AVERAGE_GARY on Nostr: so ecash uses a blinded diffie helman key exchange. So you can exchange the things ...
so ecash uses a blinded diffie helman key exchange. So you can exchange the things over the wire just fine since it's a diffie helman. The blinding part of the interesting part. The mint(authority/pool) receives a blinded message to sign. The client uses a secret to create a message that is blinded by their private key. The mint signs the blinded message (and usually verifies something on their end). different keysets can be used for signing to determine what is being signed for. once the client receives the blinded signature, it can unblind the signature. This strips away all knowledge the mint has of the signature. The client retains this unblinded signature and the original secret used to create it. They can then reveal this to another party, but ultimately this data goes to the mint. Once the mint receives the original secret and the unblinded signature, it can do a quick validation check over the signature using the original secret as an input. This means that an authority can attest to some data without knowing when that data will return to be validated. When you couple this with accounting, and you have both the mint and the client reveal their data of signatures/secrets, then anyone can compare that there is a 1 to 1 mapping of client provided secrets and signatures to mint provided verification and blinded signatures. Since the mint has no knowledge of the resulting unblinded signatures it cannot censor or treat those differently. This is ideal because you do now want a pool to skew numbers in their share accounting. this does require almost 100% participation so is quite fragile in that regard. But even a count of signatures on both sides may be sufficient enough.
Published at
2024-08-14 00:58:57 GMTEvent JSON
{
"id": "000000c4dc17750191b3924aa4d080be68fa1ab2501d0cc52c4810fa15e22170",
"pubkey": "d3d74124ddfb5bdc61b8f18d17c3335bbb4f8c71182a35ee27314a49a4eb7b1d",
"created_at": 1723597137,
"kind": 1,
"tags": [
[
"client",
"gossip"
],
[
"nonce",
"3843071682022874481",
"21"
]
],
"content": "so ecash uses a blinded diffie helman key exchange. So you can exchange the things over the wire just fine since it's a diffie helman. The blinding part of the interesting part. The mint(authority/pool) receives a blinded message to sign. The client uses a secret to create a message that is blinded by their private key. The mint signs the blinded message (and usually verifies something on their end). different keysets can be used for signing to determine what is being signed for. once the client receives the blinded signature, it can unblind the signature. This strips away all knowledge the mint has of the signature. The client retains this unblinded signature and the original secret used to create it. They can then reveal this to another party, but ultimately this data goes to the mint. Once the mint receives the original secret and the unblinded signature, it can do a quick validation check over the signature using the original secret as an input. This means that an authority can attest to some data without knowing when that data will return to be validated. When you couple this with accounting, and you have both the mint and the client reveal their data of signatures/secrets, then anyone can compare that there is a 1 to 1 mapping of client provided secrets and signatures to mint provided verification and blinded signatures. Since the mint has no knowledge of the resulting unblinded signatures it cannot censor or treat those differently. This is ideal because you do now want a pool to skew numbers in their share accounting. this does require almost 100% participation so is quite fragile in that regard. But even a count of signatures on both sides may be sufficient enough.",
"sig": "4ee721b05ced7d8443e1d67de2c773a7d145b7a266ea9ca206497665e30e12e47f4e41a8dc9ab855026062e9ea31ac85db75767bbffc77aaaa20429c4c30824f"
}