Share

Frost, bip-85 key rotation for corporates using nostr IDs

By djinoz and √-1 others October 15, 2025
Brainstorming a solution for nostr identity in company environments

This is essentially OAuth/OIDC model applied to Nostr keys. It only applies to scenarios where sovereignty is not required. It adds to nostr for use cases that aren’t libertarian - lol. So reasonable for enterprise use cases or even teams where centralization within org/project boundaries are acceptable.

I dunno, just an idea.

Main Gotcha

The user’s root key remains sovereign so it should be well protected. If it’s exploited then the enterprise has to ask the user to rotate. (Outside the scope).

Architecture:

  • User root key - User controls, stays cold
  • Company key server - Centralized, authoritative for that organization’s domain
  • Derived keys - bip-85 derived from root. Checkout. Registered with “evil centralized key server” via root signature
  • Heartbeat mechanism - Server publishes via nostr to team relays current valid keys list periodically (e.g., every minute, hour, or event-driven)

Registration flow:

User derives key using BIP-85

Root signs delegation: “Derived key X is authorized for company operations”

Company key server validates root signature, adds to registry

Server begins including X in heartbeat

Revocation flow:

User reports compromise via key-server

UI OR company detects anomaly

Key server removes X from heartbeat immediately

New derived key Y is registered (signed by root)

Next heartbeat only lists Y

App or Client validation:

Receives event signed by derived key X

Checks key server heartbeat: “Is X currently authorized?”

If yes: accept. If no: reject Cache heartbeat with reasonable TTL

Why this works for enterprises:

Fast revocation - No relay propagation delays, single authoritative source

Audit trail - Key server logs all registrations/revocations

Compliance - Company controls authorization, can enforce policies

Scoped trust - Only applies within company context, doesn’t affect broader Nostr identity

Hybrid identity:

Same root key for public Nostr (direct signing) and enterprise context (derived keys via key server) Company clients check key server; public clients don’t Clean separation of concerns

Write a comment
No comments yet.