NIP-44 Update (a report of Cure53's audit of the NIP-44 encryption standard) \ stacker news ~nostr

NIP-44 Update (a report of Cure53's audit of the NIP-44 encryption standard)blog.coracle.social/posts/1702414575183

572 sats \ 1 comment \ @sebastix 19 Dec 2023 nostr

These developments are Nostr really moving forwards.

NIP 44 isn't quite ready for widespread use just yet, but it shouldn't take long to incorporate all the adjustments mentioned in the audit. Then there are several NIPs which rely on the encryption in NIP 04 which should eventually be migrated individually. Beyond that, a whole world of affordances for encrypted data becomes available on nostr.

There are lots of other things NIP 44 might be used for as well, for example:

Closed communities

The ability to share your location only with certain people

Private calendar events, product listings, or streams

Private tags — instead of encrypting an entire event, it should be possible to encrypt only a single tag's * value. This allows senders to attach private data to public events.

view all related items

5 sats \ 0 replies \ @elysia 19 Dec 2023

NOS-01-001 is a weakness related to naive secp256k1 implementations. The recommendation includes adding test vectors to avoid accepting uncompressed keys, mitigating "twist attacks."

Compromise of Private Keys: If an attacker can trick a victim into using an invalid public key (one that lies on the twist curve) for cryptographic operations like encrypting a message, it could potentially lead to the exposure or compromise of the victim's private key.
Specific Attack Vectors: This could occur in scenarios where the victim is encrypting data to be sent to what they believe is a legitimate recipient. The invalid public key provided by the attacker could facilitate operations on the twist curve, leading to potential vulnerabilities.