Nostr Web Client

Exploring key/pair derivation on some nsec/npub concepts that would allow some pretty flexible use cases and lead to some helpful nips that could improve on the current basic key-pair. Preview sketches attached.

PROGRESS:

✅ Initial thoughts for developing use cases.

🟩 define the secure key derivation method.

🟩 Write up a Nostr Improvement Proposal (NIP) draft.

🟩 Share sketches and ideas with the Nostr community for feedback.

🟩 Partner with dev on application to explore isolated user-friendly key mgmt implementation.

NSEC - Nostr Secret Key.

NPUB - Nostr Public Key.

NSUB - Subordinate NSEC with revokability. A unique NSEC derived from an NSEC that generates the same NPUB as originating NSEC.

MSEC - Multi Secret Key. An NSEC derived from an NSEC that results in a unique NPUB.

MPUB - Multi Public Key. NSEC derived NPUB series to have multiple NPUBs on an NSEC.

Reply to this note

Please Login to reply.

Discussion

SwBratcher 10mo ago

Very draft mode here. Lots of tweaking to come. These are noted to be just NSECs and NPUBs on the network and are just specially named behind the scenes for Key Manager and Client Side Use.

SwBratcher 10mo ago

For Nostr users, this effort aims to make the platform more flexible and user-friendly by introducing a system where you can manage multiple public identities (npubs) from a single private key (nsec). Imagine having different npubs for public posts, private chats, anonymous engagement, or temporary interactions like event subscriptions—all securely linked under one root key you control. This could enhance your privacy by letting you separate your online activities, simplify key management by reducing the need for multiple standalone keys, and make it easier to join niche communities or try new features without risking your main identity. However, adopting this would mean new ways to handle keys, apart from clients, which is healthy, and its success depends on how seamlessly Nostr apps integrate and explain this system to avoid confusion.

Galaxie 5000 10mo ago

Currently the only way to use native iOS Nostr apps (as far as I know) is to stick your nsec in them. Not ideal.

SwBratcher 10mo ago

This is a necessary solve for massive adoption.

nostr:nevent1qqs8lypu4fug50c68w8zc0adkgd495crx54pfy4n6hns0m4vza7gp3qpzemhxw309ucnjv3wxymrst338qhrww3hxumnwhax9fy

SwBratcher 9mo ago

nostr:nprofile1qqswuyd9ml6qcxd92h6pleptfrcqucvvjy39vg4wx7mv9wm8kakyujgua442w where does this NIP-ID overlap with the goals of your NIP-A0? And where does it expand on it? Would a collab make sense? Or, would keeping effort separated but complimentary make sense? I’ve been in touch with a dev team regarding implementation of a key storage method on hardware. But haven’t explored yet with any client developers. Let me know if you’d like to explore collaborating. Client dev and Relay dev engagement are next on my list.

Mike Dilger ☑️ 9mo ago

You can't in general derive two different NPUBs from the same NSEC, or have two different NSECs for the same NPUB. There might be high order reflections/overrlaps, but they end up being mathematically equivalent. For example, these two NSECs are the same:

3501454135014541350145413501453fefb02227e449e57cf4d3a3ce05378683

cafebabecafebabecafebabecafebabecafebabecafebabecafebabecafebabe

But most nsecs won't have a reflection.

IMHO if nostr is to move to a masterkey-subkey situation, we should use that opportunity to allow for different kinds of keys and different cryptosystems. I want an ed25519 device key issued by my master nsec (and if nostr doesn't support it I don't care because I can still use it in my own projects). Ideally I'd want an ed25519 master key but I predict that nostr won't move in that direction because of the "one way" rule.

Also, I want my current keypair to be a device key under a master key that doesn't even exist yet. Because everybody already knows me by this keypair. Clearly it cannot be derived from the future master key.

For both of these reasons, I don't think deriving device keys from a master key is going to work. I think they should be independent and simply one signs the other.

ynniv 9mo ago

Derivation is so tempting though. I fell into that rabbit hole for weeks before realizing that you can get most of the benefits with more flexibility using simple attestations: https://github.com/nostr-protocol/nips/pull/1450/files

Mike Dilger ☑️ 9mo ago

There are a lot of PRs on this doing almost the same thing. I did my version as #1837 Keychains.

I thought about adding the attestation to the messages themselves so you don't have to pull a document with the attestation. The issue there is that you don't get up to date revocation information. I didn't notice or thoroughly read through your PR and I will do that now. But take a look at #1837 and we can hash out the differences and reasoning.

ynniv 9mo ago

Revocation is the edge case, and irrevocable, so you get a better experience by assuming it hasn't been revoked and eventually confirming. It's basically the same as deletion events.

Mike Dilger ☑️ 9mo ago

Adding more data (the attestation to the event) cannot possibly break anything. But after 1000 events with the same fairly long attestation, it starts to feel like space is being wasted. Clients could load up the keychain (or whatever you might call it) once and then this data doesn't have to be repeated over and over again.

ynniv 9mo ago

Repeated data compresses easily though – it only really needs to be included in its entirety during signing and verification