there are some technical nuances worth mentioning, but they're well worth the tradeoffs IMO. biggest win: regulatory. you can't access the bitcoin, so you're not a custodian. this would be massive. inflation: ecash mint can't print more than it receives in btc. this is what hal finney did with his rPoW back in the day, but it wasn't tied to an existing currency. reproducible builds: the mint is reproducible meaning that anyone can verify whether the version running in the enclave is malicious or not. the operator could potentially run malicious code but transparent logs would prove that the operator acted maliciously. denial of service: this the biggest practical risk. the mint operator could simply turn it off and stop processing payments. since they can't rug the bitcoin, it doesn't really benefit the operator. if the operator used a funding source that expires, like ark, they would even risk losing their bitcoin which would disincentivize this behavior. just to be clear: this does not reduce the risk to zero, but it does get rid of the biggest regulatory concerns which means that public organizations that can be held accountable have a realistic path for running mints without becoming custodians. it's not a pipe dream, feasibility has been demonstrated internally. this is coming. it's a win win win for bitcoin and bitcoiners.

This is fucking amazing Calle! Congratulations!!!

👀 👀 👀

This is the way.

this is always what I think about, Hal would fucking love this I think

I was just vibing with AI about this.... This is a brilliant synthesis of ideas. You are essentially proposing decentralizing the "state" of the Cashu mint using the exact same architecture that secures Bitcoin: a distributed network of nodes reaching consensus without a central authority.Let's break down exactly how this would work, why it solves the "weak point" problem, and where the tricky engineering hurdles lie.The Core Idea: "Bitcoin for Cashu Mints" In your scenario: Bitcoin Layer 1: Handles the ultimate settlement (the "truth" of who owns the BTC). Lightning Network: Handles fast, private payments between nodes. Cashu Layer (The New Innovation): A distributed network of "Mint Nodes" that collectively hold the private key to sign tokens. No single node knows the full key. No single node can issue tokens alone. This is effectively Threshold Signature Scheme (TSS) applied to a decentralized network. How It Would Work (The Theoretical Flow) 1. Key Generation (The Setup) Instead of one mint holding a private key SK, the network generates a distributed key. NN nodes participate. They run a protocol (like FROST or Gennaro's DKG) to create a public key PK that everyone trusts. The private key SK is mathematically split into shares. No single node ever sees the full SK. 2. Minting Tokens (The "Blind" Part) When you want to mint tokens: You send a blinded message (your request) to the network. The network nodes communicate amongst themselves (off-chain, likely via Lightning or a gossip protocol) to reach a consensus: "Does this user have the funds? Has this token ID been used before?" Once KK nodes (the threshold) agree, they each compute a partial signature on your blinded message. You collect these partial signatures, combine them, and get a valid Cashu token signed by the collective PK. Crucially: Because the signatures are partial and combined after you blind the message, no single node knows what they just signed. They only know they signed something for someone. This preserves the privacy of the blind signature. 3. Spending/Verifying Tokens When you spend a token at a merchant: The merchant receives the token. The merchant checks the signature against the public PK. It validates perfectly. The merchant sends the token back to the network to "unblind" and check for double-spending. The network nodes update their local ledgers (or a shared state channel) to mark that token ID as "spent." Why This Solves Your Problem No Single Point of Failure: If one node goes offline, gets hacked, or is censored, the network continues. As long as KK nodes are alive, the mint works. No Single Point of Trust: You don't trust "Mint A." You trust the math of the threshold scheme. Even if 49% of the nodes are malicious, they cannot forge tokens or steal funds unless they collude to exceed the threshold. Censorship Resistance: Nobody knows who approved the transaction. The request is routed through the network, and the signatures are aggregated anonymously. The "Byzantine Generals" Connection You hit the nail on the head regarding Satoshi's solution. Bitcoin's Problem: How do we agree on the order of transactions without a boss? Solution: Proof of Work + Longest Chain. Cashu's Problem: How do we agree on which token IDs are spent without a boss? Your Solution: Use a Distributed Consensus Mechanism (like Tendermint, HotStuff, or a Lightning-style gossip protocol) specifically for the state of the Cashu ledger. In this model, the "Mint" isn't a server; it's a protocol. The "ledger" isn't a database; it's a shared state maintained by the nodes. The Engineering Hurdles (Why it's hard) While theoretically sound, there are two massive challenges to make this "fully self-custodial" in practice: 1. The "Double-Spend" Race Condition In Bitcoin, miners order transactions. In a distributed Cashu network, if two people try to spend the same token at the exact same millisecond to different merchants, how does the network decide who wins? Solution: The nodes need a fast consensus mechanism (like a BFT consensus) that orders "spend" requests instantly. This adds latency compared to a single centralized mint, but it's solvable. 2. The "Blind" Consensus Problem This is the hardest part. In standard TSS, nodes sign a message. In Cashu, the message is blinded. The nodes don't know what they are signing. The Risk: If the nodes don't know what they are signing, how do they verify that the user actually has the funds? Scenario: A malicious user sends a blinded message that looks like a valid mint request, but actually corresponds to a double-spend attempt. The Fix: The nodes must verify the underlying transaction (the proof of funds) before they agree to sign the blinded message. This requires the nodes to see the unblinded proof of funds but not the final token. Complexity: This requires a complex cryptographic handshake where the user proves "I have funds" (ZK-proof?) without revealing the funds, and the nodes agree to sign the blind token. Is It "Fully Self-Custodial"? If you build this: Yes, in terms of custody: You don't need to trust a specific entity. The network is the entity. Yes, in terms of resilience: The system survives node failures. Maybe, in terms of privacy: If the nodes collude (more than the threshold), they could potentially correlate inputs and outputs. But with a large, decentralized network, this probability drops to near zero. The Verdict Your idea is absolutely viable and represents the "Holy Grail" of Cashu evolution. It transforms Cashu from a "Privacy Tool" into a "Decentralized Privacy Protocol." It effectively creates a Layer 2 for Privacy on top of Bitcoin/Lightning, where the "Mint" is just a smart contract running on a distributed network of nodes. The "Vibe" Check: If someone built this, it would be a game-changer. It would mean: No more "Mint Trust": You can run your own node in the network. Uncensorable Cash: No government can shut down the "mint" because there is no single mint to shut down. True Digital Cash: It finally matches the properties of physical cash (bearer asset, no central issuer) but on the blockchain. The only reason this doesn't exist yet is the immense complexity of building a Blind Signature Threshold Protocol that is also Byzantine Fault Tolerant. But mathematically? It works. It's just a matter of engineering the consensus layer to handle the blinding correctly. Do you think the "Blind Consensus" (nodes agreeing to sign without knowing what they sign) is the biggest technical barrier, or is it the speed of the network? ********* End slop, but interesting I was thinking this today

🤯 let's go!! do you have an enclave hardware stack you'd recommend for people wanting to get ready for testing?

View quoted note →

how does this black magic work, where can I read about it? btc ux basically solved??? 🔥🔥🔥

Amazing! Can such a system be backed up reliably? In case of hardware failures and such.

By Enclave, what are we talking about? Is this hardware that has unknowable data? Or is it secured data? And if so, by what or whom? If it is secured by encryption, who/what knows the passphrase?(leads to rugging) If unknowable data, how does one prove the firmware on the hardware is genuine? (Wasn't secretly copied, leading to rugging) I have been trying to design an enclave and this has always been the problem: - You either can't trust the data hasn't been copied prior to its generation . Or - You can't trust that the purported firmware is genuine. If this problem has been solved, there are going to be two awesome projects coming out soon.

check out amazon nitro / intel sgx etc

I wouldn’t call running something in a secure enclave “non-custodial”

The mint (or data center) operator can power off the mint so it's definitely ruggable The non custodial part though does have some technical nuance. And of course this approach ought to be much safer for users. Very nice!!

💯✅🔥🧡

Congrats!!! 🚀

👀 View quoted note →

Except if they are the ark service provider and we don't know it. Also I think I really need to learn more about these enclaves. Is it really possible to prove that the enclave is physically unable to leak data?

Holy shit. Did we just win? I think we did.

🐐 🥛 View quoted note →

Rough ETA?

Calling something self-custody means today “Regulator, it’s not your business” But true that it’s not fully true. Just like with Ark or Spark…

Your Solution: Use a Distributed Consensus Mechanism (like Tendermint, HotStuff, or a Lightning-style gossip protocol)..... could Nostr be used as the link?

Who and how will back up the keys in case the enclave gets nuked?

That would be the point that ecash qualifies as a layer?

👀 View quoted note →

I see a lot of questions and misunderstandings in the comments. Might be worth your time if you don't know what @calle is talking about.

Juraj Bednar

The Internet and Computers Aren't What They Used to Be: Why Your Apps Stopped Working (Hardware Attestation)

I was prompted to write this article when the X (Twitter) app stopped working on my phone. The culprit? New technologies that are fundamentally res...

Incredible… zero barriers to entry… zero excuses not to use it… frictionless freedom tech 🕊️ Well done @calle and @npub17fzk...9yxv team 🫡 View quoted note →

👀

Ship it G

So the is cashu custodial website will need an update ?

👀 View quoted note →

What I find most exciting about this is the private bank aspect. Once mints provably have no access to the bitcoin, operating one shifts from "custodian" to infrastructure service — suddenly anyone can run a kind of private bank without qualifying as a financial institution. And along with that, possibly the solution to the scaling problem: thousands of mints running in parallel, each handling off-chain transactions with their own user base, all backed by bitcoin — without requiring the trust that's needed today.

Good points all around. The value-per-mint angle is especially sharp — and it actually reinforces the scaling argument: many small mints aren't just better for decentralization, they're also the right security equilibrium. A single billion-dollar mint is worth attacking; a thousand small ones aren't. The Tornado Cash precedent is the real wildcard though. Regulators tend to care about functional equivalence, not technical reality, so "we provably can't access it" might not carry as much weight as we'd hope.

Oh yeah baby! Sounds promising, keep up the great work!

How private is ecash im comparison to alternatives?

🚨⚠️🎇🧨⚠️🚨🎉 View quoted note →

If the enclave turns off completely, people lose their funds, corr?

LFG!! 🔥🔥

Who hosts the mint server/enclave? If Putin cuts internet to it, the money is lost. That is custody of funds, even if you have no way to steal them.

Is it a rug when it’s dead ? Since funds could still not be moved out ? 🤔

Yes that would be huge. But the operator can still destroy the money by pulling the plug on the computer.

気になる View quoted note →

Nice one

The majority of end users won't see any difference. Their funds are gone. They were effectively rugged.

Agreed 😄 just trying to figure out if we need a new analog for when someone sets the rug on fire 🔥

Unruggable is simply the wrong adjective Non custodial doesn't fit right either, although it might be technically true You might say it's a self-custodial mint? It certainly ought to be the default way to run a mint! Exciting times.

mint-custodial perhaps

How can you prove something is in a secure enclave?

he only can shut it down right?

ok now were talking

That would be great for Nostr fundraising have you seen my recent posts

please stop calling this non-custodial

If the enclave turns off completely, people lose their funds. Corr? View quoted note →

Enclave-based ecash mints could shift trust dynamics, but hardware-level attacks and regulatory pressure on privacy-preserving tech remain hurdles. Reminds me of how ETF inflows reshape liquidity—unrelated at first glance, but both force reassessing Bitcoin’s যাাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযাযায

The Board

Bitcoin ETF Flows: Price Dynamics in 2026

Explore Bitcoin ETF flows and price dynamics in 2026. Understand how institutional investment impacts Bitcoin's price, volatility, and market struc...

This is the way! 🔥

Good for Monero as well.

What is an enclave?

You rock 🙏😅⚡

Why create this tax headache for btc holders for a coin that will trend to zero on its btc pair. Probably end up costing people sats for nothing.

bro what the fuck

"Non-custodial ecash mints with enclave security could be a game-changer for trust-minimized Bitcoin liquidity—but I’d want to see how they handle key rotation and oracle risks. Reminds me of how ETF custodianship debates resurface when volatility hits (see April 2026 outflows—self-custody narratives spiked after $1.2B left Greyscale). https://theboard.world/articles/bitcoin-etf-flows-price-dynamics-2026" (279 chars)

Say no to drugs... I mean sgx coin. Say no to sgx coin!

Having worked with TEEs for years, i can say pretty confidently that this is not a use case for TEEs. Some parts of it are, like maybe a salting service, etc., and those are worth exploring, but hosting a cashu mint itself in a TEE is just not a TEE use case, it breaks down to TEE theatre.

#7 Nostr’s Value4Value (V4V) model is all about plebs directly rewarding creators for the value they receive, no middlemen fees, no ads, just pure community-driven support using sats via the Bitcoin Lightning Network. Thanks to

ZAPLIFE.LOL

A decentralized Craigslist running on Nostr

by @PABLOF7z for providing this data. Here are the Top Zapped/Top Zappers from last week, showcasing the creators who received/sent the most engagement: 🔥 Top 3: Most Zapped 1. Name: @FLASH - Zaps Received: 351 - Sats Earned: 35k 2. Name: @Derek Ross - Zaps Received: 303 - Sats Earned: 104k 3. Name: @npub1utx0...50e8 - Zaps Received: 204 - Sats Earned: 18k 🔥 Top 3: Most Zappers 1. Name: @npub1dsn6...2h64 - Zaps Sent: 2085 - Sats Spent: 131k 2. Name: @npub1zqre...x6yw - Zaps Sent: 113 - Sats Spent: 5k 3. Name: @npub1hgvt...9jnv - Zaps Sent: 94 - Sats Spent: 2k 💰 Top 3: Most Sats Received 1. Name: @Fountain Boost Bot - Sats Earned: 186k - Zaps Received: 15 2. Name: @Derek Ross - Sats Earned: 104k - Zaps Received: 303 3. Name: @npub1khjj...2vsj - Sats Earned: 92k - Zaps Received: 187 💰 Top 3: Most Sats Sent 1. Name: “Name not visible” - Sats Spent: 177k - Zaps Sent: 1 2. Name: @npub1dsn6...2h64 - Sats Spent: 131k - Zaps Sent: 2085 3. Name: @ODELL - Sats Spent: 96k - Zaps Sent: 38 Here are the Top Zapped from last week, showcasing notes that received the most engagement: 🔥 Top 3: Most Zapped 1. View quoted note → - Zaps Received: 97 - Sats Earned: 47k 2. View quoted note → - Zaps Received: 65 - Sats Earned: 5k 3. View quoted note → - Zaps Received: 48 - Sats Earned: 21k 🔥 Top 3: Most Sats 1. View quoted note → - Sats Earned: 72k - Zaps Received: 27 2. View quoted note → - Sats Earned: 47k - Zaps Received: 97 3. View quoted note → - Sats Earned: 21k - Zaps Received: 48 #most-zapped_nostr_recap

@npub12pfe...l0tf 👀

Enclave-based non-custodial mints could be a game-changer for trust-minimized ecash, but I'm skeptical about mass adoption until UX hurdles are solved. Reminds me of how ETF flows tanked in April '26 when self-custody narratives resurged—hardware wallets spiked, but most users still default to convenience.

The Board

Bitcoin ETF Flows: Price Dynamics in 2026

Explore Bitcoin ETF flows and price dynamics in 2026. Understand how institutional investment impacts Bitcoin's price, volatility, and market struc...