skip to Main Content
bitcoin
Bitcoin (BTC) $ 99,145.56 1.16%
ethereum
Ethereum (ETH) $ 3,304.85 1.57%
tether
Tether (USDT) $ 1.00 0.04%
solana
Solana (SOL) $ 254.63 1.10%
bnb
BNB (BNB) $ 624.57 0.64%
xrp
XRP (XRP) $ 1.45 26.48%
dogecoin
Dogecoin (DOGE) $ 0.406959 5.39%
usd-coin
USDC (USDC) $ 1.00 0.02%
cardano
Cardano (ADA) $ 0.971303 21.62%
staked-ether
Lido Staked Ether (STETH) $ 3,304.35 1.37%

Discussing Federated Chaumian Mints On Lightning

A group of Lightning network experts explore the scalability properties of federated chaumian mints.

Watch This Episode on YouTube

Listen To This Episode:

  • Spotify
  • Apple
  • Google
  • Libsyn
  • Overcast
[0:07] P: Really looking forward to this one. Yeah. This is obviously Bitcoin Magazine Twitter Spaces. We do these multiple times a week, but today, we’re going to be talking about the Lightning Network and federated chamian mints and what they mean, what they are, why they’re interesting. This is a recorded conversation, and it will be released on the Bitcoin Space’s live feed, which you can find on whatever podcast app you use. It’s also published on YouTube. That’s basically why we’re here and what we’re about.

Eric, you’ve been working on chamian mints. Can you give us a little bit of your backstory, who you are and why you are interested in chamian mints?

[0:51] Eric Sirion: Okay. Awesome. Yeah, my background is mostly in computer science. As such, I had a keen interest in old eco-schemes. At university, I did a talk about all the development from the beginning in the 80s with chamian eco-schemes and right up to Bitcoin and all the amazing stuff like Lightning. That’s how I got an idea of being able to integrate all these different ideas. Yeah. At some point, I heard about Liquid and federations and I was like, “Why don’t we use the federation tag to implement these old e-cash ideas that allow us to have perfect privacy on Bitcoin, but perfect privacy in the eco-scheme to improve Bitcoin?” That’s where the idea came from.

[1:42] P: Very cool. Very cool. Casey, you want to go next?

[1:45] Casey Rodarmor: Yeah, sounds good. Yeah. I am a programmer within the Bay area. I used to be, I guess, briefly a Bitcoin core developer at Chaincode Labs a long time ago. Like Eric, I’m really interested in pre-Bitcoin forgotten knowledge. A lot of Bitcoiners don’t really know about stuff like e-cash and other weird systems that existed before Bitcoin. Often, they were pretty centralized, but they have interesting properties.

My interest in chamian mints actually comes from being concerned about Lightning Network usability for normies. It’s likely that stuff like payment failures, a difficulty in managing nodes, etc., I think there’s going to be real usability challenges there, especially for just normal people. I’m very interested in federated chamian mints because they allow this very nice trade-off where you can have essentially what amounts to a posted wallet with better security guarantees than if a single actor was hosting that wallet. Yep. That’s where I’m coming from.

[2:47] P: Love it. Love it. Rindell, do you want to? I’m assuming you want to stay completely anonymous, keep us all in the dark about who you are and what you’re about?

[2:56] Rindell: Yeah. I’m a software engineer. At least that’s what they say. I’ve worked a lot on, I’ll call it cryptography engineering. Taking cryptographic primitives and building really big systems out of them. A lot of distributed systems work on really big systems. I’ve been talking to the people around here and in Pubnet and other event for a little while now about scaling Lightning Network in kind of two different ways. One of them is the last mile scaling in which Casey talked about a little bit.

How do we have end users get a private and inexpensive and really high throughput experience without having everybody in the world have multiple Lightning channels open? I just don’t think that’s going to work, and there’s a lot of different interesting ideas there. Then another dimension is, how do we scale Lightning routing? We’ve been having a lot of conversations around what would subnetting for Lightning actually look like.

When the federated chamian mints funding was announced by Blockstream, it just fell into place for me in my head. This is a really interesting new primitive in the tool box that comes with some interesting trade-offs. I think that for the leaf nodes of the Lightning graph, it’s really appealing for a bunch of reasons and there’s a lot of interesting directions that I can go in. So I’m just super excited to be digging into this. There’s like a new primitive that we can use to build really interesting stuff on top of Lightning.

[4:25] P: Love it. Finally, Vivek, I’m so glad you decided to join us on stage. I know you’ve been super busy lately. Can you give everyone a brief introduction to who you are? Don’t undersell yourself or I’ll scream.

[4:37] Vivek: Sure. Sure. Hi, guys. My name is Vivek. I do business development for Blockstream but have many hats. Done some MNA stuff as an analyst back in the day. Done lots of consultative sales work. Right now, these days, I’m working with Christian Decker to essentially figure out the product market fit for our green light, a Lightning node hosted solution and also working with Samson and the team on Liquid. I’m happy to be here and just participate and see what federated models we can explore and security guarantees as Casey elaborated on.

[5:16] P: Love it. I think the most useful way to go about this is, I’d like us to talk about… As a group, so this is a free-for-all. Please, if anyone on stage has something to say or a comment or a thought or a question, just jump in and say it. The first thing I want to do is talk about the specific challenges. I want people to understand exactly what a chamian mint is and what it means to have a federated chamian mint system as well. I suspect that the best way to do that is to start by defining the challenges that these systems attempt to solve. What are the problems that may exist in the future that we can highlight and then talk about how the system aims to resolve those?

[6:09] Rindell: Yes. Go ahead.

[6:10] Eric: Yes, sure. Okay, then. I think the biggest problems Bitcoin is facing or will be facing, is privacy, which is already a concern, and scalability which kind of is a concern today, but not as much as I expected to be in the future. In the future, I’m thinking of that on-chain usage will essentially be a privilege of review unless there’s some throughput increase on chain, which always has been contentious. Oftentimes, if we want to have major throughput increase, it comes with higher requirements for full nodes, and yeah, it’s just people haven’t been comfortable with doing.

I think we are facing a future where for most people doing on-chain transactions isn’t all that feasible talking about like the majority of people that make less than, let’s say, $50 a day, which I think is quite a few people on this planet. We still want them to be able to participate in Bitcoin. I think federate e-cash can solve this problem in a sense. Having a different trade-off when it comes to trust properties. That’s one of the ways to put it.

[7:25] P: Got it. Okay. Privacy and usability. Is that right? Or scalability? Was it scalability?

[7:31] Eric: Yeah, exactly. Exactly.

[7:32] P: Okay.

[7:33] Eric: Yes, scalability and usability to kind of, but that’s more like, that comes automatically, more centralized solutions.

[7:41] P: Got it. Okay. Rindell?

[7:42] Rindell: Yeah. I was going to say, a lot of times when we talk about scaling Bitcoin, what it really comes down to is, how many transactions can you have before you actually have to touch the blockchain, right? With Lightning, the idea is you do an on-chain transaction to open a channel. I open a channel to Odell. I do as many channel or as many transactions back and forth on that channel as possible. Then eventually, at some point in the future, we do another on-chain transaction to close it. With these 2 on-chain transactions, we have all of these different payments that can go back and forth. Ideally, you leave your channels open indefinitely.

You’re really only using the layer 1 blockchain as like a decentralized cryptographic back to justice system, right? In a perfect world, I have all these channels open. I never actually have to go down to the main chain, but if there’s a conflict or dispute, then we go and we settle up on the blockchain. That’s great if you have channels open, but if you look at the size of a Bitcoin Lightning Channel open in terms of block weight and you do the math of, a Bitcoin block can have, let’s say, 1.3 megs of transactions in it. Channel open is like on the order of 140 vBytes. You multiply that out, multiply by how many blocks you have in a day, assuming ten minute blocks.

The conclusion that you come to is if you wanted to have a billion people in the world all have 1 channel open, it’s going to take 3 years, right? If nobody’s doing any other transactions, nobody’s closing channels, nobody has 2 channels, everybody’s just opening 1 channel. The conclusion that you come to if you do that is you say, “All right, we need to have either more interesting batching mechanisms to bulk up in channels,” or you just come to the conclusion that not everybody in the world is going to have a Lightning node with a channel open.

One model that you could have is you can have custodial wallet, right? Where you have something like Wallet of Satoshi, where you have an account and they have a very well-connected, well-capitalized node that does all the actual Lightning transactions and you just have an account balance with them. That’s similar to if you’re using Cash App or something, right? You can think of Cash App as a Bitcoin scaling layer. It’s just very centralized and very closed.

What’s cool about chamian mints… Then we should probably take a step back in a minute and talk about what a federated chamian mint is. What’s cool about it is it lets you have a less centralized federated custodial solution for a Lightning wallet. Instead of me trusting one company or one party with my Lightning wallet balance and them doing all the Lightning transactions, I can put trust in a federation of different entities that may be are in different geo-political regimes, have them manage Lightning transactions out to the rest of the network. Then within the mint, all of my transactions, other people who have accounts there never actually touch Lightning or touch anything else. We’re just sending bytes of data back and forth.

It’s a way of, if you think in the future that this is going to take off, what you can imagine is there’s going to be a network connected by Lightning of these different chamian mints. You join up to the one that has the custodians that you trust or that has the properties or capabilities or semantics that you want. You have an account there, all of the transactions inside of that bank. If you will or like fast as private as they possibly could be and very secure. When you need to move money between these mints, it’s over Lightning. That’s the big picture. If this really takes off, you get crazy good scalability, you get crazy good privacy and you can still connect to Lightning without every person in the world needing a Lightning channel.

[11:51] P: Got it. Matt, you’ve been uncharacteristically quiet. Would you add anything to that or to the top of the discussion so far?

[11:59] Matt Odell: Basically, my TLDR would be creating more accessible Bitcoin privacy in a way that has better trust properties than current custodial wallets, which everyone’s already using. So many people are using custodial Lightning wallets.

[12:17] P: Yeah, for sure or custodial on-chain wallets, which is even worse.

[12:21] Vivek: I’d also like to add… Rindell made some great points about the scalability about the Lightning Network and channel opens. Everything in Bitcoin is going toward this, like, scalable mentality. We’ve gained some fantastic vByte efficiency through Taproot and Schnorr signatures. A lot of this is a similar mindset of not necessarily needing to reveal the inner details. For example, the script, the policy itself, other things like that. It’s usable and a bit more efficient. It’s great.

[12:56] Rindell: Yeah. P, it might make sense just to take a step back and describe what a FediMint is and then we can… It might make more sense for people about where this fits and maybe we can talk about different applications and problems that it solves.

[13:10] P: I love it. Let’s do it. Rindell, do you want to give a high-level, your view and then we can jump to Eric and Casey? Does it make sense to do so?

[13:19] Casey: One suggestion, maybe we should start with a non-federated chamian mint first and then later on, federated n on top because they’re a bit separate and probably confusing to try to digest them both at the same time.

[13:34] P: I love it.

[13:34] Vivek: David Chaum, I don’t know who that is.

[13:36] Casey: David Chaum is an old-school cryptographer. He’s still around. He developed a system called e-cash, and I don’t have the Wikipedia article in front of me. These details are probably wrong, but e-cash was a centralized payment system. I don’t remember if people got cards or how it worked, but the idea was that you could pay at merchants for stuff in your daily life with Fiat. It used cryptography and particular blind signatures so that every time a user was spending money, the operator of e-cash or DigiCash didn’t learn anything about who it was that was making a purchase.

[14:18] Rindell: Eric, what is a blind signature? I have heard of Schnorr signatures and ECDSA. What is a blind signature? Does it overlap with those?

[14:29] Eric: Yeah. Basically, a blind signatures [inaudible] scheme is a signature scheme that allows the user to acquire a signature on a message without the signer ever learning this message. Normally, this wouldn’t sound too useful because normally, if you sign a message or [inaudible] of e-cash, what you actually use it for is that each signature has the same value. Let’s say each signature is worth one dollar. Anyway, the bunch of random messages and the only property that these messages need to have is they need to be unique. You can essentially do this by drawing them randomly and having a big enough message space to draw from. Then you let the chamian mint blind sign these random messages, give you back the blind signatures.

You can unwind these signatures and now, you have a bunch of just random messages with signatures attached. Each such pair, we can call them e-cash tokens, for example, or I think we call them redeem receipts in our blog post. Each one is worth one dollar. If I give the chamian mint five dollars and five of such blinded messages, just random message, just essentially, then I get 5 such tokens. I can then spend them anonymously because the bank or the federated chamian mint never learned identity.

[15:58] Rindell: If I can jump in really quick. When you’re thinking about cryptographic protocols, I think it’s really helpful to think about an analogy just like using paper and just like physically passing things around. A good metaphor for blind signatures, I didn’t make this up, I’m stealing this from the Chaum paper, is if anybody remembers carbon paper, right? You had 2 pieces of paper and you’d sign the top one and then you’d lift it up and underneath, your signature’s transferred through because there’s a layer of graphite on the bottom of the first paper. You use that when the utility guy comes to your house and hooks up your gas and you sign a piece of paper and they give you the bottom paper. That’s like carbon paper.

What Eric is talking about, imagine that you have these carbon envelopes and there’s a slip inside of it. You have a serial number on a slip of paper and you seal that inside of an envelope and you hand it to the chamian mint, and the chamian mint doesn’t know what the serial number is because it’s inside this envelope. They sign the envelope and then they hand it back to you. You can tear the envelope open and pull out the piece of paper, and now…

[17:07] P: I think we lost him.

[17:09] Casey: I can continue that thought.

[17:11] P: Yeah, go for it.

[17:12] Casey: You hand the bank this envelope, and inside out of it is this little slip with the serial number. The bank signs the outside of the envelope, essentially and the bank’s signature is transferred to the slip on the inside of the envelope with the serial number, but the bank can’t see what that serial number is. Then let’s say this represents like a deposit of one dollar. You leave and eventually, you come back later to the bank when you want to spend that dollar and you present it with that sign serial number. Because the bank never saw what that serial number was, it just saw the outside of the envelope that it’s signed, it can’t link that serial number back to the original act of signing and can’t correlate the person who’s showing up with some person that it’s seen in the past.

It can verify that it produced its signature. It can see it produces that this is the serial number was signed by its private key. So it can just trust it and be like, “Okay, I guess this is worth a dollar,” and let you do whatever you want to do. You make a purchase or make an outgoing Lightning transfer in the case of a Lightning chamian mint. That’s the basic. You show up and you say you deposit money, and it produces one of these blind signatures. You get this serial number and then you show up later and say, “Hey, I want to do something with some money.” The bank isn’t able to correlate those 2 events because it never saw a serial number that you’re presenting later when it originally signed up.

[18:43] P: Got it. I haven’t heard that before. That’s a fantastic metaphor, analogy, whatever the right term is.

[18:50] Casey: Yeah, I love the idea of somebody showing up to what amounts to a bank and being like, “Hey, if you don’t know who I am, but check out this signature like you made it so you can trust it. So do what I tell you to do with the amount of money that the signature covers.” It’s just great. Customers show up, the bank has no idea who they are, but it’s like I say, prove their deposit before so this must be legit. Then they just do what the customer tells them to do.

[19:18] Matt: Casey, how did the e-cash project end? Does that have anything to do with how the federated model is multiple banks and a bit more better off?

[19:29] Casey: I think that I’m not super familiar with the history, but the original e-cash implementation which is called DigiCash, I think it just wasn’t popular. It allowed individuals to make private payments. I don’t think that this was something that people really cared about. I don’t think it was super popular. I think it did a trial with one bank somewhere in America. I should really get the Wikipedia article in front of me so that I know what’s going on. I think it just wasn’t popular and it just faded into obscurity.

[20:01] P: Okay, so–

[20:01] Matt: [inaudible] those back?

[20:02] Eric: Yeah. From what I gathered like I wanted to get to reason too because I’m writing a paper about this. It seems like it’s really benign. It’s just like they ran out of money. They had some tests running, I think, with Deutsche Bank, actually. They were experimenting with the chamian e-cash idea. As you said, the interest wasn’t there. They’re also after 9/11. There were some new regulations, and this all happened in parallel. The DigiCash just went bankrupt. At the same time, a new legislation came into effect and made it completely impossible to ever run such a chamian bank on a legal basis.

[20:48] Rindell: The key change here is, for the first time, we have programmable money that is sound that increases in purchasing power that you can easily interact with. One of the coolest parts about Eric’s proposal is that it interacts directly with the Lightning Network. It takes it a step further. Not only are you or you have this federated model so that the trust and the custodians, any individual custodian is reduced and you have privacy from the custodians so that the custodians can’t see all of your transactions and your balances. You can also directly interact with any other wallet on the Lightning Network seamlessly without any kind of a regulatory approval with banks or anything like that.

[21:31] Casey: Yeah. I think that’s really important because DigiCash was regulated. It was like a regulated legal entity. It could only do regulated legal entity type stuff, which made it less appealing and less powerful.

[21:44] Rindell: Yeah. I think the portability that you get over the Lightning Network is also really cool, right? If I am in a federated mint that Odell and P and Eric are running and then I decide that I want to move to a different mint or I can move everything over Lightning or I can be in multiple and interact with other services. One of the things that I’m really looking forward into the future about is having different mints, have different policies around what capabilities they support and you being able to just pick and choose where you want to be spending your money on different things. Having that all interoperable over the Lightning Network is really amazing, right? Having one chamian mint is cool. Having an internet of chamian mints all connected by the Lightning Network is way cooler.

[24:30] P: Can I ask a clarifying question? The description we gave earlier of the envelopes in the carbon copy, that was a description of blind signatures or that was a description of how chamian mints work?

[24:41] Rindell: That was a description of… The envelope was blind signatures.

[24:44] P: Okay, right. That was–

[24:45] Rindell: Using that for money is chamian mints.

[24:47] P: Okay. Got it. That was where I was missing the connection. Can we just give like a high-level summary of what a chamian mint is one more time for the audience? Should we then transition into federated chamian mints?

[25:00] Casey: That sounds great. I would say that a chamian mint is essentially a bank that uses blind signatures to unlink deposits and spends.

[25:13] P: Okay. A chamian mint is a bank that uses blind signatures to unlink deposits and spends as we’ve described. Actually, one more question before we go into that. Why would a bank in the current system want to do that? I’m so curious why… I think you said Deutsche Bank was experimenting with this. Why would they want to do that? Because that seems like it would be against their interest. It makes sense that…

[25:40] Matt: I think banks want to do a lot of things and they want to have the best product possible for their customers. They want to reduce their liability by knowing customers’ balances and transactions and everything, but they’re hamstrung by regulation and they keep getting more and more hamstrung. PayPal is not really a bank, but they’re like a neo-bank. PayPal doesn’t want to block people’s accounts. They don’t want to lock people’s accounts and stop people from using the product. They want as many people to use the product as possible, but they’re forced and compelled to do under burdensome regulation.

[26:12] P: Yeah, totally. I think a great analogy here is like a data storage, right? It’s expected at this point that if you’re using Dropbox, which you shouldn’t be using, or iCloud, which you shouldn’t be using, or whatever you’re using that they basically don’t have access to your information. That’s a selling point for a lot of these services.

It’s fully encrypted, client-side. No one in our company could even look at your data if they wanted to. We’re already seeing, like with iCloud, the announcement that they’re supposedly scanning all of your iCloud photos now to keep everyone safe from child pornography. The idea that we would hold data providers accountable for that information, I think, would be surprising to most, but for some reason, with banks, we just accept that. “Oh, yeah, they have to have 100% insight into everything.” The idea that they can keep that totally private is something that everybody has just already, I don’t want to say given up on, but acquiesced to.

[27:17] Rindell: The chamian mint model, it maps the analog system onto a digital system really cleanly, right? What you end up with these vouchers or these tokens, they look like paper money, right? Each one is a uniformly denominated bearer instrument that you can pass around between users and then deposit it at the bank, right? If you’re trying to build an electronic cash system, it’s a pretty natural way to model the problem. One of the reasons why, and I’m sure we’re going to talk about the federated model on a minute, but one of the downsides with it is that it only works at your bank. There’s a huge kind of centralization risk. The bank is a single point of failure, which I think is a big reason why Eric’s work is so interesting.

[28:07] P: Sorry, that is an issue with non-federated.

[28:11] Rindell: Yeah, with non-federated with the old-school one. If I’m trusting Deutsche Bank, then I’m trusting Deutsche Bank.

[28:16] P: Yeah. It’s almost like wildcat banks from back in the day, where every bank had their own currency and they were interoperable only if the bank said that they were interoperable.

[28:26] Matt: The original chamian mints proposal was, it was a trade-off. You had what it was essentially perfect privacy, but it came at custodial risk. You didn’t have the ability to seamlessly interact. This proposal removes or mitigates the 2 main negatives, which is the custodial risk and the ability to actually transact outside of the Mint easily.

[28:52] Eric: Yeah. I think this interaction with other banks wasn’t even that much of a problem. The problem would have been, let’s say the US imposes some rules that US banks may only cooperate with other banks that know their customers. Then if you run a bank with chamian e-cash, then you cannot interact with any of these banks. That’s how financial regulations are done these days. Many of them aren’t even laws in all the countries where they apply.

The most important banks of this world forcing this onto other banks in order for them to be able to actually send money between each other. That’s the power of Bitcoin that you don’t have to ask for permission that way. You just connect to Lightning Network, and now, everyone who runs the Lightning Network or who is part of such a federated chamian bank can just interact with each other. No permission’s needed.

[29:48] P: Love it. Okay. Let’s transition to… We defined what a chamian mint is. Let’s define what a federated chamian mint is.

[29:59] Eric: Yeah. On the highest level of understanding, when we federate some entity then we just split it up into “n” parts of which up to a certain number, that’s called “f”, may be malicious without the functionality of the entire system breaking down. For example, we have this for federated things like Liquid. Sorry?

[30:24] P: Can you repeat that. You said?

[30:26] Matt: Eric, would you say that’s good? I don’t know if it’s an analogy, but for Bitcoiners is instead of just a single sig custodian, you have basically a multi-sig custodian. You’re spreading out the risk.

[30:36] Eric: You mentioned you have two or three multi-sig [inaudible]. Then you have 2 risks. One risk of just losing your keys and you mitigate this by having not a three of three but a two of three. You may lose 1 key and you’re still able to get your Bitcoins out. Then you have the second risk, which is SAFT. You mitigate it by needing two of these three signatures. Only if someone manages to steal two of your three keys, then they can actually take your funds. Actually, that’s how the on-chain part of federated chamian bank is implemented as just a multi-sig wallet. Yeah, that’s the beauty of Bitcoin.

It’s the first asset that can actually be held in such a way that only if a certain amount of a certain set of people agrees, then you can transfer funds that was never possible before. There was always some higher instance like a bank that could just dictate who owns funds and who doesn’t.

[31:31] P: Got it. Okay. Let’s talk about how one implements or what the… How does one get from a chamian mint to a federated chamian mint in terms of practically? What does that mean? What is the proposal? How does the Lightning Network integrate with that?

[31:49] Casey: I think it’s good to separate out the Lightning Network from… It’s irrelevant what the federated chamian mint does. It just so happens that it’s like, appealing application of federated chamian mints to have them make and receive Lightning Network payments. In principle, you could have a federated chamian mint that did anything. You could have a federated chamian mint that had a stash of Beanie Babies and then when you could send it Beanie Babies and then tell it to send out Beanie Babies, have Beanie Babies like tokens. It’s like a very general technology.

In the Lightning Network case, the federated chamian mint would be making and receiving payments. The actual federation itself is something I don’t know very much about, so I’ll let somebody else take those details.

[32:36] P: Just to be clear, I love the analogy of Beanie Babies, we should do that just because it would be hilarious. Federated chamian mints that the only thing you can exchange is Beanie Babies. You could do this on chain. It does not necessarily have to be on Lightning. The fact that it is on Lightning is because Lightning is an extremely effective way of transmitting money value.

[32:57] Rindell: The way that I would frame it right is, imagine you have a Bitcoin federated chamian mint, right? There’s a chamian mint where I show up to it and I hand it some Bitcoin and it hands me a bunch of these vouchers or tokens that represent well-defined denominations of Bitcoin. I can hand them to you, P. You can hand them to Odell and then Odell can redeem them at the Mint and get Bitcoin back out. That’s the thing that you could just go build, and you could do that as a single custodian chamian mint or you could do it as a federation. In that way, there’s not a single player that can unilaterally run away with everybody’s funds.

If you were to build that, you can imagine that there are APIs or operations or commands that you can issue to the mint. One command that you can issue to the mint is, “Here’s some Bitcoin, give me vouchers.” Another command that you can issue at the mint is, “Is this voucher valid?” Another command that you can issue at the mint is, “Redeem this voucher for Bitcoin,” right? These are the commands that you can give to the mint because the mint is just a piece of software and it’ll do things using either vouchers or Bitcoin.

Where this connects the Lightning Network is, imagine if I can take one of my vouchers, my payment coupons to the mint and say, “Hey, use this to pay this Lightning invoice.” Then it pays the Lightning invoice on my behalf using that voucher. Or I say, “Hey, generate a Lightning invoice and then pay me in my chamian mint tokens.” Now, other people or myself using another wallet can send payment over the Lightning Network to the mint, and I redeem that payment for my chamian mint tokens.

It’s less that the mint is built out of Lightning and it’s more that if you have a chamian mint implementation that plugs into the Lightning Network, then it can interact with the Lightning Network like any other Lightning node, but on our side of the mint, we’re passing around these little blobs of data that are redeemable for Bitcoin.

[35:00] Eric: Exactly. I think we should separate the Lightning part from the federated chamian mint part because actually, if… It’s quite separate in the first instantiation. There might be some implementation down the road where we actually fade away to Lightning node, but for now, all we do to interact with the Lightning Network is we just have some sort of small contact in a federated chamian mint that enables trustless Lightning payments essentially or Lightning Payments in the same trust model as the federation already has, like the federated trust model.

I think we wanted to come back to, how would we actually federate a mint? That comes down to 2 parts. One part is holding the collateral, which is on-chain. It’s just a good old multi-sig quality on Bitcoin. The second part is the issuance of these e-cash tokens. In a traditional chamian mint, that would be done using some [inaudible] scheme. For federated chamian mints, we need the threshold bank signature scheme. Meaning, again, you can think about it like multi-signature for Bitcoin but for blind signatures. In the academic world, we call these multi-signatures actually special signatures because you need a certain threshold of participants that cooperate with you to generate such a signature.

Essentially, it’s just a “t” of “n” blind signature scheme where like a certain amount of parties in the federation has to be honest and then they can generate these vouchers. That’s the 2 parts you essentially need to featherweight chamian bank or chamian mint.

The last thing maybe to mention is that you still need some consensus algorithm between them, between the federation members. We actually agree on the right order of transactions because that’s the same problem that Bitcoin solve for an open set of well data’s being minus. For closed set where we know who is part of the federation of part of the network, this consensus was solved a long ago like in the 80s or 90s, if I remember correctly. We’re just using some old tech there to get an order of transactions, which every kind of system needs. Otherwise, you can easily double spend.

[37:10] P: Got it. Interesting.

[37:13] Matt: Eric, this sounds very academic. Is it possible to use Minimint today? Have you used it on anything?

[37:20] Eric: Please don’t use it right now like at least not on [inaudible]. Please use regtest if you want to play–

[37:26] P: This is how we know you’re not a shit coiner. For the love of God, do not use this amazing–

[37:33] Eric: I built it as a proof of concept.

[37:34] P: Yeah, and I just love it. You’re like, for the love of God, do not use this amazing thing that I have built. It’s not quite ready yet. You should be testing it and breaking it yourself as opposed to being like just floating it onto the ether as they…

[37:47] Vivek: Just asking you, Eric, in general. I think I saw you bought a coffee with it or something. Also, I was wondering if people did want to get involved and contribute. What repo should they look at? Maybe what language should they be familiar with, any general suggestions?

[38:03] Eric: Yeah. What you saw, yes, I bought a coffee with it at HCPP in Paralelní Polis. What I did there was I actually had a regtest federation running with completely worthless Bitcoin, but I coupled it to a Lightning node, which was actually running on main net, so I did atomic swap from my local regtest network to mine that Bitcoin, which is a totally insane thing to do unless it’s on your own computer. If people want to contribute. I had a few people reach out to me. I don’t want to disclose their identities here because that would force them to commit.

In private, I’ve been talking to a few people like ideally, some Rust like Minimint [inaudible] Rust, but also, if you are just generally interested and want to improve documentation and all the good stuff, you just want to play around with it. It’s on GitHub. It’s github.com/fedimint/Minimint or you can also find the link to the GitHub repo at fediment.org. They can just look around. I wrote a little week me that instructs you to set a federation on the regtest. You need the installation of Bitcoin core. There are some scripts included in the repository that automatically has been a practice network and then also the Minimint nodes.

Then you have federation of, I think, by default, 4 nodes, running of which one may be malicious and then you can just play around with it. It’s really unfinished right now. There’s only a [inaudible] app to interact with it. Yeah, but I’d be super happy about more contributors because that would mean that we can move along more quickly. My dream is that at the next HCPP in Prague, I might be able to actually buy a coffee with a main net federation. That would be awesome, but for now, for the love of God, please don’t use it on main net. Some flaws in the wallet logic that may make you lose funds, and I don’t want it. I couldn’t live with that. Please don’t.

[39:53] Rindell: Yeah, just a quick observation. For people who don’t know, you can run a Bitcoin node in what’s called regtest mode, where it just sets up like a private little Bitcoin network and you can mine blocks at will. It’s really great for testing. They’re completely worthless because it’s just like blocks that you mine at will on your own laptop. I think it’s funny that because you atomic swap that to the Lightning Network. The regtest running on your laptop is more valuable than half the shit coins that are on a Coinbase right now.

Good job for that. Another quick point. You mentioned Rust is an awesome language. If folks are looking at contributing to the Bitcoin ecosystem and are looking for a new language to learn, a lot of Bitcoin projects are popping up in Rust right now. Minimint which we’re talking about, if you follow like CPO, that’s all in Rust. There’s some cool stuff happening with LDK and Rust Lightning. Learning Rust will let you contribute to a lot of projects that are up-and-coming in the Bitcoin ecosystem.

Then to Eric’s point about there’s obvious things that are wrong like he’s done an amazing job working on it so far, there’s some stuff that’s just like low-hanging for that. If you’re a Rust developer, you can jump in and work on. If you’ve done Tokyo, a networking before, just adding retries, the networking code and that kind of thing. There’s lots of opportunity to get involved and help out with the project.

[41:12] Eric: Yeah, definitely. The people from some of Bitcoin reach out to me. If you are like a student at university and want to get into a Bitcoin development, then I will be preparing some project proposals for some of Bitcoin and then you could apply for the 2022 version of it. That might be a really cool way to get into it because then we’d have some structured mentoring and stuff like that. If you’re interested, just take a look at some of Bitcoin once it’s out. I will have to write multiple project proposals till December. I think they will publish it beginning of the year, and people can apply. That would be awesome. Generally, if you just want to work on a project, contact me. I’m available on Telegram, on Twitter. Just reach out. Always happy.

[41:59] Rindell: Right. Instead of Summer of Code, it can be Summer of Chaum.

[42:03] P: Now, Rindell, that was a terrible pun.

[42:06] Rindell: Yeah. Now, you have a picture in your head of federated chamian mints, right? The model is you go to the Mint and hand them Bitcoin and they give you these e-cash tokens and you can hand those to anybody and they can go redeem them for Bitcoin. When you plug the Lightning Network into the other side of that, what you can see is or what I hope you can see is that that’s a model where you could have a semi-custodial managed Lightning wallet. Build that into Wallet of Satoshi, and now, there’s not a single custodian that you’re trusting with your funds. It’s actually a federation. If you’re spending money to other people who have that same wallet, then it doesn’t even touch Lightning. It’s actually even faster and more private and cheaper, right? That’s a pretty cool thing.

[42:53] P: It’s very cool. Let’s step into the pontificating zone.

[43:03] Casey: You mean the pressure to adopt things like federated chamian mints?

[43:06] P: Exactly.

[43:08] Casey: Yeah, I think actually, we’re already facing that pressure, and that pressure is not coming from scaling problems. It’s coming from usability problems. Super, super hard to run a Lightning Network node. I have a project that I work on that requires people who want to use our project to run their own Lightning Network node. That’s like the main barrier to getting to onboarding users, basically. All sorts of non-trivial things. You’ve got to manage your channels. You’ve got to manage Liquidity. You’ve got to keep your computer online, etc. All this… No, go ahead.

[43:40] P: I do want to push back slightly. I think you are both correct. I think that we… Certainly recently, it’s gotten a lot easier and there are much larger communities of people running their own Lightning Nodes, but I do agree that it is a significant challenge for the average person to go from zero to running their own Lightning Node. Though, both are the things like Umbrel and [inaudible]. Also, I [inaudible] Voltage which basically, you can host your own, they’ll host the Lightning node for you.

Again, that is not to say that everything you just said is not 100% accurate because I think it is. The average person is not going to be able to just download an application on their phone or on their computer and just be like, “I’m running a Lightning node.”

[44:23] Rindell: Yeah. That’s where the real advantage is. The real advantage is when we see a mobile wallet that is as easy to use as something like Wallet of Satoshi but has way better trust properties in terms of custodial risk because it’s federated and it has insanely good privacy guarantees because of chamian mints.

[44:41] P: Exactly.

[44:41] Rindell: It’ll have better privacy guarantees than pretty much anything we have out there right now, with the trade-off being a slight custodial risk. You can just install it on your phone. You don’t have to run a node. You don’t have to know what channels are and you can interact with a greater Lightning Network.

[44:55] P: One hundred percent. It’s basically–

[44:57] Casey: To be clear, even better privacy than what cryptocurrencies that their only feature’s privacy. It’s real good privacy.

[45:05] P: Oh, interesting. Wait, wait. Speak more of that for a second.

[45:08] Casey: Yeah. There’s this no… Think about an outside observer looking at one of these federated chamian Lightning mints. They see it sending and receiving payments, but there are many users. That federated mint is acting on behalf of many users. In a normal case, an outside observer can’t tell which payment is being made on behalf of which user. All the users of the federated mint act as an anonymity set. This provides extremely good privacy, and it means there’s absolutely no temporary or permanent footprint that these transactions leave.

[45:43] P: How does this comp-, it’s a basic question.

[45:45] Rindell: Then within the mint like the federation doesn’t know what any of the payment activity was because they have no way of linking deposits and withdrawals. The operators of the Mint can’t tell what you’re doing. Then from outside of the Mint, all of the transactions are all flowing through this single aggregation point. Casey said it really well. It acts as a giant anonymity set, right?

The more people use your mint, the more anonymous it is because all of the traffic gets merged together going in and out of the gateway of the Mint. Then inside of the Mint, there’s no linkage between transactions and withdrawals. There’s not a ledger where you can follow all of the transactions.

[46:26] P: So is this basically… it’s like a superior… in it’s ideal form, how does this relate to CoinJoins? I know it doesn’t directly relate at all.

[46:39] Casey: It’s like a massive ongoing CoinJoin. You transfer into the Mint which is like entering the CoinJoin and then if you want to get out, you transfer out. I guess the anonymity set is all the users of the Mint, and it’s also not an on-chain CoinJoin. It’s like an off-chain CoinJoin which adds an additional more privacy.

[46:59] P: I expect all the CoinJoin implementations to hate this. I’m kidding, I’m kidding.

[47:03] Eric: You can think of it more as most of the tunneling protocol, actually. There are CoinJoin and tumbling Bitcoin, and it’s something like TumbleBit. It comes pretty close, actually, to what you could achieve with Minimint.

[47:16] P: Can you define the difference between a tumbler and a CoinJoin?

[47:20] Eric: Okay. According to [inaudible], you have a single transaction with inputs and outputs and only all the inputs and outputs in this one transaction get mixed that is your anonymity set. With tumbling, you have anonymity set over a bigger amount of inputs and outputs. With tumble bit, I think you can have a lot of transactions that set up inputs to a big tumbling pool. Then later on, you can take your funds out again.

Essentially, with Minimint, you have the anonymity set of everyone who send Bitcoins into the federation ever when you take it out again because you can’t really tell who already took their Bitcoins out again and who didn’t.

[48:02] P: What is the trade-off?

[48:03] Eric: It’s really great.

[48:04] P: What is the trade-off for on-chain transactions between the tumbler and a CoinJoin? Why aren’t tumblers supported by Samurai and all the other related…

[48:14] Eric: I’m not entirely sure. It’s not directly my field of research. As I understood it for like tumbling protocol’s more complicated. I’m not even sure if like [inaudible] couldn’t be counted as a tumbling protocol because they use also some blind signature scheme internally. I’d actually have to look into this again.

[48:33] Casey: Are there any non-custodial tumblers?

[48:35] Rindell: I don’t think you can. You can do a series of CoinJoins, but most tumblers are all custodial.

[48:42] Casey: I think that’s maybe the issue is that we only know how to make custodial tumblers which have that single party single point of failure problem and we also lack super illegal like the most illegal.

[48:57] P: When we say illegal, we mean just that the government doesn’t like anybody to have money that they have full control over.

[49:04] Casey: I think we’ve seen specific legal action by the state against people running tumblers.

[49:10] Rindell: Yep. If you’re a prosecutor and you can’t convince a jury that a tumbler is money laundering, then you suck at your job, right? That’s just how it is.

[49:25] P: It’s so crazy to me that the goal of having privacy around your money is something that is even in question as a legal issue. It is obviously and I understand why, but it’s crazy that people are sucked into the often false narratives around that. How long do we think before yelling and all the other related people and agencies are promoting narratives that federated chamian mints not only are trying to destroy Christmas but also are supporting child eating and cannibalism and all sorts of other terrible things?

[49:59] Casey: Honestly, just on that very specific question, I think we might be good. They don’t even really understand how Bitcoin works. They don’t demonstrate an understanding of very simplest concepts. Having somebody go up on, I don’t know, in front of Congress or whatever and being like, “Federated chamian Lightning mints are a threat to,” I don’t know. I’ve been consistently surprised by how uncoordinated and uninformed state actors are.

They haven’t really done anything meaningful against Bitcoin except for some, like an unfavorable acts treatment by the IRS. I’m very specifically against on-chain transactions and Bitcoin developers and miners and stuff like that. I don’t know. It’d be surprising to me if they got their act together. Although, I guess if one of them, if a federated chamian Lightning mint was super popular, then yeah, maybe we would start getting some heat.

[50:52] Matt: That’s definitely the biggest risk with a proposal like this, federations in general. Especially if they’re offering privacy, it becomes a regulatory target. What’s really promising to me about this proposal is that you can see, it appears that Eric intends, and Blockstream with their funding to him, intends to do it in a free and open source way. The fact that we could have many such federations doing this and they could be located around the world in different places competing with each other and interacting with each other makes it way more difficult for that kind of regulatory attack to happen.

I would caution against being too cocky in terms of… If it’s very public, if it’s being done by very obvious regulatory targets that have their ball based in the same country, stuff like that, they could get hit.

[51:48] P: Yeah, I agree. As soon as this becomes a significant…

[51:52] Eric: The great thing about federations though is that you don’t have to trust the people running the federated chamian bank fully. I could just have to trust them at their own to conspire against you. That, in my opinion, allows for pseudonymous federations. Just imagine, we have a bunch of pseudonyms, the type of reputation they care about, and they come together to form such a federation. Who should be prosecuted? Nobody knows who they are. You can’t prosecute a pseudonym them. It’s just not possible. If they do it correctly.

I think even if there was a crackdown, the federated part would make it still feasible to run it through a federation, especially since if you only take down one of the nodes, then the federation still runs. You did nothing.

[52:42] Rindell: Yeah. I was just going to say, as long as not a signing quorum of your federation all get pinched at the same time, the federation still operates. If you start to lose trust in your federation like maybe your federation people start tweeting crazy shit coinery, then because this is all connected over the Lightning node, your exit cost is really low. That’s one of the things that really jumped out to me about having these things be connected over Lightning is that your switching cost is incredibly low.

Stepping away from the resistance to nation-state story for a minute, another thing that’s just really interesting about this model because it’s just software that a couple of people have to come together to run together. I think it opens up a lot of really interesting scenarios for community banking. That could be community banking at a geographic level or within like your social group. If we wanted to say on Plebnet, a bunch of a plebs get together and run a federated chamian mint and people on Plebnet want to use it or not, that’s great.

I live in a town where I’m trying to get some of my local small businesses to take Lightning. We could definitely do a federated chamian mint for my town that plugs into the Lightning Network, right? You can have these things make sense at different levels of social organization and you can choose the group of people, the group of custodians that make sense for you to trust, right? This is the Bitcoin beach model of, you have a community bank that you have a Lightning app that interacts with it on, but you don’t have everybody responsible for opening up all their own channels. You can do that for your community or a community of interest or an internet community, whatever makes sense to you. You can really mix and match here. It’s really interesting.

[56:24] Eric: Maybe to elaborate…

[56:25] Casey: No, no, go ahead.

[56:26] Eric: On the community banking for just a minute. Like, [inaudible] is already doing this with Bitcoin Beach Wallet, but what they did is they went quickly to market, which is great because we need it now. What I’m trying to do with Minimint is improve privacy because when you’re doing a community banking, you don’t want your neighbor to know how much you own. That’s really bad. It’s probably even worse than Coinbase knowing how much you own because such social structure is often preferable for your PS not to know how much you make or how much you own. In a community banking environment, privacy is even more important.

[57:04] P: Yeah, I agree.

[57:06] Casey: I had maybe like an obscure technical question for Eric. Let’s say that you had a federated chamian mint and for some reason, you didn’t trust some of the participants or thought that there was a chance that it was going to fail. Do you think that it would be better to build into the protocol ways of, for example, ejecting members of the federation and voting in new ones? Or do you think people should just use the ease of exit and essentially just transfer all their funds to another federated chamian mint that they trust more, maybe even with some of the old participants?

[57:42] Eric: I think that’s more or less an engineering trade-off. What you’re describing is dynamic federations, and that took approximately quite a while to figure out for Liquid. I think initially, I will launch without this dynamic feature that you can just replace or switch in and out federation members. It’s just a lot of work, but ideally, you would have those because the cost of switching isn’t all that low actually. On the individual level, it might appear low. You still need to rebalance your channels for… If all your money flow’s outgoing, then that’s not optimal.

Ideally, your federation has some balance of money flow. Otherwise, again, the current model, we have a Lightning gateway, which is the independent actor of the federation. The Lightning gateway would have to repeat it like actually withdraw Bitcoins from the federation. Then we balance that channel so they have outgoing capacity again. I don’t think it’s optimal to just migrate in that way. It would be a little bit better to be able to throw someone out of the federation if they are clearly compromised.

[58:50] P: Interesting. Okay. Where do we go from here, in this conversation? Are there specific other topics that we want to talk about, Matt, Vivek, Rindell, Eric, Casey? Do you want to do like a round table? We can pull people up and get questions answered. What do you all think? Let’s do it.

[59:07] Matt: I would love to hear Shinobi’s opinion. Shinobi just came up here.

[59:10] P: Give us your thoughts, Shinobi.

[59:11] Shinobi: This is epic. I’d like to know if anybody has talked at all about using the federated mint to enforce more complicated smart contracts?

[59:19] Rindell: Dude, yeah, that’s literally the fucking hand grenade that I was about to lob into this conversation.

[59:25] P: Let’s fucking go.

[59:28] Rindell: Dude, okay, yeah. This is like my soapbox. In my mind, the final form for federated chamian mints on Lightning Network is that you have them process more interesting smart contracts semantics. Imagine, I go and set up a chamian mint where you can upload, and I’m just going to say it, like an EVM compatible smart contract. I don’t need to make a shit coin.

[59:55] P: Sacrilege!

[59:55] Rindell: You know what I can do? No, you know what I can do? I can charge you to execute the contract. It’s called, I don’t know, like, pay for execution SASS, right? We’ve been doing it for years. If you want to do EVM smart contract shit, you Lightning over some sats to my chamian mint, I will execute EVM smart contracts and publish a snark or some other zero-knowledge proof in a publicly viewable place that it executed properly. You can do crazy speculative smart contracts with Eric inside of my mint. Then when you decide that you want to do crazy other smart contracts that only Shinobi’s mint supports, you Lightning over there and you do it.

We can have this network of these little islands that have different smart contract semantics that have different trade-offs or different guarantees or different semantics. You can just choose which casino or which computer you want to play in, zip yourself over there, do it and then leave when you’re done. We don’t have to push new bullshit into the base layer. We don’t have to create new tokens. It’s just go wherever has the compute capabilities that you care about.

[61:08] Casey: Mind blown.

[61:10] P: I love the idea of that. It’s like when you go into a PVP arena, whatever your favorite MMORPG is. It’s like you go and it’s yes. “These smart contracts will eat your face off, get ready.”

[61:23] Shinobi: There is no restriction that would prevent a mint from issuing tokens representing things other than Bitcoin too. You can get the entire ERC-20 type dynamic and interaction with those types of contracting platforms directly in the middle.

[61:40] P: How is this?

[61:41] Rindell: Yeah. If you’re OpenSea and you want to do an OpenSea chamian mint, people can go there and then you can leave when you’re done.

[61:51] P: OpenSea has no control?

[61:53] Shinobi: You can use single-use seal, Rindell, for something representing NFTs instead of just the chamian token. That single-use seal is actually universally portable to all the different mint up there. It’s not just a token if you solely buy that mint’s authority.

[62:10] P: Wait, but I understand the premise, but I guess I’m trying to wrap my head around why that would be better than… I think it still totally screw everybody out of their shit.

[62:20] Shinobi: Not with that. A single-use seal would be like, imagine, I just make a key that represents something and then I time stamp it with open timestamps. If I want to give it to you, I find a transfer to your public key and time stamp it with open timestamps. Then you keep all of that data, my original key, the timestamp data, my signature. Let’s say, you want to go pass that to Rindell, you do the same thing. You extend it again and sign his key and time stamp it and he keeps all the data. It’s like a little growing mini blockchain that it’s just the representation of this single asset and its ownership team.

That could interact with things like a chamian mint. That could be an atomic part of a smart contract that the Mint is enforcing, interacting with their native Bitcoins opening.

[63:13] Rindell: Yeah, the thing that you need for a single-use seal is… Go ahead, Eric.

[63:16] Eric: Possibility of NFT is, let’s call it NFTs for the sake of it. It’s interesting. Not because some wacko artist so popular, some apes, but the one big problem we still face is domain names. We still need to really decentralize the naming system. Ideally, this would be built on Bitcoin. A single-use seal, I think, that’s the main application for it.

[63:39] P: It’s so interesting.

[63:41] Eric: We have stuff that people are doing easily [inaudible].

[63:45] Rindell: Yeah, because the thing that you need to make…

[63:47] P: Oh my gosh, and it was not controlled by some centralized bullshit.

[63:52] Rindell: Yeah. The thing that you need for single-use seals is you need a proof of publication mechanism, and it turns out we have a really good distributed ledger underneath all these chamian mints.

[64:00] P: Wait, what are you talking about? Which ledger could you possibly be referring to? The answer’s always Bitcoin.

[64:06] Rindell: I was going to say something about BSV, but I can’t do it.

[64:09] P: Will you throw up a little bit in your mouth just even trying?

[64:11] Rindell: Yeah. I just asphyxiated on my own vomit thinking about it. Yeah, think about it this way, right? You have a world where people can choose the semantics and the trust and the different trade-offs that make sense for them for their use case, their risk tolerance, their applications. Those things are interoperable over the Lightning Network. If you decide that you just want to nope out of the whole thing, you can resolve anything down to layer one Bitcoin and it’s all like more private and more scalable than any other cryptocurrency out there. That’s the final form of this shit.

[64:51] Shinobi: This is Bitcoin if we don’t get channel factories. It’s not as cool as channel factories, but it’s good enough.

[64:58] P: Wait, hold on, back the truck up. What do you mean by this is Bitcoin if we don’t get channel factories? How does channel factories address all the stuff we’ve been talking about?

[65:09] Shinobi: Scalability and the ability to partition thing. My point is, if we stop getting more native second layers to Bitcoin, Lightning, the base layer and chamian mints are enough to scale everything.

[65:23] P: I see.

[65:24] Shinobi: [inaudible] for everyone.

[65:26] P: Got it. Got it.

[65:28] Eric: Yeah, because I think channel factories are super interesting. Coming back to [inaudible] earlier, the [inaudible], I think that’s what will force them to be something that own the power users.

[65:44] P: You’re cutting in and out. This is the most excruciating thing, Eric, my man.

[65:48] Shinobi: I think what he was saying though is that the user experience were channel factories. It’s just real garbage and it’s a lot more complicated than Lightning. So that’s a tough thing to get past power users. I think this is what he was saying.

[66:03] Matt: The cool part of this proposal to me, in Bitcoin land, we’ve been talking about all this time. I have privacy that is cheaper than non-private transactions and have privacy that’s easier than non-private transactions. This trade-off balance makes it so that you could just have a mobile wallet, where you just load it up with $50 worth of sats and you’ll be paying lower fees than anyone who’s not using Lightning. You’re able to interact with the whole Lightning Network and you have great privacy guarantees at a mitigated custodial risk. That trade-off balance just seems absolutely fantastic to me.

[66:40] Rindell: Yeah, it’s kind of like, if I have Strike on my phone and I pay another Strike user, I don’t know for sure. I really doubt they’re actually doing a Lightning transaction. I assume that they’re just bumping balances because it would be insane to do anything else. Then if I want to pay somebody else that’s out on the Lightning Network, then it does an honest-to-goodness Lightning transaction. Imagine that, but without the single custodial risk and with much better privacy from the custodian, and that’s where you land. I think that that’s amazing.

Then on top of it, something that we haven’t really talked about but I just wanted to touch on is, I think another scaling pressure that Lightning is going to face is the size of the channel graph and being able to efficiently compute routes over it, especially on memory constrained devices, right? If everybody in the world has Lightning channels, everybody else in the world, you’re not going to be finding efficient routes on your phone. It’s just not going to happen.

There are different mechanisms that people have been throwing around about the way that we solve this problem on the Internet is with route aggregation and with having a bunch of smaller networks all aggregated and then routing between larger networks. That’s how internet routing happens. Different people are talking about different mechanisms to do something similar on the Lightning Network, and this very much accomplishes a similar thing, right? If you say a lot of mobile users are going to be using their choice of chamian mint and then Lightning routing needs to happen between these mints, that’s a much smaller problem because you’ve aggregated all of these mobile users down to a single endpoint on the Lightning Network. That’s a great way of handling the scaling pressure.

[68:25] P: What else? What else we got?

[68:26] Shinobi: I’m assuming that Eric already discussed the potential for doing atomic interactions between the Mint and Lightning so that either finishes it.

[68:35] Vivek: He’s a genius. He figured out someone to sell some regtest Bitcoin to you atomically and my coffee.

[68:44] P: We’re not even joking, Shinobi.

[68:45] Eric: Yeah. [inaudible] myself to do this.

[68:49] P: Strictly speaking, it was a true statement.

[68:53] Eric: One thing I was quite dead about is seeing darknet markets like switching to other platforms. I think we really, as a Bitcoin community, need to figure out how to make Bitcoin good enough for them because once, I hear from one of my friends that they bought drugs on a darknet market with Minimint. When I know, I’ve won, that’s what we want to achieve. Make it good enough and easy enough to achieve. Good privacy for people to use it for whatever they want. No questions asked.

[69:20] P: I could not, but Shinobi did not agree.

[69:20] Shinobi: No, I don’t disagree. That would be awesome. I just think that a lot of that whole dynamic really just comes down to that a lot of darknet market operators are frankly more [inaudible] those marketplaces are just like copy paste PHP scripts that get passed around. There’s not a lot of actual sound original engineering, and you just have a bunch of people from my perspective who are clownishly just like, “We keep getting busted because we use Bitcoin like morons,” instead of looking at things like the Lightning Network. In my mind, that comes down to people doing things like that are frankly idiots, and they need to be better educated on different ways that they can use Bitcoin more privately.

[70:11] P: I think though that I totally agree with you. I think most of the people that are in those situations are not availing themselves of the available information, but I think that we succeed when this is undeniable, right? When the technology just is self-evident and doesn’t require someone to… Someone has to be willfully ignoring the reality in order for them to not use these things. I don’t think it’s as simple as just it has to be possible.

[70:39] Eric: We have quite some latency here. I think especially when we are talking about users of darknet markets, we can’t expect them to know how to use Bitcoin privately. Nowadays, with Lightning, it’s really complicated setting up a Lightning node and taking care [inaudible] to use for that tumbler or CoinJoin. It’s just really complicated. I think someone who is, [inaudible] half of today can’t redo it. I really hope that Minimint will be able to support such users and not make them fuck up. That’s how we actually get people to use privacy and not by making it complicated. It has to be super simple and stupid so that even someone on his [inaudible] joint can just use it. Otherwise, it won’t work.

[71:21] Shinobi: I hear you’re saying, but in the context of darknet markets, I don’t think the purchaser really needs to be crazy secure and private. You got a decent light wallet that’s not like Phoenix and doing trampoline routing. It’s the merchants and the people receiving payments and selling things that really need to know how to handle their privacy because they’re the ones that law enforcement is going out to. It’s like, “I don’t care that you bought a bag of weed.”

[71:54] Rindell: There’s that ad campaign where it’s like GEICO, so easy a caveman can do it. I think what Erich is saying is that we need to have privacy preserving Bitcoin so easy that a dumbass who’s cargo culting PHP code off of stack overflow can do it. Lightning isn’t there for better or worse. That is not running a Lightning node.

[72:13] Shinobi: Fair enough.

[72:15] Vivek: I have a couple of questions for Eric if you guys don’t mind. Obviously, I’ve been very interested in the concept of federations for quite a bit. I was wondering. Well, first off, maybe you can answer that very quickly. Is there concept of fees like coordinator fee? This is something that’s currently designed.

[72:29] Eric: There definitely will have to be some few because to take some money to just, we better keep them like on-trend wallets operational. Every time you would do a withdraw or deposit, you’d probably pay a fee. Ideally, such a federation would also be self-sustainable, so we would probably charge some sort of fee.

[72:49] Vivek: Yeah, I agree. Good answer. I guess one of my concerns is we’re not exactly reinventing the wheel, obviously. The showman component is extremely interesting, but this is essentially just another federation not on like obviously what Liquid has. One of the downside or actually, one of the issue with that is that we’ve seen zero uptake in terms… We haven’t seen other wallets integrate Liquid, and it feels to me like there’s an incentive problem. Hopefully, some kind of like fee sharing or fee revenue can address that to a certain extent.

Another question is, in terms of obviously incentivizing the members of the federation, was there any thought given ever to maybe requiring time-locked fidelity bonds for those members?

[73:32] Eric: To the first question, I think the big difference between Liquid and… Wait, a chamian mint is that the federated chamian mint can use Lightning and everywhere where Lightning is accepted. Then you can use your mint token. I’s actually something quite different. There isn’t the infrastructure to seamlessly use it with, for example, Lightning. That’s a big difference.

[73:54] Vivek: Sorry. Let me just jump on that real quick. What you’re saying is that basically, the chamian mint being integrated with Lightning, any Lightning wallet is automatically interoperable with the chamian mint?

[74:07] Eric: Yeah, exactly. It becomes a choice of the user because for Liquid, it’s actually a choice of the user and the merchant together because without a merchant choosing to use Liquid, the user can’t do it. Federated mints, then it’s just a use of choice. If we build a good enough product, they will come. It’s just another Lightning wallet.

[74:27] Vivek: The wallet need to know that this is Bitcoin. The UX would have to account that the Bitcoin is from the chamian mint or not.

[74:36] Eric: Yeah. You would have specialized federated mint wallets. Ideally, we could have a standard that every mint speaks the same product goal essentially and then you have some wallet that supports all federated chamian mints out there. Your recipient doesn’t need to know that you’re using a federated chamian mint wallet. They don’t care. They just give you Lightning invoice, and you give that to your mint. Then your mint wallet instructs your local federation to pay the Lightning invoice. That’s how it should work.

[75:06] Vivek: Okay, but then sender does need to use a mint specific wallet?

[75:13] Eric: Certainly. Yeah, but not specific to a specific federation but just to the mint protocol.

[75:20] Vivek: Okay, cool.

[75:20] Shinobi: Made me think of something else. If you don’t mind me coming in real quick. Have you considered at all, Eric, to support for pseudonymous acounts just so that you have a kind of safer way for users to hold long term balances in the event of a key rotation so that the main spent-table table doesn’t just keep growing to infinity?

[75:43] Eric: Yeah, definitely. It’s a natural addition because I’m already using a smart contractratable accounts like what you were discussing. I only need smart contracts in the federation to integrate the Lightning. It’s just a natural next step to enable users to have accounts with arbitrary smart contract capability, not just some Lightning integration special spot contract. That would allow certain interesting things. You could think about the chamian e-cash as your spending account, your checking account and like 2 donimous account inside the federation which might be locked by a 2 or 3 multi-sig or just some conventional KIA script. That’s your saving account.

With the chamian e-cash, you have the problem, you can’t really back it up because with every spent, your set of coins, your own changes and it would be really cumbersome to always back them up. Currently, I’m thinking that if you lose your wallet or if you lose your phone, you lose the e-cash inside it, but if you have those checking accounts, which is just like 2 anonymous account locked by some sort of script that you can keep. That’s easy to back up. You just need to back up a private key which we all know how to do by now. That’s definitely planned.

The second interesting sort I got from discussing this with OB that in the federated trust model, you can easily have oracles because the federation members, we trust them anyway, so why not let them act as oracles? That would allow you to build a smart contract for these accounts that says if someone convinces enough federation members that, for example, you died, then your legal hire can get access to these funds. He was thinking about non-technical communities that don’t really know how to do inheritance on Bitcoin or stuff like that. That just might actually be a good way to implement it. If you have community banking, why not use the social structure of your community to also ensure that you can inherit properly without needing a lot of technical knowledge about it?

[77:50] P: I’m going to wind us down. We’re currently over time, and I want to be respectful of everybody’s time. Is there anything that we want to close out on or touch on before we wind down and go around and give a…

[78:01] Vivek: Eric, did you tell us when we should expect a mobile wallet available for Android, at least?

[78:08] Eric: No, not really because I can’t really give something, but…

[78:10] Vivek: Was it like 2 weeks?

[78:11] Eric: I’ll have it ready for next week [crosstalk] next October.

[78:15] P: You told me seventy-two hours before the call.

[78:17] Rindell: Time is of the essence, Eric.

[78:22] Eric: Currently, there’s still a lot of work to be done on the back end. It has been quite neglected. If we get people that are interested in front and stuff, go ahead and please–

[78:31] Vivek: The correct response to that question is patches welcome.

[78:36] P: Yeah. Everyone in the audience, this is an incredibly important and interesting technology that we’re talking about here. People are always like, “Oh man, I don’t know how to get involved in Bitcoin as a software engineer or as a human.” This is a call to action. Reach out to Eric. If you’re a software engineer and you want to get involved with sound money and the technology that’s going to drive the future, this is your chance. Hit up Eric.

[79:02] Guest1: If you have time for a really quick question.

[79:03] P: Go for it.

[79:05] Guest1: Yeah. Thanks for the invite. Congrats on Taproot. The question is that, is there such a thing as a typical lifetime offer of chamian mint token? Was [inaudible] depends on–

[79:14] Eric: That would be defined by the federation because I think someone, I don’t remember who it was, maybe Shinobi, mentioned that you have this list of spend tokens, and that just keeps growing. In most implementations you say after some time, you invalidate old tokens that are signed with old keys and you enforce people to roll over their funds into a new key set. Just get them reissued with new keys. That’s how you keep the list of spend coins from growing indefinitely. Yeah, that’s up to debate with the federations. Make it a year, make it 2 years. I don’t know. There’s no real right answer for that. There might be some lifetime to these tokens.

[79:55] Guest1: Okay. Got it. Thanks.

[79:56] Vivek: Real quick, fidelity bonds?

[79:58] Eric: I don’t know if it makes sense because to actually incentivize good behavior, they need to be quite big. That would make such a federation less capital efficient or your cost of capital would go way up. Maybe one thing they would be good for is to incentivize people to actually stay online. If they go offline, then you could have a penalty. That wouldn’t be a fidelity bond, but you could have some amount that they need to deposit. In case they are offline, then that goes to a common fund and gets redistributed. They actually have incentive to stay online because that might be a problem if people don’t make enough money from it. They might not neglect node maintenance. So yeah.

[80:40] P: Good stuff. Good stuff. It looks like we lost… Oh, no, Casey, you’re still there.

[80:46] Casey: Okay, it’s not happening. We’re not letting you end it.

[80:49] P: No, look, we’re winding down. This is the go gently into that, to that good night. A kiss–

[80:53] Casey: This is the last…

[80:54] P: The last two place. No, Casey, is there anything you want to speak to, a shill, jump in here about anything we’ve been talking about so far or anything else that you’re working on.

[81:04] Casey: Yeah. I don’t know. I guess I’ll just shill the project I’m working on. It’s called Agora. It’s lets you sell shit online for Lightning Network. You put your data on a server and then you can sell it. It’s really simple. You just be like, “Hey, you want to buy this PDF? It will be like a thousand sats.” Then people pay you a thousand sats and then you download the PDF. I’m thinking about starting a meme. This is like the real Bitcoin NFT, but I think it’s maybe just too dumb of a meme. Yeah, I guess, maybe the nonchalantly thing that I’ll say is that–

[81:33] Matt: That’s agora.download.

[81:35] Casey: That’s right. [crosstalk].

[81:35] Matt: [inaudible] correctly.

[81:36] Casey: It is agora.download and it is also github.com/agora-org/agora. Thanks for the shilling tips, bro. Yeah, federation soon, 2 weeks, 72 hours, definitely. I think we should be watching Lightning Network usability and doing all we can to both make it more usable and to get users onto less centralized services. I think maybe a little bit of pessimism is good in the sense of not just assuming every problem with Lightning Network usability will just be solved and fall into place. I think there’s a lot of tricky stuff there and we should be keeping an eye on. That’s what I’ll leave everybody with.

[82:22] P: I love it. Matt, is there anything you want to shill, speak to, mention?

[82:26] Matt: I just wanted to thank Eric. I’m super excited about your project and I was just fucking around with the timeline. I’m willing to wait and I’m looking forward to it.

[82:36] P: Yeah. This has been an amazing conversation. Eric, also, thank you so much for joining. Casey, thank you so much for joining. I posted Casey’s blog post at the top in the nest, which you should all check out. It’s a really good, very high level overview of some of the stuff we’ve been talking about and what federated chamian mints are and why they’re awesome. Follow both of them. This is definitely one of the more exciting things that is happening in Bitcoin in my opinion at the moment. There’s a lot of… Everybody’s excited about Taproot, which is fucking awesome and really exciting, but there’s also these sort of like unsung heroes that are also working on this stuff and writing about it and it’s part of the future.

I also am, of course, going to shill the conference. If you do not already have a ticket for Bitcoin 2022, it is going to be absolutely incredible. Matt and I are working very closely on the open source stage. There’s going to be discussions like this one, other topics more that you should definitely partake in. It’s also going to be [crosstalk].

[83:33] Matt: Me and P have only disagreed on one thing so far.

[83:36] P: That’s true. That’s true. I will die on that hill, which is I argue that cold card is the thing that is the coolest part of the coin KAI line up, and Matt Odell argues that it is Opendime. We have come to blows on it several times.

[83:51] Rindell: Hey, P, you skipped me when it came to shilling things.

[83:54] P: I just assumed that since your face changes every other day and your name is Rindell that you would not want to show something, but I apologize profoundly and profusely. Give us your shill.

[84:02] Rindell: Here’s a shill. Everybody, if you are excited about things happening in the Bitcoin ecosystem or if you’re not excited about things happening in the Bitcoin ecosystem, you can contribute. There’s lots of awesome open source projects like Minimint or Bitcoin core or your favorite wallet software, and all of them are looking for more contributions. They’re all looking for people to test things, work on documentation, submit patches, so you can go and get involved every open source project that’s out. Not every, many open source projects that are out there are very excited to have new people come and help.

You can go and ask what’s a good bug for me to work on, and people will not only give you a good bug, that’s like easy and straightforward to figure out, but they’ll work with you on how to fix it and learn the code base. Or if you want to write better documentation and they’ll help you get a test environment setup like having maintained open source projects before. If somebody shows up and wants to help, a lot of open source maintainers will bend over backwards to make sure that you have a good kind of onboarding experience because contributions are what make the world go round.

If you want to learn Rust to work on Minimint or CPO or LDK or any of these other projects, then just google the Rust book. It’s really high quality, easy to read, highly recommend it. It doesn’t really matter what your level of experience is. There’s some way that you can contribute to open source.

[85:22] P: Absolutely. I’ll go even further, which is, you do not actually have to be a software engineer in order to contribute massively to open source projects. The thing that is in the most finite supply is people who are interested and willing to write documentation or to proofread documentation.

If you want to get deeply involved and be someone who is a force multiplier and you are willing to figure out how these projects work or how to run your own Minimint or any of the other projects that you might be involved in, you don’t have to be a software engineer, go read through the documentation, go take a tutorial on how to submit a GitHub pull request. You can absolutely be a contributor to even Bitcoin core and all these other projects, and your contributions will be worshipped and appreciated forever because documentation is the last thing that most software engineers write. Many projects today have no documentation or broken documentation because there’s just not enough time.

On that note… Oh, one other thing I forgot to say, if you don’t have a ticket and you want to buy one for Bitcoin 2022, code “Have Fun Staying Poor”, the actual promo code is “HFSP”. We’ll save you 10% on your ticket. Go forth. Adios.

[86:40] Eric: Thanks a lot for having me. If anyone wants to meet me, I’m at Adopting Bitcoin recently, so just come by and say hi.

[86:47] Matt: Cheers.

[86:48] P: All right. Thanks again, guys.

Loading data ...
Comparison
View chart compare
View table compare
Back To Top