BIP85: add Nostr application #2126

pull ethicnology wants to merge 8 commits into bitcoin:master from ethicnology:bip85-nostr-application-86 changing 2 files +56 −5
  1. ethicnology commented at 1:18 PM on March 20, 2026: contributor

    BIP-85: the Nostr path

    Adds a dedicated BIP-85 application for deriving Nostr private keys a.k.a. nsec, with a structured /{identity}'/{account}' path supporting multiple unlinkable identities.

    Motivation

    Today there is no standardized BIP-85 path for Nostr key derivation:

    Method Path Problem
    BIP-85 HEX m/83696968'/128169'/32'/index' Not Nostr-specific, no identity structure
    BIP-85 mnemonic + NIP-06 BIP-85 → 12 words → m/44'/1237'/0'/0/0 Two-step, wasteful intermediate mnemonic
    NIP-06 directly m/44'/1237'/account'/0/0 Unhardened, Not BIP-85 entropy isolation

    A dedicated application number eliminates this fragmentation.

    Without an isolated derivation path, a mnemonic imported into a Nostr-aware wallet could collide with keys already in use by a Bitcoin wallet (or vice versa). A dedicated BIP-85 application isolates Nostr key derivation entirely, preventing any cross-protocol key reuse.

    The structured {identity}'/{account}' path also enables account discovery: a wallet can derive pubkeys aka npub for the first N identities and accounts, then query Nostr relays for events signed by those keys to automatically recover all active accounts.

    Application number: 9000

    9000 is the zip code of Funchal in Madeira, Portugal. The place where I wrote this pull request during the Sovereign Engineering event. This deliberately avoids 1237 (the SLIP-0044 coin type used in NIP-06's m/44'/1237'/...) to clearly distinguish BIP-85 derivation from NIP-06 derivation.

    m/83696968'/9000'/{identity}'/{account}'

    Identity index 0' and account index 0' across identities are reserved for future key management operations.

    From this new application number, identity semantics (proof-of-linkage, key rotation, account discovery) can be specified in an external NIP that references this application.

    Implementation commitment

    I maintain two BIP-85 libraries and can port this application to both:

  2. feat(BIP-85): add Nostr application 86' d3512bdcef
  3. fix: exclude nsec from typos 371277d2e0
  4. ethicnology renamed this:
    feat(BIP85): add Nostr application
    BIP85: add Nostr application
    on Mar 20, 2026
  5. murchandamus commented at 3:58 PM on March 20, 2026: member

    This doesn’t strike me as related to Bitcoin. Perhaps this would be better directed at the NIPs repository.

  6. murchandamus closed this on Mar 20, 2026
  7. ethicnology commented at 4:31 PM on March 20, 2026: contributor

    Hello @murchandamus

    I'm surprised by this reaction since most of the applications specified in this BIP are not directly Bitcoin related either (RSA, Dice, Passwords...)

  8. murchandamus commented at 11:49 PM on March 20, 2026: member

    Maybe I reacted too quickly. @akarve, please let us know whether you are interested in accepting this PR.

  9. murchandamus reopened this on Mar 20, 2026
  10. murchandamus added the label Proposed BIP modification on Mar 20, 2026
  11. murchandamus added the label Pending acceptance on Mar 20, 2026
  12. akarve commented at 12:32 AM on March 21, 2026: contributor

    Maybe I reacted too quickly. @akarve, please let us know whether you are interested in accepting this PR.

    Thanks for caring, @murchandamus. @ethicnology nostr could be a reasonable BIP85 app. I'm probably missing something about nostr since I don't know it deeply, so I will ask a few basic questions to make sure we aren't reinventing any wheels. Looking at NIP-06 there are BIP32 and BIP39 derivations for nostr keys. BIP85 already has apps for 32' and 39'.

    • What is missing if one just assigns an integer key index for either app as their nostr index and then derives the nsec and npub?
    • How does your proposed derivation relate to the recommended BIP32 m/44'/1237'/<account>'/0/0 derivation?

    For later (if we get there):

    • Higher app numbers are better (less collisions, higher = later, saves room for BIPs) so I'd recommend one number per letter of nostr
    • I am updating the linked reference implementation to have an app protocol soon and would request if we move forward that you extend the same https://github.com/akarve/bipsea
  13. ethicnology commented at 3:04 PM on March 26, 2026: contributor

    Hi @akarve, thanks for taking the time

    What is missing if one just assigns an integer key index for either app as their nostr index and then derives the nsec and npub?

    HEX can produce valid Nostr keys but carry no semantics. The integer index is just a counter there is no concept of identity / account, and we cannot perform any discovery.

    The two-level {identity}'/{account}' structure allows: multiple unlinkable identities, key rotation within an identity, a dedicated proof key for linkage/revocation (account 0).

    How does your proposed derivation relate to the recommended BIP32 m/44'/1237'/<account>'/0/0 derivation?

    I want to distinguish my proposal from NIP-06 (or BIP85–> BIP39 + NIP06), because it derives directly from the wallet's master seed without BIP-85 isolation AND the last two path levels are unhardened, exposing sibling keys.

    As a wallet (Bull) that offers BIP85 mnemonics to create sub/decoy-wallet, we would invent our own convention to integrate Nostr keys without conflicting with HEX and BIP39 derivations.

    Higher app numbers are better

    Ok, I'm open to your suggestion.

    I would request that you extend bipsea

    Ok, will do if we move forward.

    PS: Full identity/account semantics allow Nostr enthusiasts to design mechanism for key rotation/migration like this one: https://github.com/nostr-protocol/nips/issues/1691#issuecomment-4098191665

  14. jodobear commented at 3:22 PM on March 26, 2026: none

    It makes sense for Nostr to have a defined number in BIP 85

  15. in bip-0085.mediawiki:442 in 371277d2e0 outdated 
     437 | +Account index <code>0'</code> is reserved across all identities for key management operations.
 438 | +Usable keys start at <code>identity >= 1'</code> and <code>account >= 1'</code>.
 439 | +
 440 | +The resulting 32-byte private key is Bech32 encoded as an <code>nsec</code> per NIP19.
 441 | +
 442 | +====identity=1, account=1====
    SatsAndSports commented at 3:49 PM on March 26, 2026:

    Can you use something other than this header thing here (===)?

    I ask because I think it's nice to just have a minimal 'Nostr' entry in the table-of-contents, so we don't take up too much space there this list of applications get longer

    <img width="342" height="470" alt="Image" src="https://github.com/user-attachments/assets/1e1da2e3-1de7-4ad7-9591-bd9f0b95fedb" />

    ethicnology commented at 7:53 PM on March 26, 2026:

    resolved in cdf115e6c2ea8fd21c25084e3fdcf0f489358f0b

  16. BullishNode commented at 4:02 PM on March 26, 2026: none

    I find this useful as an application layer BIP enhancement in the context that a few wallets have expressed the intention of leveraging Nostr identities as payment contacts (already the case for LNURL, with work ongoing for silent payments). Another application being considered is PSBT sharing and multisig coordination over Nostr. It is useful for these wallets to be able to regenerate the Nostr identities in a standardized way from the same mnemonic used to recover Bitcoins. So there is relevance to Bitcoin wallets in addition to the more typical Nostr "social media" apps.

  17. Merge branch 'bitcoin:master' into bip85-nostr-application-86 1ce5ca8ab6
  18. BIP-85: use bold text for Nostr test vector labels to reduce TOC entries cdf115e6c2
  19. akarve commented at 7:49 PM on April 4, 2026: contributor

    @ethicnology Your app proposal makes sense. The reference implementation has a new protocol that you can use when PR'ing that repo (and as an implicit test of the protocol and your app): https://github.com/akarve/bipsea/blob/main/src/bipsea/apps/README.md

  20. murchandamus commented at 7:08 PM on April 6, 2026: member

    @akarve: Could you clarify, whether this is ready to be merged?

  21. akarve commented at 7:10 PM on April 6, 2026: contributor

    @murchandamus not yet; will review in more detail and circle back

  22. in bip-0085.mediawiki:432 in cdf115e6c2 
     427 | +
 428 | +Application number: 86'
 429 | +
 430 | +The application number is the sum of the alphabetical positions of the letters in Nostr (n=14 + o=15 + s=19 + t=20 + r=18) to avoid the confusion with NIP06.
 431 | +
 432 | +The derivation path format is: <code>m/83696968'/86'/{identity}'/{account}'</code>
    akarve commented at 9:49 PM on May 3, 2026:

    It's pretty standard for all BIP applications to take an index. Is there a reason we wouldn't map account to index? This would also simplify your bipsea implementation a bit.

    It can be called account_index or so in the path spec but the point is to show that "this is how you get fresh secrets for a fixed identity. Lmk if that makes sense or if there are numbering or collision issues.

    ethicnology commented at 2:26 PM on May 4, 2026:

    done in 7cb636fe65670383af523cc9a69748eea8d11ce3

    jonatack commented at 7:42 PM on May 5, 2026:

    Should {account} in the path format spec be {index} or {account_index}?

    ethicnology commented at 11:43 AM on May 6, 2026:

    819db6a31aa715d7992560057f4bba9c4df3de6c

  23. in bip-0085.mediawiki:494 in cdf115e6c2 outdated 
     486 | @@ -441,6 +487,12 @@ BIP32, BIP39
 487 |  
 488 |  ==Changelog==
 489 |  
 490 | +===2.1.0===
 491 | +
 492 | +====Added====
 493 | +
 494 | +* Nostr application 86'
    akarve commented at 9:55 PM on May 3, 2026:

    How about 7879838482 per earlier discussion?

    ethicnology commented at 2:30 PM on May 4, 2026:

    Isn't it a too big number ?

    jonatack commented at 5:43 PM on May 6, 2026:

    Looks like this is the remaining point to resolve?

    ethicnology commented at 6:50 PM on May 6, 2026:

    Yes, it is. 86 is too small, but 7879838482 exceeds 2³¹. I want to make sure that won't cause issues.

    akarve commented at 7:05 PM on May 6, 2026:

    Isn't it a too big number ?

    Good catch. No reason to break integer bounds. Can we try the Hebrew “NSTR”?

    ethicnology commented at 5:47 AM on May 10, 2026:

    To avoid removing a char, we could try, the ASCII sum of "nostr" (110+111+115+116+114) –> 566

    But then I don't know if it is still too small

    If so I could try a date

  24. refactor: according to @jonatack review 819db6a31a
  25. Merge branch 'master' into bip85-nostr-application-86 c1ba10eb37
  26. in .typos.toml:20 in cdf115e6c2 outdated 
      16 | @@ -17,6 +17,7 @@ extend-ignore-re = [
  17 |      "value: .*",
  18 |      "pqNTRUsign",
  19 |      "Strnad",
  20 | +    "nsec1.*",
    jonatack commented at 7:44 PM on May 5, 2026:

    Thanks for updating here. Completely optional, but while touching this file can also do the following pico-cleanup in the same commit, if you wish:

    @@ -16,7 +16,6 @@ extend-ignore-re = [
     "prefix.*",
     "value: .*",
     "pqNTRUsign",
-    "Strnad",
     "nsec1.*",
 ]
 
@@ -30,6 +29,7 @@ Atack = "Atack"
 Falke = "Falke"
 Meni = "Meni"
 Ono = "Ono"
+Strnad = "Strnad"
    ethicnology commented at 11:43 AM on May 6, 2026:

    819db6a31aa715d7992560057f4bba9c4df3de6c

  27. jonatack requested review from akarve on May 6, 2026
  28. akarve commented at 6:31 PM on May 10, 2026: contributor

    Up to you to pick something meaningful. I would prefer numbers larger than 1024, as we are already up to BIP-446 and we should give all BIPs a chance to use their own numbers for app codes. Most four letter (haha) semantic words can work, or a zip code from a city meaningful to Nostr, etc. Other apps use COLD or the Vegas zip for dice, etc.

    On Sat, May 9, 2026 at 10:47 PM Azad @.***> wrote:

    @.**** commented on this pull request.

    In bip-0085.mediawiki https://github.com/bitcoin/bips/pull/2126#discussion_r3214386728:

    @@ -441,6 +487,12 @@ BIP32, BIP39

    ==Changelog==

    +===2.1.0=== + +====Added==== + +* Nostr application 86'

    To avoid removing a char, we could try, the ASCII sum of "nostr" (110+111+115+116+114) –> 566

    But then I don't know if it is still too small

    If so I could try a date

    — Reply to this email directly, view it on GitHub https://github.com/bitcoin/bips/pull/2126#discussion_r3214386728, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKC5W6YVOZNLAQRQQ7TZ6L42AJX3AVCNFSM6AAAAACWZDWMMCVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHM2DENJYHE2TONZSGU . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

    You are receiving this because you were mentioned.Message ID: @.***>

  29. ethicnology commented at 9:08 AM on May 11, 2026: contributor

    @akarve let's use 9000 ? It's the zip code of Funchal in Madeira, Portugal. The place where I wrote this pull request during the Sovereign Engineering event.

  30. akarve commented at 4:44 PM on May 13, 2026: contributor

    Go for it.

    On Mon, May 11, 2026 at 2:08 AM Azad @.***> wrote:

    ethicnology left a comment (bitcoin/bips#2126) https://github.com/bitcoin/bips/pull/2126#issuecomment-4419103606

    @akarve https://github.com/akarve let's use 9000 ? It's the zip code of Funchal in Madeira, Portugal. The place where I wrote this pull request during the Sovereign Engineering https://sovereignengineering.io/ event.

    — Reply to this email directly, view it on GitHub https://github.com/bitcoin/bips/pull/2126#issuecomment-4419103606, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKC5WYLBU2G66OL56MVXRL42GKBBAVCNFSM6AAAAACWZDWMMCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHM2DIMJZGEYDGNRQGY . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

    You are receiving this because you were mentioned.Message ID: @.***>

  31. jonatack added the label PR Author action required on May 13, 2026
  32. Merge branch 'bitcoin:master' into bip85-nostr-application-86 1e8baf08ac
  33. ethicnology commented at 11:11 AM on May 14, 2026: contributor

    c0aa336f1c164315d9c2ddef2b7706a0108da93d

    • 86'9000'
    • Version bumped 2.0.02.1.0 to match the changelog entry.
    • Added rust-bip85 (1.2.0) and dart-bip85-entropy (1.1.0) to Reference Implementations
  34. in bip-0085.mediawiki:488 in c0aa336f1c 
     484 |  
 485 |  * 1.3.0 Python 3.x library implementation: [https://github.com/akarve/bipsea]
 486 |  * 1.1.0 Python 2.x library implementation: [https://github.com/ethankosakovsky/bip85]
 487 |  * 1.0.0 JavaScript library implementation: [https://github.com/hoganri/bip85-js]
 488 | +* 1.2.0 Rust library implementation: [https://github.com/ethicnology/rust-bip85]
 489 | +* 1.1.0 Dart library implementation: [https://github.com/ethicnology/dart-bip85-entropy]
    murchandamus commented at 12:32 PM on May 14, 2026:

    Please don’t collect long lists of implementations in BIPs. This later creates work for BIP authors and editors, as more people open pull requests to add their own implementations. Such lists then tend to outdate quickly and contain implementations that have not gotten much review in the first place. BIPs are explicitly not meant to be sign-posts to adopting projects.

    Please remove any outdated implementations from this list and preferably link to a single reference implementation. If some projects represent the reference for different aspects of this BIP, and you decide to keep more than one, please indicate clearly why more than one is being retained and what they are the reference for.

    ethicnology commented at 3:08 PM on May 14, 2026:

    My bad, I've amended my commit and let only the bipsea reference implementation

    6f4756633628637bbb26349790867801d0152239

    murchandamus commented at 6:51 PM on May 14, 2026:

    Thanks!

  35. ethicnology force-pushed on May 14, 2026
  36. jonatack removed the label PR Author action required on May 14, 2026
  37. in bip-0085.mediawiki:488 in 6f47566336 
     486 | -* 1.1.0 Python 2.x library implementation: [https://github.com/ethankosakovsky/bip85]
 487 | -* 1.0.0 JavaScript library implementation: [https://github.com/hoganri/bip85-js]
 488 |  
 489 |  ==Changelog==
 490 |  
 491 | +===2.1.0===
    jonatack commented at 8:42 PM on May 14, 2026:

    nit, the other changelog entries in this BIP have a date. Perhaps insert (2026-05) or (2026-05-15) here.

    ethicnology commented at 5:36 AM on May 15, 2026:

    done

  38. jonatack commented at 8:44 PM on May 14, 2026: member

    @ethicnology Can you update the PR description for the application number (86 -> 9000)? @akarve any further feedback here?

  39. BIP-86: rename Nostr application 86' to 9000', bump to 2.1.0, list rust-bip85 + dart-bip85-entropy reference implementations 13f307b55e
  40. ethicnology force-pushed on May 15, 2026
  41. in bip-0085.mediawiki:430 in 13f307b55e 
     422 | @@ -423,6 +423,52 @@ OUTPUT
 423 |  * DERIVED ENTROPY=5e41f8f5d5d9ac09a20b8a5797a3172b28c806aead00d27e36609e2dd116a59176a738804236586f668da8a51b90c708a4226d7f92259c69f64c51124b6f6cd2
 424 |  * DERIVED ROLLS=1,0,0,2,0,1,5,5,2,4
 425 |  
 426 | +===Nostr===
 427 | +
 428 | +Application number: 9000'
 429 | +
 430 | +9000 is the zip code of Funchal in Madeira, Portugal, where this specification was written during the Sovereign Engineering event.
    akarve commented at 8:06 PM on May 24, 2026:

    It is customary to leave the origin of the number a mystery, even if the number is semantic :)

    akarve commented at 8:44 PM on May 24, 2026:

    As the app author this number is really up to you. I would still suggest NSEC or NIP or CHAT or something more likely to be semantic. Think of this as a tiny puzzle or fairy door that readers can solve for themselves and smile later.

    akarve commented at 8:48 PM on May 24, 2026:

    The mention of a ZIP Code for Vegas was just because gambling happens in Vegas not because we invented the app there ;)

  42. in bip-0085.mediawiki:438 in 13f307b55e 
     433 | +
 434 | +Uses the entropy as a Nostr private key.
 435 | +
 436 | +Identity index <code>0'</code> is reserved for future protocol use.
 437 | +Account index <code>0'</code> is reserved across all identities for key management operations.
 438 | +Usable keys start at <code>identity >= 1'</code> and <code>account_index >= 1'</code>.
    akarve commented at 8:10 PM on May 24, 2026:

    I don't see a great reason to do this as written. If it's really about illegal values, fine, but update the description? Otherwise show me for example how you would use the derivation path m/83696968'/9000'/0'/0' in the future? Or do you mean nostr reserves account 0 for its own use, in which case we should link to that spec here. Pretty much every index in this spec starts with 0, it seems weird to do things different just for nostr.

    akarve commented at 8:14 PM on May 24, 2026:

    If what you really want is a type segment (for future uses) is that something worth adding now or will it be forward compatible to add a segment for new "types"/sub-apps?

  43. akarve commented at 8:14 PM on May 24, 2026: contributor

    This mostly looks good to me and I anticipate approving after next round of answers/edits. @ethicnology

  44. in bip-0085.mediawiki:434 in 13f307b55e 
     429 | +
 430 | +9000 is the zip code of Funchal in Madeira, Portugal, where this specification was written during the Sovereign Engineering event.
 431 | +
 432 | +The derivation path format is: <code>m/83696968'/9000'/{identity}'/{account_index}'</code>
 433 | +
 434 | +Uses the entropy as a Nostr private key.
    akarve commented at 8:37 PM on May 24, 2026:

    Please consolidate this section with the 32-byte comment (push it below), it doesn't make sense here.

  45. in bip-0085.mediawiki:440 in 13f307b55e 
     435 | +
 436 | +Identity index <code>0'</code> is reserved for future protocol use.
 437 | +Account index <code>0'</code> is reserved across all identities for key management operations.
 438 | +Usable keys start at <code>identity >= 1'</code> and <code>account_index >= 1'</code>.
 439 | +
 440 | +The resulting 32-byte private key is Bech32 encoded as an <code>nsec</code> per NIP19.
    akarve commented at 8:40 PM on May 24, 2026:

    Can you be more explicit about truncation and which 32 bytes to use? The user gets 64 bytes by standard application of BIP-85 so this is a leap.

  46. in bip-0085.mediawiki:449 in 13f307b55e 
     444 | +INPUT:
 445 | +* MASTER BIP32 ROOT KEY: xprv9s21ZrQH143K2LBWUUQRFXhucrQqBpKdRRxNVq2zBqsx8HVqFk2uYo8kmbaLLHRdqtQpUm98uKfu3vca1LqdGhUtyoFnCNkfmXRyPXLjbKb
 446 | +* PATH: m/83696968'/9000'/1'/1'
 447 | +
 448 | +OUTPUT
 449 | +* DERIVED ENTROPY=552ad1d578fe1bc927cec9612651652b07c52dde4017911bc23bc953568075ff
    akarve commented at 8:40 PM on May 24, 2026:

    This is not consistent with the rest of the spec. Even if you only use 32-bytes you should show all 64 for test consistency.

  47. in bip-0085.mediawiki:440 in 13f307b55e 
     482 |  
 483 |  ==Reference Implementations==
 484 |  
 485 |  * 1.3.0 Python 3.x library implementation: [https://github.com/akarve/bipsea]
 486 | -* 1.1.0 Python 2.x library implementation: [https://github.com/ethankosakovsky/bip85]
 487 | -* 1.0.0 JavaScript library implementation: [https://github.com/hoganri/bip85-js]
    akarve commented at 8:45 PM on May 24, 2026:

    No need to change this section. It's showing up as a net delete; we should leave it as is.

Contributors
ethicnologymurchandamusakarvejodobearSatsAndSportsBullishNodejonatack
Labels
Proposed BIP modificationPending acceptance
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bips. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-25 12:10 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me