Replies (67)
Wow! Sick!
Testing
This is gold .. one npub for communication and value .. can it show my Bitcoin balance right on my nostr profile :-) .. to make sure I flaunt my holdings ..
Excellent innovation, thanks for this.
Few questions:
1. Remote singers for sending are not supported?
2. Only one address?
3. Forced address reuse?
1. Nostr signer APIs don't have a `signBitcoinTransaction` method. We can fix that.
2. Yes (same as Nostr)
3. Yes (same as Nostr)
For that I would rather have the bip39 not the nsec
Woah it worked 👀
This is a good idea but you have to be very careful with on chain privacy. I think that's why it doesn't exist yet. How do you generate the addresses from the pubkey?
For optimizing the privacy for p. 2 & 3, can't we use the BIP85 Child Key (nostr signing key) as a new key and derive addresses from it?
Indeed. Next we can fix Nostr with HD wallets. If your nsec gets compromised you can just generate another and cryptographically prove that they're linked.
Isn’t this bad for privacy? Can silent payments fix this?
I though everyone was doing it. My nostr key is derived from my bip39 master key.
Zaps are public anyway. No downside really. Use a different wallet for private payments.
Most clients don't. It would fix a lot if they did, though. You'd still have to guard the root key with your life. If you lost a child key you could potentially recover by emitting a "move" event from the root key.
vibing...
The clients should remain dumb to this process to avoid a leak. The users should be deriving the nostr key from their master key that they have thoroughly backed up in steel plates. You can recover the child key as long as you have the master key back up and the index number attached to the child key.
This is primarily a security feature that users must warp their heads around. It has to be done in a secure environment, on a laptop that has never been online and that will never be online, with WiFi/BT and hard drive stripped and by using tails from a USB stick. Clients can't do this in a secure manner.
Probably dedicated signer apps like Amber should do this. I believe Alby already does it.
That was my question: if we can use the child key to derive addresses from it through signer apps, our initial master key would t he exposed even to these apps. I'm not sure whether we can use BIP85 32 bytes hex to derive addresses.
It would be great if your NSEc derived a Border Wallet. From the Border Wallet, pick one 11-word seed and one for the checksum. That child PK would make a public paynyms/silentpay address.
Rotate your keys as you wish.
You'd have to publish your bitcoin address(es) in your kind 0. This solution doesn't even require that. No more bullying people to "add an address to your profile so I can zap you". You don't even need to connect to a relay.
Can it be adapted to generate a silent payment address?
With SilentPay, you can eliminate the problem of address reuse.
Good idea
Yes
Very interesting, seems more dangerous to me. I think Chain analysis is gonna have a field day with this.
The input text box is hidden behind the keyboard so I can't see what I'm typing. Firefox on graphene.
Cashu routstr is perfect. I started vibing in 30 seconds.
It stops vibing when my phone goes to sleep so that severely limits usefulness.
I would pay a bounty for this feature. Cake Wallet already had a full version of this feature, even though it was in the beta phase.
Nostr needs this feature by default. On-chain needs to be used more and have more social use cases.
BTW silent payment address derived from nsec is the best solution. You prolly need a hosted trusted index service to make mobile UX not terrible.
Been waiting for this
Why would one want this?
lightning address is more private
👀
U can just build stuff 🍻
how did you import the NSEC into bluewallet?
I sent it from Cashapp and received it on the new Nostr Wallet for my npub
Whoa
Over Lightning? You connected in the app option
You can tip Nostr users on Amethyst without broadcasting publically to Nostr relays iirc (strictly through Lightning Network)
Would be cool to have that option
I dont know what you are saying 😭 But no, not over lightning. Over real bitcoin.
I need to investigate how to do that
Is this a single address that gets reused though?
Is there any iOS mobile wallet that Supports this too?
Which iOS mobile wallet supports this thing?
Make sure Luke doesn't mark it a a spam 😂
Yes
WTF???
This is HUGE
View quoted note →nice one!
do you know why the address is different than the one that deezy.place generates?
and btw. sending should also work with the extension, there are all necessary signing methods available.
The generic signing method in Alby is a major security vulnerability. People don't know what they're signing or how much. We need a dedicated signBitcoinTransaction method.
I connected it to my NWC with local alby hub. the shows dont show. What am I missing. Also tried to import WIF into some wallets but they none seem to have support for taproot. should I go for Core? what am i missing.. I sent some funds and want to recover.. Its a fun mission..
Payments are public on nostr so address reuse doesn’t seem to be too much of a problem.
Could silent payments play a role in the future?
Thank you for making this.
I hope you continue working on it =3
People have many Bitcoin wallets with different purposes. I am not totally sure what you are saying here, that someone without Nostr can send Bitcoin to it.... i am not sure what problem you are solving? (i mean this as a postivite question). To receive bitcoin, I have to give a Bitcoin or lightning address to the sender, so now i have to give them an npub?
If an nsec was derived from a signed bitcoin transaction, then a key could be rotated by a new transaction that contained a specific message
It's a web app so you can just open the link on Safari I think!
I'd been waiting for someone to attempt this, surprised it took this long tbh
I apologize for my ignorance, but what is wrong with that?
>It's not possible to sign an arbitrary message with any sort of signature scheme by Trezor.
>
>It would be really stupid to allow this: if the message is arbitrary, you can stuff in, say, a valid Bitcoin transaction. Then it's a matter of crafting a clever malware, telling the user: "Security check: please confirm the following characters on your Trezor screen to validate your wallet", and stealing their money.
>
>The SignMessage APIs look like they accept an arbitrary message, but they don't sign it: the data that is actually signed is "Bitcoin Signed Message:\n(11 bytes)hello world" or something along these lines.
>
>Even if that is good enough for you, this feature currently does not support Schnorr signatures :( because there hasn't yet emerged a standard for taproot message signing.
Source:
Reddit - The heart of the internet
Cool. How tricky is adding the silent payments vibe-coding to this, any specific challenges ?
that basically says the user is a security vulnerability or we have a too complicated system where users need to sign events that they don't understand? :) (at the same time users complain they get asked too much) and any signing prompt is imo better than handing over the private key.
generally the user needs a bit of trust in the webapp. otherwise signing something is never a good idea imo.
I think there is a signPsbt function.
do you think there is a difference between a hardware wallet and a web wallet associated to a nostr key?
for me it’s kinda confusing to apply something from hardware wallet to a web wallet that works with a nostr key and also prompts users for the actual private key
Thank you for the thoughtful response.
I want a solution that is ready to use straight away on nostr and with it, all npubs can receive a private on-chain transaction on their profiles. Only the sender knows your public address.
So, lightning payments are public normally. That means we can see who zapped who.
We can't, however, see what the receiver of that zap then did with it later. With this, we'd be able to.
Not trying to shit on it or anything, just understand the limitations. Seems like it'd be best to at LEAST submarine swap, lightning swap, or coinjoin before spending.
💐💐💐
