Nostr NIPS 61
NIP-61:
Nut Zaps
A Nut Zap is a P2PK cashu token where the payment itself is the receipt.
High-level flow
Alice wants to nutzap 1 sat to Bob because of an event event-id-1
she liked.
Alice nutzaps Bob
- Alice fetches event
kind:10019
from Bob to see the mints Bob trusts. - She mints a token at that mint (or swaps some tokens she already had in that mint) p2pk-locked to the pubkey Bob has listed in his
kind:10019
. - She publishes a
kind:9321
event to the relays Bob indicated with the proofs she minted.
Bob receives the nutzap
- At some point, Bob’s client fetches
kind:9321
events p-tagging him from his relays. - Bob’s client swaps the token into his wallet.
Nutzap informational event
{
"kind": 10019,
"tags": [
[ "relay", "wss://relay1" ],
[ "relay", "wss://relay2" ],
[ "mint", "https://mint1", "usd", "sat" ],
[ "mint", "https://mint2", "sat" ],
[ "pubkey", "<p2pk-pubkey>" ]
]
}
kind:10019
is an event that is useful for others to know how to send money to the user.
relay
- Relays where the user will be reading token events from. If a user wants to send money to the user, they should write to these relays.mint
- Mints the user is explicitly agreeing to use to receive funds on. Clients SHOULD not send money on mints not listed here or risk burning their money. Additional markers can be used to list the supported base units of the mint.pubkey
- Pubkey that SHOULD be used to P2PK-lock receiving nutzaps. If not present, clients SHOULD use the pubkey of the recipient. This is explained in Appendix 1.
Nutzap event
Event kind:9321
is a nutzap event published by the sender, p-tagging the recipient. The outputs are P2PK-locked to the pubkey the recipient indicated in their kind:10019
event or to the recipient pubkey if the kind:10019
event doesn’t have a explicit pubkey.
Clients MUST prefix the pubkey they p2pk-lock with "02"
(for nostr<>cashu pubkey compatibility).
{
kind: 9321,
content: "Thanks for this great idea.",
pubkey: "sender-pubkey",
tags: [
[ "amount", "1" ],
[ "unit", "sat" ],
[ "proof", "{\"amount\":1,\"C\":\"02277c66191736eb72fce9d975d08e3191f8f96afb73ab1eec37e4465683066d3f\",\"id\":\"000a93d6f8a1d2c4\",\"secret\":\"[\\\"P2PK\\\",{\\\"nonce\\\":\\\"b00bdd0467b0090a25bdf2d2f0d45ac4e355c482c1418350f273a04fedaaee83\\\",\\\"data\\\":\\\"02eaee8939e3565e48cc62967e2fde9d8e2a4b3ec0081f29eceff5c64ef10ac1ed\\\"}]\"}" ],
[ "u", "https://stablenut.umint.cash", ],
[ "e", "<zapped-event-id>", "<relay-hint>" ],
[ "p", "e9fbced3a42dcf551486650cc752ab354347dd413b307484e4fd1818ab53f991" ], // recipient of nut zap
]
}
.content
is an optional comment for the nutzapamount
is a shorthand for the combined amount of all outputs. – Clients SHOULD validate that the sum of the amounts in the outputs matches.unit
is the base unit of the amount.proof
is one ore more proofs p2pk-locked to the pubkey the recipient specified in theirkind:10019
event.u
is the mint the URL of the mint EXACTLY as specified by the recipient’skind:10019
.e
zero or one event that is being nutzapped.p
exactly one pubkey, specifying the recipient of the nutzap.
WIP: Clients SHOULD embed a DLEQ proof in the nutzap event to make it possible to verify nutzaps without talking to the mint.
Sending a nutzap
- The sender fetches the recipient’s
kind:10019
. - The sender mints/swaps ecash on one of the recipient’s listed mints.
- The sender p2pk locks to the recipient’s specified pubkey in their
Receiving nutzaps
Clients should REQ for nut zaps:
- Filtering with
#u
for mints they expect to receive ecash from.- this is to prevent even interacting with mints the user hasn’t explicitly signaled.
- Filtering with
since
of the most recentkind:7376
event the same user has created.- this can be used as a marker of the nut zaps that have already been swaped by the user – clients might choose to use other kinds of markers, including internal state – this is just a guidance of one possible approach.
Clients MIGHT choose to use some kind of filtering (e.g. WoT) to ignore spam.
{ "kinds": [9321], "#p": "my-pubkey", "#u": [ "<mint-1>", "<mint-2>"], "since": <latest-created_at-of-kind-7376> }
.
Upon receiving a new nut zap, the client should swap the tokens into a wallet the user controls, either a [[NIP-60]] wallet, their own LN wallet or anything else.
Updating nutzap-redemption history
When claiming a token the client SHOULD create a kind:7376
event and e
tag the original nut zap event. This is to record that this token has already been claimed (and shouldn’t be attempted again) and as signaling to the recipient that the ecash has been redeemed.
Multiple kind:9321
events can be tagged in the same kind:7376
event.
{
"kind": 7376,
"content": nip44_encrypt([
[ "direction", "in" ], // in = received, out = sent
[ "amount", "1", "sat" ],
[ "e", "<7375-event-id>", "relay-hint", "created" ] // new token event that was created
]),
"tags": [
[ "a", "37375:<pubkey>:my-wallet" ], // an optional wallet tag
[ "e", "<9321-event-id>", "relay-hint", "redeemed" ], // nutzap event that has been redeemed
[ "p", "sender-pubkey" ] // pubkey of the author of the 9321 event (nutzap sender)
]
}
Events that redeem a nutzap SHOULD be published to the sender’s [[NIP-65]] relays.
Verifying a Cashu Zap
- Clients SHOULD check that the receiving user has issued a
kind:10019
tagging the mint where the cashu has been minted. - Clients SHOULD check that the token is locked to the pubkey the user has listed in their
kind:10019
.
Final Considerations
Clients SHOULD guide their users to use NUT-11 (P2PK) compatible-mints in their
kind:10019
event to avoid receiving nut zaps anyone can spendClients SHOULD normalize and deduplicate mint URLs as described in NIP-65.
A nut zap MUST be sent to a mint the recipient has listed in their
kind:10019
event or to the NIP-65 relays of the recipient, failure to do so may result in the recipient donating the tokens to the mint since the recipient might never see the event.
Appendix 1: Alternative P2PK pubkey
Clients might not have access to the user’s private key (i.e. NIP-07, NIP-46 signing) and, as such, the private key to sign cashu spends might not be available, which would make spending the P2PK incoming nutzaps impossible.
For this scenarios clients can:
- add a
pubkey
tag to thekind:10019
(indicating which pubkey senders should P2PK to) - store the private key in the
kind:37375
event in the nip44-encryptedcontent
field.
This is to avoid depending on NIP-07/46 adaptations to sign cashu payloads.
Source: nostr-protocol/nips/61.md version: ba46b23 2024-10-25T17:54:49+01:00