Replying to Avatar The Fishcake (nostr.build)

Using expensive and non hardware optimized signature verification on mobile devices is a recipe for disaster. I understand the concern, but you have to make choices based on capabilities.
Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 5mo ago

you have to find the most efficient signature verification algorithm.

and you really have to construct the canonical form and check the provided ID is correct. this is one of the problems with putting the ID on the wire, it becomes easier to forget.

sorry, but there is no way around this. you can't trust rando relays to do it. even if they do, you can't trust all of them to do it.

for mobile devices, checking an secp256k1 siganature on a sha256 hash of an event is not impossible, and anyway there is now fast libraries for both android and iOS. even, on android devices, you can make a little binary tool that runs to do the job. on iOS, the swift code IS binary so it's just a matter of having the actual function available.

Reply to this note

Please Login to reply.

Discussion

Avatar
cloud fodder 5mo ago

the ID thing, yeah, very interesting.. I don't pretend to be a cryptographer but.. I know that no checks is no bueno. Glad you have thought of all this in orly. 🫡

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 5mo ago

yeah, this is why i tried to make all of the json codec as fast as possible, it's one of the most expensive operations in the stack