Adds optional nip60.signSecret()

[robwoodgate]

The PR clarifies and improves Nostr <---> Cashu interoperability by adding an optional signer signature for NUT-10 well-known secrets to NIP-60, NIP-07 and NIP-46

[fiatjaf]

I didn't look into the specifics but in general this sounds like a good idea.

[pablof7z]

Thank you sir - happy to make any tweaks if required. The only thing I haven't addressed, which could perhaps be improved, is a way to rotate keys in NIP-60 kind 17375 and NIP-61 kind 10019 events.

The goal would be to retain older privkeys, so a wallet can still unlock any older proofs after rotating a key.

This could be accomplished in a number of backwards compatible ways:

OPTION A: allow multiple privkey entries in a Nostr tag-like way (latest first):

{
    "kind": 17375,
    "content": nip44_encrypt([
        [ "privkey", "hexkey", "olderhexkey", "oldesthexkey" ],
        [ "mint", "https://mint1" ],
        [ "mint", "https://mint2" ]
    ]),
    "tags": []
}

OPTION B: add xprivkey tags for older keys:

{
    "kind": 17375,
    "content": nip44_encrypt([
        [ "privkey", "hexkey"],
        [ "mint", "https://mint1" ],
        [ "mint", "https://mint2" ]
        [ "xprivkey", "olderhexkey"],
        [ "xprivkey", "oldesthexkey"],
    ]),
    "tags": []
}

OPTION C: add a single xprivkey with all older privkeys:

{
    "kind": 17375,
    "content": nip44_encrypt([
        [ "privkey", "hexkey"],
        [ "mint", "https://mint1" ],
        [ "mint", "https://mint2" ]
        [ "xprivkeys", "olderhexkey", "oldesthexkey" ],
    ]),
    "tags": []
}

In all cases, keys can be rotated, the current privkey for the kind 10019 pubkey is clear, but a wallet can still fall back to older keys if a Proof is still locked to them.

If you have a preference or alternative suggestion, am happy to include it in this PR

This is kinda already covered by the backup key event; what I do in my implementation is, in addition to the privkey in the 17375, I load all the non-replaceable backup wallet events -- main reason for creating these events is in case a wallet misbehaves and wipes the 17375 we want to have a way to find the old key.

I then put all the pubkeys of the privkeys I have in a map and if when I want to redeem a nutzap I check the map for the right privkey.

Functionally, this is like "rotating" but there's no

[robwoodgate]

This is kinda already covered by the backup key event;

Thanks @pablof7z - Is that the 37375 addressable event I've seen floating around, or something else? Is there a PR or source I can see how this works?

I think, for now, I'll leave this PR as it is then. No sense trying to stuff too many changes in, though it's something that probably should be codified in the future.

[pablof7z]

This is kinda already covered by the backup key event;

Thanks @pablof7z - Is that the 37375 addressable event I've seen floating around, or something else? Is there a PR or source I can see how this works?

I think, for now, I'll leave this PR as it is then. No sense trying to stuff too many changes in, though it's something that probably should be codified in the future.

No, the 37375 was my overengineered-multi-wallet support, so basically its deprecated and replaced by 17375.

Wallet backup is kind:375: #1834

[robwoodgate]

No, the 37375 was my overengineered-multi-wallet support, so basically its deprecated and replaced by 17375.

Wallet backup is kind:375: #1834

Great solution to the key rotation/backup issue... love it

[mikedilger]

For nip46 I would just call it 'sign' and let it sign anything.

[robwoodgate]

For nip46 I would just call it 'sign' and let it sign anything.

No, the goal is to complete Cashu<>Nostr integration in a protocol friendly way, not to open the doors to arbitrary string signing, which is discussed in depth here: #1842

[robwoodgate]

Rebased to current master for easier merge

[robwoodgate]

Implementations using nip60.signSecret():

• Cashu Witness - to allow witness (signing) of P2PK locked multi-sig tokens
• Cashu Redeem - to redeem P2PK locked single-sig tokens
• nos2x - NIP-07 signer extension
• AKA profiles - NIP-07 signer extension

[robwoodgate]

Have rebased to master for easier merge. We have a fair range of apps supporting so far - can we please consider merging?

[robwoodgate]

Rebased to master for easier merge.

[robwoodgate]

Rebased to master for easier merge

[robwoodgate]

@pablof7z - I understand from Calle that we should be using one proof per proof tag.

ie:

["proof", "serializedproof1"],
["proof", "serializedproof2"],

NOT:

["proof", "serializedproof1", "serializedproof2",...],

This is clarified in this PR too,

[robwoodgate]

I have removed the NIP-61 tweaks from the PR, to make it less of an omnibus.

The related changes are covered by:

• NIP-61: optional k tag in kind:10019 events for reverse lookups #2105
• NIP-61 replay protection: commit to P and e in Cashu proof #2104
• Clarifications to NIP-61 #2107