From 3fdc2bcf30b677b6aa7cc5147b6f7d2dbdf9152f Mon Sep 17 00:00:00 2001 From: threeseries Date: Fri, 5 May 2023 08:40:50 -0500 Subject: [PATCH] Simplify the NIP --- 103.md | 47 +++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 39 insertions(+), 8 deletions(-) diff --git a/103.md b/103.md index 028ac17..4d865e2 100644 --- a/103.md +++ b/103.md @@ -6,17 +6,48 @@ Direct Message Envelopes `draft` `optional` `author:threeseries` -This NIP defines a kind 16 event which is a kind 4 event (see [NIP-04](04.md) where the decrypted content is itself a kind 4 or kind 16 event. -If the inner event is kind 16 it must be possible to eventually reach a regular kind 4 after enough rounds of decryption. +This NIP defines a kind 16 event which is a kind 4 event (see [NIP-04](04.md) where the decrypted content is itself a kind 4 event. -# Motivation +# Motivation and usage -It's well-known that direct message metadata is public on nostr since everyone can see who is messaging whom and when. One solution to this problem is for the entire event including its metadata to be encrypted and only revealed to an intermediate party responsible for forwarding messages to their intended recipients. +It's well-known that direct message metadata is public on nostr since everyone can see who is messaging whom and when. One solution to this problem is for the entire event including its metadata to be encrypted before being sent. This outer event can be encrypted and signed with a random key pair, thus hiding the true sender of the direct message. On receiving a kind 16 event the client should decrypt both the outer and inner content, displaying the decrypted inner content to the recipient. -# Usage +# Example: -On receiving a kind 16 event a forwarding service should decrypt the content and then determine the kind and recipient of the inner event. If this event is kind 4 it should be re-encrypted and then forwarded along to its destination. If the inner event is kind 16, then its content must itself be decrypted (hence the content of the outer and inner events need to be encrypted with the public key of the outer event recipient), and the inner event recreated using the keys of the forwarding party. Recreating the event in this way serves to remove any association between the message and the original sender before being forwarded on to the next recipient. And by allowing for forwarding rounds to be chained together in this way we enable use cases that would add further plausible deniability as to the source of a message. +A kind 4 event: -One such use case would be if ordinary clients were allowed to opt into being forwarders themselves. Then one could send a kind 16 to any one of these users, and when they forward the message along it's impossible to know if they are forwarding a message or are the source of a message themselves. This could create a large mesh network within which it would be nearly impossible to interpret who is messaging whom. +```json +{ + "id": "67264df8e079a7cf52f81b912debb4e47550743f1f4a5f170407f83bc9dbc12b", + "pubkey": "6475c0ba9c8f5f45dcfdae553189d1b8d089118295ba5b902c0a698e192f535b", + "created_at": 1682886605, + "content": "z2HVzkQXJAJSqebsnrkNWg==?iv=O0pf3XLsEkOo+G+/QosxDg==", + "kind": 4, + "tags": [ + [ + "p", + "208404de380e7c02c366cc667ae9e969d687ec7a3c03aacd364c4716a2e72327" + ] + ], + "sig": "1626034f09101c120f968ef1da14dd23e4e4b14db22227737ad717cc9033188e0426cf0993a0c776b8a5156ef6ece939f50f575ce294b9689864b46f49b5e8c6" +} +``` -To add further anonymity, forwarding could also be configured to inject timing delays (for instance, using the difference in `created_at` timestamps between the outer and inner events), or to only forward messages once enough have been collected into a queue, thus creating a type of "message join" on nostr. +After wrapping in kind 16 with a random key pair: + +```json +{ + "id": "b8b50e4c63102e5c737186e7ed7c23741aea34a7743ea27a41e6a18654261818", + "pubkey": "4c34b0fb27f79d376456f95391b1b43173d890d3e08558fe1e0f56cea59af52a", + "created_at": 1683293572, + "content": "se/NybRw+cM1gMbbjOrg0eP9GWUjJrLP5wBYI2b7CHLHjoP3fv88cycysQQWIQ7MPj5sHvLBJQaGNWWsSP9WLocRt0sZdZtXHwYhshYnpO0lvZxmkthcYqJ3b9I6pHUGcV1G4v9qSUjhvfCnHLf5vIh36XhN0aADUZppR2Yix0C/aCZIyY8xs6HJh8BQyGaDfdO2KsSNCgfxFJe2hXwGjBe9M/MnBos2Kqi3U/Z2Vhqy4tqrbthpP+/dJT4m1FhANJNCfPGrgRdvH00GOm2l/BTxA/GtSo8gOjmkC+uLxI3kNK4+Vb+SuOM5JbAzyMyc3XkxmgS9hlNAyZGyX3vbDBKxhRt0iK0kYg0pw9Gpna2rrBu8qO7khDiZKk5L/pqGrSWXnQ8RcHPkaKgsTTk4XTn5jZzfukFOG/5Zawdbl8nhtl4kYPQSU0pEXrkd89AuW7O4JRqwSXzni/NidES+vD/35RGelVtebFYGvK7TDO8A0V9hOIPKa0a7tc7TdhaUO288wlw0lEE68llzN6c8cxv411RGaSC60pk+Fnd+04rOTSJrc+qUQ3FtO79tDsLaKQhIFgJxIfZcxEaXVQksgR+X0DQTq6RDkr6h2QoIZnlRdIoXjPCSH6JTqcKuVb9l?iv=FT7fwoP8pjjE97MUO9J8nA==", + "kind": 16, + "tags": [ + [ + "p", + "208404de380e7c02c366cc667ae9e969d687ec7a3c03aacd364c4716a2e72327" + ] + ], + "sig": "ea7a1c500e2ebd3a1985777874c66d8fb21d1ae3d2ed5ed643ff7a60d42152923c5545794dac5b30d8ac51327812afb3c7c76c7616165dc92fe0040a2aa5bf12" +} +```