diff --git a/59.md b/59.md new file mode 100644 index 0000000000..7366f1bff3 --- /dev/null +++ b/59.md @@ -0,0 +1,69 @@ +NIP-59 +====== + +Gift Wrap +------------------------------- + +`draft` `optional` `author:kieran` + +This NIP defines a simple method to protect event metadata leakage by using randomly generated keys. + +A gift wrap event is a `kind 1059` event which wraps another event with a single use key. + +This event kind can be used to wrap DM's or other events which are considered private. + +This is similar in concept to [Onion Routing](https://en.wikipedia.org/wiki/Onion_routing). + +To wrap an event, sign it as usual then serialize it to JSON. This string should then be encrypted using NIP-44 with a different private key. + +Next, add the signed payload to the `content` field of a new `kind 1059` event, signed with the same key used to encrypt the content. + +The key used to sign the wrapper and encrypt its contents can be created using any appropriate strategy: +- For the strongest security guarantees, it SHOULD be randomly generated. +- The sender MAY use `sender private * event id mod curve.n` instead of a completely random key. If this is done, the sender can "retain access" to the sent message and is capable of decrypting, deleting or otherwise operating on the outer message. + +A `p` tag for the recipient MUST be added to the `tags` field on the outer event. To protect recipient +identity, this may be a regular pubkey, or one representing a group of people sharing a private key for +decryption. + +The sender MAY copy tags from the inner event to the outer event. This weakens privacy guarantees, +but may be useful to accommodate server-side filtering. A `k` tag MAY be added to the outer event to +denote the `kind` of the inner event. + +Example wrapped event: +```json +{ + "id": "0bb58c5e646ff1a310d888347cd392f0490d80d9ce963a43d10f0af0b3a92d58", + "pubkey": "67813274a3e44cc5f939cc29f1faa4e6b38f1ee4a22469262d6d9d19c377f027", + "content": "{\"ciphertext\":\"0s44ii9QNQMmKl/+Bmo0dUoVqCI3dqyPweoA1H06qkguf8u3Hr8sK7lUYKi/DHrR2PiLKuJRHC42mBn+e4jyM49yj+QL0cg3p5MbGiSmExEQPnofaBS6PtU/6Fa30XPNoywC9ptaPiDpEPNTxsI+LgCoCgUc3o9iJzKJRgzfaUVhjugjXmGw6Un8DgX7yfY3JBraxZClfC6FNV3yTtmRdi9AHmphJa5xW8l/XeI1k3C+Qv5z4mMI4GfiYXnqLbHtaMSeTaI31zmyr4nX9Bpnb14PSdiKpHEN1aAmJXgs/mXRw5KS44EDnjSJwItwow/yWNlGZZ2lT21ay9uc7LeD2rNOIOpW3xO5Pqd51NpYgjk+1lD9L8djQCpWRzsJoCr2/G1+qeGre+q/5g7re2aQbA3M9iSqEzBlkw841fq5AJYEDcsCXzFFQwo0ydJutBhzP2YOFuPbGgvWZat2bLRu26PZMMB3Z6ZprzyBrLIgZ4uOJ74/Rpflh4I5xl4r9Yvp37bLkxq25diG/78x0/AsBlgIJzMeNivZ7LCxm9a/nu5Ygj1H8g==\",\"nonce\":\"CvLX+kBOEBM5ZRm/I+4fncvGqbrcb6Dy\",\"v\":1}", + "kind": 1059, + "created_at": 1686840217, + "tags": [ + [ + "p", + "63fe6318dc58583cfe16810f86dd09e18bfd76aabc24a0081ce2856f330504ed" + ] + ], + "sig": "cdcc561865cc4f028311159a9417b717d93a681f957621052335bb3c581f85490cb3f596d251e92f7174d34eeb406ff009acde37588322fcb75c380e335a1b73" +} +``` + +The `content` is NIP-44 encrypted JSON string with the temporary key, this is the inner event: +```json +{ + "id": "a3b3d167f560e9d15434534ee7bf51cf272b15e40e3e9a64501fb83fd0f06326", + "pubkey": "63fe6318dc58583cfe16810f86dd09e18bfd76aabc24a0081ce2856f330504ed", + "content": "example", + "kind": 1, + "created_at": 1686840217, + "tags": [ + [ + "p", + "63fe6318dc58583cfe16810f86dd09e18bfd76aabc24a0081ce2856f330504ed" + ] + ], + "sig": "675a8cd35925928d6623ba18aea0eeb9691c462c59cac4a6441f9495eaec7182107ece7b7012bb628e28029f059362fcbce9bce3a00c05817480603d8f8112f5" +} +``` + +Clients can decrypt the gift wrapped event and can continue to work as normal. \ No newline at end of file