search

cashubtc / nuts

Cashu protocol specifications https://cashubtc.github.io/nuts/
MIT License
143 stars 49 forks source link

Uniform secret structure would prevent wallet fingerprinting #54

Closed thunderbiscuit closed 9 months ago

thunderbiscuit commented 1 year ago

The exact structure of secrets is currently left to the wallets to implement and there is no default value recommended in any NUT. Because not all client libraries build their secrets the same way, a mint can, in theory, eventually learn to fingerprint given libraries that produce certain tokens, lowering the anonymity set for those users.

It might make sense to either: a. recommend in one of the NUTs that client libraries use a common secret structure b. enforce a secret size in the protocol for "simple/raw" secrets (not the secrets defined in NUT 10)

Opening this issue for discussion on these ideas.

callebtc commented 11 months ago

I propose we all use 32 byte hex strings as secrets!