nips icon indicating copy to clipboard operation
nips copied to clipboard
verified publisher icon nostr-protocol

Add NIP-XX: ProofMode - Cryptographic Video Verification

Open rabble opened this issue 1 month ago • 5 comments

Background

This NIP brings ProofMode verification to Nostr video events. ProofMode is an open-source project originally developed by the Guardian Project to enable cryptographic verification of photos and videos, providing tamper-proof evidence that media was captured at a specific time and place by a specific device.

This specification adapts ProofMode for Nostr's decentralized architecture, allowing anyone to verify video authenticity without relying on centralized platforms.

Summary

  • Introduces NIP-XX specification for attaching cryptographic proof manifests to Nostr video events (NIP-71)
  • Enables verification of video authenticity through:
    • Frame-level hashes: SHA256 hashes of captured frames prove recording continuity and detect editing
    • Hardware attestation: iOS App Attest and Android Play Integrity verify the recording device
    • Cryptographic signatures: PGP signatures ensure manifest authenticity
    • Sensor data: Accelerometer, gyroscope, and touch interactions prove device continuity during pauses
  • Defines verification levels (verified_mobile, verified_web, basic_proof, unverified)
  • Includes complete ProofManifest data structure with segments, pause proofs, and device attestation
  • Provides implementation guidance for both recording and verification phases

Request for Feedback: PGP vs Nostr-style Keys

The current specification uses PGP signatures for signing the ProofManifest, following the original ProofMode project's approach. However, we're seeking feedback on whether we should instead use Nostr-style Schnorr signatures (secp256k1) for better integration with the Nostr ecosystem.

Arguments for PGP:

  • Compatibility with original ProofMode implementations and tooling
  • Well-established verification infrastructure
  • Separate key from Nostr identity (privacy benefit)

Arguments for Nostr keys:

  • Native integration with Nostr clients and key management
  • Users already have Nostr keys - no additional key management needed
  • Simpler implementation for Nostr developers
  • Consistent with other Nostr signing patterns

Open questions:

  • Should manifest signing use the same key as the event signature, or require a separate device-specific key?
  • Could we support both approaches with a signature_type field?
  • Are there security implications to using the Nostr key for ProofMode signing?

Please share your thoughts on this design decision.

Related Links

rabble avatar Nov 04 '25 05:11 rabble