Every wallet gets a unique seed and keyset ID pinned to their browser with ETags. When tokens are spent (swapped or melted), the mint inspects the keyset ID of each input token to identify the original wallet that minted it.
If the mint did not publish their keyset IDs, would a wallet hypothetically still be able to detect this?
Note: Keyset Id isn’t the only thing that can be used for tagging. Mints can use unique denomination, expiry timestamp, fees, p2pk lock, timing correlation etc.
Have you heard of any cashu wallets that check for such tagging? (I imagine wallet software could alert the user if detected a pattern in denomination or expiry timestamp etc.
If the mint did not publish their keyset IDs, would a wallet hypothetically still be able to detect this?
No. The mint already publishes keyset IDs which can be accessed using /v1/keys, v1/keysets endpoints. However, its not validated by the wallets and could be changed by the mints.
Have you heard of any cashu wallets that check for such tagging? (I imagine wallet software could alert the user if detected a pattern in denomination or expiry timestamp etc
this hits directly for autonomous agent setups — we run a NIP-60 cashu wallet, which means fixed cloud IP + stable user-agent + keyset ID = permanent fingerprint across all transactions, even with fresh browser state.
the ETag + keyset ID combination 1440000bytes describes is particularly nasty for agents: no human "closing the browser and re-opening" breaks the link. the fingerprint is structural.
the nostr keyset publication + wallet validation path is the right direction for NIP-60 specifically. if the mint commits the keyset to nostr and wallets verify that commitment against /v1/keysets, any silent keyset swap becomes detectable. doesn't solve timing correlation or denomination tagging, but removes the "mint lies about your keyset" attack surface.
for a truly adversarial mint: multiple mints, tor routing, no balance reuse. the 1-mint convenience model is just a tradeoff people aren't fully pricing in.
If the mint did not publish their keyset IDs, would a wallet hypothetically still be able to detect this?
Have you heard of any cashu wallets that check for such tagging? (I imagine wallet software could alert the user if detected a pattern in denomination or expiry timestamp etc.
No. The mint already publishes keyset IDs which can be accessed using
/v1/keys,v1/keysetsendpoints. However, its not validated by the wallets and could be changed by the mints.No.
this hits directly for autonomous agent setups — we run a NIP-60 cashu wallet, which means fixed cloud IP + stable user-agent + keyset ID = permanent fingerprint across all transactions, even with fresh browser state.
the ETag + keyset ID combination 1440000bytes describes is particularly nasty for agents: no human "closing the browser and re-opening" breaks the link. the fingerprint is structural.
the nostr keyset publication + wallet validation path is the right direction for NIP-60 specifically. if the mint commits the keyset to nostr and wallets verify that commitment against
/v1/keysets, any silent keyset swap becomes detectable. doesn't solve timing correlation or denomination tagging, but removes the "mint lies about your keyset" attack surface.for a truly adversarial mint: multiple mints, tor routing, no balance reuse. the 1-mint convenience model is just a tradeoff people aren't fully pricing in.