This is an opinion editorial by Shinobi, a self-taught educator within the Bitcoin house and tech-oriented Bitcoin podcast host.
I counsel, earlier than studying this, that you simply learn the prior article I wrote explaining what Nostr is and how it works at a high level. You ought to then have a good suggestion of the core design of the system at that time, so now let’s check out possible issues which might be going to happen because it grows in adoption. With the platform becoming a popular one for the Bitcoin community, these issues are ones to pay attention to.
As I mentioned within the prior article, person public/personal key pairs are integral to how Nostr works as a protocol. There aren’t any usernames, or any sort of identifiers {that a} relay server is in charge of, to affiliate to particular person customers. It is just these customers’ keys which might be utterly beneath their management.
This features as a decent binding between the precise person and the way they’re recognized by others that stops any relay server from unbinding these two issues, i.e., giving somebody’s identifier to a different person. This solves one of many greatest basic issues of platforms used for communication between individuals: the dearth of management over customers’ personal identities. But it additionally introduces the entire issues of key administration that somebody possessing a non-public key runs into. Keys may be misplaced and keys may be compromised and if such an occasion had been to happen, customers have nobody to go to for help, similar to with Bitcoin. There is not any buyer help to recuperate something. You lose it, that is it.
This goes to inevitably necessitate a scheme for customers to rotate from one keypair to a different in a approach that’s verifiable and discoverable for different customers that they work together with by way of the protocol. The whole protocol relies round proving that an occasion got here from a particular person (identification key), so all of these ensures exit the window as soon as somebody’s keys are compromised.
How do you deal with that? Just go examine their Twitter account? Well, then that is not a really decentralized system, in the end, in the event you require utilizing a centralized platform the place they aren’t in charge of their identification to confirm their Nostr identification.
Have different customers attest to the legitimacy of a brand new key? That does not deal with conditions resembling mass key compromises, or not figuring out anybody near them effectively sufficient to belief their attestation.
Nostr wants an precise cryptographic scheme tying the rotation of 1 key to a different. There is a proposal from developer fiatjaf for a primary scheme that might doubtlessly clear up this difficulty. The primary concept can be to take an extended set of addresses derived from a single grasp seed, and create a set of “tweaked” keys just like how Taproot bushes are dedicated to a Bitcoin key. Taproot takes the Merkle tree root of the Taproot tree and “provides” it to the general public key to create a brand new public key. This may be replicated by including that Merkle tree root to the personal key as a way to attain the matching personal key for the brand new public key. Fiatjaf’s concept is to chain commitments going backwards from the tip to the start so that every tweaked key would truly include a proof that the following tweaked key was used to create it.
So, think about beginning with key Z, the final one within the chain. You would tweak this with one thing, after which go backwards and create a tweaked model of key Y utilizing the tweaked Z key (Z’ + Y = Y’). From right here you’ll take Y’ after which use it to tweak X (Y’ + X = X’). You would do that all the best way again to key A, to get A’, and from there, start utilizing that key. When it’s compromised, the person can broadcast an occasion containing the untweaked key A and tweaked key B’. This would include the entire information wanted to point out B’ was used to generate A’, and customers might instantly cease following A’ and comply with B’ as a substitute. They would know definitively that B’ is that person’s subsequent key and to comply with that as a substitute.
This proposal nonetheless has some issues although. First, it’s important to generate the entire keys you’ll ever use forward of time and it has no method to rotate to an entire new set of keys. This might be handled by committing to a grasp key on this scheme that might notarize such rotations, or just producing a really massive set of keys from the start. Either path can be a sound course to take, however in the end would require preserving a root key or key materials secure and solely exposing particular person hotkeys to Nostr shoppers.
This scheme, nonetheless, does nothing to guard customers or provide a mechanism for identification restoration within the occasion that the foundation key materials is misplaced or is itself compromised. Now, this is not to say that there isn’t any profit to fiatjaf’s scheme, there completely is, however it’s necessary to make the purpose that no resolution solves each downside.
To preach a bit on potential options right here, think about as a substitute of a series of tweaked keys like he proposes, {that a} key’s tweaked with a grasp chilly key that should even be used to signal the occasion rotating from one key to a different. You have key A’, which is derived by including A and M (the grasp key), and the rotation occasion can be A, M and B’ (generated by including B and M) with a signature from M. M might be a multisig threshold key — two of three, three of 5, and so on. This might doubtlessly add redundancy towards loss in addition to present a safe mechanism for key rotation. This opens the door as effectively to utilizing companies to help in restoration, or spreading a few of these keys round to trusted pals. It presents the entire identical flexibility as multisig does with Bitcoin itself.
NIP26 can also be a proposal that might be very helpful in dealing with this downside. This specifies a protocol extension to occasions permitting a signature from one key to authorize one other key to put up occasions on its behalf. The “token,” or signature proof of delegation, would then be included in all occasions posted by the second public key on the primary’s behalf. It may even be time restricted in order that delegation tokens routinely expire and must be renewed.
Ultimately, nonetheless it’s solved, this downside has to be solved for Nostr in the long run. A protocol based mostly solely on public/personal key pairs getting used as identities can’t achieve traction and adoption if the integrity of these identities can’t be protected and maintained for customers. That finally will boil right down to having to continually use out-of-band and centralized platforms to confirm new keys and coordinate individuals following your new identification when one thing is misplaced or compromised, and at that time, these different platforms grow to be a method to sow confusion and interact in censorship.
Issues of key administration and safety are huge issues with a really massive design house stuffed with commerce offs and ache factors, however they’re issues which might be going to must be solved throughout the context of Nostr for it to work. In my subsequent article, I’ll summarize some points that I see cropping up with reference to relay server structure and scaling points that Nostr builders must confront given the fundamental information buildings that Nostr is constructed on.
For anybody studying and questioning why I have never talked about decentralized identifiers (DIDs): Yes, that may be a potential resolution to those issues that, for my part, is sort of complete. However, Nostr builders appear very hesitant to combine DIDs into the protocol or shoppers as a consequence of the truth that it might create exterior dependencies outdoors of the Nostr protocol. If you aren’t conversant in how DIDs work on a technical degree and have an interest, this article by Level 39 is a really effectively written summarization of how they work.
This is a visitor put up by Shinobi. Opinions expressed are solely their very own and don’t essentially replicate these of BTC Inc or Bitcoin Magazine.
