nips/704.md

85 lines
4.3 KiB
Markdown
Raw Normal View History

2023-04-07 09:58:00 -04:00
NIP-704
======
Key derivation for Encrypted Direct Messages
-----------------------------------
`draft` `optional` `author:motorina0`
This NIP defines a way for two clients to derive `one-use-only` keys for sending and recieving `kind:4` events.
## Motivation
2023-04-10 02:26:38 -04:00
The content of `Direct Messages` [NIP-04](https://github.com/nostr-protocol/nips/blob/master/04.md) is encrypted, but everyone can see who is chatting with whom. This is far from ideal from a privacy perspective.
This NIP describes a way to obfuscate DM communications from the "general public", it does not deal with the relay tracking of clients (for that see [NIP XXX](xxx)).
2023-04-07 09:58:00 -04:00
## Suggestion
2023-04-10 02:37:39 -04:00
For the maximum of privacy the two participants of a `Direct Message` exchange SHOULD use a different public key for **each** `kind:4` event.
2023-04-07 09:58:00 -04:00
This means that each participant has to:
2023-04-10 04:23:04 -04:00
- build a `direct message parent key` from which it will derive keys to send and keys to receive (listen for) `kind:4` events
2023-04-10 02:37:39 -04:00
- share this `direct message parent key` with its DM peer
2023-04-07 09:58:00 -04:00
2023-04-07 10:31:00 -04:00
Each client has a `master` key (denoted with `m`). This key can be the profile `nsec...`, but it is not mandatory.
2023-04-10 04:55:10 -04:00
## Derive the `direct message parent key`
2023-04-10 04:36:12 -04:00
A client must generate multiple `direct message parent keys`, one for each peer that it is communicating with. The [BIP32](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki) structure to be used is:
```
2023-04-10 04:54:14 -04:00
m / purpose' / conin_type' / part1' / part2' / ... / part8'
2023-04-10 04:36:12 -04:00
```
- this NIP defines the `purpose` `25709'` (`dm` -> `0x646d` -> `25709`) for deriving `Direct Messages` related keys
- nostr `coin_type'` is `1237'` (see [NIP-06](https://github.com/nostr-protocol/nips/blob/master/06.md))
- `part1' / part2' / ... / part8'` is the public key hex string (of the peer) split in 8 chunks:
- the reason for using the peer's (`Bob`) public key is to always arive at the same value even if prio state is lost
2023-04-10 04:57:09 -04:00
- the reason for splitting the public key is that each level of the path can have a max value of 2<sup>32</sup>-1
2023-04-10 02:37:39 -04:00
2023-04-10 04:53:38 -04:00
<details>
<summary><b>Example</b></summary>
2023-04-10 05:14:10 -04:00
If Alice wants to build he <code>dm parent key</code> for Bob then she has to:
2023-04-10 04:53:38 -04:00
<ul>
<li>get the public key of `Bob` (in hex). Eg: <code>3bf0c63fcb93463407af97a5e5ee64fa883d107ef9e558472c4eb9aaaefa459d</code></li>
<li>split the public key hex string in 8 chunks:</li>
- <code>3bf0c63f</code>, <code>cb934634</code>, <code>07af97a5</code>, <code>e5ee64fa</code>, <code>883d107e</code>, <code>f9e55847</code>, <code>2c4eb9aa</code>, <code>aefa459d</code>
<li>derive the <code>dm parent key</code>: <code>m/25709'/1237'/3bf0c63f'/cb934634'/.../aefa459d'</code></li>
</ul>
</details>
2023-04-10 04:23:04 -04:00
2023-04-10 06:09:35 -04:00
We notate the above derived `direct message public key` with `dmpk`. Then we can define paths of the form `dmpk/<action>/index`.
2023-04-10 05:14:10 -04:00
2023-04-10 06:09:35 -04:00
| Action Name | Value | Path | Derive keys for |
|-----------------------|--------|---------------------|-----------------------------------|
2023-04-10 06:14:46 -04:00
| **receive** | `0` | `dmpk/0/<index>` | receiving `direct messages` |
| **send** | `1` | `dmpk/1/<index>` | sending `direct messages` |
| `draft`: republish | `2` | `dmpk/2/<index>` | sending `republish events` |
2023-04-10 06:09:35 -04:00
| `draft` :market-order | `4500` | `dmpk/4500/<index>` | sending NIP45 `market orders` |
2023-04-10 05:14:10 -04:00
2023-04-10 04:23:04 -04:00
send, receive, marketplace
## Exchange the `direct message parent key`
If `Alice` wants to signal `Bob` that she is ready to use this NIP (for more privacy) she must:
- build a JSON data of the form:
```json
{
"key": <the direct message parent key>,
"send_index": <integer (optional), ...>,
"receive_index": <integer (optional), ...>,
}
```
- publish a `Parameterized Replaceable Event` ([NIP-33](https://github.com/nostr-protocol/nips/blob/master/33.md)) having:
```json
{
...
"kind": 35709,
"content": <NIP-04 encrypted content of the JSON data>,
"tags:" [
"d": <sha256 of the shared secret as defined in NIP-04>
]
}
```
> **Note** the reason for using `sha256(shared_secret)` for the `d` tag is so that outside observers do not even know that `Alice` and `Bob` have started to communicate. Any other value for the `d` tag would reveal that the message is intended for `Bob.`
2023-04-10 06:09:35 -04:00
After both `Alice` and `Bob` have both published the `kind: 35709` event, they can start to publish and listen to events using the `one-use-keys`.