Oddbean new post about | logout
 We can't.

Information "wants" to be archived. 
 I don’t know much about cryptography, but there’s probably a way to craft an arbitrarily weak private key that wouldn’t take much effort to break. This key could then be used to sign “ephemeral events.” If we want to mimic an ephemeral message lasting X seconds, the ephemeral key should have a corresponding level of difficulty to break within X seconds (not necessarily linear; this is just a simplistic example). If the message should "last" 10X seconds, the ephemeral private key should be 10X weaker, and so on.

In many cases, denying authorship is more critical than simply deleting an event. 

The good thing about this approach is that, after sending an ephemeral message (that may have a timestamp), as time passes, it becomes increasingly harder to assert with confidence that I was the original author.


cc: nostr:nprofile1qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqppemhxue69uhkummn9ekx7mp0qythwumn8ghj7anfw3hhytnwdaehgu339e3k7mf0qyghwumn8ghj7mn0wd68ytnhd9hx2tch2deau 
 That's a good idea. But OpenTimestamps ruins it.  
 A lightning payment or p2pk cashu token behind proof of work is an interesting concept that could provide an incentive to "expire" a message 
 It doesn’t need to be timestamped 
 The other day I was reading about ring signatures. I don’t know if they work for Nostr private keys, but if they do, we can use two private keys—the sender’s and a random one—in a ring signature. Then we can reveal an arbitrary part of the random private key in the “ephemeral message” so we can control how difficult it is to guess it. 
 The thing with time-stamping is you can't prevent someone else from time-stamping your data. If someone can prove that the signature existed prior to when someone else could have cracked the key, that's evidence that the signature wasn't faked. 
 You guys are much smarter than I am, but this was my best effort to express what I’d like to see in Nostr.
 
https://github.com/nostr-protocol/nips/pull/1595

cc: @fiatjaf @jb55 (that will probably my first and only NIP, I promise) 
 What do you think, nostr:nprofile1qqsrhuxx8l9ex335q7he0f09aej04zpazpl0ne2cgukyawd24mayt8gprfmhxue69uhhq7tjv9kkjepwve5kzar2v9nzucm0d5hszxmhwden5te0wfjkccte9emk2um5v4exucn5vvhxxmmd9uq3xamnwvaz7tmhda6zuat50phjummwv5hsx7c9z9? 
 Sounds pretty interesting, but I'm not sure that solves the problem you were talking about above. And I imagine that in practice it wouldn't work for whatever implementation reasons and game theory, but this is just my pessimism speaking.