From a784792bb438bad152b00bbef2af66896d0a11a8 Mon Sep 17 00:00:00 2001 From: Vitor Pamplona Date: Fri, 13 Sep 2024 12:56:50 -0400 Subject: [PATCH 1/9] read permissions --- 76.md | 81 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 76.md diff --git a/76.md b/76.md new file mode 100644 index 00000000..97f761d9 --- /dev/null +++ b/76.md @@ -0,0 +1,81 @@ +NIP-76 +====== + +Relay Read Permissions +---------------------- + +`draft` `optional` + +Tag names `rp` (read permission) and `prp` (probabilistic read permission) define which keys are authorized to download an event from the relay. + +Events that include an `rp` or `prp` require AUTH to be downloaded. + +## Read Permission + +The `rp` tag accepts a list of pubkeys + +```json +["rp", "", "", ""] +``` + +Relays MUST check if the authed user is one of the keys in the `rp` if present. + +## Probabilistic Read Permissions + +Bloom filters are bit arrays that encode keys `n` times. They are represented by a base64 encoded tag value with the `n` as the third element. + +```json +["prp", "::"] +``` + +Bloom filters MUST use `SHA-256` functions of the key + iterating index as the psedocode below: + +```js +class BloomFilter(size: Int, n: Int, buffer: ByteArray) { + val bits = BitArray(buffer) + + fun bitIndex(value: ByteArray, index: Byte) { + return BigInt(sha256(value || index)) % size + } + + fun add(pubkey: HexKey) { + val value = pubkey.hexToByteArray() + + for (index in 0..n) { + bits[bitIndex(value, index)] = true + } + } + + fun mightContains(pubkey: HexKey): Boolean { + val value = pubkey.hexToByteArray() + + for (index in 0..n) { + if (!bits[bitIndex(value, index)]) { + return false + } + } + + return true + } + + fun encode() = size + ":" + rounds + ":" + base64Enc(bits.toByteArray()) // base64 might include extra 0 bits to fill the last byte + + fun decode(str: String): BloomFilter { + val parts = str.split(":") + return BloomFilter(parts[0].toInt(), parts[1].toInt(), base64Decode(bits.toByteArray())) + } +} +``` + +Relays MUST check if the authed user is in the filter before returning the event. + +### Test cases + +The filter below has 100 bits, with 10 rounds or hashes that should be able to match 10,000,000 keys without a single false positive. + +```json +["prp", "100:10:QGKCgBEBAAhIAApO"] +``` + +It includes keys `ca29c211f1c72d5b6622268ff43d2288ea2b2cb5b9aa196ff9f1704fc914b71b` and `460c25e682fda7832b52d1f22d3d22b3176d972f60dcdc3212ed8c92ef85065c` + From bad139ed6e79b1fc9974c39fc7fcc5268f24384f Mon Sep 17 00:00:00 2001 From: Vitor Pamplona Date: Fri, 13 Sep 2024 12:59:01 -0400 Subject: [PATCH 2/9] adjustments --- 76.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/76.md b/76.md index 97f761d9..85b164e1 100644 --- a/76.md +++ b/76.md @@ -18,7 +18,7 @@ The `rp` tag accepts a list of pubkeys ["rp", "", "", ""] ``` -Relays MUST check if the authed user is one of the keys in the `rp` if present. +Relays MUST check if the authed user is one of the keys in the `rp` before sending the event to the client. ## Probabilistic Read Permissions From c4c2061ac3328c8a6ca207eb963650c7e4b86873 Mon Sep 17 00:00:00 2001 From: Vitor Pamplona Date: Fri, 13 Sep 2024 13:00:08 -0400 Subject: [PATCH 3/9] typos --- 76.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/76.md b/76.md index 85b164e1..f29a44c9 100644 --- a/76.md +++ b/76.md @@ -8,7 +8,7 @@ Relay Read Permissions Tag names `rp` (read permission) and `prp` (probabilistic read permission) define which keys are authorized to download an event from the relay. -Events that include an `rp` or `prp` require AUTH to be downloaded. +Events with an `rp` or `prp` require AUTH to be downloaded. ## Read Permission @@ -28,7 +28,7 @@ Bloom filters are bit arrays that encode keys `n` times. They are represented by ["prp", "::"] ``` -Bloom filters MUST use `SHA-256` functions of the key + iterating index as the psedocode below: +Bloom filters MUST use `SHA-256` functions of the key + iterating index as the pseudocode below: ```js class BloomFilter(size: Int, n: Int, buffer: ByteArray) { From c1649e45b84cb7b051ac552ead1b48c05cb14ad5 Mon Sep 17 00:00:00 2001 From: Vitor Pamplona Date: Fri, 13 Sep 2024 13:00:40 -0400 Subject: [PATCH 4/9] typos --- 76.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/76.md b/76.md index f29a44c9..c9457edf 100644 --- a/76.md +++ b/76.md @@ -71,7 +71,7 @@ Relays MUST check if the authed user is in the filter before returning the event ### Test cases -The filter below has 100 bits, with 10 rounds or hashes that should be able to match 10,000,000 keys without a single false positive. +The filter below has 100 bits, with 10 rounds of hashes that should be able to match 10,000,000 keys without a single false positive. ```json ["prp", "100:10:QGKCgBEBAAhIAApO"] From e71e3907a712ac17fb51f70beadeed8cbaf43d76 Mon Sep 17 00:00:00 2001 From: Vitor Pamplona Date: Fri, 13 Sep 2024 13:09:07 -0400 Subject: [PATCH 5/9] improves wording --- 76.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/76.md b/76.md index 85b164e1..141f82c6 100644 --- a/76.md +++ b/76.md @@ -22,10 +22,13 @@ Relays MUST check if the authed user is one of the keys in the `rp` before sendi ## Probabilistic Read Permissions -Bloom filters are bit arrays that encode keys `n` times. They are represented by a base64 encoded tag value with the `n` as the third element. +Probabilistic permissions use bloom filters that include a set of pubkeys. They are represented by a colon-separated value with: +1. the size of the bit array +2. the number of hashing rounds used by the filter +3. the bit array in Base64. ```json -["prp", "::"] +["prp", "::"] ``` Bloom filters MUST use `SHA-256` functions of the key + iterating index as the psedocode below: From 92d8bccc3e93283b3095ef39060ff7db7d35a154 Mon Sep 17 00:00:00 2001 From: Vitor Pamplona Date: Fri, 13 Sep 2024 13:10:20 -0400 Subject: [PATCH 6/9] fixes pseudo code --- 76.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/76.md b/76.md index 141f82c6..3b884714 100644 --- a/76.md +++ b/76.md @@ -34,7 +34,7 @@ Probabilistic permissions use bloom filters that include a set of pubkeys. They Bloom filters MUST use `SHA-256` functions of the key + iterating index as the psedocode below: ```js -class BloomFilter(size: Int, n: Int, buffer: ByteArray) { +class BloomFilter(size: Int, rounds: Int, buffer: ByteArray) { val bits = BitArray(buffer) fun bitIndex(value: ByteArray, index: Byte) { @@ -44,7 +44,7 @@ class BloomFilter(size: Int, n: Int, buffer: ByteArray) { fun add(pubkey: HexKey) { val value = pubkey.hexToByteArray() - for (index in 0..n) { + for (index in 0 until rounds) { bits[bitIndex(value, index)] = true } } @@ -52,7 +52,7 @@ class BloomFilter(size: Int, n: Int, buffer: ByteArray) { fun mightContains(pubkey: HexKey): Boolean { val value = pubkey.hexToByteArray() - for (index in 0..n) { + for (index in 0 until rounds) { if (!bits[bitIndex(value, index)]) { return false } From 36f9a2e58f6d2a9785fc50603fa78ada27d6b2d1 Mon Sep 17 00:00:00 2001 From: Vitor Pamplona Date: Fri, 13 Sep 2024 15:10:28 -0400 Subject: [PATCH 7/9] Fixes the pseudo code --- 76.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/76.md b/76.md index 408cb313..10f7cd4d 100644 --- a/76.md +++ b/76.md @@ -61,11 +61,13 @@ class BloomFilter(size: Int, rounds: Int, buffer: ByteArray) { return true } - fun encode() = size + ":" + rounds + ":" + base64Enc(bits.toByteArray()) // base64 might include extra 0 bits to fill the last byte + fun encode() { + return size + ":" + rounds + ":" + base64Encode(bits.toByteArray()) + } fun decode(str: String): BloomFilter { val parts = str.split(":") - return BloomFilter(parts[0].toInt(), parts[1].toInt(), base64Decode(bits.toByteArray())) + return BloomFilter(parts[0].toInt(), parts[1].toInt(), base64Decode(parts[2])) } } ``` From d60412c81f07f1a5bad2caf0d7523ae32eaa855b Mon Sep 17 00:00:00 2001 From: Vitor Pamplona Date: Fri, 13 Sep 2024 16:24:45 -0400 Subject: [PATCH 8/9] breaks the `rp` keys into multiple tags instead of a single list offers guidance for multiple `prp` tags to be a logical OR --- 76.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/76.md b/76.md index 10f7cd4d..3a49700c 100644 --- a/76.md +++ b/76.md @@ -12,26 +12,28 @@ Events with an `rp` or `prp` require AUTH to be downloaded. ## Read Permission -The `rp` tag accepts a list of pubkeys +The `rp` tag takes a pubkey. Multiple `rp` tags represent a logical OR. ```json -["rp", "", "", ""] +["rp", ""] +["rp", ""] +["rp", ""] ``` Relays MUST check if the authed user is one of the keys in the `rp` before sending the event to the client. ## Probabilistic Read Permissions -Probabilistic permissions use bloom filters that include a set of pubkeys. They are represented by a colon-separated value with: -1. the size of the bit array +Probabilistic permissions use bloom filters of a set of authorized pubkeys. They are represented by a colon-separated value with: +1. the number of bits in the bit array 2. the number of hashing rounds used by the filter 3. the bit array in Base64. ```json -["prp", "::"] +["prp", "::"] ``` -Bloom filters MUST use `SHA-256` functions of the key + iterating index as the pseudocode below: +Bloom filters MUST use `SHA256` functions of the key + iterating index as the pseudocode below demonstrates: ```js class BloomFilter(size: Int, rounds: Int, buffer: ByteArray) { @@ -74,6 +76,8 @@ class BloomFilter(size: Int, rounds: Int, buffer: ByteArray) { Relays MUST check if the authed user is in the filter before returning the event. +Multiple `prp` tags represent a logical OR. + ### Test cases The filter below has 100 bits, with 10 rounds of hashes that should be able to match 10,000,000 keys without a single false positive. From c47f5c0513682b0c667776562364d2e1869f0647 Mon Sep 17 00:00:00 2001 From: Vitor Pamplona Date: Sun, 15 Sep 2024 14:16:02 -0400 Subject: [PATCH 9/9] adds salt --- 76.md | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/76.md b/76.md index 3a49700c..adf4c865 100644 --- a/76.md +++ b/76.md @@ -6,13 +6,13 @@ Relay Read Permissions `draft` `optional` -Tag names `rp` (read permission) and `prp` (probabilistic read permission) define which keys are authorized to download an event from the relay. +Tags `rp` (read permission) and `prp` (probabilistic read permission) specify which keys are authorized to download an event from the relay. -Events with an `rp` or `prp` require AUTH to be downloaded. +Events tagged with `rp` or `prp` require AUTH for download. ## Read Permission -The `rp` tag takes a pubkey. Multiple `rp` tags represent a logical OR. +The `rp` tag takes a pubkey in lowercase hex as value. ```json ["rp", ""] @@ -20,27 +20,28 @@ The `rp` tag takes a pubkey. Multiple `rp` tags represent a logical OR. ["rp", ""] ``` -Relays MUST check if the authed user is one of the keys in the `rp` before sending the event to the client. +When responding to `REQ`s, if an event contains `rp` tags, relays MUST verify that the authenticated user is either the event's author or one of the keys in the `rp` set before delivering it to the client. ## Probabilistic Read Permissions -Probabilistic permissions use bloom filters of a set of authorized pubkeys. They are represented by a colon-separated value with: -1. the number of bits in the bit array -2. the number of hashing rounds used by the filter -3. the bit array in Base64. +Probabilistic permissions are implemented using Bloom filters that represent a set of authorized pubkeys. These permissions are expressed as a colon-separated value comprising: +1. the number of bits in the bit array, +2. the number of hash rounds applied, and +3. the bit array encoded in Base64. +4. the salt encoded in Base64. ```json -["prp", "::"] +["prp", ":::"] ``` -Bloom filters MUST use `SHA256` functions of the key + iterating index as the pseudocode below demonstrates: +Bloom filters MUST use `SHA256` functions applied to the concatenation of the key, salt, and index, as demonstrated in the pseudocode below: ```js -class BloomFilter(size: Int, rounds: Int, buffer: ByteArray) { +class BloomFilter(size: Int, rounds: Int, buffer: ByteArray, salt: ByteArray) { val bits = BitArray(buffer) fun bitIndex(value: ByteArray, index: Byte) { - return BigInt(sha256(value || index)) % size + return BigInt(sha256(value || salt || index)) % size } fun add(pubkey: HexKey) { @@ -64,26 +65,26 @@ class BloomFilter(size: Int, rounds: Int, buffer: ByteArray) { } fun encode() { - return size + ":" + rounds + ":" + base64Encode(bits.toByteArray()) + return size + ":" + rounds + ":" + base64Encode(bits.toByteArray()) + ":" + base64Encode(salt) } fun decode(str: String): BloomFilter { - val parts = str.split(":") - return BloomFilter(parts[0].toInt(), parts[1].toInt(), base64Decode(parts[2])) + val [sizeStr, roundsStr, bufferB64, saltB64] = str.split(":") + return BloomFilter(sizeStr.toInt(), roundsStr.toInt(), base64Decode(bufferB64), base64Decode(saltB64)) } } ``` -Relays MUST check if the authed user is in the filter before returning the event. +When responding to `REQ`s, if an event contains `prp` tags, relays MUST verify that the authenticated user is either the event's author or matches any of the filters before delivering it to the client. -Multiple `prp` tags represent a logical OR. +If both `rp` and `prp` tags are present, the authenticated user MUST either be in the `rp` set or match any `prp` filter. ### Test cases -The filter below has 100 bits, with 10 rounds of hashes that should be able to match 10,000,000 keys without a single false positive. +The filter below has 100 bits and uses 10 rounds of hashing, which should be capable of handling up to 10,000,000 keys without producing any false positives. ```json -["prp", "100:10:QGKCgBEBAAhIAApO"] +["prp", "100:10:AAAkAQANcYQFCQoB:hZkZYqqdxcE="] ``` It includes keys `ca29c211f1c72d5b6622268ff43d2288ea2b2cb5b9aa196ff9f1704fc914b71b` and `460c25e682fda7832b52d1f22d3d22b3176d972f60dcdc3212ed8c92ef85065c`