A federated Chaumian mint, or “Fedimint,” represents a new form of bitcoin custody that aims to be more decentralized and censorship-resistant than existing solutions. The open-source project (currently under development), is focused on establishing critical custody/payments infrastructure while also bringing increased privacy to bitcoin users. The protocol essentially functions as a programmable smart contract layer integrated on top of bitcoin’s second-layer, the Lightning Network, and thus requires no further changes to bitcoin core to function.
Fedimint leverages modern technologies to reimagine an existing cryptographic concept from nearly four decades ago, wherein digital “banks,” or “mints,” could theoretically issue private bearer IOUs (using blind signatures) in exchange for deposited assets. The result is a novel custody solution and payments interface for bitcoin users that is interoperable with the broader bitcoin network and could provide benefits in terms of the decentralization of custodial trust and censorship-resistance. Moreover, Fedimints could be particularly useful in developing countries that have limited access to reputable third-party custody solutions. If successful, the project could catalyze the utility of the Lightning Network, allow for greater bitcoin adoption and support its value as a medium of exchange.
Background
The core concepts behind Fedimints are not necessarily new. Long before programmable smart contracts and bitcoin, cryptography-focused computer scientists were iterating on forms of digital cash. Some of the earliest explorations of this concept were heralded by David Chaum, a pioneer in the field of cryptography. One of his earliest research papers, “Blinded Signatures in Untraceable Payments,” penned in 1982, established the notion of “Chaumian banks,” or “mints,” which could leverage blind signatures to issue private bearer IOUs. Essentially the “bank” receives deposits from users and issues IOUs or “ecash tokens” that the user can then withdraw and/or exchange freely in the open market for goods and services.
While the blinded signature structure ensures users’ privacy in terms of IOU issuance/usage, the concept never gained much traction because of the inherent single point of failure associated with the Chaumian mint. If adopted at scale, there would presumably be one massive mint controlled by one centralized party. If the operators of the mint were in any way compromised, its users would have no recourse to retrieve funds and no option of transferring assets to a different mint. Further, the lack of an interconnected monetary network at the time meant that users of the mint would only be able to transact with other users of the mint.
Recently, however, the concept of Chaumian mints has been revitalized primarily due to the existence of digital bearer instruments – like bitcoin – and importantly, the growth and development of its programmable second-layer, the Lightning Network. In fact, the Lightning Network is the key piece of infrastructure that now makes the Chaumian mint concept viable, with a few notable tweaks. By incorporating the concept of “federations” – or groups of trusted individuals – Chaumian mints can be spun up by individuals and structured as part of an interoperable network of mints, as opposed to one centralized mega-mint.
Fedimints, or federated Chaumian mints, allow bitcoin users the proposed functionality of Chaumian mints in the context of a hybrid collaborative custody model. Further, by interacting with bitcoin and the Lightning Network, the Fedimint protocol essentially acts as a custodial Lightning wallet structured with a ‘t of n’ multisig controlled by the operating members of a federation, providing its users with a collaborative custody model as well as an interoperable payments app. Instead of having one centralized mega-mint, groups of individuals can form their own Fedimints running on the rails of bitcoin and Lightning, creating an interoperable web of semi-sovereign mints. The visualization below depicts how Fedimints would function in practice.
Custody benefits and implications
In the eyes of the Fedimint founders, bitcoin has established itself as the preeminent protocol for decentralized, censorship-resistant money and given the advent of the Lightning Network, bitcoin users can now access decentralized, censorship-resistant payments at scale. Fedimint aims to complement these innovations with a decentralized, censorship-resistant form of custody.
The custody model inherent to Fedimints has been aptly described as “second-party” custody, as it falls somewhere between first-party custody (or self-custody) and third-party custody. While users are able to avoid trusting a centralized third-party, they must still trust a small group of individuals – presumably a group of friends, family, community members or allies that they already trust in their everyday lives. The model follows a “tribe-guardian” archetype wherein the operators of mints (“guardians”) are the most technologically-advanced members of the group charged with the responsibility of managing and facilitating the actions of its constituent members (“the tribe”) (we discuss potential issues with this model in our “Challenges” section below). This structure possesses some interesting tradeoffs relative to other custody models, which are explored in more detail in the table below.
Custodial Model | Self-custody | Fedimints | Collaborative multisig | Third-party custody |
|---|
Easy to use (Y/N) | N | Y | N | Y |
Private / censorship-resistant (Y/N) | Y | Y | Y | N |
Decentralized (Y/N) | Y | Y | N | N |
It is important to recognize that the advantages and disadvantages of the custodial models detailed above may be influenced by the needs and jurisdictional realities of the end users. While it’s possible and even likely that bitcoin users in Western democracies will continue relying on trusted and reputable third-parties (such as Coinbase), bitcoin users living in developing countries that may not have access to a reputable exchange or even a bank account for that matter, may find immense utility in a structure like Fedimints.
NGOs in African countries operate similar “community banking” structures that offer financial services to unbanked citizens. These institutions would be prime candidates to run a Fedimint. Instead of relying on isolated, centralized and more manual forms of community banking, members of a Fedimint would be able to tap into a globally interoperable monetary network, while preserving privacy and increasing their sovereignty over the storage and transfer of their wealth.
A recent survey conducted by Forrester Research polled over 800 individuals from Africa, Latin America, the Middle East and Southeast Asia and found that 74% of respondents had knowledge of bitcoin, 52% noted they’d observed an increase in bitcoin usage in their country over the prior year, and 91% believe crypto will enable a digital future. While awareness of digital assets is growing across the globe, mass adoption will likely require the continued buildout of user-friendly infrastructure – such as potentially Fedimints – that can lower the barriers to entry for users.
At a more basic level, the Fedimint protocol provides a hybrid custody model with some of the benefits of full-fledged self-custody (in terms of privacy and censorship-resistance), but removes the burden of individuals having sole responsibility over their holdings. For several reasons, ranging from technical inexperience to fears of single points of failure, bitcoin users may never feel comfortable with true self-custody solutions. In practice, Fedimint users (non-operators) would be able to login to an easy-to-use mobile app allowing them to deposit, withdraw, send, or receive value in a matter of rudimentary clicks, while the machinations on the backend are handled by the operators/guardians of the particular Fedimint.
Similar to a traditional self-custody bitcoin wallet, the user would still be responsible for maintaining a seed phrase or other login information to access the Fedimint mobile app, but instead of permanently losing access to funds in the event they forget their passphrase, users can easily restore their access via coordination with their trusted federation guardians. At a higher level, Fedimints represent a powerful potential onboarding mechanism for billions of unbanked users across the developing world. With internet access and a smartphone, users can readily interact with the bitcoin network in a manner that provides privacy protection and censorship-resistance.
Lightning adoption
Given that the bitcoin network and its advocates have historically been extremely resistant to change, it’s encouraging that the community has been generally supportive of the Fedimints project even in this rather early stage of development. Importantly, the grand vision of Fedimints could theoretically be achieved without any further changes to bitcoin core, as it essentially functions as a programmable smart contract layer integrated on top of bitcoin’s second-layer, the Lightning Network. This integration with the Lightning Network is critical in that it allows Fedimint members to send and receive Lightning payments to and from any Lightning node on the network using private bearer IOUs issued by the mint via escrow-like smart contracts.
Fedimints represent a novel use case for the Lightning Network and could spur further adoption of the protocol, both in terms of end users sending/receiving payments as well as Lightning channel operators providing liquidity necessary to route said payments. Consequently, the more transaction activity that takes place on Lightning, the less congested bitcoin’s base layer will be. Further, the increased demand for lightning channel liquidity that would be created via the growth and adoption of Fedimints would in turn reduce the capital intensity of those lightning channel operators – allowing them to service all of a given federation’s members via a single Lightning channel, as opposed to disparate channels for each individual user.
The chart below depicts the recent growth in channel capacity on the Lightning Network (i.e. the aggregate amount of bitcoin funded into payment channels by Lightning node operators), which continues to make new all-time highs (ATHs.) Further, estimates suggest that through the first quarter of this year, payment volume (in USD) across the Lightning Network rose more than 4x over the prior year and the number of users with access to Lightning payments increased from around 100,000 to roughly 80 million over the same period (Arcane Research). Much of this growth has been driven by the adoption of Lightning-enabled payments apps including Cash App, Strike, and Chivo (of which the latter two have been predominantly popularized in El Salvador).
Chart 1: Lightning Network channel capacity (in terms of quantity of BTC and USD value)
In addition to providing a path towards scalability of the broader bitcoin network, Fedimints also provide some notable improvements to the existing functionality of the Lightning Network in terms of privacy. In their current form, payments routed via the Lightning Network offer little to no privacy protections, particularly for the party receiving payment. Due to the blinded signature structure of the Fedimint protocol, users can send and receive payments from and to their Fedimint without any other participant – including the Fedminint operators themselves – knowing the details of the transaction in terms of the amount as well as the identity of the member of the federation executing the transaction. Said another way, while it would still theoretically be possible to trace payments to and from a particular Fedimint, there would be no way of tracing a transaction to a particular member of the federation.
Challenges
Despite the potential promise of the Fedimint system, there remains a number of outstanding questions and potential challenges for the widespread adoption and usage of the protocol. First and foremost, it is still a trust-based system – while it allows users to spread out the responsibility associated with bitcoin ownership/usage, the security of the model is only as strong as those trusted relationships within the federation. In a scenario where the majority of operators/guardians are compromised or incapacitated, the other members of the federation are no better off than if their assets were seized or frozen at a third party custodian. So in that sense, Fedimint structures are less secure than true self-custody, but provide a much more attainable threshold in terms of usability.
Another critical challenge the Fedimint model could encounter is the lack of financial incentives for federation operators. The default design of the protocol is such that operators/guardians receive no fees or compensation for their actions, effectively perpetuating network growth via operators acting out of their own goodwill. In theory, this could create a more resilient and secure network of Fedimints over the long-term, but might stifle adoption in the near-term. Given that the protocol is open-source, however, it is possible and perhaps likely that Fedimints will be created wherein the operators receive some amount of compensation for their duties.
This potential trajectory may result in more rapid adoption of the system via attractive financial incentives but would simultaneously broaden the regulatory attack surface of the protocol. It could also inadvertently incentivize bad actors to present themselves as trustworthy guardians and gain control over the funds of unsuspecting users. If Fedimints were to remain not-for-profit, however, it’s possible that they could avoid being treated as typical custodians or money transmitters by regulators, but the implementation of operator compensation may provoke the ire of regulators.
Conclusions
Perhaps unsurprisingly, the bitcoin community has been invigorated by the recent developments surrounding the Fedimint project. While its ultimate goals are ambitious and impediments to its development may arise, the potential benefits of the Fedimint protocol operating at scale could be significant. It also acts as a proof of concept for how crypto custody solutions could be enacted in countries with limited access to viable third-party custody options. As a result, despite its relatively recent inception in October 2021, the project has received meaningful support from the community – both in the form of donations from the likes of Blockstream, Spiral, and the Human Rights Foundation, as well as a seed financing round totaling US$4.2M (closed in July) led by Kingsway Capital, ego death capital and Ten31.
While development is still in its early stages, the project's github page currently has nearly 700 commits and 16 active contributors, and the founders are aiming to release the app in early 2023. The Fedimint project represents a novel toolkit for interacting with the bitcoin network that if appropriately deployed could facilitate increased adoption of the Lightning Network, provide a more private and censorship-resistant form of custody/payments infrastructure for users and ultimately help scale the throughput of the broader bitcoin network. The combination of these potential benefits would help bolster the investment case for bitcoin, particularly in the realm of its utility as a medium of exchange.
