough send A her remaining channel balance after /v1/swap'ing them and receiving new BlindSignature's. B can't use these BlindSignature, only A can unblind them. if she isn't nice, A would have to /v1/restore the BlindSignature's. - B should never send back her signatures to A, otherwise A might close the channel with an earlier state. - to allow A to close the channel uncooperatively (in case B stops operating for example), the initial coin can have a second "refund" spend path with a time lock which also determine the channel's maximum lifetime. I just sketched this out after reading your post, so there might issues or better ways of doing this. you can checkout spillman channels, they are much simpler than the lightning channels we're using today. but I think the idea above here is pretty close to how they work.
2025-10-14 08:57:44 from 1 relay(s) ↑ Parent 3 replies ↓
Login to reply

Replies (6)

avatar
So Tachi so@nuts.cash npub1dfed...lc7u
stream kb in exchange for sats. you could monetize any services, your blossom server, your relay, your vpn, any kind of streaming service. I believe this will become the norm to use Nostr. nostr:nevent1qqsz0vdxv27dsrp3x5rzqmfqmg049fgr9d68vg76dym05rql70w94qg77takx
2025-10-14 09:08:08 from 1 relay(s) ↑ Parent Reply
avatar
ManyKeys manykeys@npub.cash npub129pu...hud3
Why not just omit the mints and try something like this: A Lightning-inspired multisig pool protocol allowing N participants to collaborate in a pooled channel, locking funds in an N-of-N multisig. Each participant deposits a standardized amount (or variable, with careful balance tracking). Off-chain transfers use collective signing of updated pool balances, enforced by Bitcoin script and advanced cryptographic privacy (e.g., blinded signatures or zero-knowledge proofs to unlink payers and recipients). Withdrawals trigger on-chain collaborative signatures, preserving privacy and enabling flexible outputs. Dispute resolution leverages timeout or penalty transactions, similar to Lightning, but extended for multi-party exit. This model offers native privacy, pooled liquidity, and pure P2P scaling without gatekeepers and custodians, advancing the Lightning and CoinJoin concepts into a native Bitcoin P2P pool.
2025-10-14 09:50:00 from 1 relay(s) ↑ Parent 1 replies ↓ Reply
avatar
c03rad0r npub1c03r...yrnw
Sounds very elegant. Would love to have this happen under the hood in our cashu dependencies, so that we don't get rate-limited by the mints as much. Earlier spam mitigation strategies involved mints in the local network that are backed by global mints and don't keep their keysets as long as the global mints do. However, the "channel" based solution would vastly reduce the complexity for us if it just works..
2025-10-14 10:12:11 from 1 relay(s) ↑ Parent 1 replies ↓ Reply
avatar
SatsAndSports npub1zthq...xm56
I'm only just this morning properly reading NUT-11 (P2PK). I didn't realise that it's possible to make a signature only to a specific combination of proofs; basically I kinda knew about SIG_INPUT in Cashu but not SIG_ALL. But I think I see now, also thanks to calle's message just above. (As I'm new to this, I'm just obsessing about the ideas that [I think] I understand, and therefore I'm likely misunderstanding a lot of what others have said in this thread) I might have another idea, which might be possible in current Cashu. Just thinking out loud: A and the mint prepare a set (a few dozen) of BlindSignatures with P2PK for a variety of denominations - large denominations (many sats) and small denominations (millisats). At any time, A can take a subset of those (e.g. 32 sat + 8 sat + 1 millisat) and sign the collection of those and give the signature to the router, giving the router unilateral exit to take the value in that set of proofs Later, A can update the balance by taking a set which has a larger total value (e.g. 32 sat + 16 sat + 1 millisat) and giving the updated signature to Bob It's important here that the new set has some overlap with the older set, in this case the 32 sat and the 1 millisat are in both the new transaction and the old one. This overlap ensures that the router can't exit with *both* sets; the mint will notice that the second signature is for a particular Proof that has already been spent Every time A creates a new set of proofs and signs that collection, A must ensure that this set has an overlap with every one of the previous sets that A has signed. This ensures that B can only redeem via one of the many signatures B has got from A. To satisfy the overlap constraint, maybe we could simply have a single 1-millisat proof that A includes in every set https://github.com/cashubtc/nuts/blob/main/11.md
2025-10-14 10:49:25 from 1 relay(s) ↑ Parent 1 replies ↓ Reply