Nostrbook

Appearance

Kind 1059: Gift Wrap

Overview

Gift Wrap (kind 1059) events are part of Nostr's privacy-enhancing protocol for secure messaging. They serve as an outer envelope to conceal both the content and metadata of the wrapped message. Gift Wrap events contain an encrypted Seal (kind 13) event, which in turn contains an encrypted unsigned event (rumor), creating a three-layer privacy system.

Specification

PropertyValue
Kind Number1059
Event RangeRegular
Defined inNIP-59

Content Format

The content field contains an encrypted Seal (kind 13) event. The encryption is performed using NIP-44 encryption with a conversation key derived from a throwaway private key and the recipient's public key.

Schema

json
"content": "<encrypted-seal-using-nip44>"

Tags

Tag NameDescriptionFormatRequired
pRecipient's public key["p", "<recipient-pubkey>"]Yes

Client Behavior

Clients should:

  1. When creating a Gift Wrap:

    • Generate a throwaway key pair
    • Create a Seal (kind 13) with the true author's key
    • Encrypt the Seal using NIP-44 with a key derived from the throwaway private key and recipient's public key
    • Create a kind 1059 event with the encrypted Seal in content and the recipient's pubkey in a p tag
    • Sign the Gift Wrap with the throwaway key

  2. When receiving a Gift Wrap:

    • Check if any p tag matches the client's pubkey
    • Attempt to decrypt using NIP-44 and derive a conversation key from the recipient's private key and the sender's pubkey
    • Validate the decrypted content as a valid Seal (kind 13)
    • Further decrypt the Seal to obtain the original rumor (unsigned event)

Relay Behavior

Relays should:

  1. Treat Gift Wrap events like any other event for storage and validation
  2. Ideally protect recipient metadata by:
    • Requiring authentication to access kind 1059 events
    • Only serving kind 1059 events to their intended recipients

Use Cases

  • Private messaging with enhanced metadata protection
  • Secure communications where both content and metadata need protection
  • Deniable messaging where the author wants plausible deniability
  • Anonymous content sharing

Example

json
{
  "id": "4f5e65ce496c21c7a7255c4c771539b9fbe51e4af15a28edaa0d25836578b40d",
  "pubkey": "20db028afce2d93b8bc4217bd3edd132a1cd742b04f4d3c2edfeab1d49187e14",
  "created_at": 1703015300,
  "kind": 1059,
  "tags": [
    ["p", "6e468422dfb74a5738702a8823b9b28168abab8655faacb6853cd0ee15deee93"]
  ],
  "content": "nblI0zRc7HfFOTRJ4ZXZ2EbIKHVGW+GcZNhYXQnX6PN/Xl0zlvCIJ/drkx5YTvJ4m0a8Lm4YgbBUMsQSVjMu1GzKmHiPDrP4CIzW/CQ+NjFyYzZlY2ZlNDY0ZDQ4MWQ2NTI3ZjJlODI3MGY4YTVmMGZlMDQ2NGM1YTZmYzQzNTIzMGYzMDU4MWM0MDZiYzAxGIvxMw3QbWE1fdnqn0+h4WRVhRyWf/qUvRUc2E7AidOJoCvsTbZlO4KwxXFdQE1hRdJvr+t4AaWrWRWpekPrVmPIMvlHQsZbA/jJbVG2MBE2YzZlY2ZlNDY0ZDQ4MWQ2NTI3ZjJlODI3MGY4YTVmMGZlMDQ2NGM1YTZmYzQzNTIzMGYzMDU4MWM0MDZiYzAx",
  "sig": "8cefcef83b7e4c6dce4b13b88c21db8ef4e45252e629ad3e0b98f45c67cfdd3a0ae4f40aecc89ca9c0b63fbbbcb8d42ef4c1af12e6fc4eb45c5f2ffc354a800f"
}

Gift Wrap Protocol

The Gift Wrap system implements a three-layer protocol:

  1. Rumor - The innermost layer: an unsigned event containing the actual content.
  2. Seal (kind 13) - The middle layer: signed by the true author, contains the encrypted rumor.
  3. Gift Wrap (kind 1059) - The outer layer: signed with a throwaway key, contains the encrypted seal.

This multi-layer approach provides:

  • Metadata protection: The Gift Wrap uses a throwaway key, hiding the true author
  • Content privacy: Both the Seal and Rumor are encrypted
  • Deniability: The innermost Rumor is unsigned

Security Considerations

  • Recipients can only be identified by their pubkey in p tags
  • Relays may inadvertently leak recipient information through subscription patterns
  • The use of throwaway keys helps obscure the relationship between sender and recipient
  • For maximum privacy, clients should publish Gift Wrap events only to the recipient's preferred relays

References

Notes

  • The created_at timestamp should be randomized to prevent timing correlation attacks
  • Throwaway keys should never be reused to maintain privacy
  • The true author's identity is only revealed in the Seal layer, not in the Gift Wrap
  • Relays should ideally implement access controls to protect recipient metadata