nips/76.md

85 lines
2.3 KiB
Markdown
Raw Normal View History

2024-09-13 16:56:50 +00:00
NIP-76
======
Relay Read Permissions
----------------------
`draft` `optional`
Tag names `rp` (read permission) and `prp` (probabilistic read permission) define which keys are authorized to download an event from the relay.
2024-09-13 17:00:08 +00:00
Events with an `rp` or `prp` require AUTH to be downloaded.
2024-09-13 16:56:50 +00:00
## Read Permission
The `rp` tag accepts a list of pubkeys
```json
["rp", "<pubkey1>", "<pubkey2>", "<pubkey3>"]
```
2024-09-13 16:59:01 +00:00
Relays MUST check if the authed user is one of the keys in the `rp` before sending the event to the client.
2024-09-13 16:56:50 +00:00
## Probabilistic Read Permissions
2024-09-13 17:09:07 +00:00
Probabilistic permissions use bloom filters that include a set of pubkeys. They are represented by a colon-separated value with:
1. the size of the bit array
2. the number of hashing rounds used by the filter
3. the bit array in Base64.
2024-09-13 16:56:50 +00:00
```json
2024-09-13 17:09:07 +00:00
["prp", "<BitArray Size>:<Rounds>:<base64>"]
2024-09-13 16:56:50 +00:00
```
2024-09-13 17:00:08 +00:00
Bloom filters MUST use `SHA-256` functions of the key + iterating index as the pseudocode below:
2024-09-13 16:56:50 +00:00
```js
2024-09-13 17:10:20 +00:00
class BloomFilter(size: Int, rounds: Int, buffer: ByteArray) {
2024-09-13 16:56:50 +00:00
val bits = BitArray(buffer)
fun bitIndex(value: ByteArray, index: Byte) {
return BigInt(sha256(value || index)) % size
}
fun add(pubkey: HexKey) {
val value = pubkey.hexToByteArray()
2024-09-13 17:10:20 +00:00
for (index in 0 until rounds) {
2024-09-13 16:56:50 +00:00
bits[bitIndex(value, index)] = true
}
}
fun mightContains(pubkey: HexKey): Boolean {
val value = pubkey.hexToByteArray()
2024-09-13 17:10:20 +00:00
for (index in 0 until rounds) {
2024-09-13 16:56:50 +00:00
if (!bits[bitIndex(value, index)]) {
return false
}
}
return true
}
fun encode() = size + ":" + rounds + ":" + base64Enc(bits.toByteArray()) // base64 might include extra 0 bits to fill the last byte
fun decode(str: String): BloomFilter {
val parts = str.split(":")
return BloomFilter(parts[0].toInt(), parts[1].toInt(), base64Decode(bits.toByteArray()))
}
}
```
Relays MUST check if the authed user is in the filter before returning the event.
### Test cases
2024-09-13 17:00:40 +00:00
The filter below has 100 bits, with 10 rounds of hashes that should be able to match 10,000,000 keys without a single false positive.
2024-09-13 16:56:50 +00:00
```json
["prp", "100:10:QGKCgBEBAAhIAApO"]
```
It includes keys `ca29c211f1c72d5b6622268ff43d2288ea2b2cb5b9aa196ff9f1704fc914b71b` and `460c25e682fda7832b52d1f22d3d22b3176d972f60dcdc3212ed8c92ef85065c`