I think I cracked the code on private groups.
Long-form post here:
Habla
A Proposal for Private Groups - hodlbod
An elegant approach to private groups - access control based on a shared, hosted private key, rather than cooperative relays.
Instead of relying on relays to implement access control as in this PR (
https://github.com/nostr-protocol/nips/pull/566), we could combine the Gift Wrap proposal (
https://github.com/nostr-protocol/nips/pull/468) with #[0] 's nsec bunker to create private groups with easy administration and moderation!
Gift wrap fixes DM metadata leakage by using a temporary private key to send a DM to a recipient. The recipient decrypts the wrapper to find a regular nostr event inside. This could be another kind 4 as in the proposal, or anything else. Which means you can send kind 1's, 7's, or anything else in a wrapped event.
Now suppose you had a pubkey that you wanted to represent a group instead of a person. Put its nsec in a (modified) nsec bunker, and now you can allow other people than yourself to request signatures. A shared private key!
Anyone who has access to this nsec bunker could de-crypt any gift wrapped note sent to it. Relay-free read access control!
There are lots of ways you could manage this access list, but I think a compelling one would be to create a NIP 51 list (public or private!) of group members and set up the nsec bunker to authenticate using that list. Boom, dynamic member lists.
You could also create a NIP 51 list for admins, and pre-configure which event kinds each list is allowed to post using the group's nsec. So maybe members could only publish wrapped kind-1's, but admins could publish wrapped kind-0's (you can now zap a group!), kind 9's for moderation, updated member and moderator lists, normal kind 1's for public information about the group, etc.
Gift wrap would support:
- leak-free DMs
- Fully private groups
- Public-read groups (nsec bunker would allow for admin, but everyone would publish regular instead of wrapped events).
- Organizations and other shared accounts, with role-based authorization (list/kind mappings)!
Of course, no clients currently support this kind of thing, but support would not be hard to add, and it creates an entirely new set of affordances with two very simple applications of the core protocol.
There are a few drawbacks I can think of, of course. Gift wrap makes it harder to search notes by tag. You could:
- Leave all tags off (other than for DM recipient as in the proposal)- Selectively keep tags that aren't revealing of identity
- Encrypt tag values. When a client wants to query a tag, it must encrypt the value using the same pubkey and include that in the filter. This, I think, is ok for the use case above.
There are also a number of proposals in the works to fix NIP 04 DMs which are apparently broken from a cryptographic standpoint, so implementing this should probably wait until that stuff is sorted out. But it should be possible however that ends up materializing.
So am I nuts? Or is this a galaxy brain solution?
#[1]
Replies (53)
Damn, #[1]β, I better hurry! π
Oh, another issue is that ephemeral keys might be hard to keep track of. This is not a problem for the group use case (because the delegate key is not ephemeral), but it might be for using gift wrap for DMs.
Soooooooooooooooooo
wen
My bad I just read till they finish fixing NIP-04 ): that seems like it could either be quick or take long af.. depending on the interest
Big if true! Just wondering how paid relays will deal with random pubkeysβ¦
!!!
π€
this is very similar to what I have in mind for collaboration of knowledge management systems for Highlighter, it's actually one of the "wow, fuck" moments I had when I was writing highlighter that I could combine it with nsecbunker and unlock this functionality
π yup
I already promised your guide to a bunch of people!
π
ecash tokens?
there's a lot of discussion going on on this
Hi #[3]β - can you point me in the right direction for understanding how the nsec bunker works (or would work). Iβve heard a few folks mention it but Iβve not seen/heard it fully described.
Perfect! Hope nothing else shiny comes along n distracts everyone π«
Why? How? Explain pls Iβm not a nuts connoisseur
π
π
π«‘
testing nsecBunker
#[0]
This might be newsworthyβ¦
potentially potential
it's almost like...
View quoted note βsomeone should coin a term to describe this effect..
network effects x network effects
π
Kurzweil's Law aka The Law of Accelerating Returns
This sounds awesome!
Private groups could be the thing that brings in the next big wave of adoption!
network effects squared as opposed to rat poison squared
you can check it out in testflight. we've been live for a little while
Wgmi
Purple Network Effects
NESTR - Network Effects + (on) Nostr
#NE^2
But more precise would be #NE^n
Itβs actually network effects ^ use cases
But that doesnβt sound as well and the power of memes is not to be messed with π
Network effects and notes transmitted over relays
Huh, I don't know much about Arcade. Is it a pure Nostr thing or is it sort of its own thing?
NENTOR π€£
A winning acronym if ever there was one
Groups in which sense? Chat groups? I don't follow anything, I must sleep. Will wait for the movie.
π groups in the "arbitrary access to secret namespaced information sense". It works for any nostr kind by wrapping normal events in a gift-wrap note signed by a shared private key, access to which is controlled using an nsecbunker type thing.
Hmm, I think gift-wrap doesn't work because relays won't take these in the long run, unless you pay per note or something like that -- or maybe Google wants to run a relay.
Just a note to say my Simple Group Chat proposal is not trying to solve anything or be a big breakthrough, just trying make group chat that doesn't suck and can eventually compete with Telegram and Discord.
OK, I'm beginning to wrap my head around the idea. It is starting to sound like a problem worth solving, but I'm still unsure about the solution.
I had the same thought. In the long run, since you're specifying a bunker url anyway, I'm sure you could also specify a dedicated relay set or use otherwise aligned relays (paid, community owned, etc).
In fact, admins could use kind 10002 to publish which relays the group's messages are stored on.
Maybe a dumb analogy since I have a tenuous understanding of both, but giftwrap over nostr sounds a lot like ark over bitcoin
I need to try nesc bunker and understand what you are saying here. I implemented an encrypted group chat in almost the same way without before nsecbunker exists in Blowater but I took it off because itβs not easy to track locally. And yes, DM should be fixed first. A DM is just a group chat of 2 people. Maybe we should think this way and donβt make encrypted group chat a special case.
And what is problem for current kind-4 cryptographically?
web+nostr://nevent1qqsp3spg6k7ttaykdu6umkhqf6593lv8exmxeuq38a4spnmnzet2lscppadk7cn2v43hggz0vf4x2cm5t5tslw9z
Encrypted DMs are pretty easy. My idea here is to make group chat a special case of DMs, rather than the other way around.
Hahaah I really like it
Just read it. Looks like a good direction. One question I have is, before 44 is merged, can we have a compatible way of doing kind4 that leaks less metadata. For example, put timestamp in the encrypted content as well.
Some would say leaking metadata is a feature, not a bug
I thought they were just joking or trolling. It could be a good tool to spy on your partner to see if they are cheating for sure. That's like the first "useful" thing came up in my mind.
Markedπ, will read tomorrow, been looking for a real group chat solution since 6 months ago, we even illustrated something called #MeChat , nostr canβt live without group chat
If the metadata leakage was surfaced in the user interface, it wouldn't feel so sneaky. IOW, it could be like a game, "check it out, I publicly DM'd Jack and he DM'd me back". Obviously, there should be a fully private solution, but for 90% of use cases, the leakage is fine, and could be kind of fun.
