pull down to refresh

Owned by no one: solving nostr's key rotation problem - Max@towardslibertynostr:naddr1qqgrydtrvyekywfev56nvdfjxsux2qgwwaehxw309ahx7uewd3hkctczyzm7669svt0xkjsju50a22zurc0qa589z2xd4yatzx6p2z64a5e0cqcyqqq823cwkspzv
322 sats \ 5 comments \ @Scoresby 20 Nov nostr
There are two distinct scenarios we need to handle:
  1. Key Compromise with Access: You discover your key is compromised, but you still have it
  2. Lost Keys: Your key is gone - device destroyed, forgotten, or otherwise inaccessible

Solution 1: The Compromise Declaration

When you discover your key is compromised but still have access, you can publish a special "compromise declaration" event. This is a loud, permanent, irreversible signal that your key should no longer be trusted.
The brilliance is in what happens next: you update your profile name to [COMPROMISED] YourName. If an attacker tries to remove it, you add it back. This creates a spam war that actually helps - the very chaos of competing updates signals to everyone that something is wrong with this account.
Even if the attacker "wins" and controls the account, they're controlling an account that's been permanently marked as compromised. They've essentially vandalized their own prize.

Solution 2: Social Key Rotation

The second solution is more radical: anyone can propose that a key should rotate to a new key, and the community decides if it's legitimate through attestations.
Here's how it works:
  1. Proposal: Anyone (including you with a different key) publishes a rotation proposal
  2. Attestation: Your friends verify out-of-band (Signal, in-person, video call) and publish attestations
  3. Confidence: Clients calculate confidence based on who's attesting and how many
  4. Manual Action: Users see the attestations and manually decide whether to follow the new key
The key insight: if both the old AND new keys sign the proposal, that's strong evidence. But even without the old key (lost scenario), sufficient attestations from your social graph can establish legitimacy.

The Non-Deletable Event Range

These proposals introduce events in kinds 65533-65535, which we're proposing as permanently non-deletable. Once you declare a key compromised or propose a rotation, that record stays forever. This prevents attackers from hiding their tracks and gives the community a permanent audit trail.
write
preview
related posts
223 sats \ 2 replies \ @BlokchainB 20 Nov
Very interesting. I think it’s ridiculous that nostr hasn’t solved the key rotation issue and every single nostr app asks for your nsec. Thus easily exposing your key
reply
55 sats \ 1 reply \ @Scoresby OP 20 Nov
Yes, I really don't like browser extensions. But I also dislike the experience of entering my nsec. Just feels like I'm playing with fire.
reply
0 sats \ 0 replies \ @BlokchainB 21 Nov
Yeah I use a throw away nsec to use all these apps
reply
102 sats \ 0 replies \ @freakoverseOG 21 Nov
1st one makes sense. 2nd one also makes sense but it's not necessarily near 100% right? So I'm thinking of two things:
I dabbled with the idea before with kind:0 can have a new content tag that specifies a proxy npub and nostr clients accommodate this, where you keep your main npub safe and put a more exposed npub in that kind:0 value, and clients that show kind:1 would show on your main profile posts from that proxy npub with a UI label saying that this is a proxy post, and people following your main would see posts from that proxy npub as if it was you.
This is both a preventative measure and a countermeasure. Decrease the chance of compromising your main npub, and in the case of a compromised proxy npub, you'd just swap to a new proxy npub.
That's the first thing. The other thing I'd want to mention is pre-setting a 'just in case' npub, where on nostr wallet/book creation (there's a complex way and a simple way, but let's go with the simpler one), you'd generate and attach an npub to the first one, and somewhere down the line, if it gets compromised then you'd using that 'just in case' npub and people would know, pretty much 100%, that npub is actually you and not compromised. This would also help with the first scenario you mentioned.
reply
0 sats \ 0 replies \ @Taj 20 Nov
Interesting post, if you look at gigi's npub it starts with npub1dergg. I thought fiatjaf had given him a preferential address but actually he 'mined' it himself
There could be a bridge rekey solution to create a dare I say it block chain history
But in the meantime Keychat is really a brilliant app that houses your nsec, you can use amber within keychat but then you're trusting amber
reply