nips/26.md

NIP-26
=======

Delegated Event Signing
-----

`draft` `optional`

This NIP defines how events can be delegated so that they can be signed by other keypairs.

Another application of this proposal is to abstract away the use of the 'root' keypairs when interacting with clients. For example, a user could generate new keypairs for each client they wish to use and authorize those keypairs to generate events on behalf of their root pubkey, where the root keypair is stored in cold storage. 

#### Introducing the 'delegation' tag

This NIP introduces a new tag: `delegation` which is formatted as follows:

```json
[
  "delegation",
  <pubkey of the delegator>,
  <conditions query string>,
  <delegation token: 64-byte Schnorr signature of the sha256 hash of the delegation string>
]
```

##### Delegation Token

The **delegation token** should be a 64-byte Schnorr signature of the sha256 hash of the following string:

```
nostr:delegation:<pubkey of publisher (delegatee)>:<conditions query string>
```

##### Conditions Query String

The following fields and operators are supported in the above query string:

*Fields*:
1. `kind`
   -  *Operators*:
      -  `=${KIND_NUMBER}` - delegatee may only sign events of this kind
2. `created_at`
   -  *Operators*:
      -  `<${TIMESTAMP}` - delegatee may only sign events created ***before*** the specified timestamp
      -  `>${TIMESTAMP}` - delegatee may only sign events created ***after*** the specified timestamp

In order to create a single condition, you must use a supported field and operator. Multiple conditions can be used in a single query string, including on the same field. Conditions must be combined with `&`.

For example, the following condition strings are valid:

- `kind=1&created_at<1675721813`
- `kind=0&kind=1&created_at>1675721813`
- `kind=1&created_at>1674777689&created_at<1675721813`

For the vast majority of use-cases, it is advisable that:
1. Query strings should include a `created_at` ***after*** condition reflecting the current time, to prevent the delegatee from publishing historic notes on the delegator's behalf.
2. Query strings should include a `created_at` ***before*** condition that is not empty and is not some extremely distant time in the future. If delegations are not limited in time scope, they expose similar security risks to simply using the root key for authentication.

#### Example

```
# Delegator:
privkey: ee35e8bb71131c02c1d7e73231daa48e9953d329a4b701f7133c8f46dd21139c
pubkey:  8e0d3d3eb2881ec137a11debe736a9086715a8c8beeeda615780064d68bc25dd

# Delegatee:
privkey: 777e4f60b4aa87937e13acc84f7abcc3c93cc035cb4c1e9f7a9086dd78fffce1
pubkey:  477318cfb5427b9cfc66a9fa376150c1ddbc62115ae27cef72417eb959691396
```

Delegation string to grant note publishing authorization to the delegatee (477318cf) from now, for the next 30 days, given the current timestamp is `1674834236`.
```json
nostr:delegation:477318cfb5427b9cfc66a9fa376150c1ddbc62115ae27cef72417eb959691396:kind=1&created_at>1674834236&created_at<1677426236
```

The delegator (8e0d3d3e) then signs a SHA256 hash of the above delegation string, the result of which is the delegation token:
```
6f44d7fe4f1c09f3954640fb58bd12bae8bb8ff4120853c4693106c82e920e2b898f1f9ba9bd65449a987c39c0423426ab7b53910c0c6abfb41b30bc16e5f524
```

The delegatee (477318cf) can now construct an event on behalf of the delegator (8e0d3d3e). The delegatee then signs the event with its own private key and publishes.
```json
{
  "id": "e93c6095c3db1c31d15ac771f8fc5fb672f6e52cd25505099f62cd055523224f",
  "pubkey": "477318cfb5427b9cfc66a9fa376150c1ddbc62115ae27cef72417eb959691396",
  "created_at": 1677426298,
  "kind": 1,
  "tags": [
    [
      "delegation",
      "8e0d3d3eb2881ec137a11debe736a9086715a8c8beeeda615780064d68bc25dd",
      "kind=1&created_at>1674834236&created_at<1677426236",
      "6f44d7fe4f1c09f3954640fb58bd12bae8bb8ff4120853c4693106c82e920e2b898f1f9ba9bd65449a987c39c0423426ab7b53910c0c6abfb41b30bc16e5f524"
    ]
  ],
  "content": "Hello, world!",
  "sig": "633db60e2e7082c13a47a6b19d663d45b2a2ebdeaf0b4c35ef83be2738030c54fc7fd56d139652937cdca875ee61b51904a1d0d0588a6acd6168d7be2909d693"
}
```

The event should be considered a valid delegation if the conditions are satisfied (`kind=1`, `created_at>1674834236` and `created_at<1677426236` in this example) and, upon validation of the delegation token, are found to be unchanged from the conditions in the original delegation string.

Clients should display the delegated note as if it was published directly by the delegator (8e0d3d3e).


#### Relay & Client Support

Relays should answer requests such as `["REQ", "", {"authors": ["A"]}]` by querying both the `pubkey` and delegation tags `[1]` value.

Relays SHOULD allow the delegator (8e0d3d3e) to delete the events published by the delegatee (477318cf).
Fix typo "NIP: 26" to "NIP-26" 2023-06-11 23:45:52 -04:00			`NIP-26`
First draft of Delegated Event Signing 2022-08-04 04:33:38 -04:00			`=======`

			`Delegated Event Signing`
			`-----`

remove all NIP authors. 2023-11-15 19:42:51 -05:00			`draft` `optional`
First draft of Delegated Event Signing 2022-08-04 04:33:38 -04:00
Changes based on feedback 2022-08-24 08:24:50 -04:00			`This NIP defines how events can be delegated so that they can be signed by other keypairs.`
First draft of Delegated Event Signing 2022-08-04 04:33:38 -04:00
			`Another application of this proposal is to abstract away the use of the 'root' keypairs when interacting with clients. For example, a user could generate new keypairs for each client they wish to use and authorize those keypairs to generate events on behalf of their root pubkey, where the root keypair is stored in cold storage.`

Changes based on feedback 2022-08-24 08:24:50 -04:00			`#### Introducing the 'delegation' tag`
First draft of Delegated Event Signing 2022-08-04 04:33:38 -04:00
Changes based on feedback 2022-08-24 08:24:50 -04:00			This NIP introduces a new tag: `delegation` which is formatted as follows:
First draft of Delegated Event Signing 2022-08-04 04:33:38 -04:00
			```json
			`[`
Changes based on feedback 2022-08-24 08:24:50 -04:00			`"delegation",`
			`<pubkey of the delegator>,`
			`<conditions query string>,`
Minor change to make delegation token/string naming consistent 2023-02-13 06:34:12 -05:00			`<delegation token: 64-byte Schnorr signature of the sha256 hash of the delegation string>`
First draft of Delegated Event Signing 2022-08-04 04:33:38 -04:00			`]`
			```

Changes based on feedback 2022-08-24 08:24:50 -04:00			`##### Delegation Token`
First draft of Delegated Event Signing 2022-08-04 04:33:38 -04:00
NIP-26: Change example condition to expire at a future date (#157) also Regenerate example PKs and improve organization/presentation. 2023-01-07 18:12:48 -05:00			`The delegation token should be a 64-byte Schnorr signature of the sha256 hash of the following string:`
First draft of Delegated Event Signing 2022-08-04 04:33:38 -04:00
Changes based on feedback 2022-08-24 08:24:50 -04:00			```
			`nostr:delegation:<pubkey of publisher (delegatee)>:<conditions query string>`
First draft of Delegated Event Signing 2022-08-04 04:33:38 -04:00			```

NIP-26: adding section documenting valid fields and operators for conditions string (#194) 2023-01-27 06:11:27 -05:00			`##### Conditions Query String`

			`The following fields and operators are supported in the above query string:`

			`Fields:`
			1. `kind`
			`- Operators:`
Revert "[NIP-26] Fix for multiple `kind`s in delegation conditions (#208)" This reverts commit 6a11f4d4cd0159c517414ffa6cfc646f8c7c9da3. 2023-02-08 06:36:07 -05:00			- `=${KIND_NUMBER}` - delegatee may only sign events of this kind
NIP-26: adding section documenting valid fields and operators for conditions string (#194) 2023-01-27 06:11:27 -05:00			2. `created_at`
			`- Operators:`
Revert "[NIP-26] Fix for multiple `kind`s in delegation conditions (#208)" This reverts commit 6a11f4d4cd0159c517414ffa6cfc646f8c7c9da3. 2023-02-08 06:36:07 -05:00			- `<${TIMESTAMP}` - delegatee may only sign events created *before* the specified timestamp
			- `>${TIMESTAMP}` - delegatee may only sign events created *after* the specified timestamp
NIP-26: adding section documenting valid fields and operators for conditions string (#194) 2023-01-27 06:11:27 -05:00
Revert "[NIP-26] Fix for multiple `kind`s in delegation conditions (#208)" This reverts commit 6a11f4d4cd0159c517414ffa6cfc646f8c7c9da3. 2023-02-08 06:36:07 -05:00			In order to create a single condition, you must use a supported field and operator. Multiple conditions can be used in a single query string, including on the same field. Conditions must be combined with `&`.
NIP-26: adding section documenting valid fields and operators for conditions string (#194) 2023-01-27 06:11:27 -05:00
[NIP-26] Fix for multiple `kind`s in delegation conditions (#208) 2023-02-06 10:21:58 -05:00			`For example, the following condition strings are valid:`
Revert "[NIP-26] Fix for multiple `kind`s in delegation conditions (#208)" This reverts commit 6a11f4d4cd0159c517414ffa6cfc646f8c7c9da3. 2023-02-08 06:36:07 -05:00
NIP-26: adding section documenting valid fields and operators for conditions string (#194) 2023-01-27 06:11:27 -05:00			- `kind=1&created_at<1675721813`
Revert "[NIP-26] Fix for multiple `kind`s in delegation conditions (#208)" This reverts commit 6a11f4d4cd0159c517414ffa6cfc646f8c7c9da3. 2023-02-08 06:36:07 -05:00			- `kind=0&kind=1&created_at>1675721813`
NIP-26: adding section documenting valid fields and operators for conditions string (#194) 2023-01-27 06:11:27 -05:00			- `kind=1&created_at>1674777689&created_at<1675721813`
First draft of Delegated Event Signing 2022-08-04 04:33:38 -04:00
Add context for limiting `before` timestamp 2023-06-09 11:19:23 -04:00			`For the vast majority of use-cases, it is advisable that:`
			1. Query strings should include a `created_at` *after* condition reflecting the current time, to prevent the delegatee from publishing historic notes on the delegator's behalf.
			2. Query strings should include a `created_at` *before* condition that is not empty and is not some extremely distant time in the future. If delegations are not limited in time scope, they expose similar security risks to simply using the root key for authentication.
NIP-26: Advice on using after operators in conditions query string (#199) Co-authored-by: Ben Hayward <ben@minds.com> 2023-02-01 07:05:25 -05:00
NIP-26: Change example condition to expire at a future date (#157) also Regenerate example PKs and improve organization/presentation. 2023-01-07 18:12:48 -05:00			`#### Example`

First draft of Delegated Event Signing 2022-08-04 04:33:38 -04:00			```
NIP-26: Change example condition to expire at a future date (#157) also Regenerate example PKs and improve organization/presentation. 2023-01-07 18:12:48 -05:00			`# Delegator:`
			`privkey: ee35e8bb71131c02c1d7e73231daa48e9953d329a4b701f7133c8f46dd21139c`
			`pubkey: 8e0d3d3eb2881ec137a11debe736a9086715a8c8beeeda615780064d68bc25dd`
First draft of Delegated Event Signing 2022-08-04 04:33:38 -04:00
NIP-26: Change example condition to expire at a future date (#157) also Regenerate example PKs and improve organization/presentation. 2023-01-07 18:12:48 -05:00			`# Delegatee:`
			`privkey: 777e4f60b4aa87937e13acc84f7abcc3c93cc035cb4c1e9f7a9086dd78fffce1`
			`pubkey: 477318cfb5427b9cfc66a9fa376150c1ddbc62115ae27cef72417eb959691396`
			```

NIP-26: Advice on using after operators in conditions query string (#199) Co-authored-by: Ben Hayward <ben@minds.com> 2023-02-01 07:05:25 -05:00			Delegation string to grant note publishing authorization to the delegatee (477318cf) from now, for the next 30 days, given the current timestamp is `1674834236`.
NIP-26: Change example condition to expire at a future date (#157) also Regenerate example PKs and improve organization/presentation. 2023-01-07 18:12:48 -05:00			```json
NIP-26: Advice on using after operators in conditions query string (#199) Co-authored-by: Ben Hayward <ben@minds.com> 2023-02-01 07:05:25 -05:00			`nostr:delegation:477318cfb5427b9cfc66a9fa376150c1ddbc62115ae27cef72417eb959691396:kind=1&created_at>1674834236&created_at<1677426236`
NIP-26: Change example condition to expire at a future date (#157) also Regenerate example PKs and improve organization/presentation. 2023-01-07 18:12:48 -05:00			```
First draft of Delegated Event Signing 2022-08-04 04:33:38 -04:00
NIP-26: Advice on using after operators in conditions query string (#199) Co-authored-by: Ben Hayward <ben@minds.com> 2023-02-01 07:05:25 -05:00			`The delegator (8e0d3d3e) then signs a SHA256 hash of the above delegation string, the result of which is the delegation token:`
NIP-26: Change example condition to expire at a future date (#157) also Regenerate example PKs and improve organization/presentation. 2023-01-07 18:12:48 -05:00			```
NIP-26: Advice on using after operators in conditions query string (#199) Co-authored-by: Ben Hayward <ben@minds.com> 2023-02-01 07:05:25 -05:00			`6f44d7fe4f1c09f3954640fb58bd12bae8bb8ff4120853c4693106c82e920e2b898f1f9ba9bd65449a987c39c0423426ab7b53910c0c6abfb41b30bc16e5f524`
NIP-26: Change example condition to expire at a future date (#157) also Regenerate example PKs and improve organization/presentation. 2023-01-07 18:12:48 -05:00			```
First draft of Delegated Event Signing 2022-08-04 04:33:38 -04:00
NIP-26: Change example condition to expire at a future date (#157) also Regenerate example PKs and improve organization/presentation. 2023-01-07 18:12:48 -05:00			`The delegatee (477318cf) can now construct an event on behalf of the delegator (8e0d3d3e). The delegatee then signs the event with its own private key and publishes.`
First draft of Delegated Event Signing 2022-08-04 04:33:38 -04:00			```json
			`{`
NIP-26: Advice on using after operators in conditions query string (#199) Co-authored-by: Ben Hayward <ben@minds.com> 2023-02-01 07:05:25 -05:00			`"id": "e93c6095c3db1c31d15ac771f8fc5fb672f6e52cd25505099f62cd055523224f",`
NIP-26: Change example condition to expire at a future date (#157) also Regenerate example PKs and improve organization/presentation. 2023-01-07 18:12:48 -05:00			`"pubkey": "477318cfb5427b9cfc66a9fa376150c1ddbc62115ae27cef72417eb959691396",`
NIP-26: Advice on using after operators in conditions query string (#199) Co-authored-by: Ben Hayward <ben@minds.com> 2023-02-01 07:05:25 -05:00			`"created_at": 1677426298,`
Changes based on feedback 2022-08-24 08:24:50 -04:00			`"kind": 1,`
			`"tags": [`
			`[`
			`"delegation",`
NIP-26: Change example condition to expire at a future date (#157) also Regenerate example PKs and improve organization/presentation. 2023-01-07 18:12:48 -05:00			`"8e0d3d3eb2881ec137a11debe736a9086715a8c8beeeda615780064d68bc25dd",`
NIP-26: Advice on using after operators in conditions query string (#199) Co-authored-by: Ben Hayward <ben@minds.com> 2023-02-01 07:05:25 -05:00			`"kind=1&created_at>1674834236&created_at<1677426236",`
			`"6f44d7fe4f1c09f3954640fb58bd12bae8bb8ff4120853c4693106c82e920e2b898f1f9ba9bd65449a987c39c0423426ab7b53910c0c6abfb41b30bc16e5f524"`
Changes based on feedback 2022-08-24 08:24:50 -04:00			`]`
			`],`
NIP-26: Change example condition to expire at a future date (#157) also Regenerate example PKs and improve organization/presentation. 2023-01-07 18:12:48 -05:00			`"content": "Hello, world!",`
NIP-26: Advice on using after operators in conditions query string (#199) Co-authored-by: Ben Hayward <ben@minds.com> 2023-02-01 07:05:25 -05:00			`"sig": "633db60e2e7082c13a47a6b19d663d45b2a2ebdeaf0b4c35ef83be2738030c54fc7fd56d139652937cdca875ee61b51904a1d0d0588a6acd6168d7be2909d693"`
First draft of Delegated Event Signing 2022-08-04 04:33:38 -04:00			`}`
			```

NIP-26: Advice on using after operators in conditions query string (#199) Co-authored-by: Ben Hayward <ben@minds.com> 2023-02-01 07:05:25 -05:00			The event should be considered a valid delegation if the conditions are satisfied (`kind=1`, `created_at>1674834236` and `created_at<1677426236` in this example) and, upon validation of the delegation token, are found to be unchanged from the conditions in the original delegation string.
NIP-26: Change example condition to expire at a future date (#157) also Regenerate example PKs and improve organization/presentation. 2023-01-07 18:12:48 -05:00
			`Clients should display the delegated note as if it was published directly by the delegator (8e0d3d3e).`

Changes based on feedback 2022-08-24 08:24:50 -04:00
NIP-26 allow the delegator to delete the events published by the delegatee 2023-04-13 08:31:35 -04:00			`#### Relay & Client Support`
Changes based on feedback 2022-08-24 08:24:50 -04:00
NIP-26 allow the delegator to delete the events published by the delegatee 2023-04-13 08:31:35 -04:00			Relays should answer requests such as `["REQ", "", {"authors": ["A"]}]` by querying both the `pubkey` and delegation tags `[1]` value.

Add context for limiting `before` timestamp 2023-06-09 11:19:23 -04:00			`Relays SHOULD allow the delegator (8e0d3d3e) to delete the events published by the delegatee (477318cf).`