nostr-protocol
Introduce NIP-PNS: Private Note Storage
Private Note Storage is like giftwraps but:
- Not spammable, author keys are pseudonoymous and deterministic from your main key.
- Simpler wrapping. No seal is needed since the wrap key is deterministic. You just have the wrap and the internal rumor.
- Only for your own notes
- Zero public metadata. Giftwraps require a
ptag of who is receiving the event. Since we are deterministically generating the private author key that is not tied to the master key, we can just query on that.
Further improvements not defined in this spec:
- HD keys (bech32) for creating private notes on new keys each time. No pubkey re-use at the cost of query complexity.
It uses hkdf_extract twice, which isn’t the usual way (per RFC 5869). This could trip up devs. How about switching to one extract then expand for pns_private_key and pns_nip44_key?
Clearer and safer.
i was originally just going to use sha256 for everything, which I thought was much simpler. I'll update this but I find it confusing af.
what if we used something like bip32 to generate keys for each stored event. then you would have truely zero correlated public metadata, but at the cost of additional query complexity.
I'd say we should let the person implementing it decide if they want to use a simple string per application/feature or generate keys per event.
Right now we need an event to store ephemeral nsecs by using nip44 encryption. I was thinking of using 1081 to encrypt nsecs and store there. (Afraid of replaceable events as an application could overwrite an existing nsec which will lead to data loss).
