diff options
| author | Vitor Pamplona <vitor@vitorpamplona.com> | 2024-12-19 10:15:46 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-12-19 10:15:46 -0500 |
| commit | f7d97f3f40dc6677e6f996ffff431142ffe05810 (patch) | |
| tree | 2eaa8c8628cc9a4b05811ed3869e21221fd85307 /44.md | |
| parent | d5b77b6d7348061cd0f16adc35e4d02a3a0b7380 (diff) | |
| parent | 561059ff85c171b87a12b8381b724b4afc569a97 (diff) | |
Merge branch 'master' into draft-event
Diffstat (limited to '44.md')
| -rw-r--r-- | 44.md | 12 |
1 files changed, 7 insertions, 5 deletions
| @@ -1,5 +1,5 @@ | |||
| 1 | NIP-44 | 1 | NIP-44 |
| 2 | ===== | 2 | ====== |
| 3 | 3 | ||
| 4 | Encrypted Payloads (Versioned) | 4 | Encrypted Payloads (Versioned) |
| 5 | ------------------------------ | 5 | ------------------------------ |
| @@ -63,7 +63,7 @@ NIP-44 version 2 has the following design characteristics: | |||
| 63 | - SHA256 is used instead of SHA3 or BLAKE because it is already used in nostr. Also BLAKE's speed advantage | 63 | - SHA256 is used instead of SHA3 or BLAKE because it is already used in nostr. Also BLAKE's speed advantage |
| 64 | is smaller in non-parallel environments. | 64 | is smaller in non-parallel environments. |
| 65 | - A custom padding scheme is used instead of padmé because it provides better leakage reduction for small messages. | 65 | - A custom padding scheme is used instead of padmé because it provides better leakage reduction for small messages. |
| 66 | - Base64 encoding is used instead of another compression algorithm because it is widely available, and is already used in nostr. | 66 | - Base64 encoding is used instead of another encoding algorithm because it is widely available, and is already used in nostr. |
| 67 | 67 | ||
| 68 | ### Encryption | 68 | ### Encryption |
| 69 | 69 | ||
| @@ -86,7 +86,7 @@ NIP-44 version 2 has the following design characteristics: | |||
| 86 | - Content must be encoded from UTF-8 into byte array | 86 | - Content must be encoded from UTF-8 into byte array |
| 87 | - Validate plaintext length. Minimum is 1 byte, maximum is 65535 bytes | 87 | - Validate plaintext length. Minimum is 1 byte, maximum is 65535 bytes |
| 88 | - Padding format is: `[plaintext_length: u16][plaintext][zero_bytes]` | 88 | - Padding format is: `[plaintext_length: u16][plaintext][zero_bytes]` |
| 89 | - Padding algorithm is related to powers-of-two, with min padded msg size of 32 | 89 | - Padding algorithm is related to powers-of-two, with min padded msg size of 32bytes |
| 90 | - Plaintext length is encoded in big-endian as first 2 bytes of the padded blob | 90 | - Plaintext length is encoded in big-endian as first 2 bytes of the padded blob |
| 91 | 5. Encrypt padded content | 91 | 5. Encrypt padded content |
| 92 | - Use ChaCha20, with key and nonce from step 3 | 92 | - Use ChaCha20, with key and nonce from step 3 |
| @@ -142,12 +142,14 @@ validation rules, refer to BIP-340. | |||
| 142 | The operation produces a shared point, and we encode the shared point's 32-byte x coordinate, using method | 142 | The operation produces a shared point, and we encode the shared point's 32-byte x coordinate, using method |
| 143 | `bytes(P)` from BIP340. Private and public keys must be validated as per BIP340: pubkey must be a valid, | 143 | `bytes(P)` from BIP340. Private and public keys must be validated as per BIP340: pubkey must be a valid, |
| 144 | on-curve point, and private key must be a scalar in range `[1, secp256k1_order - 1]`. | 144 | on-curve point, and private key must be a scalar in range `[1, secp256k1_order - 1]`. |
| 145 | NIP44 doesn't do hashing of the output: keep this in mind, because some libraries hash it using sha256. | ||
| 146 | As an example, in libsecp256k1, unhashed version is available in `secp256k1_ec_pubkey_tweak_mul` | ||
| 145 | - Operators | 147 | - Operators |
| 146 | - `x[i:j]`, where `x` is a byte array and `i, j <= 0` returns a `(j - i)`-byte array with a copy of the | 148 | - `x[i:j]`, where `x` is a byte array and `i, j <= 0` returns a `(j - i)`-byte array with a copy of the |
| 147 | `i`-th byte (inclusive) to the `j`-th byte (exclusive) of `x`. | 149 | `i`-th byte (inclusive) to the `j`-th byte (exclusive) of `x`. |
| 148 | - Constants `c`: | 150 | - Constants `c`: |
| 149 | - `min_plaintext_size` is 1. 1b msg is padded to 32b. | 151 | - `min_plaintext_size` is 1. 1bytes msg is padded to 32bytes. |
| 150 | - `max_plaintext_size` is 65535 (64kb - 1). It is padded to 65536. | 152 | - `max_plaintext_size` is 65535 (64kB - 1). It is padded to 65536bytes. |
| 151 | - Functions | 153 | - Functions |
| 152 | - `base64_encode(string)` and `base64_decode(bytes)` are Base64 ([RFC 4648](https://datatracker.ietf.org/doc/html/rfc4648), with padding) | 154 | - `base64_encode(string)` and `base64_decode(bytes)` are Base64 ([RFC 4648](https://datatracker.ietf.org/doc/html/rfc4648), with padding) |
| 153 | - `concat` refers to byte array concatenation | 155 | - `concat` refers to byte array concatenation |