This specification defines a Decentralized Identifier (DID)[[DID-CORE]] method for the Nostr network. Nostr is an open-source protocol that utilizes the W3C WebSockets standard.

Introduction

Core Concepts

Nostr DID Scheme

The Nostr DID scheme `did:nostr:pubkey` is based on the encoding of a public key. The public key is represented as a 64-character, lowercase string. The prefix did:nostr should be in lowercase, as per the DID specification.

Example Nostr DID: did:nostr:124c0fa99407182ece5a24fad9b7f6674902fc422843d3128d38a0afbee0fdd2.

Example DID

The following is a template for Nostr DIDs:

{
    "@context": ["https://w3id.org/did", "https://w3id.org/nostr/context"],
    "id": "did:nostr:124c0fa99407182ece5a24fad9b7f6674902fc422843d3128d38a0afbee0fdd2",
    "publicKey": [
       {
            "id": "did:nostr:124c0fa99407182ece5a24fad9b7f6674902fc422843d3128d38a0afbee0fdd2#key1",
            "controller": "did:nostr:124c0fa99407182ece5a24fad9b7f6674902fc422843d3128d38a0afbee0fdd2",
            "type": "SchnorrVerification2023"
        }
    ],
    "authentication": ["#key1"],
    "assertionMethod": ["#key1"]
}

A resolver MUST retrieve events from relays.

Additional Terminology

The term relay refers to a Nostr relay.

Operations

Create (Register)

Creating a did:nostr value consists of generating a cryptographic key pair and encoding the public key as a 64-character lowercase string.

Read (Resolve)

Reading a did:key value is a matter of deterministically expanding the value to a DID Document. This process is described in Section ยง 3.1 Create.

Update (Replace)

This DID Method does not support updating the DID Document.

Delete (Revoke)

This DID Method does not support deactivating the DID Document.

Security & Privacy

Security Considerations

DID method specifications MUST include their own Security Considerations sections. This section MUST consider all the requirements mentioned in section 5 of [RFC3552] (page 27) for the DID operations defined in the specification, including eavesdropping, replay, message insertion, deletion, modification, and man-in-the-middle. Potential denial of service attacks MUST be identified as well.

A full list of requirements for this section can be found at W3C Decentralized Identifiers 7.3

Privacy Considerations

DID method specifications MUST include their own Privacy Considerations sections to discuss any subsection of section 5 of [RFC6973] that could apply in a method-specific manner. The subsections to consider are: surveillance, stored data compromise, unsolicited traffic, misattribution, correlation, identification, secondary use, disclosure, exclusion.

A full list of requirements for this section can be found at W3C Decentralized Identifiers 7.4

Reference Implementations

Block, Inc. is developing a reference implementation in Rust at https://github.com/TBD54566975/did-nostr.

Resources