NIP-13 PoW is badly placed: Re-use bitcoin's PoW?

[GeorgeTsagk]

NIP-13 describes a basic scheme that uses PoW principles to counter spam in the nostr network.

In this document PoW is introduced as a means to spam deterrence. Although this is only true for the creator of a note. Spam can still occur by clients who query a lot of relays for a lot of data. Will clients also calculate nonces for sending requests..?

Bitcoin has proved that PoW is very hard to get right. I believe that 93 lines of markdown (which also contain code blocks) are not enough to correctly place PoW as something that events can leverage to use as a counter measure to prevent spam/DoS.

It's possible to enhance NIP-13 and make a decently secure PoW design, but feels like a lot of effort will be directed towards re-implementing stuff.

The rationale behind NIP-13 is introducing a small value cost to creating events in order for people to not flood the network with them, as that would effectively prove inefficient & expensive by their side.

Bitcoin is the biggest PoW network currently operating, why not re-use all of the effort put into bitcoin to enjoy spam & DoS prevention?

The value we're seeking for spam prevention doesn't have to be electricity spent by hardware solving a nostr defined problem. Bitcoin can be used to introduce this small fragment of value that is needed, a satoshi (or even a fragment of a satoshi).

By integrating lightning payments you have a (with today's stats) ~220 EH/s network backing your proofs for spam prevention. There are many ways to design this, and many of them can work. A simple suggestion is relays charging for EVENT and REQ messages. This is also an extra win as it introduces the incentive for relays to keep operating.

[lucash-dev]

I don't see how using HashCash directly might prevent a second solution that uses micropayments.

Having the ability to provide an anti-spam functionality that isn't tied to also running a separate, unrelated (and relatively expensive to run) protocol is valuable.

Ultimately another NIP for micropayments (LN or otherwise) can be added, and users/relays can choose whatever they like best.

Alternatively some "miner" can provide Hashcash PoW in exchange for micropayments, thus obtaining the same final result for end users, even when relays don't want to deal with LN/Bitcoin.

Hashcash itself isn't really to hard to implement correctly -- not more than proper signing schemes that are already part of the protocol, for example. It's probably easier to fully specify a Hashcash solution than an integration with Bitcoin/LN.

I don't see what's the gain in terms of security of reusing PoW from the Bitcoin network. In fact, using Bitcoin introduces a small risk of reorgs, double-spends, or failure to settle LN channels.

[gkbrk]

Nostr is pretty much re-using bitcoin's PoW, it's a SHA-256 ID that depends on message content, and the content is modified by clients in order to get a certain number of 0 bits as the ID prefix. This is pretty close to how bitcoin does it.

It seems like your description is not about re-using bitcoin's PoW, but just using bitcoin to spend money in order to prove your events aren't spam. But since using the bitcoin network for this would be too slow and expensive, you switch to a non-bitcoin network at your last paragraph.

Sending transactions on bitcoin or other networks might be a good spam filter, but it's not replacing Nostr PoW with Bitcoin PoW. This is something completely different.

[lucash-dev]

Nostr is pretty much re-using bitcoin's PoW, it's a SHA-256 ID that depends on message content, and the content is modified by clients in order to get a certain number of 0 bits as the ID prefix. This is pretty close to how bitcoin does it.

I mean reusing the PoW in the sense of not spending new resources/ekectricity to obtain PoW, but rather spending or burning Bitcoin (which is already secured by PoW). I understand that's the OP's idea.

I'm disagreeing with the OP, and saying that using HashCash directly as in NIP-13 is valuable, and it is not necessary to integrate with Bitcoin (though it's possible).

[GeorgeTsagk]

Having the ability to provide an anti-spam functionality that isn't tied to also running a separate, unrelated (and relatively expensive to run) protocol is valuable.

According to discussions in other issues, it's been pointed heavily that Nostr may not work as expected without a secondary reliable & censorship resistant medium. Yes it's not ideal, but if it goes towards that direction LN would be the best candidate.

Ultimately another NIP for micropayments (LN or otherwise) can be added, and users/relays can choose whatever they like best.

Right, if there was ever an introduction of LN integrated features I don't think that would revert NIP-13. After all everybody chooses which NIPs to follow.

It seems like your description is not about re-using bitcoin's PoW, but just using bitcoin to spend money in order to prove your events aren't spam.

Bitcoin (satoshis) are the product of heavy PoW. Using bitcoin is effectively secured by the hashing power of the network. Whether I'm hashing or using some coin in order to prove that I'm somehow adding "value" to my action has the same result on preventing spam. The primitive here is that it costs something to perform an action.

But since using the bitcoin network for this would be too slow and expensive, you switch to a non-bitcoin network at your last paragraph.

Bitcoins on LN are still bitcoins. Those coins are still backed by the PoW of layer 1 bitcoin.

I mean reusing the PoW in the sense of not spending new resources/ekectricity to obtain PoW, but rather spending or burning Bitcoin (which is already secured by PoW). I understand that's the OP's idea.

Yes!

I'm disagreeing with the OP, and saying that using HashCash directly as in NIP-13 is valuable, and it is not necessary to integrate with Bitcoin (though it's possible).

I also agree with bitcoin not being necessary to integrate, but it seems to be solving quite a handful of problems Nostr is facing right now.

• Spam protection: pay minimum value for requests/posts
• Relay incentivization: offering services now earns you sats
• Secondary reliable medium: censoring can be countered by messages delivered directly over LN payments

---

One issue with the NIP-13 "hashcash" style PoW is that the difficulty target can prove troublesome.

It is possible that someone attacking Nostr may aggregate a lot of hashing power which is going to not even be comparable to that of a single user's laptop or PC. That actor can now efficiently spam by creating a lot of events, meeting the defined target difficulty.

Does the difficulty dynamically increase in order to be less efficient for this "super miner" to spam? If yes what happens to the rest of the honest users who just want to engage to the post?

It is possible for other "super miners" to offer hashing as a service, and in that case the honest super miner has to be much bigger than the malicious one.

On top of that, users would have to somehow compensate the honest super miner for mining their events. That would again require a fast, secure & reliable payments network to be integrated (I assume we don't want Nostr users to perform a card payment everytime they want to post/reply?).

So that again makes a full circle and comes back to something like bitcoin & LN.

Instead of this: pay the miner --> miner secures with PoW --> event can be posted to relay

we can just do this: pay the relay --> event can be posted to relay