NIP-41 Key Invalidation Proto

Overview

NIP-41 Key Invalidation Prototype

NIP-41 is a proposal for a scheme whereby a Nostr identity key can be invalidated to a new one safely. nostr-protocol/nips#158

WARNING: This is a prototype implementation, use it only with test keys!

Details

Terms:

  • Key state: all predefined keys, plus the index of the currently valid keys
  • Level: one element in the set of keys pre-generated iteratively
  • Visible, denoted vis: the vis (public) keyset of a level, denoted e.g. A
  • Hidden, denoted hid: the hid (secret) keyset of a level, denoted e.g. A'

Operations:

  • obtain current public key / secret key
  • generate new set of keys
  • generate next level key set from previous level keys
  • invalidate: change current key and return keys needed for verification
  • verify: verify validity of new key
  • create invalidation Nostr event
  • send invalidation event to relay
  • listen for invalidation events, verify them

Details:

  • As keys are for Nostr (using Schnorr sig), the type XOnlyPublicKey is used for pubkeys. This has the drawback that the parity is missing, and in verification both options have to be tried.

Building and Running

  • Prerequisite: rust

  • Try following commands:

cargo build

cargo run generate
cargo run
cargo run inv
cargo run

TODO

Contact

Nostr: [email protected] npub1kxgpwh80gp79j0chc925srk6rghw0akggduwau8fwdflslh9jvqqd3lecx

Sample Output

Some (truncated) sample output

generate

$ cargo run generate
NIP-41 Proto Zero

WARNING: This is a prototype implementation, use it only with test keys!

State saved
$ 
$ cargo run
KeyState loaded (256 levels)
Level: 0  (out of 256)
Current pubkey:     	 npub185daavrw5jesnxsdd6hluva8em59c369jkpas9nfkm28z58e6hpqrqya6z  (3d1bdeb06ea4b3099a0d6eaffe33a7cee85c47459583d81669b6d47150f9d5c2)
Previous pubkey:    	 None
Current secret key: 	 nsec1l3gan..yd9ah2  (fc51d9ff63..396749)

invalidate

$ cargo run inv
KeyState loaded (256 levels)
Level: 0  (out of 256)
Current pubkey:     	 npub185daavrw5jesnxsdd6hluva8em59c369jkpas9nfkm28z58e6hpqrqya6z  (3d1bdeb06ea4b3099a0d6eaffe33a7cee85c47459583d81669b6d47150f9d5c2)
Previous pubkey:    	 None
Current secret key: 	 nsec1l3gan..yd9ah2  (fc51d9ff63..396749)
Invalidation info:
Invalidated:       	 npub185daavrw5jesnxsdd6hluva8em59c369jkpas9nfkm28z58e6hpqrqya6z  (3d1bdeb06ea4b3099a0d6eaffe33a7cee85c47459583d81669b6d47150f9d5c2)
     hidden:       	 npub195v2xzn03nrcvm7ymmllcrc82xft5h0c40c3jkuz7vjwk4zjayzqn9qtky  (2d18a30a6f8cc7866fc4defffc0f075192ba5df8abf1195b82f324eb5452e904)
        new:       	 npub1zhulyeg2d4d0ujfw2mhnf6pzr4x6eg852tmr8d7msfr53ehd0m5svvky80  (15f9f2650a6d5afe492e56ef34e8221d4daca0f452f633b7db824748e6ed7ee9)
Level: 1  (out of 256)
Current pubkey:     	 npub1zhulyeg2d4d0ujfw2mhnf6pzr4x6eg852tmr8d7msfr53ehd0m5svvky80  (15f9f2650a6d5afe492e56ef34e8221d4daca0f452f633b7db824748e6ed7ee9)
Previous pubkey:    	 npub185daavrw5jesnxsdd6hluva8em59c369jkpas9nfkm28z58e6hpqrqya6z  (3d1bdeb06ea4b3099a0d6eaffe33a7cee85c47459583d81669b6d47150f9d5c2)
Current secret key: 	 nsec1t4a8c..2dtqjj  (5d7a7c04d9..5310e9)
verify?         	 true
Invalidation event: 
{"content":"key invalidation","created_at":1680411807,"id":"7d950460b669b3c32b70145c9cb11343815cbc1b350ab976ed78ea6f30da5540","kind":13,"pubkey":"15f9f2650a6d5afe492e56ef34e8221d4daca0f452f633b7db824748e6ed7ee9","sig":"10d004d1e37a25247849a7093c21a83c3fae39777ac1ace609c4e96832a8708a2332251fe58eee637c43b37718cccbfd897904b7c375825dfb7154850265323a","tags":[["p","3d1bdeb06ea4b3099a0d6eaffe33a7cee85c47459583d81669b6d47150f9d5c2"],["hidden-key","2d18a30a6f8cc7866fc4defffc0f075192ba5df8abf1195b82f324eb5452e904"]]}

State saved

Verify

$ cargo run verify npub195z34nrkuggzmp0dve4ugs85fdkq5q34n3yxaw98zj7afq9cnp2sncwkch npub1vfxu6eandjw8ufpe0wqhhrr4q86z65777vrs66jvx49l2a5fnyvsycs248 npub1en8lkh8c5ljfgjqutpd6q2ht9wy05psguepr7n6958e8yjh0p7wqg3psj9
    Finished dev [unoptimized + debuginfo] target(s) in 0.07s
     Running `target/debug/nip41-proto0 verify npub195z34nrkuggzmp0dve4ugs85fdkq5q34n3yxaw98zj7afq9cnp2sncwkch npub1vfxu6eandjw8ufpe0wqhhrr4q86z65777vrs66jvx49l2a5fnyvsycs248 npub1en8lkh8c5ljfgjqutpd6q2ht9wy05psguepr7n6958e8yjh0p7wqg3psj9`
NIP-41 Proto Zero

WARNING: This is a prototype implementation, use it only with test keys!

Invalid vis     	 npub195z34nrkuggzmp0dve4ugs85fdkq5q34n3yxaw98zj7afq9cnp2sncwkch  (2d051acc76e2102d85ed666bc440f44b6c0a02359c486eb8a714bdd480b89855)
Invalid hid     	 npub1vfxu6eandjw8ufpe0wqhhrr4q86z65777vrs66jvx49l2a5fnyvsycs248  (624dcd67b36c9c7e24397b817b8c7501f42d53def3070d6a4c354bf576899919)
New vis         	 npub1en8lkh8c5ljfgjqutpd6q2ht9wy05psguepr7n6958e8yjh0p7wqg3psj9  (cccffb5cf8a7e494481c585ba02aeb2b88fa0608e6423f4f45a1f2724aef0f9c)
Verification result:  true

Listen

$ cargo run listen ws://umbrel.local:4848

Connected to relay ws://umbrel.local:4848
Subscribed to relay for invalidation events ...

Received event:  {"content":"key invalidation","created_at":1680473064,"id":"7932f8808754ada34310d7738344a9f279d8944bf49c12e7238d248417b93d89","kind":13,"pubkey":"0333d247f7b0e1dbe7d86cf56a12aeb305a4023832e9cb85c9d7f1cc4b74669b","sig":"bc24dc86f0eb8bb69aed1492cdc803e5a6f8dd9cf78f422767760aafb4664f894913540cfe898053f4a34e6e3281abf084130e7d2f5eeae632ee47b2bb1a8ec0","tags":[["p","cf1bfde74244457f0608ebae4e6c32472e0ee3769b0d7b823d4d558760cd6d2e"],["hidden-key","96653114a1d9ff07e8b4310b93b0a37b541f43f50571f468970fb83d1fe31338"]]}
'P-tag' (invalidated):               npub1eudlme6zg3zh7psgawhyumpjguhqacmknvxhhq3af42cwcxdd5hqr3m0qs  (cf1bfde74244457f0608ebae4e6c32472e0ee3769b0d7b823d4d558760cd6d2e)
'Hidden-key-tag' (invalidated hid):  npub1jejnz99pm8ls0695xy9e8v9r0d2p7sl4q4clg6yhp7ur68lrzvuq8z4k09  (96653114a1d9ff07e8b4310b93b0a37b541f43f50571f468970fb83d1fe31338)
Pubkey (new):                        npub1qveay3lhkrsahe7cdn6k5y4wkvz6gq3cxt5uhpwf6lcucjm5v6dswn37am  (0333d247f7b0e1dbe7d86cf56a12aeb305a4023832e9cb85c9d7f1cc4b74669b)

Invalidate  npub1eudlme6zg3zh7psgawhyumpjguhqacmknvxhhq3af42cwcxdd5hqr3m0qs  in favor of  npub1qveay3lhkrsahe7cdn6k5y4wkvz6gq3cxt5uhpwf6lcucjm5v6dswn37am !

Verification result: true 


Received event:  {"content":"key invalidation","created_at":1680473093,"id":"221a2e767464cca61328031a355c06268291adcff369bdee15df0588dc61c6bb","kind":13,"pubkey":"aad39a3bfd27023d659af43445ee09a84c735b9acac0bbe18498a57514fef383","sig":"d54fb94e4a4a2101e39b36525b42b7b6d791303b350314858610a0d7f5406e218e79a1f29ae3901b7e18a2f4c8630efaabf35e7d29cc0ce62d9d514c393ad4ee","tags":[["p","0333d247f7b0e1dbe7d86cf56a12aeb305a4023832e9cb85c9d7f1cc4b74669b"],["hidden-key","27bcb59fb2c17c25cb57a264b14b97c74466fd5512429bc1d9538196d2623c42"]]}
'P-tag' (invalidated):               npub1qveay3lhkrsahe7cdn6k5y4wkvz6gq3cxt5uhpwf6lcucjm5v6dswn37am  (0333d247f7b0e1dbe7d86cf56a12aeb305a4023832e9cb85c9d7f1cc4b74669b)
'Hidden-key-tag' (invalidated hid):  npub1y77tt8ajc97ztj6h5fjtzjuhcazxdl24zfpfhswe2wqed5nz83pqz863fe  (27bcb59fb2c17c25cb57a264b14b97c74466fd5512429bc1d9538196d2623c42)
Pubkey (new):                        npub14tfe5wlayupr6ev67s6ytmsf4px8xku6etqthcvynzjh29877wps7lpyne  (aad39a3bfd27023d659af43445ee09a84c735b9acac0bbe18498a57514fef383)

Invalidate  npub1qveay3lhkrsahe7cdn6k5y4wkvz6gq3cxt5uhpwf6lcucjm5v6dswn37am  in favor of  npub14tfe5wlayupr6ev67s6ytmsf4px8xku6etqthcvynzjh29877wps7lpyne !

Verification result: true 
You might also like...
Multi Party Key Management System (KMS) for Secp256k1 Elliptic curve based digital signatures.

Key Management System (KMS) for curve Secp256k1 Multi Party Key Management System (KMS) for Secp256k1 Elliptic curve based digital signatures. Introdu

Doubly-linked list that stores key-node pairs.

key-node-list Doubly-linked list that stores key-node pairs. KeyNodeList is a doubly-linked list, it uses a hash map to maintain correspondence betwee

Symmetric key-wrapping algorithms

RustCrypto: Key Wrapping Functions Collection of symmetric Key Wrapping Functions (KW) written in pure Rust. About "Key Wrapping" describes symmetric

Plutonium is a two-device chat application that utilises WebSockets and a X25519 ECDH Key Exchange

Plutonium is a two-device chat application that utilises WebSockets and a X25519 ECDH Key Exchange, in addition to AES-256 to securely communicate between the two clients.

Pure Rust implementations of the key-committing (and context-committing) AEADs

kc-aeads Pure Rust implementations of the key-committing (and context-committing) AEADs defined in Bellare and Hoang '22. Crash course on the paper: T

The Hybrid Public Key Encryption (HPKE) standard in Python

Hybrid PKE The Hybrid Public Key Encryption (HPKE) standard in Python. hybrid_pke = hpke-rs ➕ PyO3 This library provides Python bindings to the hpke-r

Sparse Merkle tree for a key-value map.

LSMTree A Rust library that implements a Sparse Merkle tree for a key-value store. The tree implements the same optimisations specified in the Libra w

Project Masterpass is a deterministic databaseless key management algorithm, aimed to help those who cannot protect their encryption keys in storage

Project Masterpass (working title) Attention! This project is still under heavy development, and SHOULD NOT be used in practice, as the algorithms cou

Lockstitch is an incremental, stateful cryptographic primitive for symmetric-key cryptographic operations in complex protocols.

Lockstitch is an incremental, stateful cryptographic primitive for symmetric-key cryptographic operations (e.g. hashing, encryption, message authentication codes, and authenticated encryption) in complex protocols.

Comments
  • Why are you using x-only public keys to hash? and other questions

    Why are you using x-only public keys to hash? and other questions

    I'm trying to make my implementation be compatible with this, but this is such a complex protocol for my brain, so it would be nice to be able ask you such questions like that. Can you message me on Telegram? https://t.me/fiatjaf

    Otherwise I can ask them here.

    opened by fiatjaf 0
Owner
optout
bitcoin, lightning, wallets Nostr: [email protected] npub1kxgpwh80gp79j0chc925srk6rghw0akggduwau8fwdflslh9jvqqd3lecx
optout
HD wallet BIP-32 related key derivation utilities.

HDWallet Docs HD wallet(BIP-32) key derivation utilities. This crate is build upon secp256k1 crate, this crate only provides BIP-32 related features,

jjy 23 Nov 27, 2022
X25519 elliptic curve Diffie-Hellman key exchange in pure-Rust, using curve25519-dalek.

x25519-dalek A pure-Rust implementation of x25519 elliptic curve Diffie-Hellman key exchange, with curve operations provided by curve25519-dalek. This

dalek cryptography 252 Dec 26, 2022
An implementation of the OPAQUE password-authenticated key exchange protocol

The OPAQUE key exchange protocol OPAQUE is an asymmetric password-authenticated key exchange protocol. It allows a client to authenticate to a server

Novi 178 Jan 9, 2023
A safe implementation of the secure remote password authentication and key-exchange protocol (SRP), SRP6a and legacy are as features available.

Secure Remote Password (SRP 6 / 6a) A safe implementation of the secure remote password authentication and key-exchange protocol (SRP version 6a). Ver

Sven Assmann 10 Nov 3, 2022
Keyhouse is a skeleton of general-purpose Key Management System written in Rust.

Keyhouse Keyhouse is a skeleton of general-purpose Key Management System. Keyhouse is not an off-the-shelf system, and it's not ready for production.

Bytedance Inc. 148 Jan 1, 2023
Manage secret values in-repo via public key cryptography

amber Manage secret values in-repo via public key cryptography. See the announcement blog post for more motivation. Amber provides the ability to secu

FP Complete 82 Nov 10, 2022
FS-DKR: One Round Distributed Key Rotation

FS-DKR: One Round Distributed Key Rotation Intro In this note we aim to re-purpose the Fouque-Stern Distributed Key Generation (DKG) to support a secu

[ZenGo X] 28 Dec 18, 2022
A suite of programs for Solana key management and security.

?? goki Goki is a suite of programs for Solana key management and security. It currently features: Goki Smart Wallet: A wallet loosely based on the Se

Goki Protocol 157 Dec 8, 2022
🧑‍✈ Version control and key management for Solana programs.

captain ??‍✈️ Version control and key management for Solana programs. Automatic versioning of program binaries based on Cargo Separation of deployer a

Saber 35 Mar 1, 2022
Password-Authenticated Key Agreement protocols

RustCrypto: PAKEs Password-Authenticated Key Agreement protocols implementation. Warnings Crates in this repository have not yet received any formal c

Rust Crypto 81 Dec 5, 2022