From d3f0ad8410b7eb1a47acb3d89e4a9ff413b6debd Mon Sep 17 00:00:00 2001 From: Martti Malmi Date: Mon, 24 Feb 2025 14:37:38 +0200 Subject: [PATCH 01/12] double ratchet --- 117.md | 366 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 118.md | 86 ++++++++++++++ 2 files changed, 452 insertions(+) create mode 100644 117.md create mode 100644 118.md diff --git a/117.md b/117.md new file mode 100644 index 00000000..037d2435 --- /dev/null +++ b/117.md @@ -0,0 +1,366 @@ +# NIP-117 + +## The Double Ratchet Algorithm + +The Double Ratchet is a key rotation algorithm for secure private messaging. + +It allows us to 1) communicate on Nostr without revealing metadata (who you are communicating with and when), and 2) keep your message history and future messages safe even if your main Nostr key is compromised. + +Additionally, it enables disappearing messages that become undecryptable when past message decryption keys are discarded after use. + +See also: [NIP-118](./118.md): Nostr Double Ratchet Invites + +### Overview + +"Double ratchet" means we use 2 "ratchets": cryptographic functions that can be rotated forward, but not backward: current keys can be used to derive next keys, but not the other way around. + +Ratchet 1 uses Diffie-Hellman (DH) shared secrets and is rotated each time the other participant acknowledges a new key we have sent along with a previous message. + +Ratchet 2 generates encryption keys for each message. It rotates after every message, using the previous message's key as input (and the Ratchet 1 key when it rotates). This process ensures forward secrecy for consecutive messages from the same sender in between Ratchet 1 rotations. + +## Nostr implementation + +We implement the Double Ratchet Algorithm on Nostr similarly to Signal's [Double Ratchet with header encryption](https://signal.org/docs/specifications/doubleratchet/#double-ratchet-with-header-encryption), but encrypting the message headers with [NIP-44](./44.md) conversation keys instead of symmetric header keys. + +Ratchet 1 keys are standard Nostr keys. In addition to encryption, they are also used for publishing and subscribing to messages on Nostr. As they are rotated and not linked to public Nostr identities, metadata privacy is preserved. + +## Nostr event format + +### Message + +#### Outer event + +```typescript +{ + kind: 1060, + content: encryptedInnerEvent, + tags: [["header", encryptedHeader]], + pubkey: ratchetPublicKey, + created_at, + id, + sig +} +``` + +We subscribe to Double Ratchet events based on author public keys which are ephemeral — not used for other purposes than the Double Ratchet session. We use the regular event kind `1060` to differentiate it from other DM kinds, retrieval of which may be restricted by relays. + +The encrypted header contains our next nostr public key, our previous sending chain length and the current message number. + +#### Inner event + +Inner events must be [NIP-59](https://github.com/nostr-protocol/nips/blob/master/59.md) Rumors (unsigned Nostr events) allowing plausible deniability. + +With established Nostr event kinds, clients can implement all kinds of features, such as replies, reactions, and encrypted file sharing in private messages. + +Direct message and encrypted file messages are defined in [NIP-17](https://github.com/nostr-protocol/nips/blob/master/17.md). + +## Algorithm + +Signal's [Double Ratchet with header encryption](https://signal.org/docs/specifications/doubleratchet/#double-ratchet-with-header-encryption) document is a comprehensive description and explanation of the algorithm. + +In this NIP, the algorithm is only described in code, in order to highlight differences to the Signal implementation. + +### External functions + +We use the following Nostr functions ([NIP-01](https://github.com/nostr-protocol/nips/blob/master/01.md)): + +- `generateSecretKey()` for creating Nostr private keys +- `finalizeEvent(partialEvent, secretKey)` for creating valid Nostr events with pubkey, id and signature + +We use [NIP-44](https://github.com/nostr-protocol/nips/blob/master/44.md) functions for encryption: + +- `nip44.encrypt` +- `nip44.decrypt` +- `nip44.getConversationKey` + +[NIP-59](https://github.com/nostr-protocol/nips/blob/master/59.md): + +- createRumor + +Key derivation function: + +```typescript +export function kdf( + input1: Uint8Array, + input2: Uint8Array = new Uint8Array(32), + numOutputs: number = 1 +): Uint8Array[] { + const prk = hkdf_extract(sha256, input1, input2); + + const outputs: Uint8Array[] = []; + for (let i = 1; i <= numOutputs; i++) { + outputs.push(hkdf_expand(sha256, prk, new Uint8Array([i]), 32)); + } + return outputs; +} +``` + +### Session state + +With this information you can start or continue a Double Ratchet session. Save it locally after each sent and received message. + +```typescript +interface SessionState { + theirCurrentNostrPublicKey?: string; + theirNextNostrPublicKey: string; + + ourCurrentNostrKey?: KeyPair; + ourNextNostrKey: KeyPair; + + rootKey: Uint8Array; + receivingChainKey?: Uint8Array; + sendingChainKey?: Uint8Array; + + sendingChainMessageNumber: number; + receivingChainMessageNumber: number; + previousSendingChainMessageCount: number; + + // Cache of message & header keys for handling out-of-order messages + // Indexed by Nostr public key, which you can use to resubscribe to unreceived messages + skippedKeys: { + [pubKey: string]: { + headerKeys: Uint8Array[]; + messageKeys: { [msgIndex: number]: Uint8Array }; + }; + }; +} +``` + +### Initialization + +```typescript +// Alice is the initiator of the channel and sends the first message +function initAlice( + theirNextNostrPublicKey: string, + ourCurrentPrivateKey: Uint8Array, + sharedSecret: Uint8Array +): SessionState { + // Generate next key for Alice + const ourNextPrivateKey = generateSecretKey(); + + // Derive root key and sending chain key + const [rootKey, sendingChainKey] = kdf( + sharedSecret, + nip44.getConversationKey(ourNextPrivateKey, theirNextNostrPublicKey), + 2 + ); + + return { + rootKey, + theirNextNostrPublicKey, + ourCurrentNostrKey: { + publicKey: getPublicKey(ourCurrentPrivateKey), + privateKey: ourCurrentPrivateKey, + }, + ourNextNostrKey: { + publicKey: getPublicKey(ourNextPrivateKey), + privateKey: ourNextPrivateKey, + }, + receivingChainKey: undefined, + sendingChainKey, + sendingChainMessageNumber: 0, + receivingChainMessageNumber: 0, + previousSendingChainMessageCount: 0, + skippedKeys: {}, + }; +} + +// Bob is the recipient of the first message +function initBob( + theirNextNostrPublicKey: string, + ourCurrentPrivateKey: Uint8Array, + sharedSecret: Uint8Array +): SessionState { + return { + rootKey: sharedSecret, // Bob starts with the shared secret as root key + theirNextNostrPublicKey, + ourCurrentNostrKey: undefined, // Bob has no current key yet + ourNextNostrKey: { + publicKey: getPublicKey(ourCurrentPrivateKey), + privateKey: ourCurrentPrivateKey, + }, + receivingChainKey: undefined, + sendingChainKey: undefined, // Bob hasn't sent anything yet + sendingChainMessageNumber: 0, + receivingChainMessageNumber: 0, + previousSendingChainMessageCount: 0, + skippedKeys: {}, + }; +} +``` + +### Sending messages + +```typescript +sendEvent(event: Partial) { + const innerEvent = nip59.createRumor(event) + const [header, encryptedData] = this.ratchetEncrypt(JSON.stringify(rumor)); + + const conversationKey = nip44.getConversationKey(this.state.ourCurrentNostrKey.privateKey, this.state.theirNextNostrPublicKey); + const encryptedHeader = nip44.encrypt(JSON.stringify(header), conversationKey); + + const outerEvent = finalizeEvent({ + content: encryptedData, + kind: MESSAGE_EVENT_KIND, + tags: [["header", encryptedHeader]], + created_at: Math.floor(now / 1000) + }, this.state.ourCurrentNostrKey.privateKey); + + // Publish outerEvent on Nostr, store inner locally if needed + return {outerEvent, innerEvent}; +} + +ratchetEncrypt(plaintext: string): [Header, string] { + // Rotate sending chain key + const [newSendingChainKey, messageKey] = kdf(this.state.sendingChainKey!, new Uint8Array([1]), 2); + this.state.sendingChainKey = newSendingChainKey; + const header: Header = { + number: this.state.sendingChainMessageNumber++, + nextPublicKey: this.state.ourNextNostrKey.publicKey, + previousChainLength: this.state.previousSendingChainMessageCount + }; + return [header, nip44.encrypt(plaintext, messageKey)]; +} +``` + +### Receiving messages + +```typescript +handleNostrEvent(e: NostrEvent) { + const [header, shouldRatchet, isSkipped] = this.decryptHeader(e); + + if (!isSkipped) { + if (this.state.theirNextNostrPublicKey !== header.nextPublicKey) { + // Received a new key from them + this.state.theirCurrentNostrPublicKey = this.state.theirNextNostrPublicKey; + this.state.theirNextNostrPublicKey = header.nextPublicKey; + this.updateNostrSubscriptions() + } + + if (shouldRatchet) { + this.skipMessageKeys(header.previousChainLength, e.pubkey); + this.ratchetStep(header.nextPublicKey); + } + } + +decryptHeader(event: any): [Header, boolean, boolean] { + const encryptedHeader = event.tags[0][1]; + if (this.state.ourCurrentNostrKey) { + const conversationKey = nip44.getConversationKey(this.state.ourCurrentNostrKey.privateKey, event.pubkey); + try { + const header = JSON.parse(nip44.decrypt(encryptedHeader, conversationKey)) as Header; + return [header, false, false]; + } catch (error) { + // Decryption with currentSecret failed, try with nextSecret + } + } + + const nextConversationKey = nip44.getConversationKey(this.state.ourNextNostrKey.privateKey, event.pubkey); + try { + const header = JSON.parse(nip44.decrypt(encryptedHeader, nextConversationKey)) as Header; + return [header, true, false]; + } catch (error) { + // Decryption with nextSecret also failed + } + + const skippedKeys = this.state.skippedKeys[event.pubkey]; + if (skippedKeys?.headerKeys) { + // Try skipped header keys + for (const key of skippedKeys.headerKeys) { + try { + const header = JSON.parse(nip44.decrypt(encryptedHeader, key)) as Header; + return [header, false, true]; + } catch (error) { + // Decryption failed, try next secret + } + } + } + + throw new Error("Failed to decrypt header with current and skipped header keys"); +} + +ratchetDecrypt(header: Header, ciphertext: string, nostrSender: string): string { + const plaintext = this.trySkippedMessageKeys(header, ciphertext, nostrSender); + if (plaintext) return plaintext; + + this.skipMessageKeys(header.number, nostrSender); + + // Rotate receiving key + const [newReceivingChainKey, messageKey] = kdf(this.state.receivingChainKey!, new Uint8Array([1]), 2); + this.state.receivingChainKey = newReceivingChainKey; + this.state.receivingChainMessageNumber++; + + return nip44.decrypt(ciphertext, messageKey); +} + +ratchetStep(theirNextNostrPublicKey: string) { + this.state.previousSendingChainMessageCount = this.state.sendingChainMessageNumber; + this.state.sendingChainMessageNumber = 0; + this.state.receivingChainMessageNumber = 0; + this.state.theirNextNostrPublicKey = theirNextNostrPublicKey; + + // 1st step yields the new conversation key they used + const conversationKey1 = nip44.getConversationKey(this.state.ourNextNostrKey.privateKey, this.state.theirNextNostrPublicKey!); + // and our corresponding receiving chain key + const [theirRootKey, receivingChainKey] = kdf(this.state.rootKey, conversationKey1, 2); + this.state.receivingChainKey = receivingChainKey; + + // Rotate our Nostr key + this.state.ourCurrentNostrKey = this.state.ourNextNostrKey; + const ourNextSecretKey = generateSecretKey(); + this.state.ourNextNostrKey = { + publicKey: getPublicKey(ourNextSecretKey), + privateKey: ourNextSecretKey + }; + + // 2nd step yields the new conversation key we'll use + const conversationKey2 = nip44.getConversationKey(this.state.ourNextNostrKey.privateKey, this.state.theirNextNostrPublicKey!); + // And our corresponding sending chain key + const [rootKey, sendingChainKey] = kdf(theirRootKey, conversationKey2, 2); + this.state.rootKey = rootKey; + this.state.sendingChainKey = sendingChainKey; +} + +skipMessageKeys(until: number, nostrSender: string) { + if (this.state.receivingChainMessageNumber + MAX_SKIP < until) { + throw new Error("Too many skipped messages"); + } + + if (!this.state.skippedKeys[nostrSender]) { + this.state.skippedKeys[nostrSender] = { + headerKeys: [], + messageKeys: {} + }; + + if (this.state.ourCurrentNostrKey) { + const currentSecret = nip44.getConversationKey(this.state.ourCurrentNostrKey.privateKey, nostrSender); + this.state.skippedKeys[nostrSender].headerKeys.push(currentSecret); + } + const nextSecret = nip44.getConversationKey(this.state.ourNextNostrKey.privateKey, nostrSender); + this.state.skippedKeys[nostrSender].headerKeys.push(nextSecret); + } + + while (this.state.receivingChainMessageNumber < until) { + const [newReceivingChainKey, messageKey] = kdf(this.state.receivingChainKey!, new Uint8Array([1]), 2); + this.state.receivingChainKey = newReceivingChainKey; + this.state.skippedKeys[nostrSender].messageKeys[this.state.receivingChainMessageNumber] = messageKey; + this.state.receivingChainMessageNumber++; + } +} + +trySkippedMessageKeys(header: Header, ciphertext: string, nostrSender: string): string | null { + const skippedKeys = this.state.skippedKeys[nostrSender]; + if (!skippedKeys) return null; + + const messageKey = skippedKeys.messageKeys[header.number]; + if (!messageKey) return null; + + delete skippedKeys.messageKeys[header.number]; + + if (Object.keys(skippedKeys.messageKeys).length === 0) { + delete this.state.skippedKeys[nostrSender]; + } + + return nip44.decrypt(ciphertext, messageKey); +} +``` diff --git a/118.md b/118.md new file mode 100644 index 00000000..db037c78 --- /dev/null +++ b/118.md @@ -0,0 +1,86 @@ +# NIP-118 + +## Nostr Double Ratchet Invites + +In order to start a [NIP-117](./117.md) Nostr Double Ratchet session, Alice and Bob need to exchange ephemeral public keys and a shared secret. + +In a Nostr Double Ratchet invite, Alice gives Bob her + +- ephemeral public key, which is also used to respond to the invite on Nostr, +- shared secret, and +- Nostr identity public key, which is used to authenticate the exchange. + +### Nostr event + +Publishing an invite event on Nostr allows other users to start a Double Ratchet session with you. + +```typescript +{ + pubkey: inviterIdentityKey, + content: '', + tags: [ + ['d', `double-ratchet/invites/${uid}`], // uid: unique name for the invitation, e.g. "public" + ['l', 'double-ratchet/invites'], // label, for listing all your invites + ['ephemeralKey', inviterEphemeralKey], + ['sharedSecret', sharedSecret] + ], + kind: 30078, + created_at, + id, + sig +} +``` + +`l` is a [NIP-32](https://github.com/nostr-protocol/nips/blob/master/32.md) label tag that can be used to list your invites. We use this approach with [NIP-78](./78.md) application specific data kind `30078` in order to not bloat the event kind space and instead have a human-readable label. + +### URL + +Invites can be also shared privately, without requiring a Nostr event. This improves privacy, removing the public association between the inviter and response. + +URL and QR code are often convenient ways to share privately, especially when the other user is not yet on Nostr. Format: + +```typescript +const invite = { inviter, ephemeralKey, sharedSecret }; +const json = JSON.stringify(invite); +const url = `https://example.com/#${encodeURIComponent(json)}`; +``` + +Encoding the invite into the URL hash ensures it's not sent to the server and logged by default. + +`nostr:` URI scheme is another possible way to share invites, when we have native clients supporting the feature. + +### Invite response + +#### Outer event + +Invite response outer event is a [NIP-59](https://github.com/nostr-protocol/nips/blob/master/59.md) gift wrap event of kind `1059`, sent from a random, one-time-use pubkey, hiding the responder's identity from the public. + +It is addressed to the ephemeral key in the invite. If the invite was publicly shared, responses can be publicly associated to the inviter. + +#### Inner event + +[NIP-59](https://github.com/nostr-protocol/nips/blob/master/59.md) Rumor. + +```typescript +const conversationKey = nip44.getConversationKey( + inviteeKeyPair, + inviterPublicKey +); +const encrypted1 = encrypt(inviteeEphemeralKey, conversationKey); +const encrypted2 = encrypt(encrypted1, sharedSecret); + +const rumor = { + pubkey: inviteePublicKey, + kind: 1060, + content: encrypted2, + tags: [], + createdAt, + id, +}; +``` + +After receiving the invite response, both parties have what they need to start a double ratchet session: each others' ephemeral public keys and a shared secret. + +Both parties have authenticated by encrypting or decrypting using their nip44 conversation key. + +The shared secret from the invite is used in the response to ensure that only actual recipients of the invite can follow it. Otherwise, attackers could initiate double ratchet sessions by sending invite responses to all addresses that received gift wraps, some of which are private invite addresses. From 9d0408e8e485c4a706cf06303534bf4473f9ef27 Mon Sep 17 00:00:00 2001 From: Martti Malmi Date: Thu, 27 Feb 2025 23:52:05 +0200 Subject: [PATCH 02/12] Update 117.md Co-authored-by: reis <1l0@users.noreply.github.com> --- 117.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/117.md b/117.md index 037d2435..4753c6dc 100644 --- a/117.md +++ b/117.md @@ -194,7 +194,7 @@ function initBob( ```typescript sendEvent(event: Partial) { const innerEvent = nip59.createRumor(event) - const [header, encryptedData] = this.ratchetEncrypt(JSON.stringify(rumor)); + const [header, encryptedData] = this.ratchetEncrypt(JSON.stringify(innerEvent)); const conversationKey = nip44.getConversationKey(this.state.ourCurrentNostrKey.privateKey, this.state.theirNextNostrPublicKey); const encryptedHeader = nip44.encrypt(JSON.stringify(header), conversationKey); From bd6c96cf69df77ea296b09238851b2a6277cdd66 Mon Sep 17 00:00:00 2001 From: Martti Malmi Date: Fri, 28 Feb 2025 00:19:04 +0200 Subject: [PATCH 03/12] better initialization code --- 117.md | 59 ++++++++++++++++++++++++++-------------------------------- 1 file changed, 26 insertions(+), 33 deletions(-) diff --git a/117.md b/117.md index 4753c6dc..e6e3c0b3 100644 --- a/117.md +++ b/117.md @@ -128,34 +128,29 @@ interface SessionState { ### Initialization -```typescript -// Alice is the initiator of the channel and sends the first message -function initAlice( - theirNextNostrPublicKey: string, - ourCurrentPrivateKey: Uint8Array, - sharedSecret: Uint8Array -): SessionState { - // Generate next key for Alice - const ourNextPrivateKey = generateSecretKey(); +Alice is the chat initiator and Bob is the recipient. Ephemeral keys were exchanged earlier. - // Derive root key and sending chain key +```typescript +static initAlice( + theirEphemeralPublicKey: string, + ourEphemeralNostrKey: KeyPair, + sharedSecret: Uint8Array +) { + // Generate ephemeral key for the next ratchet step + const ourNextNostrKey = generateSecretKey(); + + // Use ephemeral ECDH to derive rootKey and sendingChainKey const [rootKey, sendingChainKey] = kdf( sharedSecret, - nip44.getConversationKey(ourNextPrivateKey, theirNextNostrPublicKey), + nip44.getConversationKey(ourEphemeralNostrKey.private, theirEphemeralPublicKey), 2 ); return { rootKey, - theirNextNostrPublicKey, - ourCurrentNostrKey: { - publicKey: getPublicKey(ourCurrentPrivateKey), - privateKey: ourCurrentPrivateKey, - }, - ourNextNostrKey: { - publicKey: getPublicKey(ourNextPrivateKey), - privateKey: ourNextPrivateKey, - }, + theirNextNostrPublicKey: theirEphemeralPublicKey, + ourCurrentNostrKey: ourEphemeralNostrKey, + ourNextNostrKey, receivingChainKey: undefined, sendingChainKey, sendingChainMessageNumber: 0, @@ -165,28 +160,26 @@ function initAlice( }; } -// Bob is the recipient of the first message -function initBob( - theirNextNostrPublicKey: string, - ourCurrentPrivateKey: Uint8Array, +static initBob( + theirEphemeralPublicKey: string, + ourEphemeralNostrKey: KeyPair, sharedSecret: Uint8Array -): SessionState { +) { return { - rootKey: sharedSecret, // Bob starts with the shared secret as root key - theirNextNostrPublicKey, - ourCurrentNostrKey: undefined, // Bob has no current key yet - ourNextNostrKey: { - publicKey: getPublicKey(ourCurrentPrivateKey), - privateKey: ourCurrentPrivateKey, - }, + rootKey: sharedSecret, + theirNextNostrPublicKey: theirEphemeralPublicKey, + // Bob has no ‘current’ key at init time — Alice will send to next and trigger a ratchet step + ourCurrentNostrKey: undefined, + ourNextNostrKey: ourEphemeralNostrKey, receivingChainKey: undefined, - sendingChainKey: undefined, // Bob hasn't sent anything yet + sendingChainKey: undefined, sendingChainMessageNumber: 0, receivingChainMessageNumber: 0, previousSendingChainMessageCount: 0, skippedKeys: {}, }; } + ``` ### Sending messages From d7926ee80bdc889d691bd74acddf3280591628db Mon Sep 17 00:00:00 2001 From: Martti Malmi Date: Fri, 28 Feb 2025 00:31:12 +0200 Subject: [PATCH 04/12] add recommendation to use recipient inbox relays --- 117.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/117.md b/117.md index e6e3c0b3..e6d584d1 100644 --- a/117.md +++ b/117.md @@ -46,6 +46,8 @@ We subscribe to Double Ratchet events based on author public keys which are ephe The encrypted header contains our next nostr public key, our previous sending chain length and the current message number. +The events should be sent to the recipient's inbox relays. + #### Inner event Inner events must be [NIP-59](https://github.com/nostr-protocol/nips/blob/master/59.md) Rumors (unsigned Nostr events) allowing plausible deniability. From f29a94c3c820052e76589f3c7797008e5f31f41f Mon Sep 17 00:00:00 2001 From: Martti Malmi Date: Tue, 4 Mar 2025 10:36:59 +0200 Subject: [PATCH 05/12] Update 117.md Co-authored-by: Awiteb --- 117.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/117.md b/117.md index e6d584d1..26e649cb 100644 --- a/117.md +++ b/117.md @@ -50,7 +50,7 @@ The events should be sent to the recipient's inbox relays. #### Inner event -Inner events must be [NIP-59](https://github.com/nostr-protocol/nips/blob/master/59.md) Rumors (unsigned Nostr events) allowing plausible deniability. +Inner events must be [NIP-59](59.md) Rumors (unsigned Nostr events) allowing plausible deniability. With established Nostr event kinds, clients can implement all kinds of features, such as replies, reactions, and encrypted file sharing in private messages. From b0a859669b0f74f5ed83ba08f5bb4c1b8a133d59 Mon Sep 17 00:00:00 2001 From: Martti Malmi Date: Tue, 4 Mar 2025 10:37:10 +0200 Subject: [PATCH 06/12] Update 117.md Co-authored-by: Awiteb --- 117.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/117.md b/117.md index 26e649cb..4cb43ebf 100644 --- a/117.md +++ b/117.md @@ -54,7 +54,7 @@ Inner events must be [NIP-59](59.md) Rumors (unsigned Nostr events) allowing pla With established Nostr event kinds, clients can implement all kinds of features, such as replies, reactions, and encrypted file sharing in private messages. -Direct message and encrypted file messages are defined in [NIP-17](https://github.com/nostr-protocol/nips/blob/master/17.md). +Direct message and encrypted file messages are defined in [NIP-17](17.md). ## Algorithm From ae894d7a73b113e2a4c3071340f934fbc75dbfac Mon Sep 17 00:00:00 2001 From: Martti Malmi Date: Tue, 4 Mar 2025 10:37:20 +0200 Subject: [PATCH 07/12] Update 117.md Co-authored-by: Awiteb --- 117.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/117.md b/117.md index 4cb43ebf..ba4b5037 100644 --- a/117.md +++ b/117.md @@ -64,7 +64,7 @@ In this NIP, the algorithm is only described in code, in order to highlight diff ### External functions -We use the following Nostr functions ([NIP-01](https://github.com/nostr-protocol/nips/blob/master/01.md)): +We use the following Nostr functions ([NIP-01](01.md)): - `generateSecretKey()` for creating Nostr private keys - `finalizeEvent(partialEvent, secretKey)` for creating valid Nostr events with pubkey, id and signature From 8a2960ce128c4d5b171edb82d4ac5d15cfd2e0c5 Mon Sep 17 00:00:00 2001 From: Martti Malmi Date: Tue, 4 Mar 2025 10:37:27 +0200 Subject: [PATCH 08/12] Update 117.md Co-authored-by: Awiteb --- 117.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/117.md b/117.md index ba4b5037..f863c2b8 100644 --- a/117.md +++ b/117.md @@ -69,7 +69,7 @@ We use the following Nostr functions ([NIP-01](01.md)): - `generateSecretKey()` for creating Nostr private keys - `finalizeEvent(partialEvent, secretKey)` for creating valid Nostr events with pubkey, id and signature -We use [NIP-44](https://github.com/nostr-protocol/nips/blob/master/44.md) functions for encryption: +We use [NIP-44](44.md) functions for encryption: - `nip44.encrypt` - `nip44.decrypt` From d487ddd1b452a2260d7563624ebc9fc56bb6e5e1 Mon Sep 17 00:00:00 2001 From: Martti Malmi Date: Tue, 4 Mar 2025 10:37:36 +0200 Subject: [PATCH 09/12] Update 117.md Co-authored-by: Awiteb --- 117.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/117.md b/117.md index f863c2b8..d7e93a0b 100644 --- a/117.md +++ b/117.md @@ -75,7 +75,7 @@ We use [NIP-44](44.md) functions for encryption: - `nip44.decrypt` - `nip44.getConversationKey` -[NIP-59](https://github.com/nostr-protocol/nips/blob/master/59.md): +[NIP-59](59.md): - createRumor From e00080fc3b18fc10dd05965abb104c915c28c4c7 Mon Sep 17 00:00:00 2001 From: Martti Malmi Date: Tue, 4 Mar 2025 10:37:44 +0200 Subject: [PATCH 10/12] Update 118.md Co-authored-by: Awiteb --- 118.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/118.md b/118.md index db037c78..b9466dff 100644 --- a/118.md +++ b/118.md @@ -31,7 +31,7 @@ Publishing an invite event on Nostr allows other users to start a Double Ratchet } ``` -`l` is a [NIP-32](https://github.com/nostr-protocol/nips/blob/master/32.md) label tag that can be used to list your invites. We use this approach with [NIP-78](./78.md) application specific data kind `30078` in order to not bloat the event kind space and instead have a human-readable label. +`l` is a [NIP-32](32.md) label tag that can be used to list your invites. We use this approach with [NIP-78](./78.md) application specific data kind `30078` in order to not bloat the event kind space and instead have a human-readable label. ### URL From e7ecfe26a8da157026783bac5ddf2b5297809d82 Mon Sep 17 00:00:00 2001 From: Martti Malmi Date: Tue, 4 Mar 2025 10:37:52 +0200 Subject: [PATCH 11/12] Update 118.md Co-authored-by: Awiteb --- 118.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/118.md b/118.md index b9466dff..f0cb46fc 100644 --- a/118.md +++ b/118.md @@ -53,7 +53,7 @@ Encoding the invite into the URL hash ensures it's not sent to the server and lo #### Outer event -Invite response outer event is a [NIP-59](https://github.com/nostr-protocol/nips/blob/master/59.md) gift wrap event of kind `1059`, sent from a random, one-time-use pubkey, hiding the responder's identity from the public. +Invite response outer event is a [NIP-59](59.md) gift wrap event of kind `1059`, sent from a random, one-time-use pubkey, hiding the responder's identity from the public. It is addressed to the ephemeral key in the invite. If the invite was publicly shared, responses can be publicly associated to the inviter. From 3d5b279108c712de9b3288a68e86d96da8f7d73a Mon Sep 17 00:00:00 2001 From: Martti Malmi Date: Tue, 4 Mar 2025 10:38:04 +0200 Subject: [PATCH 12/12] Update 118.md Co-authored-by: Awiteb --- 118.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/118.md b/118.md index f0cb46fc..6c7c54ef 100644 --- a/118.md +++ b/118.md @@ -59,7 +59,7 @@ It is addressed to the ephemeral key in the invite. If the invite was publicly s #### Inner event -[NIP-59](https://github.com/nostr-protocol/nips/blob/master/59.md) Rumor. +[NIP-59](59.md) Rumor. ```typescript const conversationKey = nip44.getConversationKey(