Ecash is a digital payment system, developed by David Chaum in 1983, that uses cryptographic techniques to ensure secure and private payments.
It operates through a mint that issues digital tokens in exchange for deposited funds. These tokens can be spent and received without revealing user identities or payment details. Users can redeem their tokens for the original funds at any time.
Since no accounts or personal information are needed; the mint cannot see your balance, tokens, or payment details, offering a highly private and efficient method for digital payments.
Bitcoin-backed ecash works by using protocols like Fedimint and Cashu. Users deposit bitcoin, and in return, they receive bitcoin-backed ecash tokens. Users can then spend and receive these ecash tokens, which remain anonymous and unlinkable to their identity, enabling private payments within the bitcoin ecosystem.
Faster payments - Ecash systems process payments almost instantly since they rely on a centralized mint. They do not require network-wide consensus or routing through multiple lightning nodes.
Higher volume - The centralized mint allows ecash systems to handle a larger volume of payments efficiently. The bottlenecks typical of decentralized networks like the lightning network are avoided.
Simplified processing - payments are validated and settled internally within the mint. This reduces complexity and avoids potential delays associated with routing and liquidity issues in the lightning network.
Consistent speed - Ecash systems offer consistent payment speeds regardless of network conditions. Unlike the lightning network, where payment speeds can be affected by channel capacity, node connectivity, and node hardware.
Enhanced privacy - Blinded signatures safeguard user identities and total balances. While the mint can see amounts for individual payments (like paying an invoice or swapping proofs), it cannot associate these with specific users or determine anyone’s total ecash holdings, as there are no user accounts.
Fedimint operates through a federated model where a group of trusted entities (called “guardians”) manage funds collectively through the use of multi-sig.
Cashu and Fedimint use various terms for the processes of creating, redeeming, and transferring bitcoin-backed ecash. To provide clarity, we’ll use neutral terms in our explanations and provide a translation table for specific implementations.
1. User deposits funds - The user deposits bitcoin into a mint or federation. Typically this is done by generating a lightning invoice through the mint and paying it.
2. Ecash creation - Upon successful payment, the wallet generates secrets and blinds them. The wallet then sends the blinded messages to the mint or federation, which returns blind signature on the blinded messages. The blinding process ensures that the mint cannot link the tokens to the user, preserving privacy.
3. Ecash receipt - The user receives a set of proofs that correspond to specific amounts of bitcoin. These proofs can be combined to create an ecash token of any amount denominated in bitcoin.
1. User initiates conversion - User initiates a conversion request with their mint or federation.
2. Ecash verification and invalidation - The mint or federation verifies the validity of the ecash tokens. Upon verification, the mint or federation invalidates these tokens, ensuring they cannot be reused. This step prevents double-spending.
3. Bitcoin transfer - Once the tokens are verified and invalidated, the mint or federation sends an equivalent amount of bitcoin to the user.
When a user sends an ecash token to another user, the wallet verifies the mint’s signature to confirm the token’s authenticity. The mint then checks its database to ensure the token has not been previously spent. If the token is valid, it is invalidated and replaced with a new token, which is then issued to the recipient. This cycle of invalidating the old token and issuing a new one prevents double spending while maintaining user privacy and security.
Sending ecash and receiving can be done via multiple methods to suit different needs. One of the advantages of bitcoin-backed ecash is that the tokens are just text, which is very flexible and can be transmitted via any communication medium. Some unique ways that ecash can be sent and received, which are not possible with on-chain or Lightning payments, include the following:
Users can send ecash by copying and pasting the token string. This is particularly useful for online payments or when using text based communication platforms.
Most applications allow users to share a token via Bluetooth. However, more comprehensive Bluetooth sending and receiving functionalities have not yet been fully developed.
On the base chain and Lightning network, QR codes provide directions for where to send Bitcoin. In contrast, ecash tokens can be embedded within a QR code itself. The ecash token can be claimed by simply scanning the QR code. This method is particularly useful for in person payments or quick transfers, and also enables physical bearer assets like paper notes.
This means someone else holds your bitcoin. Be aware that this subjects users to custodial risks.
Since ecash is a custodial solution, it’s important to weigh its benefits against the risks of other custodial options. The risk profile of ecash is similar to custodial Lightning, but with some added benefits.
The spectrum of decentralization and custody for bitcoin ranges from highly decentralized to highly centralized. Holding self-custodial Bitcoin on the base layer is the least risky and most decentralized. Self-custodial lightning is slightly more centralized, while custodial lightning moves further towards centralization. ETFs sit at the other extreme, being the most centralized and risky. Ecash improves over custodial lightning by providing better privacy and security.
Privacy - Ecash enhances user privacy, making it more difficult to trace payments back to individuals. In contrast, custodial lightning provides less privacy, as the custodians can associate payments with user activities.
Secure against theft (rug pulls) - Custodial lightning and solo mints run by a single entity (such as Cashu mints) are more susceptible to rug pull scenarios. Multiple-guardian federations are more secure against theft, as funds are stored in a multi-sig wallet and require multiple guardians to be malicious or compromised for theft to occur.
Offline transfer - Ecash can be transferred offline, while custodial lightning typically requires an online connection. However, ecash needs to be redeemed online, and until then, the recipient risks double spending. In such cases, proof of double spend can help deter theft in some social situations.
Regulatory risk - Ecash and custodial lightning are both subject to regulatory actions that can impact their operations. Custodial services are required to hold money on behalf of other people and facilitate payments, which typically requires licenses. Both could be affected by changes in laws or enforcement actions.
Next, we do a technical deep dive into how Cashu works.