Nostr Web Client

I need the left side of the curve description of how this actually works. I don’t really understand how this hides metadata from what nostr:npub12262qa4uhw7u8gdwlgmntqtv7aye8vdcmvszkqwgs0zchel6mz7s6cgrkj has written.

Looks like you’d have to publish prekeys for every conceivable person you might want to talk with?

semisol 1y ago

No. You only need one prekey.

The initiating party uses an ephemeral key.

The shared secret is used to derive 2 private keys, one for initiator to target, and one for target to initiator.

When sending a message you pick the private key depending on your role in the channel, encrypt the message to the key itself, and put it in an event signed by the key. To receive messages you look for events by the other side.

This also comes with plausible deniability.

Channels can be rotated and this provides stronger security guarantees than gift wraps (sender and recipient anonymity).

Reply to this note

Please Login to reply.

Discussion

JeffG 1y ago

What pubkey and p tag pubkey is used in the channel info event (373)? Some random ephemeral pair?

semisol 1y ago

The real pubkeys.

I believe this is strongly metadata leak resistant as channels can be established before they are needed, or when not needed to obscure other details like who was ever communicated with.

This can be, and the specification permits future re-initializations to be performed in the same channel.