Thread - Nostr Hypermedia

Relays: 5

Replies: 3

Generated: 22:07:53

hodlbod hodlbod@coracle.social npub1jlrs...ynqn

I spent some time this week writing a new key rotation scheme for nostr: https://github.com/nostr-protocol/nips/pull/2114 I think it's pretty good for what it is (it improves on nostr:nprofile1qyxhwumn8ghj7e3h0ghxjme0qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qg3waehxw309ucngvpwvcmh5tnfduhsz9mhwden5te0wfjkccte9ec8y6tdv9kzumn9wshszxnhwden5te0wpuhyctdd9jzuenfv96x5ctx9e3k7mf0qqs04xzt6ldm9qhs0ctw0t58kf4z57umjzmjg6jywu0seadwtqqc75s49cdh4's version by not requiring an arbitrary time delay). At the same time, it's riddled with very fragile assumptions about events being available, introduces a hard dependency on OTS (or some equivalent), and requires clients to constantly compute key validity. At the end of the day, what I have learned is that we probably can't realistically do key rotation on nostr in the application layer — we need some kind of cryptographic magic or strongly consistent data store to make it happen. It still might be an interesting read for the nerds out there though.

2025-11-08 15:22:18 from 1 relay(s) 2 replies ↓

Replies (3)

e33io _@e33.io npub17kyn...g0pz

Thank you! ..the more minds on this, the better

2025-11-08 15:44:28 from 1 relay(s) ↑ Parent Reply

the axiom npub137u5...a74z

why not do it like PGP?

2025-11-08 19:12:22 from 1 relay(s) ↑ Parent Reply

hodlbod hodlbod@coracle.social npub1jlrs...ynqn

The tweak idea is interesting, but is there a way to identify whether pubkeys are related to the same root key without fetching a bunch of events from the network? It seems to me that a requirement of a key rotation system is going to be validation of keys without additional network requests (and checking invalidation, but that's actually impossible to do without extra data).

2025-11-10 18:49:52 from 1 relay(s) ↑ Parent Reply