Nostr Web Client

The whole point of this exercise is that I now know how to deterministically derive child keys from any nsec by creating an xpub and can be made public to cryptographically prove that it belongs to the corresponding npub and that a child public key can be cryptograpically proven to related to this npub by means of 1) a given derivation path, or 2) iterating through an established derivation path hierarchy, such as "M/44/1237/0/0/[1-iteration_limit]".

These mechanisms are tried and tested from BIP32 for Hierarchical Deterministic Wallets. I'm just applying to nostr npubs to solve for the problem of generating a root npub (with a nsec I put in a safe or HSM) and rotating through child npubs that can be easily be determined to be related to the root npub and easily revoked (by publishing an invalidating event) if they are compromised.

In the end, I am satisfied that the cryptographic mechanisms work for a straightforward key rotation (actually hierarchical key determination) that I can easily use while keeping my root nsec safe.

vnprc 2mo ago

What is the migration path from the current paradigm to this new revocable system with a secret master private key?

I guess I should back up and validate that assumption: In this scheme is the master key kept secret and only used to derive new keys? If yes, what is the migration path from a single nsec to this hierarchical system?

Reply to this note

Please Login to reply.

Discussion

Tim Bouma 2mo ago

This would just overlay on top of your existing nsec. No upgrade required. You could just derive a bunch of child keys and put your root nsec in a safe. Clients would have to know how to get the xpub - likely published in an event tag, derive the root npub, validate the child npub that signed the event and then attribute the event to the root npub.

Lots of work to be done, but I’m pretty sure now the core mechanisms work.