My write up on how #cashu #ecash like shares might he used for a #mining pool.
https://delvingbitcoin.org/t/ecash-tides-using-cashu-and-stratum-v2/870/20
#Ecash TIDES using #Cashu and #StratumV2
Recommended reading/References:
- Cashu ecash protocol
- ecash Proof of Liabilities
- Ocean TIDES
- Stratum v2 Spec (Sv2)
Goals:
- Auditability
- Small payouts
- Privacy
Using the Blind Diffie-Hellmann key exchange (BDHKE) from Cashu as a Sv2 Protocol Extension, a pool can provide auditable, small scale, private pool rewards in the form of eHash.
A hash provider (HP) connects to a pool and begins job negotiation. This aspect remains largely unchanged from current paradigms. However, the HP will also request the active block_keyset. This is a list of pubkeys as defined in NUT02, but the value amounts for the individual keys correspond to difficulty targets for various miners which is used as a share weight in the TIDES rewards. The unit for these keysets is left up to specific implementations. A block_keyset is rotated once the pool finds a block or when the network difficulty adjustment occurs.
When the HP finds a valid share, in addition to standard share data, the HP will generate a secret and send a blinded message (B_) to the pool. The inputs for this blinded message could be done at an individual ASIC level or as part of a farm proxy implementation, with the latter seemingly ideal for larger farms. This blinded message (eShare) would be included in Sv2 channel messaging as a protocol extension. This signals to the pool that there is a valid share and requests a signature using the appropriate key from the active block_keyset. The same blinded message could be reused multiple times as long as special consideration is given on the pool/mint side for tallying these submissions. Reuse of blinded messages may be necessary during implementation if computing these blinded messages is too costly for a given HP, otherwise a new blinded message should suffice and lower complexity.
When the pool receives an eShare, it first validates the share itself, as usual. Once validated, the pool signs the blinded message, completing the DHKE and providing the blinded signature (C_) back to the HP. This share + blinded signature are then added to the time ordered TIDES defined share_log. The HP retains the blinded message data inputs (x) and the unblinded signature (C) as defined in the Cashu protocol NUT00 1.
This share process continues until a new difficulty adjustment occurs, after which a new keyset is issued with appropriate difficulty targets, OR a block is found by the pool. A keyset rotation after a difficulty adjustment accounts for new share target difficulties. A keyset may be reusable across difficulty adjustments as a % delta from network difficulty.
When a block is found by the pool, a full list of shares and associated blinded signatures is published by the pool. This signals to the HP that the eHash shares are available for redemption. Now the pool references the share_log using the share_log_window (defined in TIDES) for what eHash is eligible for redemption. As HP’s redeem their eHash, the eHash is recorded alongside the public record of shares and blinded signatures as defined in the ecash Proof of Liabilities 5.
Redemption of eHash can be any of the available Cashu or ecash mechanisms appropriate for the HP.
Other thoughts:
Cashu supports spending conditions, such as P2PK (NUT10 1 and NUT11)
the blinded message secret uses hash_to_curve(x) computation which could be offloaded to an ASIC, maybe.
Since this is an ecash usage, Fedimint is also a viable option but has not been considered in depth.
P.S. I look forward to feedback and considerations I may have missed. This post was an effort to solidify my idea into something more concrete and shareable. A vocal (and probably less comprehensive/coherent) monologue of this idea can be found here. I hope to create a diagram to help illustrate this proposal.
EthanTuttle / Ethan Tuttle
npub1tm…7el78
2024-05-31 16:20:28
Author Public Key
npub1tmycvul7aj4fxhypg5qkjgsjtx30zvnrfeufrgx9xlwtv0hne7cs67el78Published at
2024-05-31 16:20:28Event JSON
{
"id": "161004165a7fab180fc244a8792db5d316a19c1eef742a5e9ac5c0a5be41f10e",
"pubkey": "5ec98673feecaa935c81450169221259a2f132634e7891a0c537dcb63ef3cfb1",
"created_at": 1717165228,
"kind": 1,
"tags": [
[
"t",
"cashu"
],
[
"t",
"ecash"
],
[
"t",
"mining"
],
[
"t",
"Ecash"
],
[
"t",
"ecash"
],
[
"t",
"Cashu"
],
[
"t",
"cashu"
],
[
"t",
"StratumV2"
],
[
"t",
"stratumv2"
],
[
"r",
"https://delvingbitcoin.org/t/ecash-tides-using-cashu-and-stratum-v2/870/20"
]
],
"content": "My write up on how #cashu #ecash like shares might he used for a #mining pool.\n\nhttps://delvingbitcoin.org/t/ecash-tides-using-cashu-and-stratum-v2/870/20\n\n#Ecash TIDES using #Cashu and #StratumV2\n\nRecommended reading/References:\n\n- Cashu ecash protocol \n- ecash Proof of Liabilities \n- Ocean TIDES \n- Stratum v2 Spec (Sv2)\n\nGoals:\n\n- Auditability\n- Small payouts\n- Privacy\n\nUsing the Blind Diffie-Hellmann key exchange (BDHKE) from Cashu as a Sv2 Protocol Extension, a pool can provide auditable, small scale, private pool rewards in the form of eHash.\n\nA hash provider (HP) connects to a pool and begins job negotiation. This aspect remains largely unchanged from current paradigms. However, the HP will also request the active block_keyset. This is a list of pubkeys as defined in NUT02, but the value amounts for the individual keys correspond to difficulty targets for various miners which is used as a share weight in the TIDES rewards. The unit for these keysets is left up to specific implementations. A block_keyset is rotated once the pool finds a block or when the network difficulty adjustment occurs.\n\nWhen the HP finds a valid share, in addition to standard share data, the HP will generate a secret and send a blinded message (B_) to the pool. The inputs for this blinded message could be done at an individual ASIC level or as part of a farm proxy implementation, with the latter seemingly ideal for larger farms. This blinded message (eShare) would be included in Sv2 channel messaging as a protocol extension. This signals to the pool that there is a valid share and requests a signature using the appropriate key from the active block_keyset. The same blinded message could be reused multiple times as long as special consideration is given on the pool/mint side for tallying these submissions. Reuse of blinded messages may be necessary during implementation if computing these blinded messages is too costly for a given HP, otherwise a new blinded message should suffice and lower complexity.\n\nWhen the pool receives an eShare, it first validates the share itself, as usual. Once validated, the pool signs the blinded message, completing the DHKE and providing the blinded signature (C_) back to the HP. This share + blinded signature are then added to the time ordered TIDES defined share_log. The HP retains the blinded message data inputs (x) and the unblinded signature (C) as defined in the Cashu protocol NUT00 1.\n\nThis share process continues until a new difficulty adjustment occurs, after which a new keyset is issued with appropriate difficulty targets, OR a block is found by the pool. A keyset rotation after a difficulty adjustment accounts for new share target difficulties. A keyset may be reusable across difficulty adjustments as a % delta from network difficulty.\n\nWhen a block is found by the pool, a full list of shares and associated blinded signatures is published by the pool. This signals to the HP that the eHash shares are available for redemption. Now the pool references the share_log using the share_log_window (defined in TIDES) for what eHash is eligible for redemption. As HP’s redeem their eHash, the eHash is recorded alongside the public record of shares and blinded signatures as defined in the ecash Proof of Liabilities 5.\n\nRedemption of eHash can be any of the available Cashu or ecash mechanisms appropriate for the HP.\n\nOther thoughts:\n\nCashu supports spending conditions, such as P2PK (NUT10 1 and NUT11)\nthe blinded message secret uses hash_to_curve(x) computation which could be offloaded to an ASIC, maybe.\nSince this is an ecash usage, Fedimint is also a viable option but has not been considered in depth.\n\nP.S. I look forward to feedback and considerations I may have missed. This post was an effort to solidify my idea into something more concrete and shareable. A vocal (and probably less comprehensive/coherent) monologue of this idea can be found here. I hope to create a diagram to help illustrate this proposal.\n\n",
"sig": "9d8ff4240530588823371023329ec079ffb1c35f11f90918849ca0f3ed6b34751a201fd34b8b90668d11d73505e2d6f5c3695b9a3131aa2808a9d49322f47e66"
}