How can I get my BTC back if Bob is dishonest

[chrisbencu]

If I paid the invoice and mint some token, but Bob refuses to pay or does not respond to the request, is there a mechanism I can get my BTC back?

[AngusP]

Bob refuses to pay

If Bob is the mint and takes your BTC as a Lightning payment but doesn't then issue you a Cashu token, then no, there's not really any way to get your Bitcoin back -- in Cashu and eCash in general, you have to trust the mint to be an honest actor.

They have an incentive to be honest as otherwise you can tell everyone they stole your Bitcoin and then everyone can stop using the mint, but that's about the only protection you have.

[chrisbencu]

Bob refuses to pay

If Bob is the mint and takes your BTC as a Lightning payment but doesn't then issue you a Cashu token, then no, there's not really any way to get your Bitcoin back -- in Cashu and eCash in general, you have to trust the mint to be an honest actor.

They have an incentive to be honest as otherwise you can tell everyone they stole your Bitcoin and then everyone can stop using the mint, but that's about the only protection you have.

@AngusP Thanks for your reply. Can we design a punishment mechanism to prevent Bob(the mint) from doing evil? Such as staking or other mechanism.

[AngusP]

Kinda -- it's worth bearing in mind Fedi, the other Bitcoin eCash project is trying to build out mechanisms for this kind of thing, using multiple people in a multisig setup to run the mint, and relying on 'social enforcement' as an incentive to be honest. You can't get to "money can't be stolen" with rules enforceable code. If you do change eCash enough so that you've "design a punishment mechanism to prevent Bob(the mint) from doing evil?" that works, you will have arrived at Bitcoin's design.

In eCash, the mint totally owns and controls consensus -- it isn't a distributed system, the mint maintains and keeps the ledger and has dictatorial power over it. The mint can try to prove-to/convince people that it is an honest actor, by proving its reserves (i.e. that all the Bitcoin it has is 1:1 matched by all the eCash it has issued (i.e. it hasn't printed fake bitcoin or stolen deposits)) or use some convoluted mechanism where it publishes enough info that misbehaviour like theft and money-printing could be detected by users in some cases. In any these scenarios, you would still have to withdraw from the mint with its co-operation: it will always be possible for an eCash mint to completely rugpull its users and run away with the money.

For Cashu, I won't speak for everyone, but as I see it the philosophy differs from Fedi in that the aim is to build something quick that works and can be shipped so it can then be built-upon quickly, rather than something more complex that'll take longer to get going, and is harder to understand and run.

[chrisbencu]

Thanks for your explanation. I agree with you about quick built-upon system. But I think there should be a balance between fast construction and financial security, rather than completely ignoring it.And the role of mint is totally centralized, I am not completely denying centralization, but the blockchain was intended to solve the problem of centralization, so whether it has returned to the original world?

[callebtc]

Hi, thanks for your question. The short answer is: You can't.

Neither Fedimint, nor Cashu, nor any other "off-chain" protocol without unilateral exit properties can give you that ability. All of these systems require full trust on either one, or multiple custodians. We're being very clear about this and not ignoring this at all. Cashu is a custodial system.

Fraud proofs would be possible in principle. Also, I've been working on a proof of liabilities scheme.