BIP85: add Nostr application #2126

pull ethicnology wants to merge 4 commits into bitcoin:master from ethicnology:bip85-nostr-application-86 changing 2 files +54 −1
  1. ethicnology commented at 1:18 PM on March 20, 2026: contributor

    BIP-85: the Nostr path

    Adds a dedicated BIP-85 application for deriving Nostr private keys a.k.a. nsec, with a structured /{identity}'/{account}' path supporting multiple unlinkable identities.

    Motivation

    Today there is no standardized BIP-85 path for Nostr key derivation:

    Method Path Problem
    BIP-85 HEX m/83696968'/128169'/32'/index' Not Nostr-specific, no identity structure
    BIP-85 mnemonic + NIP-06 BIP-85 → 12 words → m/44'/1237'/0'/0/0 Two-step, wasteful intermediate mnemonic
    NIP-06 directly m/44'/1237'/account'/0/0 Unhardened, Not BIP-85 entropy isolation

    A dedicated application number eliminates this fragmentation.

    Without an isolated derivation path, a mnemonic imported into a Nostr-aware wallet could collide with keys already in use by a Bitcoin wallet (or vice versa). A dedicated BIP-85 application isolates Nostr key derivation entirely, preventing any cross-protocol key reuse.

    The structured {identity}'/{account}' path also enables account discovery: a wallet can derive pubkeys aka npub for the first N identities and accounts, then query Nostr relays for events signed by those keys to automatically recover all active accounts.

    Application number: 86

    The number is the sum of alphabetical positions of the letters in nostr (n=14 + o=15 + s=19 + t=20 + r=18). This deliberately avoids 1237 (the SLIP-0044 coin type used in NIP-06's m/44'/1237'/...) to clearly distinguish BIP-85 derivation from NIP-06 derivation.

    m/83696968'/86'/{identity}'/{account}'

    Identity index 0' and account index 0' across identities are reserved for future key management operations.

    From this new application number, identity semantics (proof-of-linkage, key rotation, account discovery) can be specified in an external NIP that references this application.

    Implementation commitment

    I maintain two BIP-85 libraries and can port this application to both:

  2. feat(BIP-85): add Nostr application 86' d3512bdcef
  3. fix: exclude nsec from typos 371277d2e0
  4. ethicnology renamed this:
    feat(BIP85): add Nostr application
    BIP85: add Nostr application
    on Mar 20, 2026
  5. murchandamus commented at 3:58 PM on March 20, 2026: member

    This doesn’t strike me as related to Bitcoin. Perhaps this would be better directed at the NIPs repository.

  6. murchandamus closed this on Mar 20, 2026
  7. ethicnology commented at 4:31 PM on March 20, 2026: contributor

    Hello @murchandamus

    I'm surprised by this reaction since most of the applications specified in this BIP are not directly Bitcoin related either (RSA, Dice, Passwords...)

  8. murchandamus commented at 11:49 PM on March 20, 2026: member

    Maybe I reacted too quickly. @akarve, please let us know whether you are interested in accepting this PR.

  9. murchandamus reopened this on Mar 20, 2026
  10. murchandamus added the label Proposed BIP modification on Mar 20, 2026
  11. murchandamus added the label Pending acceptance on Mar 20, 2026
  12. akarve commented at 12:32 AM on March 21, 2026: contributor

    Maybe I reacted too quickly. @akarve, please let us know whether you are interested in accepting this PR.

    Thanks for caring, @murchandamus. @ethicnology nostr could be a reasonable BIP85 app. I'm probably missing something about nostr since I don't know it deeply, so I will ask a few basic questions to make sure we aren't reinventing any wheels. Looking at NIP-06 there are BIP32 and BIP39 derivations for nostr keys. BIP85 already has apps for 32' and 39'.

    • What is missing if one just assigns an integer key index for either app as their nostr index and then derives the nsec and npub?
    • How does your proposed derivation relate to the recommended BIP32 m/44'/1237'/<account>'/0/0 derivation?

    For later (if we get there):

    • Higher app numbers are better (less collisions, higher = later, saves room for BIPs) so I'd recommend one number per letter of nostr
    • I am updating the linked reference implementation to have an app protocol soon and would request if we move forward that you extend the same https://github.com/akarve/bipsea
  13. ethicnology commented at 3:04 PM on March 26, 2026: contributor

    Hi @akarve, thanks for taking the time

    What is missing if one just assigns an integer key index for either app as their nostr index and then derives the nsec and npub?

    HEX can produce valid Nostr keys but carry no semantics. The integer index is just a counter there is no concept of identity / account, and we cannot perform any discovery.

    The two-level {identity}'/{account}' structure allows: multiple unlinkable identities, key rotation within an identity, a dedicated proof key for linkage/revocation (account 0).

    How does your proposed derivation relate to the recommended BIP32 m/44'/1237'/<account>'/0/0 derivation?

    I want to distinguish my proposal from NIP-06 (or BIP85–> BIP39 + NIP06), because it derives directly from the wallet's master seed without BIP-85 isolation AND the last two path levels are unhardened, exposing sibling keys.

    As a wallet (Bull) that offers BIP85 mnemonics to create sub/decoy-wallet, we would invent our own convention to integrate Nostr keys without conflicting with HEX and BIP39 derivations.

    Higher app numbers are better

    Ok, I'm open to your suggestion.

    I would request that you extend bipsea

    Ok, will do if we move forward.

    PS: Full identity/account semantics allow Nostr enthusiasts to design mechanism for key rotation/migration like this one: https://github.com/nostr-protocol/nips/issues/1691#issuecomment-4098191665

  14. jodobear commented at 3:22 PM on March 26, 2026: none

    It makes sense for Nostr to have a defined number in BIP 85

  15. in bip-0085.mediawiki:442 in 371277d2e0 outdated 
     437 | +Account index <code>0'</code> is reserved across all identities for key management operations.
 438 | +Usable keys start at <code>identity >= 1'</code> and <code>account >= 1'</code>.
 439 | +
 440 | +The resulting 32-byte private key is Bech32 encoded as an <code>nsec</code> per NIP19.
 441 | +
 442 | +====identity=1, account=1====
    SatsAndSports commented at 3:49 PM on March 26, 2026:

    Can you use something other than this header thing here (===)?

    I ask because I think it's nice to just have a minimal 'Nostr' entry in the table-of-contents, so we don't take up too much space there this list of applications get longer

    <img width="342" height="470" alt="Image" src="https://github.com/user-attachments/assets/1e1da2e3-1de7-4ad7-9591-bd9f0b95fedb" />

    ethicnology commented at 7:53 PM on March 26, 2026:

    resolved in cdf115e6c2ea8fd21c25084e3fdcf0f489358f0b

  16. BullishNode commented at 4:02 PM on March 26, 2026: none

    I find this useful as an application layer BIP enhancement in the context that a few wallets have expressed the intention of leveraging Nostr identities as payment contacts (already the case for LNURL, with work ongoing for silent payments). Another application being considered is PSBT sharing and multisig coordination over Nostr. It is useful for these wallets to be able to regenerate the Nostr identities in a standardized way from the same mnemonic used to recover Bitcoins. So there is relevance to Bitcoin wallets in addition to the more typical Nostr "social media" apps.

  17. Merge branch 'bitcoin:master' into bip85-nostr-application-86 1ce5ca8ab6
  18. BIP-85: use bold text for Nostr test vector labels to reduce TOC entries cdf115e6c2
  19. akarve commented at 7:49 PM on April 4, 2026: contributor

    @ethicnology Your app proposal makes sense. The reference implementation has a new protocol that you can use when PR'ing that repo (and as an implicit test of the protocol and your app): https://github.com/akarve/bipsea/blob/main/src/bipsea/apps/README.md

  20. murchandamus commented at 7:08 PM on April 6, 2026: member

    @akarve: Could you clarify, whether this is ready to be merged?

  21. akarve commented at 7:10 PM on April 6, 2026: contributor

    @murchandamus not yet; will review in more detail and circle back

Contributors
ethicnologymurchandamusakarvejodobearSatsAndSportsBullishNode
Labels
Proposed BIP modificationPending acceptance
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bips. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-14 11:10 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me