Cashtanhas

A simplicity based decentralized e-cash.

Comment

Inspiration

Our inspiration was the unsolved problems in e-cash of centralization and custody in a protocol that, while nice, is in our vision broken.

What it does

Our project decentralizes the mint and passes the authentication responsibility to a Simplicity-based lock script. With this script, only the last person to receive the e-cash token is able to spend it.

How we built it

Our POC does two things. First, it replaces the mint with their secret with an address with a Simplicity lock script, so the lock is for everyone that inputs a valid token on the address. To avoid double spending when claiming an already-passed token, we designed a merkle logic that works by hashing all spend paths of the token. If someone tries to cheat by claiming the token, they will need to wait an HTLC-like scheme of two weeks. They will input a hash of the merkle plus the token, a signature with the token, and a proof list of the merkle. With that, anyone who is after the cheater in the spend logic will be able to prove that the cheater is already in their own merkle proof.

Challenges we ran into

Finding the best solution with the time that we had for the merkle part was hard, and the Simplicity implementation of the POC was difficult due to low documentation and the impossibility of doing time locks in the web IDE.

Accomplishments that we're proud of

We're very proud to propose this improvement to the e-cash protocol. We will be very happy if this someday turns into a real and strong Layer 2 of the Bitcoin network.

What we learned

The main knowledge gained here was definitely Simplicity, but it was amazing to improve our knowledge in e-cash and Schnorr signatures, and about timelocks in general.

What's next for Cashtanhas

For Cashtanhas to go ahead, we will need to implement something to help with the L2 calculations and signatures—maybe a Rust-based CLI or something like that. Plus, we will need to implement a helper to create the Simplicity lockscript in an address. All of this can be done on Liquid, but it would be nice to have this on Bitcoin mainnet. For that, we will need either Simplicity on mainnet or some covenants like CTV and OP_CAT.

Built With

  • simplicityhl
Share this project:

Updates