### NOSTR Improvement Possibility (NIP): NPUB to Chaumian Ecash Token Anchoring for Identity Establishment
**NIP Number**: TBD
**NIP Title**: NPUB to Chaumian Ecash Token Anchoring for Identity and Web of Trust Support
**Author**: Brunswick nostr:nprofile1qqsvr6dt8ft292mv5jlt7382vje0mfq2ccc3azrt4p45v5sknj6kkscpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz9mhwden5te0wfjkccte9ec8y6tdv9kzumn9wshszyrhwden5te0dehhxarj9ekk7mf03umfwq
**Date**: 9/6/2024 blockheight 860202
**Status**: Draft r3
**Discussion**: "Proof of Bitcoin" nostr:nevent1qqsgdl5kuslsmeexjwt09hus8xz8gtxexf4kc87uy5xrcgre5v3mmlszyzan24d7taqk59avyrgtqlv0zjc3xufe6vayc8twkjfekv58dxzjyqcyqqqqq2q9jp7vl
---
#### **Abstract**
This NIP introduces a method to anchor a NOSTR Public Key (NPUB) to a Chaumian ecash Cashu token that is P2PK-locked to the NPUB, offering a decentralized and anonymous way to establish credibility on the NOSTR network. This method supplements the Web of Trust system, providing new users with an immediate credibility mechanism while they build their network. The proposal removes the need for additional message types, simplifying the process by allowing users to post or reference the token on their profile or through NOSTR notes.
---
#### **Motivation**
NOSTR currently lacks a clear and decentralized method for new users to establish credibility without relying on centralized services or domain-based verification. This creates a barrier for new users who do not have connections within a Web of Trust. While the Web of Trust remains a reliable long-term solution, new users need a bootstrap mechanism for credibility.
By using a Chaumian ecash Cashu token that is P2PK-locked to the NPUB, users can establish verifiable credibility without relying on a Bitcoin on-chain transaction. This proposal also simplifies the validation process, as the age and validity of the token can be checked against the Cashu mint.
---
#### **Use of Chaumian Ecash Cashu Tokens**
In this updated system:
- **Chaumian ecash Cashu tokens** are used to anchor NPUBs.
- Each token is **P2PK-locked** (Pay-to-Public-Key) to the user's NPUB.
- The token serves as proof of credibility, with its **age** verifiable through the Cashu mint.
- Users can post the token directly in their profile or reference a NOSTR note (kind 1) containing the token.
No additional message types are required, as the token itself carries all necessary information for validation.
---
#### **Integration with Web of Trust**
This token-based system serves as a **supplement** to the Web of Trust. While long-term credibility will be determined by the Web of Trust score, the token provides new users with an immediate credibility anchor until their Web of Trust connections are established.
- **Token Age as Credibility**: The credibility of the token is tied to its age, which can be validated against the Cashu mint.
- **Temporary Use**: Once users have established themselves within the Web of Trust, they may no longer need to rely on the token.
- **Flexible Trust System**: Clients and relays can prioritize posts based on Web of Trust scores or token credibility, reducing spam and bot interactions.
---
#### **Specification**
1. **Token Format**:
- A Chaumian ecash Cashu token that is P2PK-locked to the NPUB of the user.
- The token must be **posted** directly in the user’s profile or referenced in a NOSTR note (kind 1).
2. **Relay and Client Support**:
- Relays should handle tokens like other NOSTR metadata, enabling verification of the token's validity and age.
- Clients must support the ability to validate the token against the Cashu mint and factor it into the trust mechanism.
3. **Validation**:
- The token’s **age** can be verified by checking the Cashu mint for the duration it has been held above a set threshold (such as 100,000 SATs, or equivalent).
- Tokens that fall below the threshold or are revoked will reset the credibility score.
---
#### **Rationale**
This NIP provides a **lightweight, decentralized** method for new users to gain credibility on NOSTR without requiring on-chain Bitcoin transactions. The use of Chaumian ecash Cashu tokens is economical and maintains the privacy of users. It allows for easy validation and a straightforward process for establishing temporary credibility until Web of Trust connections are built.
This change eliminates the scalability concerns raised with the original proposal that relied on Bitcoin's on-chain UTXO limits, and it simplifies the process for clients and relays to implement.
---
#### **Backwards Compatibility**
This NIP remains fully compatible with existing standards such as NIP-05 and the Web of Trust. It acts as a **supplementary** method to provide a temporary credibility anchor and does not interfere with other identity systems.
---
#### **Security Considerations**
- **Token Security**: Users must ensure the security of their Chaumian ecash tokens. A compromised token could allow unauthorized individuals to claim credibility.
- **Mint Validation**: The Cashu mint should be trusted to provide reliable data for token age and validation, and its decentralization will impact the security model.
- **Spam Mitigation**: The use of tokens helps mitigate spam, but their value threshold must be set high enough to prevent abuse while remaining economical for users.
---
#### **References**
- [NIP-05](https://github.com/nostr-protocol/nips/blob/master/05.md): Mapping Nostr Public Keys to DNS-based Identities
- Chaumian Ecash: [Cashu Project Documentation](https://github.com/cashubtc)
---
#### **Acknowledgments**
Thanks to the Nostr and Bitcoin communities for feedback and technical insights that helped shape this proposal.
Proof-of-bitcoin identity anchoring:
nostr:nevent1qqswq6v7exjd907zns3mlukkrez9w9e8lhured35y90896fsfqyh9fqpz3mhxw309akx7cmpd35x7um58g6rsd3e9upzps0f4va9dg4tdjjta06yafjt9ldyptrrz85gdw5xk3jjz6wt266rqvzqqqqqqypu8gry
nostr:nprofile1qqs9pk20ctv9srrg9vr354p03v0rrgsqkpggh2u45va77zz4mu5p6ccpzemhxue69uhhyetvv9ujuvrcvd5xzapwvdhk6qgdwaehxw309aukzcn49ekk2qghwaehxw309aex2mrp0yh8x6tpd4ehgu3wvdhk60v82wz nostr:nprofile1qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqpzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tcpz9mhxue69uhkummnw3ezuamfdejj7qgwwaehxw309ahx7uewd3hkctcscpyug RFC
nostr:nevent1qqs8wraj30wgeyehxaxhmmlzrfx4sxrh970yhtyl7cyvd364dp6s50gpz3mhxw309akx7cmpd35x7um58g6rsd3e9upzps0f4va9dg4tdjjta06yafjt9ldyptrrz85gdw5xk3jjz6wt266rqvzqqqqqqy5eymtd
Its a demonstration that a web-of-trust, a trust-anchor, or some other means of authenticating valid npubs should be converged on by the community before the network becomes crippled by simple flood attacks.
nostr:nevent1qqswq6v7exjd907zns3mlukkrez9w9e8lhured35y90896fsfqyh9fqpzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtczyrq7n2e62632km9yh6l5f6nykt76gzkxxy0gs6agddr9y95uk445xqcyqqqqqqglqgnac
I'm glad you asked
nostr:nevent1qqswq6v7exjd907zns3mlukkrez9w9e8lhured35y90896fsfqyh9fqpzpmhxue69uhkummnw3ezumt0d5hsygxpax4n544z4dk2f04lgn4xfvha5s9vvvg73p46s66x2gtfedttgvpsgqqqqqqsef3eaa