shafemtol's avatar
shafemtol _@sha.femtol.net 2 years ago
I'd be uneasy about a supposed "shared secret" being put in a public `p` tag. Indeed, AIUI, using a silent inbox as presented here completely breaks the security of any past and future regular NIP-04 DMs between the same parties, because the same "shared secret" used for encryption in regular NIP-04 DMs is being used publicly in the silent inbox. An attacker doing trial and error decryption of NIP-04 DMs would be able to decrypt all regular DMs between the two, as well as deanonymize the silent inbox.
↑ Parent

Replies (3)

shafemtol's avatar
shafemtol _@sha.femtol.net 2 years ago
NIP-92: Rendezvous Beacons (draft;
GitHub
NIP-92: Rendezvous Beacons by shafemtol · Pull Request #333 · nostr-protocol/nips
Draft, a bit unstructured at the moment. Related: #306 Things that may be worth discussing at this point: expiration tag. Rendezvous beacons gene...
 ) enables anonymous establishment of communication between two parties, addressing the issue of receiving messages from unknown contacts. A shared secret is derived using ECDH like in NIP-04, but this shared secret is only used through *tagged hashes*, with a different tag (not to be confused with nostr tags) for each purpose. From the shared secret, a *rendezvous keypair* is established, where the sender knows the private key and the recipient knows the public key. This is done by tweaking the sender's key (an ephemeral key in the case of NIP-92) using a tweak value derived from the shared secret.
1 replies ↓
calle's avatar
calle calle@cashu.me 2 years ago
The shared secret is not the same key used for encrypting DM's. I don't understand how you believe that anyone would be able to decrypt anything.
1 replies ↓