Thread - Nostr Hypermedia

> All tweaks are reversible by the server and so they can derive your nsec easily You could *multiply* by the tweak 't', instead of adding +t*G, and that might be safer, because dividing by 't' is much harder than reversing the addition -t*G I don't claim to like this proposal, nor that my idea is valid in this case; just throwing this out as something to think about. Cryptography is interesting and fun

↑ Parent

Replies (3)

semisol semisol@nostr.land 4 days ago

Any integer x over GF(p) have a modular inverse x^-1 so that x * x^-1 = 1. So the view private key v = H(S || “magic number”) * s (where s is your nsec, and S = sG = npub) can be reversed, by testing each possible S’, and if it holds, then it is the view key for S’: S’ = H(S’ || “magic number)^-1 * v * G = H^-1 * H * s * G = sG = S Then you can trivially reverse the key s = H(S || “magic number”)^-1 * v

2 replies ↓

Tim Bouma trbouma@getsafebox.app 4 days ago

I address this issue in the security caveats. If you keep scanning local, no problem. If you use a scanning server, every key is like a root equivalent. BIP 352, because you have hardened derivation from the nsec, this is not a problem. With this approach, you do.

Gist

Nostr Silent Payments

Nostr Silent Payments. GitHub Gist: instantly share code, notes, and snippets.

1 replies ↓

SatsAndSports 2 days ago

Thanks for the write-up of that, semisol. Makes sense I was thinking of multiplication in a different context, where it is sometimes a bit better than addition, but you're right that it doesn't help here

1 replies ↓