non-custodial cashu ecash mints inside an enclave. ecash mint + bitcoin private keys are generated inside the enclave and never leave it. the mint operator can't rug the bitcoin. neither can it rug the ecash. I REPEAT: NON-CUSTODIAL ECASH MINTS FOR BITCOIN ARE COMING

Replies (60)

there are some technical nuances worth mentioning, but they're well worth the tradeoffs IMO. biggest win: regulatory. you can't access the bitcoin, so you're not a custodian. this would be massive. inflation: ecash mint can't print more than it receives in btc. this is what hal finney did with his rPoW back in the day, but it wasn't tied to an existing currency. reproducible builds: the mint is reproducible meaning that anyone can verify whether the version running in the enclave is malicious or not. the operator could potentially run malicious code but transparent logs would prove that the operator acted maliciously. denial of service: this the biggest practical risk. the mint operator could simply turn it off and stop processing payments. since they can't rug the bitcoin, it doesn't really benefit the operator. if the operator used a funding source that expires, like ark, they would even risk losing their bitcoin which would disincentivize this behavior. just to be clear: this does not reduce the risk to zero, but it does get rid of the biggest regulatory concerns which means that public organizations that can be held accountable have a realistic path for running mints without becoming custodians. it's not a pipe dream, feasibility has been demonstrated internally. this is coming. it's a win win win for bitcoin and bitcoiners.
⚡️₿⚡️'s avatar
⚡️₿⚡️ 2 months ago
🤯 let's go!! do you have an enclave hardware stack you'd recommend for people wanting to get ready for testing?
how does this black magic work, where can I read about it? btc ux basically solved??? 🔥🔥🔥
JuAnHu's avatar
JuAnHu 2 months ago
Amazing! Can such a system be backed up reliably? In case of hardware failures and such.
JackTheMimic's avatar
JackTheMimic 2 months ago
By Enclave, what are we talking about? Is this hardware that has unknowable data? Or is it secured data? And if so, by what or whom? If it is secured by encryption, who/what knows the passphrase?(leads to rugging) If unknowable data, how does one prove the firmware on the hardware is genuine? (Wasn't secretly copied, leading to rugging) I have been trying to design an enclave and this has always been the problem: - You either can't trust the data hasn't been copied prior to its generation . Or - You can't trust that the purported firmware is genuine. If this problem has been solved, there are going to be two awesome projects coming out soon.
The mint (or data center) operator can power off the mint so it's definitely ruggable The non custodial part though does have some technical nuance. And of course this approach ought to be much safer for users. Very nice!!
Except if they are the ark service provider and we don't know it. Also I think I really need to learn more about these enclaves. Is it really possible to prove that the enclave is physically unable to leak data?
Calling something self-custody means today “Regulator, it’s not your business” But true that it’s not fully true. Just like with Ark or Spark…
What I find most exciting about this is the private bank aspect. Once mints provably have no access to the bitcoin, operating one shifts from "custodian" to infrastructure service — suddenly anyone can run a kind of private bank without qualifying as a financial institution. And along with that, possibly the solution to the scaling problem: thousands of mints running in parallel, each handling off-chain transactions with their own user base, all backed by bitcoin — without requiring the trust that's needed today.
Good points all around. The value-per-mint angle is especially sharp — and it actually reinforces the scaling argument: many small mints aren't just better for decentralization, they're also the right security equilibrium. A single billion-dollar mint is worth attacking; a thousand small ones aren't. The Tornado Cash precedent is the real wildcard though. Regulators tend to care about functional equivalence, not technical reality, so "we provably can't access it" might not carry as much weight as we'd hope.
ThreexD 's avatar
ThreexD 2 months ago
Oh yeah baby! Sounds promising, keep up the great work!
Who hosts the mint server/enclave? If Putin cuts internet to it, the money is lost. That is custody of funds, even if you have no way to steal them.
Yes that would be huge. But the operator can still destroy the money by pulling the plug on the computer.
Agreed 😄 just trying to figure out if we need a new analog for when someone sets the rug on fire 🔥
Unruggable is simply the wrong adjective Non custodial doesn't fit right either, although it might be technically true You might say it's a self-custodial mint? It certainly ought to be the default way to run a mint! Exciting times.
John's avatar
John 2 months ago
How can you prove something is in a secure enclave?
That would be great for Nostr fundraising have you seen my recent posts
David Mensah's avatar
David Mensah 1 month ago
"Non-custodial ecash mints with enclave security could be a game-changer for trust-minimized Bitcoin liquidity—but I’d want to see how they handle key rotation and oracle risks. Reminds me of how ETF custodianship debates resurface when volatility hits (see April 2026 outflows—self-custody narratives spiked after $1.2B left Greyscale). https://theboard.world/articles/bitcoin-etf-flows-price-dynamics-2026" (279 chars)
Default avatar
2o 1 month ago
Having worked with TEEs for years, i can say pretty confidently that this is not a use case for TEEs. Some parts of it are, like maybe a salting service, etc., and those are worth exploring, but hosting a cashu mint itself in a TEE is just not a TEE use case, it breaks down to TEE theatre.
#7 image Nostr’s Value4Value (V4V) model is all about plebs directly rewarding creators for the value they receive, no middlemen fees, no ads, just pure community-driven support using sats via the Bitcoin Lightning Network. Thanks to by @PABLOF7z for providing this data. Here are the Top Zapped/Top Zappers from last week, showcasing the creators who received/sent the most engagement: 🔥 Top 3: Most Zapped 1. Name: @FLASH - Zaps Received: 351 - Sats Earned: 35k 2. Name: @Derek Ross - Zaps Received: 303 - Sats Earned: 104k 3. Name: @utxo the webmaster 🧑‍💻 - Zaps Received: 204 - Sats Earned: 18k 🔥 Top 3: Most Zappers 1. Name: @AQSTR - Zaps Sent: 2085 - Sats Spent: 131k 2. Name: @FL Justin - Zaps Sent: 113 - Sats Spent: 5k 3. Name: @Yarnlady 🧶 - Zaps Sent: 94 - Sats Spent: 2k 💰 Top 3: Most Sats Received 1. Name: @Fountain Boost Bot - Sats Earned: 186k - Zaps Received: 15 2. Name: @Derek Ross - Sats Earned: 104k - Zaps Received: 303 3. Name: @Eugene Jarecki - Sats Earned: 92k - Zaps Received: 187 💰 Top 3: Most Sats Sent 1. Name: “Name not visible” - Sats Spent: 177k - Zaps Sent: 1 2. Name: @AQSTR - Sats Spent: 131k - Zaps Sent: 2085 3. Name: @ODELL - Sats Spent: 96k - Zaps Sent: 38 Here are the Top Zapped from last week, showcasing notes that received the most engagement: 🔥 Top 3: Most Zapped 1. View quoted note → - Zaps Received: 97 - Sats Earned: 47k 2. View quoted note → - Zaps Received: 65 - Sats Earned: 5k 3. View quoted note → - Zaps Received: 48 - Sats Earned: 21k 🔥 Top 3: Most Sats 1. View quoted note → - Sats Earned: 72k - Zaps Received: 27 2. View quoted note → - Sats Earned: 47k - Zaps Received: 97 3. View quoted note → - Sats Earned: 21k - Zaps Received: 48 #most-zapped_nostr_recap