No Passwords, No OAuth, No Problem: How Tollbooth-DPYC™ offers security with Nostr Primitives
Share
A discussion on achieving confidentiality, integrity, and availability for API monetization — without a single username, password, or OAuth dance.
Problems in API Security, Today
Almost all API monetization platforms use the same tactics: email signup, password hash, OAuth2 authorization code flow, bearer tokens, refresh tokens, token revocation endpoints, and a prayer that nobody leaks the .env file into git.
Tollbooth-DPYC is the welcome exception.
Tollbooth-DPYC offers an innovative, low-friction, approach. Identity is simply a cryptographic keypair. Authentication is a simple Schnorr signature. Credential exchange occurs with end-to-end bidirectional encryption over a decentralized relay network
There are no usernames, no passwords, no OAuth dances, and no plaintext secrets on disk.
(Now, Tollbooth-DPYC MCPs do support REST API that require OAuth2 protocol;s - it is just that Tollbooth-DPYC itself does not use them. With Tollbooth-DPYC, entrepreneurs absolutely can and do wrap legacy REST APIs that use JWT bearer auth or OAuth2 authorization code grants.)
I. Confidentiality
“No one sees what isn’t theirs to see.”
1. Identity Without Disclosure
In Tollbooth, you (a patron) need only supply your chosen keypair — nsec (private) and npub (public) on secp256k1. No email, no username, no phone number. Identity by possession, not assertion. Use as many as you like.
2. Secure Courier: Credential Exchange Without Plaintext
Credentials flow through NIP-44v2 encrypted Nostr DMs (ECDH + HKDF + ChaCha20-Poly1305 + HMAC-SHA256). The relay sees only ciphertext. Anti-replay poison slugs, NIP-09 deletion after pickup, and human-in-the-loop — the patron must consciously reply. Each receive_* call destructively drains all DMs.
3. Vault Encryption at Rest (AES-256-GCM with AAD)
Credentials, patron balances, tranche details, usage history are encrypted with AES-256-GCM, keyed via HKDF from the operator’s nsec. Vault encryption supports Associated Authenticated Data (AAD) — ciphertext is bound to its vault key, preventing cross-entry substitution.
4. Per-Operator Neon Schema Isolation
Each operator’s data lives in unique namespace op_{SHA256(npub)[:16]}, owned by a per-operator LOGIN role. Authority DML revoked. public schema is empty — every actor has its own namespace. Three layers: role isolation, VaultCipher, and forklift retention.
II. Integrity
“No one changes what isn’t theirs to change.”
1. Schnorr Signatures (BIP-340)
Every identity assertion is a Schnorr signature on a kind-27235 Nostr event. No Certificate Authority, no CRL, no OCSP — just math.
2. Authority Certificates (kind-30079)
Operators prove Authority permission via Schnorr-signed certificates. JTI anti-replay (10-minute TTL) + NIP-40 expiration tags.
3. Demonstrated Proof of Possession (DPoP)
MCP tool calls are associated with a specific communication channel proof of npub possession: the key is {session_id}:{npub}. Patron-chosen duration (2h default, 24h cap) via cache_duration in the proof DM. parse_duration() accepts natural language. Replay protection: consumed event IDs tracked for 60s. Bech32 checksum validation on resolve_npub().
4. OAuth2 Collector Encryption
Access codes for OAuth2 access token requests are encrypted with AES-256-GCM (random IV, key = SHA-256(state)). Cached access codes have a 10-minute TTL, single-use delete-on-retrieval. A utility web-service tollbooth-oauth2-collector bridges the HTTP GET of standard OAuth2 redirect_uri callbacks to the HTTP POST-only nature of MCP services.
III. Availability
“The system works when you need it.”
1. No Central Identity Provider
Decentralized Nostr relay network with rotation. There is no single authorization server.
2. Vault-First Credential Restore
Cold-starting MCPs check encrypted Neon vault before relay I/O. Bounded by Neon SLA, not by relay uptime.
3. Cold Start Inline Retry
Pricing resolver: 3 attempts, 2s backoff. First paid call takes seconds but succeeds. Free tools are always available during warm-up.
4. Lightning Micropayments
Bitcoin Lightning — no Stripe, no PayPal, no KYC, no chargebacks. The payment processor in Tollbooth-DPYC is, today, the very effective open-source BTCPay Server. However, the choice of "cashier" is a modular option and other payment processors could be chosen by specific Operators (you, the entrepreneur).
IV. The Constraint Pipeline
Composable pricing rules evaluated at billing time in debit_or_deny.Built-in: Happy Hour (with recurrence: never/weekly/biweekly/monthly/annually), Free Trial, Surge, Temporal Window, Loyalty Discount, Coupon, Patron Proof. Scoping: per-tool (tool_ids) and per-patron (patron_npubs, max 10). TrancheLifetime: credit expiration as a property of money. Usage tracking: free calls record stats.
A modern iPadOS Tollbooth Pricing Studio guides the economic analyst in constructing, saving, and deploying various tool-pricing Campaigns.
V. Tollbooth Don't Pester Your Customer tactics
- No MCP OAuth2 for identity — Nostr keypairs replace it (OAuth2 used only for the secondary REST providers if they require that for their APIs)
-
No
.envsecrets — onlyTOLLBOOTH_NOSTR_OPERATOR_NSEC; everything else via Secure Courier - No bearer tokens — DPoP is session-bound and replay-protected
- No ambient authority — proof requires conscious human action
- No KYC — identity is only a Nostr keypair and there is no PII exchanged with banks
VI. Trade-offs
Key management is the patron’s responsibility. Relay availability is probabilistic. Proof duration is a knob (2h default, 24h cap). These are features, not bugs.
VII. References
For more wisdom, consult the prior art that makes Tollbooth-DPYC secure.
- Schneier, Applied Cryptography, 2nd ed. Wiley, 1996.
- BIP-340: Schnorr Signatures for secp256k1.
- NIP-04/44/17: Nostr encryption specifications.
- RFC 9449: OAuth 2.0 DPoP. RFC 7539: ChaCha20-Poly1305. RFC 5869: HKDF.
- NIST SP 800-38D: AES-GCM.
- Saltzer & Schroeder, 1975: Protection of Information in Computer Systems.
- Schnorr, 1991: Efficient Signature Generation by Smart Cards.
Tollbooth-DPYC™ is open source under Apache 2.0. tollbooth-dpyc · dpyc-community