Nostr Web Client

As events are broadcast on relays, it also means that on small timescales there is no consistent global state.

Imagine a series of events, that travel along different paths in a graph of nodes. They may arrive at their destinations at slightly different times.

This can cause issues for programs that contain assumptions about timing of events.

An idea I'm working out related to this and key management:

One bad scenario is that of an attacker who compromised a user key. They could broadcast a malicious key delegation/migration event to lock the true owner from their account. Even if there are security measures in place, it's possible for the attacker to convince a portion of the network to accept this new 'state', since there is no consistent global state to be the source of truth.

DataNostrum 2y ago

True, but why do we need a consistent global state for notes? Unlike Bitcoin, where everyone needs to agree on the exact ordering of blocks in the ledger, why does it matter for notes? Programs should make no such assumption.

I don't follow the key management example. If your key is compromised, why would it matter who broadcasted the first key migration message? In fact it's even likely to be the attacker, when the legitimate owner is not aware that the key was compromised. Isn't this something that can only be resolved on the "social layer", i.e. other accounts helping to determine the correct new npub through IRL verification?

Reply to this note

Please Login to reply.

Discussion

radii 2y ago

Programs shouldn't make assumptions, yes, but they can and will.

In my example, I think it matters not who broadcasts a malicious event, but from where in the relay graph it is broadcast.