Ecash and lightning via ZKCP

Ecash and lightning via ZKCP

Original Postby ajtowns

Posted on: February 19, 2024 11:57 UTC

Integrating ecash mints with the Lightning Network while preserving anonymity and without introducing additional trust is explored through a detailed model that leverages the strengths of both systems.

The process involves utilizing Hashed Timelock Contracts (HTLCs) for atomic payments on the Lightning Network and blind signatures for ecash transactions. The mint's role in this integration is critical, as it issues coins backed by its Bitcoin holdings and authorizes payments through blind signatures.

For issuing new ecash, users send a blinded challenge to the mint, which then calculates a specific response and provides a zero-knowledge proof (ZKP) alongside a Lightning invoice. Once the user pays this invoice, they receive ecash, and the mint's Bitcoin balance increases accordingly. This method relies on the mint's trustworthiness but introduces cryptographic measures that could potentially reduce the need for trust, especially regarding the mint's handling of private keys and blind signatures.

Redeeming ecash for Bitcoin over the Lightning Network involves the user providing a signature that the mint verifies before initiating an HTLC back to the user. This ensures the atomic release of funds upon successful verification of the signature, marking the ecash as spent or reserved during the transaction process. This direction of the transaction does not require a ZKP and focuses on leveraging the Lightning Network's capabilities to facilitate secure and anonymous transactions between the user and the mint.

The proposal highlights a sophisticated approach to aligning the unique features of ecash and the Lightning Network, aiming to enhance the efficiency and security of digital currency transactions. Such an integration promises to maintain the foundational principles of anonymity and trust minimization that are central to the design and functionality of ecash systems. Further details on this model can be found in the expansion of a tweet and through the exploration of zero-knowledge contingent payments as discussed in Bitcoin Core's announcement.