I'm curious what Nostr thinks of privacy vs auditability in ecash mints.
In Fedimint, all of the Bitcoin is held in an onchain multisig that is controlled by the guardians. In most deployments, this is a 3/4 (but it can be larger), which makes it painfully obvious onchain to third party observers. The UTXOs that a federation controls is also not private, they can be found by scanning the mint's history (which is public). This can be seen on
or using Ecash App (
Ecash App
Ecash App
Experience lightning-fast payments without limits in one secure digital wallet.
). I think it is a nice feature to be able to see onchain all of the UTXOs that a federation holds (this could make something like proof of reserves easier).
Now, in a world where Fedimint has a taproot wallet (instead of P2WSH) and can use FROST/ROAST to sign peg-out transactions, it is no longer obvious onchain to third party observers which UTXOs correspond to a federation, since they can be spent using the keypath which looks like a normal taproot single-sig spend. However, as mentioned above, the UTXOs for the federation are still public, so a "fedimint-aware" third party adversary could still scan the mint's history and figure out the UTXOs.
I suppose we could come up with a scheme to keep peg-in UTXOs private from third party adversaries, which (with FROST) would have the benefit that it would be really hard to use onchain data and mint history to determine if a user is using a Fedimint. But this would come at the cost of easy auditability.
