Everything comes down to trade offs.
Important that it is ultimately verifiable, and that if you require it you could use another client (if the option doesn’t exist to turn it on/off).
Discussion
An option to turn on signature verification for the people a user follows may be a good way to do it. That way mobile phones don’t need to verify every signature on the global feed…
In Nostr 2.0, users will be able to tell when a profile has been tampered with since hashing all the posts together matches the on-chain merkle root of that profile.
Instead of verifying the signature of each post, users can take a hash of the entire profile and make sure it matches the on-chain merkle root.
Computational Requirements: users become lightwallets, nostr relays becomes full-nodes.
We’re already at nostr 2.0?
Things happen fast around here.
Apa itu bro?
That was quick 😳
I just wanna post to you as my first post on Nostr! Yew
wait, I just got here
a.k.a The Bitcoin Web… 🕸️🌩️
It’s like Web5 on the frontend and Nostr on the backend. Users download merkle trees from nostr nodes and load them up as normal files into a browser or mobile app.
The on-chain merkle roots provide tamper-resistance for entire websites rather than just for profiles. Updating an entire website with an on-chain merkle root and tree hash is smaller than inscribing a single NFT. 🖼️
Essentially, it’s Web3 compressed on layer 2.
A few hashes in the taproot section underneath a normal bitcoin transaction can decentralize your entire website with user-verifiable tamper-resistance that doesn’t require verifying the signatures of every individual action. ❤️
Let’s face it, we’re LARPing if we aren’t verifying signatures. This method will provide verifiable security for mobile without the costly burden of verifying one post at a time.
Our team will release this general purpose tool with the code for the Nostr GitHub. 💜
It’s like batched verification but even more compact.
#[7]
Posts are arranged in a merkle tree. You can validate the contents of someone’s profile one merkle branch at a time, or you can verify the contents of the entire profile/tree at once if you’re not missing any of its posts.
That makes sense!
I was actually wondering whether its enough to batch Schnorr verify every N events to resolve performance issues on low-end hw. Strikes me as simpler (or are we doing this already?)
With this method, you don’t need to verify the signatures of every post. It verifies the content of all the profile’s posts in one swoop with a hash that matches a tiny on-chain merkle root.
Well, #[8] added sig verify in amethyst today, and my phone hasn't melted yet. Very cool. 📡🛰️⚡🤙