semisol on Nostr: For a viable encryption scheme for Nostr we need: 1. plausible deniability: it is not ...
For a viable encryption scheme for Nostr we need:
1. plausible deniability: it is not possible to prove a message was sent by someone
2. sender privacy: the sender must not be known to anyone including relays
3. recipient privacy: the recipient must not be known to anyone including relays
4. DoS resistant: clients should be able to tolerate an attacker creating as many events as they want in an attempt to disrupt communication
5. relay filtering compatible: relays must be able to implement measures to filter event floods to some extent to assist with 4.
6. restricted-write relay compatible: the scheme must allow a way for relays with a restricted writer set to be able to be used as an outbox or inbox
7. post-compromise security: the protocol must be able to recover in a reasonable amount of time from a total leak of client state assuming the master private key is not (signer/extension)
8. forward secrecy: the protocol must not leak any messages before compromise if one of the master private keys, or both, are compromised
Gift wraps fail 1, 3, 4, 5, and 8. 7 is not applicable
The proposed DR scheme fails 1, 3, 4 and 5.
My proposed scheme passes all of them, but 7 still needs to be fully validated.
Published at
2024-05-14 07:42:52Event JSON
{
"id": "7c88486a5ef5296534de82d97b58c623ee871fd4ca6a42f409238996001cd67b",
"pubkey": "52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd",
"created_at": 1715672572,
"kind": 1,
"tags": [],
"content": "For a viable encryption scheme for Nostr we need:\n1. plausible deniability: it is not possible to prove a message was sent by someone\n2. sender privacy: the sender must not be known to anyone including relays\n3. recipient privacy: the recipient must not be known to anyone including relays\n4. DoS resistant: clients should be able to tolerate an attacker creating as many events as they want in an attempt to disrupt communication\n5. relay filtering compatible: relays must be able to implement measures to filter event floods to some extent to assist with 4.\n6. restricted-write relay compatible: the scheme must allow a way for relays with a restricted writer set to be able to be used as an outbox or inbox\n7. post-compromise security: the protocol must be able to recover in a reasonable amount of time from a total leak of client state assuming the master private key is not (signer/extension)\n8. forward secrecy: the protocol must not leak any messages before compromise if one of the master private keys, or both, are compromised\n\nGift wraps fail 1, 3, 4, 5, and 8. 7 is not applicable\nThe proposed DR scheme fails 1, 3, 4 and 5.\nMy proposed scheme passes all of them, but 7 still needs to be fully validated.",
"sig": "8d3102da8d32038935dc0597d397f1ee7b37a46405bd73150d12ace0d45962636fa54cdea70508c70ddcd1af39d51bbc16601080541c6c45e9fa0d918202766c"
}