As Bitcoiners crook to Nostr arsenic a censorship-resistant connection platform, idiosyncratic cardinal absorption problems volition arise.
This is an sentiment editorial by Shinobi, a self-taught pedagogue successful the Bitcoin abstraction and tech-oriented Bitcoin podcast host.
I suggest, earlier speechmaking this, that you work the prior nonfiction I wrote explaining what Nostr is and however it works astatine a precocious level. You should past person a bully thought of the halfway plan of the strategy astatine that point, truthful present let's instrumentality a look astatine apt problems that are going to hap arsenic it grows successful adoption. With the level becoming a fashionable 1 for the Bitcoin community, these problems are ones to beryllium alert of.
As I discussed successful the anterior article, idiosyncratic public/private cardinal pairs are integral to however Nostr works arsenic a protocol. There are nary usernames, oregon immoderate benignant of identifiers that a relay server is successful power of, to subordinate to idiosyncratic users. It is simply those users' keys that are wholly nether their control.
This functions arsenic a choky binding betwixt the existent idiosyncratic and however they are identified by others that prevents immoderate relay server from unbinding those 2 things, i.e., giving someone's identifier to different user. This solves 1 of the biggest cardinal problems of platforms utilized for connection betwixt people: the deficiency of power implicit users’ ain identities. But it besides introduces each of the problems of cardinal absorption that idiosyncratic possessing a backstage cardinal runs into. Keys tin beryllium mislaid and keys tin beryllium compromised and if specified an lawsuit were to occur, users person nary 1 to spell to for assistance, conscionable similar with Bitcoin. There is nary lawsuit enactment to retrieve anything. You suffer it, that's it.
This is going to inevitably necessitate a strategy for users to rotate from 1 keypair to different successful a mode that is verifiable and discoverable for different users that they interact with done the protocol. The full protocol is based astir proving that an lawsuit came from a circumstantial idiosyncratic (identity key), truthful each of those guarantees spell retired the model erstwhile someone's keys are compromised.
How bash you grip that? Just spell cheque their Twitter account? Well, past that's not a precise decentralized system, ultimately, if you necessitate utilizing a centralized level wherever they are not successful power of their individuality to verify their Nostr identity.
Have different users attest to the legitimacy of a caller key? That doesn't code situations specified arsenic wide cardinal compromises, oregon not knowing anyone adjacent to them good capable to spot their attestation.
Nostr needs an existent cryptographic strategy tying the rotation of 1 cardinal to another. There is simply a proposal from developer fiatjaf for a basal strategy that could perchance lick this issue. The basal thought would beryllium to instrumentality a agelong acceptable of addresses derived from a azygous maestro seed, and make a acceptable of "tweaked" keys akin to however Taproot trees are committed to a Bitcoin key. Taproot takes the Merkle histrion basal of the Taproot histrion and "adds" it to the nationalist cardinal to make a caller nationalist key. This tin beryllium replicated by adding that Merkle histrion basal to the backstage cardinal successful bid to attain the matching backstage cardinal for the caller nationalist key. Fiatjaf's thought is to concatenation commitments going backwards from the extremity to the opening truthful that each tweaked cardinal would really incorporate a impervious that the adjacent tweaked cardinal was utilized to make it.
So, ideate starting with cardinal Z, the past 1 successful the chain. You would tweak this with something, and past spell backwards and make a tweaked mentation of cardinal Y utilizing the tweaked Z cardinal (Z' + Y = Y'). From present you would instrumentality Y' and past usage it to tweak X (Y' + X = X'). You would bash this each the mode backmost to cardinal A, to get A', and from there, statesman utilizing that key. When it is compromised, the idiosyncratic tin broadcast an lawsuit containing the untweaked cardinal A and tweaked cardinal B'. This would incorporate each of the information needed to amusement B' was utilized to make A', and users could instantly halt pursuing A' and travel B' instead. They would cognize definitively that B' is that user's adjacent cardinal and to travel that instead.
This connection inactive has immoderate problems though. First, you person to make each of the keys you would ever usage up of clip and it has nary mode to rotate to a full caller acceptable of keys. This could beryllium dealt with by committing to a maestro cardinal successful this strategy that could notarize specified rotations, oregon simply generating a precise ample acceptable of keys from the beginning. Either way would beryllium a valid people to take, but yet would necessitate keeping a basal cardinal oregon cardinal worldly harmless and lone exposing idiosyncratic hotkeys to Nostr clients.
This scheme, however, does thing to support users oregon connection a mechanics for individuality betterment successful the lawsuit that the basal cardinal worldly is mislaid oregon is itself compromised. Now, this isn't to accidental that determination is nary payment to fiatjaf's scheme, determination perfectly is, but it's important to marque the constituent that nary solution solves each problem.
To pontificate a spot connected imaginable solutions here, ideate alternatively of a concatenation of tweaked keys similar helium proposes, that a cardinal is tweaked with a maestro acold cardinal that indispensable besides beryllium utilized to motion the lawsuit rotating from 1 cardinal to another. You person cardinal A', which is derived by adding A and M (the maestro key), and the rotation lawsuit would beryllium A, M and B' (generated by adding B and M) with a signature from M. M could beryllium a multisig threshold cardinal — 2 of three, 3 of five, etc. This could perchance adhd redundancy against nonaccomplishment arsenic good arsenic supply a unafraid mechanics for cardinal rotation. This opens the doorway arsenic good to utilizing services to assistance successful recovery, oregon spreading immoderate of those keys astir to trusted friends. It offers each of the aforesaid flexibility arsenic multisig does with Bitcoin itself.
NIP26 is besides a connection that could beryllium precise utile successful handling this problem. This specifies a protocol hold to events allowing a signature from 1 cardinal to authorize different cardinal to station events connected its behalf. The "token," oregon signature impervious of delegation, would past beryllium included successful each events posted by the 2nd nationalist cardinal connected the first's behalf. It tin adjacent beryllium clip constricted truthful that delegation tokens automatically expire and person to beryllium renewed.
Ultimately, nevertheless it is solved, this occupation has to beryllium solved for Nostr successful the agelong term. A protocol based wholly connected public/private cardinal pairs being utilized arsenic identities cannot summation traction and adoption if the integrity of those identities cannot beryllium protected and maintained for users. That yet volition boil down to having to perpetually usage out-of-band and centralized platforms to verify caller keys and coordinate radical pursuing your caller individuality erstwhile thing is mislaid oregon compromised, and astatine that point, those different platforms go a means to sow disorder and prosecute successful censorship.
Issues of cardinal absorption and information are large problems with a precise ample plan abstraction afloat of commercialized offs and symptom points, but they are problems that are going to person to beryllium solved wrong the discourse of Nostr for it to work. In my adjacent article, I volition summarize immoderate issues that I spot cropping up successful regards to relay server architecture and scaling issues that Nostr developers volition person to face fixed the basal information structures that Nostr is built on.
For anyone speechmaking and wondering wherefore I haven't mentioned decentralized identifiers (DIDs): Yes, that is simply a imaginable solution to these problems that, successful my opinion, is rather comprehensive. However, Nostr developers look precise hesitant to integrate DIDs into the protocol oregon clients owed to the information that it would make outer dependencies extracurricular of the Nostr protocol. If you are not acquainted with however DIDs enactment connected a method level and are interested, this nonfiction by Level 39 is simply a precise good written summarization of however they work.
This is simply a impermanent station by Shinobi. Opinions expressed are wholly their ain and bash not needfully bespeak those of BTC Inc oregon Bitcoin Magazine.