This overview is written for a highly technical audience in mind, you do not need to understand this overview to actually use our service (which is designed explicitly for ease-of-use).
moneypot uses a schnorr blind signatures to create a "coin" that represents ownership of bitcoin. There are 31 different magnitudes of coin, from 0 to 30 (inclusive) where each coin is represents
2^magnitude satoshis. (i.e. the smallest coin represents 1 satoshi, and the largest coin ~10.74 bitcoin). This makes it relatively easy to represent any amount as a set of magnitudes. Bitcoin can be seemlessly converted to blinded coins. The blinded coins have incredible privacy, speed and cost characteristics that make them exceedingly practical to use. And at any time they can be converted back to regular bitcoin. Using moneypot is quite simply the cheapest and most private way to use bitcoin.
With traditional blind signatures the blinded secret is a (randomized) serial-number. While simple and elegant, it suffers a serious limitation: repudiation. Through malice or mistake the server can falsely claim that serial-number was used before. And likewise through malice or mistake the client can falsely claim the server has cheated them. Unsubstantiated accounts are messy for everyone, and something we can completely avoid. Instead of blinding a serial-number, we blind a public key. This public key is known as the
owner of the coin.
All actions on the coin (e.g. spending it) must have an accompanying digital (schnorr) signature by the coin owner that authorizes that specific action. The server stores that signed action, and can produce it on demand to prove that it only acted upon explicit instruction. Because the server never learns the associated private keys it would be impossible to generate fake authorizations. Therefor if the server ever refuses to act on a valid coin, it can be objectively proved the server is dishonest. Likewise after each instruction, the server provides the client with an
acknowledgement which the client can use to prove the server has claimed it has completed that action.
A hookin (aka pegin) is the process of converting bitcoin into moneypot coins. With a little eliptical curve magic, we can generate a special hookin address that is indistinguisable from a normal (native segwit) bitcoin address. Then after bitcoin has been sent to that address and safely confirmed the client gives the server the neccessary information to spend the bitcoin (most importantly the public key of the owner that was used to generate the hookin address) and the server gives the client some blinded coins, which it is able to use. Thanks to a little eliptical curve magic, only the server is able spend the coin and no one else. But also allows the client to prove it was the owner of that, to keep the hookin system fully provably-honest.
From a user-point of view, a hookin is as simple as sending bitcoin to a bitcoin address! And for compatibility with software, can even be generated with bip32!
A hookout (aka pegout) is the opposite of a hookin. It is the process of taking a set of blinded coins, and ask the server to send that amount to a bitcoin address. Furthermore you can add some conditions to the hookout, such as the feerate to use for the bitcoin transfer and if you need the transfer to happen immediately or not. The server is able to leverage economies of scale with large amounts of possible inputs, and able to batch transations (when appropriate). For this reason, using moneypot as a bitcoin wallet is typically signficantly cheaper than using a traditional wallet.
Blinded coins can also be transferred. The great thing about this is it is extremely efficient (no on-chain transaction) with negligible fees and immedately finality (at least as quick as be when communicating with a server). It is also frequent to transfer and exchange coins with yourself. For instance if you have 3 coins of magnitudes 5, it would make sense to convert 2 of them into a mangitude 6 coin.