Skip to content

Add NIP for PQ #2185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
trbouma wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add NIP for PQ #2185

trbouma wants to merge 1 commit into from

Conversation

@trbouma
Copy link

@trbouma trbouma commented Jan 9, 2026

Adding a NIP for post-quantum support in nostr

My repos is here:

https://github.com/trbouma/nips/blob/pqc/PQ.md

@staab
Copy link
Member

staab commented Jan 9, 2026

Neat. For completeness, what does this buy us? Private key brute force protection, signature forging?

@vitorpamplona
Copy link
Collaborator

vitorpamplona commented Jan 9, 2026

We will need to address NIP-44 encryptions with these new keys.

@trbouma
Copy link
Author

trbouma commented Jan 9, 2026

Neat. For completeness, what does this buy us? Private key brute force protection, signature forging?

The immediate thing is that it gives nostr a post-quantum narrative to fight the FUD and to illustrate that 'crypto-agillity' is easily do-able. This is actual advice I got from one the principals of the open quantum safe project in a converstation I had about a year ago.

I actually have it working with two algorithms - ML-DSA-44 and Falcon-512. I believe these algorithms are now readily available in OpenSSL. I also want to do the @fiatjaf approach - pick a curve and algorithm and run with it. ML-DSA-44 is the best suited for what we might need now. If later, we need other algorithms, we can add a ["alg"] tag, but I don't want to over-complicate it.

As for practical implementation, I think only super-high value events published by apps or authorities will use this - not individual users. I am already incorporating into my architecture and have so far concluded, that individual users don't need it. (See my response to @vitorpamplona 's comment)

@trbouma
Copy link
Author

trbouma commented Jan 9, 2026

We will need to address NIP-44 encryptions with these new keys.

NIP-44 is already quantum-safe. What makes it not 'quantum-safe' is using the nsec which could be exposed via the npub.

As for key agreement, that can be done with ML-KEM (key encapsulation method) - for NIP59 - this could be done with an additional NIP-44 encryption layer - I am investigating this.

As for users, to be quantum resistant, they will need to generate a separate encryption key that needs to be stored in some sort of enclave - not encrypted in a event. The could have their own quantum-safe public key, but these are huge and still need to be managed in an enclave so it doesn't buy the user anything.

As for quantum signatures, I am thinking of wrapping events (or records) with a post-quantum signed envelope - much like notarizing an already signed document. I plan to investigate this approach as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@trbouma @staab @vitorpamplona