Replying to Avatar supermass

yes and no,

and unfortunately I am bridging knowledge from bitcoin here and not aware of the details for nostr keys specifically so take this all with a huge grain of salt.

the (single) nsec is used to derive the (single) npub with secp256k1 cryptography, which is the same as bitcoin priv/pub keys. so it is one-for-one, and only the one npub will exist for the nsec.

in bitcoin, BIP-32 added hierarchical deterministic derivation, which treats the secret key as a master key and generates sub-keys (additional private keys) which are unique and can be used to generate their own public keys.

this is effectively unlimited.

but in nostr, there is no BIP-32 equivalent to my knowledge, meaning we do not have a standard for generating HD derivations.

in theory, you can still generate them yourself.

but in practice, because this is not a standard for the nostr protocol, this would mean you are creating multiple nsec/npub pairs and would have to figure out how to generate them in a compatible format to what your client is accepting for valid keys.

otherwise to integrate your “new keys” (which all come from and are usable with your “master” private key) in a seamless way you would have to create your own client and introduce a bunch of non-standard stuff..

i believe this is how it works but again could be completely wrong.

basically we need a NIP-32 equivalent and then HD derivations could allow all this “by default” for nostr clients
Avatar
Satosha 8mo ago

Thanks for sharing this incredible knowledge .. but I fail to understand how the uniqueness can be ensured .. I mean how can anyone say with any confidence that npub and nsec is a unique combination .. (doesn't matter if it is BTC or nostr network ) ..

Saying this because to ensure uniqueness , there must exist a database of all the npub and nsec combinations .... Which means someone needs to know all the combinations .. which is obviously impossible and defeats the very purppose ! ..

But without a database , no one can ever be sure that no two npubs have same nsec !

Reply to this note

Please Login to reply.

Discussion

Avatar
supermass 8mo ago

this is the brilliance of cryptography, in essence the “uniqueness” doesn’t need to be ensured.

the npub that can be trusted has all posts signed by a valid signature from its nsec.

so long as the post is signed, the npub is verified to “belong” to the nsec.

even if someone had custom derived 1 million npubs from their nsec, each new npub requires a signature to be trustworthy.

all posts on nostr are signed or they are not valid! so there’s no database needed, only a protocol which ensures that strong cryptography is being used.

now, you can’t verify that new npubs are unique human beings in real life, but that is why in the information age we must verify the content provided and not concern ourselves only for sources.

Avatar
Satosha 8mo ago

So the content is signed by a unique combination of npub and nsec ! Not by nsec alone ?

Avatar
supermass 8mo ago

content is signed by nsec, the signature is then verified with the npub, so yes you need both to post anything to nostr.

any unsigned or unverified content will be rejected by nostr relays/clients