aiolabs/nostrmarket
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases 1 Packages Wiki Activity Actions

Migrate private messaging from NIP-04 to NIP-17 #1

New issue
Open
opened 2026-01-01 20:43:33 +00:00 by padreug · 0 comments
padreug commented 2026-01-01 20:43:33 +00:00
Owner
Copy link

Problem

NIP-04 (the original Nostr direct message scheme) leaks significant metadata:

  • Recipient's public key is visible in event tags
  • Makes it possible to infer who is communicating with whom
  • Uses outdated encryption (AES-256-CBC with non-hashed ECDH key)
  • No forward secrecy

Solution

Migrate to NIP-17 which combines:

  • NIP-44 encryption (ChaCha20 with HKDF-derived conversation key)
  • NIP-59 gift-wrapping to hide the encrypted message inside another event

Privacy benefits of NIP-17:

  • No metadata leak - Participant identities are hidden
  • Hidden timestamps - Each message's real date/time is concealed
  • Hidden event kinds - Event types are obscured
  • Hidden tags - Other event tags are not visible publicly

Implementation Approach

Backwards compatible with deprecation warning:

  • Support receiving both NIP-04 (old) and NIP-17 (new) messages
  • Send new messages using NIP-17
  • Display a warning when receiving NIP-04 messages indicating the sender is using an outdated/less private protocol

Related

Both codebases use private messaging and should be updated to ensure interoperability.

References

## Problem NIP-04 (the original Nostr direct message scheme) leaks significant metadata: - Recipient's public key is visible in event tags - Makes it possible to infer who is communicating with whom - Uses outdated encryption (AES-256-CBC with non-hashed ECDH key) - No forward secrecy ## Solution Migrate to **NIP-17** which combines: - **NIP-44** encryption (ChaCha20 with HKDF-derived conversation key) - **NIP-59** gift-wrapping to hide the encrypted message inside another event ### Privacy benefits of NIP-17: - **No metadata leak** - Participant identities are hidden - **Hidden timestamps** - Each message's real date/time is concealed - **Hidden event kinds** - Event types are obscured - **Hidden tags** - Other event tags are not visible publicly ## Implementation Approach **Backwards compatible with deprecation warning:** - Support receiving both NIP-04 (old) and NIP-17 (new) messages - Send new messages using NIP-17 - Display a warning when receiving NIP-04 messages indicating the sender is using an outdated/less private protocol ## Related - aiolabs/webapp#10 - Same migration needed in the webapp Both codebases use private messaging and should be updated to ensure interoperability. ## References - [NIP-17 specification](https://www.e2encrypted.com/nostr/nips/17/) - [NIP-44 PR](https://github.com/nostr-protocol/nips/pull/574) - [NIP-59 improved direct messages](https://github.com/nostr-protocol/nips/pull/351) - [Nostr NIPs repository](https://github.com/nostr-protocol/nips)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
v0.0.1
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: aiolabs/nostrmarket#1
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?