Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NIP-88: Discreet Log Contracts over Nostr #919

Draft
wants to merge 5 commits into
base: master
Choose a base branch
from

Conversation

benthecarman
Copy link
Contributor

Still pretty heavy WIP but wanted to get it out there for other people's feedback in nostr and DLC communities.

Will be implementing this in: MutinyWallet/mutiny-node#888

@bennyhodl
Copy link

Would using NIP-44, if merged, be a better option?

Instead of having to generate child keys for different contracts?

@benthecarman
Copy link
Contributor Author

Would using NIP-44, if merged, be a better option?

Instead of having to generate child keys for different contracts?

Tried to read through and it is just a bunch of python code. But yeah not having to derive individual keys for every contract would be a benefit

@staab
Copy link
Member

staab commented Dec 6, 2023

NIP 44 is currently being audited, it should be done pretttty soon.

@erskingardner
Copy link
Contributor

I'd be super curious to hear more about the use case you're planning on implementing in Mutiny (if you want to talk about it publicly). You mentioned betting and a marketplace for DLCs in the NIP draft. Is this mostly about wagers/bets with friends?

@benthecarman
Copy link
Contributor Author

I'd be super curious to hear more about the use case you're planning on implementing in Mutiny (if you want to talk about it publicly). You mentioned betting and a marketplace for DLCs in the NIP draft. Is this mostly about wagers/bets with friends?

Yes, but can also be for financial things like creating pseudo stable coins

@tvolk131
Copy link

tvolk131 commented Dec 9, 2023

I'm working on a team that's building a bounty adjudication system using DLCs and we were already planning on using Nostr as the communication protocol so it's awesome to see this spec proposed! For our use-case, we need a way for a potential participant in a DLC to request that an oracle create a new event announcement that it can then use. The announcement would be for a particular bounty, and if the oracle created the announcement it would be signing up to adjudicate whether the bounty is completed in the future. Would it make sense to add some method of requesting an oracle to create an announcement for an event? I would guess there are other potential use-cases for such behavior.

88.md Outdated Show resolved Hide resolved
88.md Outdated Show resolved Hide resolved
88.md Show resolved Hide resolved
@bennyhodl
Copy link

I'm working on a team that's building a bounty adjudication system using DLCs and we were already planning on using Nostr as the communication protocol so it's awesome to see this spec proposed! For our use-case, we need a way for a potential participant in a DLC to request that an oracle create a new event announcement that it can then use. The announcement would be for a particular bounty, and if the oracle created the announcement it would be signing up to adjudicate whether the bounty is completed in the future. Would it make sense to add some method of requesting an oracle to create an announcement for an event? I would guess there are other potential use-cases for such behavior.

Maybe having a discovery kind for Oracles? Or it could be similar NIP-11 that flags the API's that the Oracle could attest to.

@benthecarman
Copy link
Contributor Author

I'm working on a team that's building a bounty adjudication system using DLCs and we were already planning on using Nostr as the communication protocol so it's awesome to see this spec proposed! For our use-case, we need a way for a potential participant in a DLC to request that an oracle create a new event announcement that it can then use. The announcement would be for a particular bounty, and if the oracle created the announcement it would be signing up to adjudicate whether the bounty is completed in the future. Would it make sense to add some method of requesting an oracle to create an announcement for an event? I would guess there are other potential use-cases for such behavior.

Tbh this sounds out of scope and more applicable to something like DVMs

@benthecarman benthecarman force-pushed the dlcs branch 2 times, most recently from 73fb2d1 to c7482c7 Compare December 13, 2023 04:18
@bennyhodl
Copy link

I don't think DLC messages should be ephemeral. It would cause issues of clients not being connected to completely miss messages.

I think that when an unseen event is received by a client it should request the event to be deleted with https://github.com/nostr-protocol/nips/blob/master/09.md and only be stored on the client side.

@benthecarman
Copy link
Contributor Author

benthecarman commented Jan 10, 2024

I don't think DLC messages should be ephemeral. It would cause issues of clients not being connected to completely miss messages.

Agreed, there isn't really a message type that works well for this however. What mutiny does for nwc would be ideal but this isn't standardized. What we do is store the event until it gets a reply from the correct pubkey.

I think that when an unseen event is received by a client it should request the event to be deleted with master/09.md and only be stored on the client side.

Most relays don't implement deletion AFIAK and isn't really reliable because someone can just rebroadcast the event, or it might be on another relay.

@benthecarman
Copy link
Contributor Author

I don't think DLC messages should be ephemeral. It would cause issues of clients not being connected to completely miss messages.

I think that when an unseen event is received by a client it should request the event to be deleted with master/09.md and only be stored on the client side.

Changed to kind 8,888, just a normal event. I think this is best, then the user can just timestamp and sync dlc messages from their last known checkpoint.

Copy link

@conduition conduition left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The draft looks great! I'm personally looking forward to moving my oracle to Nostr. This would make DLCs far more easily consumable by clients.

This NIP combined with the ECash DLCs NUT could be extremely powerful.

@benthecarman Are you still working on this? If not I'd be happy to continue the effort.

this has various problems: it requires the ability to accept incoming connections and an always-on node. Nostr provides
a unique opportunity to use a different transport layer for DLCs. This NIP proposes a new `kind:8_888` message that
acts like a mailbox for DLC messages. The DLC messages are sent over nostr and available for the user the next time
they open their wallet. This allows for a more mobile-friendly DLC experience.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right here seems to be the perfect spot to insert a description of the DLC messages' structure and encoding. Assuming you meant it this way, we should add a link to the DLC specifications to be explicit about what the base64 contract details, or base64 oracle announcement concretely encode.

Suggested change
they open their wallet. This allows for a more mobile-friendly DLC experience.
they open their wallet. This allows for a more mobile-friendly DLC experience.
DLC protocol messages are binary-serialized messages described concretely in
[this document](https://github.com/discreetlogcontracts/dlcspecs/blob/master/Messaging.md).
Whenever embedding DLC messages inside Nostr events (which are encoded as JSON), we serialize DLC messages in base64.

88.md Outdated

### `kind:8_888`

Kind 8_888 is a simple message that contains a [NIP04](04.md) encrypted DLC message and it tagged with the recipient's
Copy link

@conduition conduition Jul 14, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIP04 describes how to encrypt text messages and assumes that text is UTF8-encoded already.

Since we're using base64(binary(dlc_message)) as event content elsewhere in this NIP, I think it would be wise to clarify exactly what encoding of the DLC message should be encrypted. Are we doing aes(key, binary(dlc_message)), or aes(key, base64(binary(dlc_message)))?

88.md Outdated
Comment on lines 126 to 129
[
"e", // the event id of the announcement
"30efed56a035b2549fcaeec0bf2c1595f9a9b3bb4b1a38abaf8ee9041c4b7d93",
],

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oracle announcements also contain an event_id field, and so do oracle attestations. Announcement event IDs must be distinct from the Nostr kind:88 event IDs (due to the fact that the announcement is part of the preimage for the nostr event ID). This might cause some confusion.

Perhaps we should clarify that the e tag must be the Nostr event ID, not the announcement event ID, and that the e tag should be used to look up the Nostr event which embeds an oracle announcement.

One might want to enforce on the client that the oracle_attestation data embeds the same announcement event ID that you find by looking up the event indicated by the e tag. In pseudocode:

def validate_attestation_event(attestation_event):
  oracle_attestation = decode_attestation(attestation_event.content)
  announcement_event = nostr_event_lookup(attestation_event.tags.e)
  oracle_announcement = decode_announcement(announcement_event.content)
  assert oracle_announcement.event_id == oracle_attestation.event_id

@conduition
Copy link

PR to address the above concerns: benthecarman#1

@1440000bytes
Copy link
Contributor

1440000bytes commented Jul 16, 2024

This NIP combined with cashubtc/nuts#128 could be extremely powerful.

image

This makes it useless for any real betting. Would only be limited to less than 100 people active on nostr using ecash who want to play with trusted users with some sats.

@conduition
Copy link

@1440000bytes This NIP doesn't try to tell clients how they should settle DLCs. Clients are free to use on-chain, off-chain, side-chain, or even cross-chain settlement layers to buy into and enforce DLCs. The purpose of this NIP is simply to standardize certain Nostr event kinds so that relays can be used as a discovery layer for DLC oracles, and as marketplaces for DLC offers, regardless of the settlement layer they wish to use.

@conduition
Copy link

This reminds me: @benthecarman what do you think of adding a settlement tag to the kind:30088 event to allow the offerer to specify which settlement layer implementations they support?

{
  "kind": 30088,
  "content": "base64 contract_info",
  "tags": [
    // ...
    [
      "settlement",
      "btc",
      "dlctix",
      "cashu:https://mint.minibits.cash/Bitcoin"
    ]
  ],
  // ...
}

@conduition
Copy link

@conduition conduition mentioned this pull request Jan 12, 2025
@conduition
Copy link

I'm thinking about this PR and I'm wondering if it'd be smarter to reduce the scope of this NIP to include only the oracle announcement and attestation messages (kind 88, 89).

There is more work to be done upstream in the DLC specs, improving the efficiency and privacy of DLCs. Right now, for instance, they use ECDSA adaptor signatures instead of Schnorr, and no musig aggregation. We should give upstream specs authors more time.

But there is a demand for Nostr as a pricing data source, and DLC oracles are the most expressive way to communicate that data in a way clients can use for financial transactions. So how about we separate the DLC oracle announcement/attestation event kinds into their own NIP, and leave the offer and encrypted-message event kinds for another spec later?

This way, people can start building NIP88-compliant oracles, and applications which use NIP88 announcements/attestations for things like ecash DLCs, ticketed DLCs, or bitcoin-backed loans.

@bennyhodl
Copy link

bennyhodl commented Jan 13, 2025

There is more work to be done upstream in the DLC specs - @conduition

The spec for V1 (ECDSA DLCs) is pretty well defined. And I have a working implementation of nostr DLC messages in dlcdevkit. Maybe add a tag for a V1 ECDSA DLC and then as upstream is updated we can add a V2 tag for Schnorr and musig aggregation.

I started a quick prototype of Taproot DLC to eventually move to upstream. Still just use script spend and no key agg.

@conduition
Copy link

I have a new PR with reduced scope and other improvements here: #1681

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants