This is why we need robust key rotation specs
A basic start would be adding a profile metadata field for alternate keys and making sure that metadata field is always timestamped by default
Discussion
But imho these are just temporary patches and dont really resolve the core problem. We might need a completely new address format and start from new.
How would a new address format help? Just making it longer to add more randomness or am I missing something?
What I try to say is that #Nostr is npub based, thus vulnerable to long range attacks, like the old P2PK #Bitcoin addresses
How did changing address format fix that for Bitcoin?
pubkeys are derived from privkeys by ECC, which can be vulnerable to Shor's algorithm by simply calculating your privkey out of your pubkey. As long as your pubkey is not revealed, there can be no long range attack. P2WSH/P2WPKH only reveal a UTXO address specific pubkey when you spend them (so you have about 10 min for a short range attack).
Thanks for the explanation ๐ค
I might have to update my list of essential shit nostr needs nostr:nevent1qvzqqqqqqypzqamkcvk5k8g730e2j6atadp6mxk7z4aaxc7cnwrlkclx79z4tzygqy88wumn8ghj7mn0wvhxcmmv9uq3jamnwvaz7tmswfjk66t4d5h8qunfd4skctnwv46z7qpq5ytyweq7k7589yvvpwv8hnesftdaqe4xl50nmmadjfgldewyjq8qufrfcd
Great list! ๐๐งก
Maybe also consider adding an audit to Tor attack vectors like timing analysis / Sybil attacks, especially if #Nostr is used for direct communication.
https://cointelegraph.com/news/tor-germany-timing-attack-privacy
Maybe in general "we need more security audits" should be a point in the list
Or is there something more specific I'm missing for a Tor section of the list?