Microtipping on CKB, Part 2: keeping the magic, dropping the custody. Meet Liquid Cells

English
, , , , ,
1

Our vision for Scryve has always been simple: let a reader reward a writer with a fraction of a CKB. True microtipping, where even a few cents of appreciation is worth sending.

A few months ago we wrote about the one thing standing in the way. On CKB, every live cell must hold at least 61 CKB of capacity, closer to 65 once you account for fees, because on CKB capacity is the right to occupy global state (this is the state-rent design that keeps the chain sustainable). Beautiful for the network, brutal for tiny payments: a 1-CKB tip would mean locking up 65. The economics are broken. The UX is broken.

So on Scryve, our long-form publishing platform, we built custodial tipping to make that fraction-of-a-CKB tip viable: a “prepaid card” where you deposit once, tip instantly off-chain, and settle to your wallet only when it is worth a transaction. It works, it feels great, it runs on testnet, and we keep developing it. We were also upfront about the catch: for now, you trust us to hold the balance. We called it a bridge, not the destination, and promised to keep pushing toward something more decentralized.

The pieces are coming together, and we want to show you what we have been building.

Introducing Liquid Cells

Liquid Cells is a new protocol developed by Luso Crypto Labs, the team behind Scryve. It is not a Scryve feature. It is a general, non-custodial microtipping and micropayment protocol for CKB that any app can build on, and Scryve will simply be the first to use it.

We will be honest about what is and is not new. We did not invent zero-knowledge proofs, and verifying a proof on CKB has been done before. What we built is the whole thing working end to end, live on a public CKB testnet, aimed at a real product: a pooled micropayment system where on-chain cryptography, not a company, keeps everyone honest. As far as we know, that makes Liquid Cells the first non-custodial microtipping protocol of its kind running live on CKB.

The goal is to keep everything that makes microtipping feel good (instant, sub-cent, fee-less) and remove the one thing that makes it a compromise: custody.

flowchart LR
    subgraph THEN["Scryve tipping today (custodial, on testnet)"]
        A1[Reader deposits CKB] --> A2[We hold the balance]
        A2 --> A3[Tip a writer instantly]
        A2 -. you trust us not to .-> A5(((steal · freeze · vanish)))
    end
    subgraph NOW["Liquid Cells by Luso Crypto Labs (non-custodial, coming soon)"]
        B1[Reader deposits CKB] --> B2[A cell holds it, not us]
        B2 --> B3[Tip a writer instantly]
        B2 == enforced by CKB ==> B5(((nobody can steal · freeze · trap)))
    end

Tips still live in a shared pool, so thousands of fractional payments collapse into one tiny on-chain footprint. But “pooled” no longer means “ours.” The design makes it pooled, and provably yours.

What non-custodial will mean for a reader or a writer

Three promises, and not one of them is “trust us”:

  • Nobody can take your balance. Nothing moves without your signature.
  • Nobody can invent or inflate balances. The books always balance, and the chain checks the math.
  • Nobody can trap your funds. If the operator goes offline, disappears, or turns evil, a reader or a writer can reclaim their balance using public chain data alone. No permission, no cooperation, no middleman.

That last one is the whole game. The exit is not a support ticket. It is a property of the system.

sequenceDiagram
    actor Reader
    participant Pool as Liquid Cells (an on-chain cell)
    actor Writer
    Reader->>Pool: Deposit once
    Reader->>Pool: Tip a fraction of a CKB on an article (instant, free, off-chain)
    Pool->>Writer: Balance goes up
    Note over Reader,Writer: thousands of microtips, one small on-chain checkpoint
    Note over Reader,Pool: Operator vanishes?
    Writer->>Pool: Exit, reclaim earnings from chain data alone

The same cell model that made microtips hard at Layer 1 is exactly what makes this work. CKB’s cells are programmable and can verify real cryptographic proofs on-chain, so a single anchor cell can stand in for a whole ledger of tiny balances while letting anyone prove what they are owed. The constraint became the tool.

Why this matters beyond Scryve

Liquid Cells is a protocol, not a product, and Luso Crypto Labs is building it for anyone to use. Payment channels like CKB’s Fiber Network are one great answer to micropayments; Liquid Cells is a different shape, a shared pool with no per-user channel to fund, which fits “many people sending tiny amounts” especially well. Reader-to-writer microtipping is the first home we have in mind, but the same rails fit creator payments, pay-per-read, in-game economies, and any case where the amounts are small and the volume is large. No custodian, no outside chain to trust, just CKB doing what only CKB can.

Where we are (honestly)

Same honesty as last time. Liquid Cells is highly experimental. It is live on the Pudge testnet as a standalone system: real proofs verifying inside CKB on a public chain, a chain of checkpoints landing, a checkpoint that advanced with no signature at all, and a real unilateral exit already demonstrated from chain data alone. But it is unaudited, testnet-only, and not for real funds. It is not yet live on Scryve: the tipping you use today still runs on the custodial bridge while Luso Crypto Labs keeps building, testing, and working toward an audit. A few honest edges remain on the roadmap (a smoother emergency-exit path, faster settlement, and locking down the upgrade key), and we will keep being plain about them. Liquid Cells is coming to Scryve soon.

The microtipping we shipped first was elegant, pragmatic, secure. Liquid Cells is the next step: elegant, pragmatic, and a real move toward decentralized.

The bridge got us here. This is the road ahead. More soon. :eyes:

— The Scryve team, built by Luso Crypto Labs

Further reading

3 Likes
2

This is a genuinely interesting direction, and I like the honesty around custody, exits, audit status, and the remaining upgrade-key work.

One question I would like to understand more clearly is the boundary with Fiber.

You mention Fiber as “one great answer” and describe Liquid Cells as a different shape: a shared pool with no per-user channel to fund. That distinction makes sense at a high level.

But from a protocol-design perspective, Liquid Cells also seems to introduce quite a set of assumptions: an operator advancing checkpoints, proof availability, data availability for exits, emergency-exit UX, settlement latency, and upgrade-key governance.

So what is the precise product or protocol constraint that makes a Fiber-backed Scryve tipping wallet unsuitable here?

Overall, I like the ambition here. I would just be keen to see a more rigorous comparison of the trust model, liveness model, exit model, and liquidity model against Fiber, because that is where the real design justification seems to live.

2 Likes
3

Thank you, this is the right pushback, and you are correct that the justification has to live in the comparison rather than in a “different shape” hand-wave. Let me give the honest version, including where Fiber wins and where my earlier framing was too glib.

First, a concession that reframes the whole thing: you are right that this is not really “pool vs channels.” Any payment-channel design that lets thousands of sporadic, long-tail writers receive tips without each funding their own channel does so by introducing a hub that provisions inbound liquidity (LSP-style). So the honest comparison is non-custodial pool vs hub, and the real question is what kind of hub.

Today, the channel-free version of Fiber tipping is a custodial hub. The clearest evidence is the other Fiber-based tipping proposal on this forum, Fiber Link, which describes itself as a custodial/hosted hub with an internal ledger per user. That is a reasonable design. It is essentially what our own custodial Scryve tipping already is. Liquid Cells is an attempt to build that same “receiving is just a ledger entry” hub, but non-custodially: the operator cannot steal or inflate balances (enforced by an on-chain validity proof), every balance is reconstructable from on-chain data, and any writer can exit unilaterally if the operator vanishes.

The four models honestly, conceding Fiber’s wins:

Axis Fiber (channels + hub/LSP) Liquid Cells (non-custodial pool)
Trust No protocol operator for a direct channel, and a direct channel is more decentralized than us. But channel-free long-tail receiving needs a hub, and today that hub is custodial. One operator, but provably non-custodial: cannot steal or mint (validity proof), balances reconstructable from on-chain data, unilateral exit. Adds a single upgrade key, which we are still locking down.
Liveness Direct channels are peer-to-peer; safety needs you online or a (third-party) watchtower. Operator advances checkpoints (a central liveness dependency), with unilateral exit as the floor; ordinary users carry no online burden.
Exit Close a channel you already hold; cooperative close is fast. Withdraw anytime via the operator; emergency exit only after a ~30-day operator-silence window, and it lands a cell of at least 61 CKB, so exiting a dust balance is the weak spot today.
Liquidity / receiving The inbound-liquidity problem: channel-free receiving needs a hub or LSP. Lightning has these; for Fiber they are on the 2026 roadmap, not yet shipped. Zero per-user and per-creator liquidity; receiving is a ledger entry; one shared anchor cell amortized across everyone.

I want to scope this honestly. The argument is specifically about long-tail, sporadic, many-recipient inbound. For a single high-volume, always-online creator with two-way flow, a direct Fiber channel is the better tool, likely cheaper and more private, and we would not argue otherwise. We are also not claiming a raw on-chain-cost win: a mature hub-and-channel-factory Fiber could well be cheaper per tip than our periodic zk-checkpoints. The claim is narrower and we think defensible: for the long-tail receiving case, Liquid Cells offers the same instant “just receive” UX as a custodial hub, with strictly stronger guarantees.

One correction to something I said earlier, in case it spread: our sub-61-CKB egress via a Fiber atomic swap is design and roadmap, not shipped. The in-pool escrow leg (the hash-locked leg with a sender-side refund) is built and tested; the Fiber integration and the liquidity-provider side are not, and the receiver-side force-claim is explicitly unbuilt for now. So please read “complementary with Fiber” as intent, not a working feature.

And the honest caveats stand: testnet only and unaudited; ~7-minute settlement per checkpoint (faster proving and instant soft-confirmation receipts are planned, not shipped); the ~30-day exit window and 61-CKB exit-cell floor noted above; and the single upgrade key (a timelocked upgrade lock is built and tested, but not yet adopted on the live deployment).

Thank you for your valuable input on this.
Scryve Team

1 Like
4

Thanks, this is a much clearer framing. I think “validity-constrained hub” is probably the most precise mental model here.

The remaining thing I would like to understand is the data-availability side: when you say balances are reconstructable from on-chain data alone, does the chain contain enough information for an ordinary user or independent indexer to reconstruct every exit proof without relying on an operator-hosted API or receipt server?

1 Like
5

“Validity-constrained hub” is a good way to put it, thank you.

Short answer: yes, an independent party can reconstruct every exit proof from L1, and no receipt server is ever in the exit path. The precise answer lives in separating an on-chain safety guarantee from the ordinary rollup data-availability liveness assumption, so let me do that.

Safety: the operator cannot withhold or alter what changed. Every checkpoint force-publishes its full state diff (each touched leaf’s key, balance, nonce) in the checkpoint transaction’s witness. The validity proof commits a keccak of that blob in-circuit, and the anchor type script rejects any checkpoint whose witness does not carry that exact blob (reject code 59). So a checkpoint that hides, shrinks, or alters the diff does not verify and cannot land. That is enforced on-chain, not by us.

Reconstruction is a pure function of L1 data, and it is checkable. Reconstruction folds the published blobs from genesis, rebuilds the full sparse Merkle tree, and from it any leaf’s balance, nonce, and sibling path (the force-exit inclusion proof) fall out. Crucially, our lc-exit tool then asserts the rebuilt root equals the live on-chain anchor root. That check is what makes the data source trust-minimized rather than trusted: you can point it at your own node, a public one, or the operator’s, and a source that omits, reorders, or corrupts checkpoints produces a root mismatch and is caught. It can delay you; it cannot forge your balance. An independent party can rebuild the whole tree this way, not just their own leaf, and we verified it live on Pudge (the rebuilt root matched the on-chain root and recovered a real leaf, 199.989 CKB, with no sequencer in the loop).

On the plumbing, since you asked about indexers specifically: discovery enumerates the pool’s checkpoints by its public anchor type hash using the standard CKB indexer, and the witness bytes themselves come from a per-transaction get_transaction call. The indexer is the built-in CKB one, which anyone can run against their own node, so it is substitutable infrastructure rather than an operator API. You do need the pool’s anchor type hash out of band, the same way you need a token’s contract address; it is unforgeable, and the root-check binds you to the genuine cell.

The one honest residual is data-availability liveness, and it does not route through us. The proof guarantees the diff was published immutably on L1. Continued retrievability rests on at least one archival CKB node still serving the history. The good news on CKB specifically is that the default full node does not prune block bodies, so an ordinary from-genesis node retains every witness, and any user can be that node. This is the same DA-liveness assumption every rollup carries. It is not a safety hole: funds can never be stolen, and only a total loss of the history across all archival nodes could freeze a leaf. As pools age we have a snapshot mechanism to make replay cheaper, but a snapshot is only ever an optimization, accepted only if it itself reconstructs to the on-chain root.

And directly on receipts: the soft-confirmation receipts we have planned are operator-signed and are never part of the exit path. A force-exit only ever uses committed, checkpointed, on-chain state, so no receipt server is involved in recovering funds.

Hope this clarifies further :blush:

Thank you
Scryve

2 Likes
6

Okay, thanks, this is much clearer. Overall, this makes the trade-off more understandable now.

The DA explanation helps. Publishing the touched state diff in the checkpoint witness sounds pretty reasonable.

The only longer-term caveat I would flag is that replaying from genesis may become heavy over time, so the snapshot path and ordinary-user reconstruction cost will probably matter in practice.

Looking forward to seeing the technical spec when it is ready.

2 Likes