Something like a key revocation scheme?
It's a central rule of cryptography in communication that the only way to prevent an attack that breaks the security is to not send it out, every time you publish a ciphertext you are exposing yourself to it being broken.
But in this case, it's just about the compromise of the key. So a key revocation protocol would be required in this case. This key would need to be generated at the same time as the main key. This would then inform the network that further publications from that key are post-compromise and would then eliminate the attack vector.
Something like that, but with key revocation you need to have a certification authority which doesn’t exist here since the keys are self-generated.
This is more of a one-time message that indicates that the npub has been compromised. The relays would still be free to ignore it unless it is core protocol.
Of course the person needs to know their keys were compromised in the first place (which they will not know unless the atacker publishes something or makes some other changes).
reply