For the past two months, I've started building Fedimint integrations into Mutiny Wallet, and it has been all that I've been thinking about. It's such a fascinating rabbit hole into philosophy, technical, and legal implications of this kind of tech. Some of my views might be obvious, but worth saying out loud. In other ways, it might be controversial or complicated to derive naturally. I plan to share these in a series of posts relating to specific topics around Fedimint.
This first article might not be the best "introduction to Fedimint" piece. There are several resources available to learn more about it. For now, I'll leave it at a few introduction points.
Fedimint is best understood as a "Federated Custody" solution where a group of guardians "custody" Bitcoin on behalf of users in a multi-sig. That's a framing that many of us have understood. Still, as I dig into it more, I have an alternative view of its functionality, especially compared to other technologies.
What is NOT the problem
It's not that self-custody is hard.
I'll repeat that because it's an important distinction that leaves many people with, "Why would anyone want this or think it's a good thing to let others custody on my behalf?"
Fedimint, in my opinion, is not solving key custody for users who "don't know how" or think it's "too hard." Many other things exist to solve that problem. While there's a part of Fedimint that can solve that problem in unique ways, it's already a known problem with known solutions.
Existing Custody Solutions
Let's examine existing custody solutions to determine how they align with Fedimint.
When it comes to custody, it's a multi-sig like many other solutions that exist out there. There's Unchained, which allows the user to retain one (or more) of the keys, with Unchained holding one as a backup if you lose the other(s). A typical scenario is a 2 of 3 multi-sig solution that doesn't allow Unchained to spend the funds. If you lose one of the keys, then you can go through their verification process to recover your funds. This has sometimes been called collaborative custody since the user holds at least one of the keys.
Other solutions, like Blocks's Bitkey approach, have a similar setup but multiple backup schemes that could allow for a combination of social key recovery, hardware wallet usage, collaborative custody through CashApp, a phone-based key, etc.
There are also others like Onramp, an Unchained fork, that features 3 keys that DO NOT belong to the user. They belong to 3 different financial institutions that can spend the funds on behalf of the user if a majority of them agree. Their intended use case is more for high net-worth individuals and corporations that need more internal controls and expertise without relying on a single key holder.
These are custody solutions. Some consider a Fedimint federation to function much like Onramp. Specifically, the user does not have one of the keys to any Bitcoin. Instead, it's a group of other guardians that users trust, and collectively they hold the keys. However, Fedimint is more advanced and expandable in its role. It does far more than help users custody funds.
The problem I think it is solving
Fedimint is a scalable self-custodial off-chain programmability layer on top of Bitcoin. It allows for use cases that are difficult, time-consuming, and unscalable for general users to do on-chain today.
You might think I had a typo calling Fedimint a self-custodial network. Let me explain.
Fedimint uses Ecash under the hood, which operates as a bearer instrument instead of a "balance" in a ledger. If you have Ecash within a system, you can freely spend it within that system, much like cash. If you lose or give away (e)cash, you lose the ability to spend it. You must have custody of it in some way. Therefore, each Fedimint federation is its own self-custodial network.
A real-world example of this is looking at cash. If you have USD cash in your pocket, that is considered custody of the dollars. Still, it is not inherently interoperable with EUR cash in someone else's pocket. Each Fedimint federation operates in this way as well. Ecash from one federation is not inherently interoperable with the federation of another. To move between federations or between networks such as Bitcoin or Lightning, you must partake in an atomic swap. The transaction either is completed or is refunded. This can be done with the federation guardians (for on-chain Bitcoin) or through non-trusted entities that operate as liquidity swap providers (such as Lightning).
Some of what I describe can be true for Ecash on both Cashu and Fedimint. However, I will be focusing specifically on Fedimint. The most crucial difference between Cashu and Fedimint is that each Cashu mint is currently entirely controlled by a single member. Meanwhile, each Fedimint mint can have many members (guardians) who do not have complete individual control. Fedimint can be arranged as a 3 of 4 multisig, 5 of 7, etc. The more guardians you have, the slower they achieve consensus. More research is being made into its practical limitations as you extend beyond 40. Eventually, it should be able to dynamically swap out guardians if most of them agree.
The fact that there is no unilateral control of funds by a single party makes the most significant difference regarding how it technically and legally operates.
Custody is typically defined as a single party having clear control over the funds or establishing a contract or legal claim to the funds. If there are none of these things and there was ever a dispute of the funds, it may be considered unowned or abandoned property.
I believe there is no guarantee or cryptographic claim of the Bitcoin sent to a federation in exchange for Ecash. Many people who worry about using Fedimint as a custody solution would agree with me. So, let's call it what it is, not a claim to the "underlying" Bitcoin. I believe it behaves more like Wrapped Bitcoin on other chains where it's a smart contract of federation members (such as the one Bitgo was a proponent of on Ethereum).
So if an individual Fedimint federation is its own self-custodial network where users swap Bitcoin and Ecash to enter or leave that network, there's no longer a claim to the Bitcoin that a user-traded for Ecash. So then, what determines the price of Ecash? If it is its own currency on a decentralized network, it must have some price when it is traded.
How does anything determine the price? It's determined by the free market. Even if you do not take my position that Fedimint is a self-custodial decentralized network with its own digital currency, the way Ecash is/can be interchanged does imply that it has its own pricing mechanisms.
There are two main ways to get into and out of an Ecash federation.
Anyone with an invite code or QR code has the information needed to speak and interact with the Fedimint protocol. You can go directly to the guardians of a federation to swap your Bitcoin on-chain for Ecash. You will receive the same quantity of Ecash as you had in Bitcoin. Each federation guardian has one of the keys needed to spend this Bitcoin later, according to the Fedimint consensus rules.
Later, that user might return wanting to swap out to Bitcoin on-chain with the same amount of Ecash. The user and the federation guardians will then swap the user's Ecash for on-chain Bitcoin, minus the mining fees needed to interact with on-chain Bitcoin. As the Bitcoin leaves the federation, the Ecash is burnt, keeping the supply of outstanding Ecash consistent with the Bitcoin inside the federation.
The consensus protocol that the Fedimint federation guardians abide by will only move the on-chain Bitcoin when a user is swapping out. As long as the majority of Fedimint federation guardians run this code and do not hard fork the protocol, then there's a reasonable assumption that you may later trade Ecash for Bitcoin directly from the mint at a near 1:1 rate (minus mining fees).
One distinction I will stress here is that it will rarely be precisely 1:1. There should NOT be an expectation that an Ecash will ever redeem the exact amount of Bitcoin because of the fees involved. You can never go directly to the source to get the same amount of Bitcoin as you entered. The same concept can be applied to other layers, such as Lightning. A sat on LN is valued differently than a sat on-chain. This is important to understand the actual cost of Bitcoin ownership, the cost to control and manage capital in a blockchain, and how market rates will be determined.
If we look at a real-world example, I can go to a shop to purchase some salmon toast if they are willing to take that specific note from that mint. However, you can't force this. It's up to the shop to be willing to accept a particular note from a particular mint through a particular network.
If a shop does not accept the notes in my pocket, I could use an in-store ATM exchange to swap my notes for ones from a different mint. If an ATM is unavailable, I ask a friend if they have any notes that the shop accepts and if they are willing to take my notes for a specific exchange rate. My friend is just a user of multiple mints. They value each one differently and will swap between them at a price they believe they can redeem them for later.
All of this applies to Ecash as well. Users can transfer Ecash notes directly to each other at a price they both agree upon. The transfer happens internally if both users have already joined the same mint. To interact with external networks, Gateways are needed.
Lightning is an example of an external network. Fedimint guardians don't run a Lightning node or hold HTLCs. Lightning Network swaps happen between other users of a mint, just like an ATM or friend might provide this service to you. Due to the off-chain smart contract functionality of Ecash, you can make the transfer of Ecash contingent upon completing a cryptographic task, such as swapping Ecash for a preimage to redeem a Lightning payment. This allows for any Lightning Node to be a user & note holder of any mint and provide swapping functionality on behalf of the other users of that mint. And due to this, they may charge whatever rate they wish, just like your friend or ATM might. However, unlike trusting an ATM, users do not need to trust any Lightning node gateway. Fedimint guardians enforce the smart contracts. The transfer of Ecash from the user to the Lightning node gateway will only be completed once the Lightning transfer is completed.
Since Lightning uses the same unit of account as Bitcoin (and thus Ecash), the swaps are easy to reason about. However, operating a different network does have a cost. As such, the exchange rate between Ecash and Lightning will have a fee associated with it as well. This may include a base charge and fee based on a percentage of the total amount, which can be considered their exchange rate.
Suppose the network does not use the same unit of account as Bitcoin. In that case, that's where holding two different currencies at the same time can introduce slippage. You could have a Monero gateway attached to a Bitcoin-denominated Ecash mint to provide swaps between XMR and BTC. However, if you hold too much XMR and it goes down in price relative to BTC, you're losing purchasing power. Therefore, if you prefer to have BTC, you must charge an exchange rate that you believe you can swap extra XMR for at a later price with BTC and charge a fee that you think you'll be paying to do those swaps in addition to a fee that you profit from for providing this service.
Each holder of Ecash carries a risk that the majority of guardians in a particular Fedimint federation either ceases to function or has hard forked to break the consensus rules. At a certain point, all decentralized protocols face similar risks but have different consequences. Suppose a supermajority of Bitcoin users/miners have decided to hard fork or stop participating in Bitcoin. In that case, it faces systemic risk from the behavior of third parties that you individually have little control over. The price of Bitcoin is a function of trust and market demands in the system. You trust that you can spend and use Bitcoin at a later date, and a significant factor in that price is global belief in it as a system.
Ecash carries the same type of risk on a different scale, and the market rates can be considered a function of trust in a particular federation coupled with demand to be in that system. Why might there be demand? Gateways have services that they can provide the users of that system. These services can expand the programmability and interoperability between the federation and external networks, such as Lightning. There is demand for users to hold Ecash and use it for both on-chain Bitcoin and Lightning, which takes a lot of work to do seamlessly on Lightning today. Gateways receive fees for providing such services, so there might eventually be enough demand on a particular federation to profit off of such swaps, and they take a risk for it. Therefore, they can charge what they wish. It would be foolish to expect an exact 1:1 with no fee or exchange rate involved.
Therefore, there's nothing that guarantees that users of a federation can participate in Lightning swaps. An individual Lightning node needs to provide this despite the risks. At the beginning of Fedimint's usage, these Gateways will likely be the federation members of their specific federation. The relationship between gateways and federations is a fascinating one that I'll dive into more in a later article.
This could be extended to another article as well. I believe it's fascinating to think about how the protocol can conceptualize adding "expirations" onto each mint. It's an optional metadata field that you may apply to your Fedimint federation, and its implications are interesting.
We've seen far too many instances in the space of early Lightning custodians like BlueWallet and BottlePay eventually shut down their custodial services, and we're already seeing Cashu mints shut down on very short notice. There will always be users of these services who expect them to be around forever. It's also impossible to inform everyone that it is shutting down. These "forever liabilities" are a big problem, and they eventually cause significant headaches for all involved.
Expirations reinforce the expectation that Ecash is not a guaranteed claim on the underlying Bitcoin. As soon as a user joins a federation, it can be communicated that their notes will expire at a specific date. We see this a lot in the gift card space. Some gift cards last 10 years, and I've seen others that last hundreds of years. Gift cards or reward points commonly get legal carve-outs for them. To me, there is no difference between reward points, gift cards, or Ecash inside a specific network.
Another good practice about expiration dates for mints is to allow federation members of the mint to get out in case they change their minds about being a participant. It's early days for Fedimint, and things can change; companies may die, environments can become hostile, etc.
Beyond a financial network
It's worth a callout, but there are also non-financial things that could benefit from a federated smart contract system. I won't dive into them in detail, but here are some ideas:
- Social key recovery
- Encrypted password management
- Social communication
- Discreet log contracts
- Prediction Markets
- Federated mining pools
- Dynamic lightning node subnetworks
- Decentralized exchange
- Privacy tool (Ecash has privacy that's as good as cash, as it must be an effective bearer instrument)
Fedimint is not a Bitcoin custody solution but its own protocol and network that can provide financial and non-financial solutions for any user of any mint. A majority of federation guardians enforce the contracts in the protocol, but no single guardian can unilaterally make decisions. Users have fantastic privacy inside the system to transact without censorship concerns. Users must have custody of their Ecash and back them up to spend them later. It's a new type of distributed ledger network without a ledger at all.
I welcome constructive comments and opinions around these ideas. If anyone has conflicting thoughts, you should be looking at this in comparison to other things that exist. Consider how it compares to Bitcoin's trust model or other currency networks. How does it compare to Wrapped Bitcoin on ETH, to ZK-Rollups, to state chains on secure enclaves that are technically considered non-custodial, to other cryptocurrencies without their scammy pricing mechanisms (at least as far as they are legally allowed to exist as self-custodial networks)? Some of it sounds cringe to compare it to, and I don't endorse any of them. But evaluate how they operate technically and legally if you'd like to challenge some of my thoughts around Fedimint being its own decentralized network with its own stable, but dynamic pricing structure.