Ecash and lightning via ZKCP

Ecash and lightning via ZKCP

Posted on: February 19, 2024 14:12 UTC

The recent communication sheds light on the complexities and innovations involved in the development of ecash systems, particularly focusing on the integration with lightning wallets and the implementation of Zero-Knowledge Proofs (ZKPs).

The discussion revolves around an innovative approach to issuing new ecash, which was considered for inclusion in Cashu. This method necessitates additional interaction between the user's lightning wallet and their ecash wallet, specifically requiring users to obtain a preimage in their Lightning wallet and then use it in their ecash wallet. Despite its potential, this feature has not been implemented in Cashu due to the complexities involved.

Furthermore, the conversation highlights a significant advancement made by Cashu in the realm of cryptographic proofs. Cashu has successfully implemented a ZKP as a proof of knowledge of a message (m) through a Discrete Logarithm Equality (DLEQ) proof. This development is accessible for review on their GitHub repository, which can be found at this link.

A critical challenge identified in the ongoing research and development of ecash systems is ensuring the transferability of tokens between users without enabling the mint to link these transactions back to the Lightning invoice, thereby preserving the privacy integral to ecash. The difficulty lies in maintaining the integrity of a token's claim when it changes hands between users, given that the mint is unaware of the K value on which users request signatures. This issue raises concerns about the potential for users to exploit the system by re-minting tokens linked to the same invoice but with different parameters, thus compromising the token's uniqueness and security.

Despite these challenges, there is optimism about overcoming these hurdles. A viable solution appears to have been discovered, promising to address the issue of maintaining ecash privacy during user-to-user transfers while preventing the mint from linking transactions to specific Lightning invoices. This breakthrough, once fully developed and documented, could significantly enhance the functionality and security of ecash systems, aligning closely with the original propositions discussed in the context. The discourse ends on a positive note, expressing enthusiasm for the proposed solutions and the future of ecash technology.