No Passwords, No OAuth, No Problem: How Tollbooth-DPYC™ offers security with Nostr Primitives

No Passwords, No OAuth, No Problem: How Tollbooth-DPYC™ offers security with Nostr Primitives

A discussion on achieving confidentiality, integrity, and availability for API monetization — without a single username, password, or OAuth dance.


Problems in API Security, Today

Almost all API monetization platforms use the same tactics: email signup, password hash, OAuth2 authorization code flow, bearer tokens, refresh tokens, token revocation endpoints, and a prayer that nobody leaks the .env file into git.

Tollbooth-DPYC is the welcome exception.

Tollbooth-DPYC offers an innovative, low-friction, approach. Identity is simply a cryptographic keypair. Authentication is a simple Schnorr signature. Credential exchange occurs with end-to-end bidirectional encryption over a decentralized relay network

There are no usernames, no passwords, no OAuth dances, and no plaintext secrets on disk.

(Now, Tollbooth-DPYC MCPs do support REST API that require OAuth2 protocol;s - it is just that Tollbooth-DPYC itself does not use them. With Tollbooth-DPYC, entrepreneurs absolutely can and do wrap legacy REST APIs that use JWT bearer auth or OAuth2 authorization code grants.)


I. Confidentiality

“No one sees what isn’t theirs to see.”

1. Identity Without Disclosure

In Tollbooth, you (a patron) need only supply your chosen keypair — nsec (private) and npub (public) on secp256k1. No email, no username, no phone number. Identity by possession, not assertion. Use as many as you like.

2. Secure Courier: Credential Exchange Without Plaintext

Credentials flow through NIP-44v2 encrypted Nostr DMs (ECDH + HKDF + ChaCha20-Poly1305 + HMAC-SHA256). The relay sees only ciphertext. Anti-replay poison slugs, NIP-09 deletion after pickup, and human-in-the-loop — the patron must consciously reply. Each receive_* call destructively drains all DMs.

3. Vault Encryption at Rest (AES-256-GCM with AAD)

Credentials, patron balances, tranche details, usage history are encrypted with AES-256-GCM, keyed via HKDF from the operator’s nsec. Vault encryption supports Associated Authenticated Data (AAD) — ciphertext is bound to its vault key, preventing cross-entry substitution.

4. Per-Operator Neon Schema Isolation

Each operator’s data lives in unique namespace op_{SHA256(npub)[:16]}, owned by a per-operator LOGIN role. Authority DML revoked. public schema is empty — every actor has its own namespace. Three layers: role isolation, VaultCipher, and forklift retention.


II. Integrity

“No one changes what isn’t theirs to change.”

1. Schnorr Signatures (BIP-340)

Every identity assertion is a Schnorr signature on a kind-27235 Nostr event. No Certificate Authority, no CRL, no OCSP — just math.

2. Authority Certificates (kind-30079)

Operators prove Authority permission via Schnorr-signed certificates. JTI anti-replay (10-minute TTL) + NIP-40 expiration tags.

3. Demonstrated Proof of Possession (DPoP)

MCP tool calls are associated with a specific communication channel proof of npub possession: the key is {session_id}:{npub}. Patron-chosen duration (2h default, 24h cap) via cache_duration in the proof DM. parse_duration() accepts natural language. Replay protection: consumed event IDs tracked for 60s. Bech32 checksum validation on resolve_npub().

4. OAuth2 Collector Encryption

Access codes for OAuth2 access token requests are encrypted with AES-256-GCM (random IV, key = SHA-256(state)). Cached access codes have a 10-minute TTL, single-use delete-on-retrieval. A utility web-service tollbooth-oauth2-collector bridges the HTTP GET of standard OAuth2 redirect_uri callbacks to the HTTP POST-only nature of MCP services.


III. Availability

“The system works when you need it.”

1. No Central Identity Provider

Decentralized Nostr relay network with rotation. There is no single authorization server.

2. Vault-First Credential Restore

Cold-starting MCPs check encrypted Neon vault before relay I/O. Bounded by Neon SLA, not by relay uptime.

3. Cold Start Inline Retry

Pricing resolver: 3 attempts, 2s backoff. First paid call takes seconds but succeeds. Free tools are always available during warm-up.

4. Lightning Micropayments

Bitcoin Lightning — no Stripe, no PayPal, no KYC, no chargebacks. The payment processor in Tollbooth-DPYC is, today, the very effective open-source BTCPay Server. However, the choice of "cashier" is a modular option and other payment processors could be chosen by specific Operators (you, the entrepreneur).


IV. The Constraint Pipeline

Composable pricing rules evaluated at billing time in debit_or_deny.Built-in: Happy Hour (with recurrence: never/weekly/biweekly/monthly/annually), Free Trial, Surge, Temporal Window, Loyalty Discount, Coupon, Patron Proof. Scoping: per-tool (tool_ids) and per-patron (patron_npubs, max 10). TrancheLifetime: credit expiration as a property of money. Usage tracking: free calls record stats.

A modern iPadOS Tollbooth Pricing Studio guides the economic analyst in constructing, saving, and deploying various tool-pricing Campaigns.


V. Tollbooth Don't Pester Your Customer tactics

  • No MCP OAuth2 for identity — Nostr keypairs replace it (OAuth2 used only for the secondary REST providers if they require that for their APIs)
  • No .env secrets — only TOLLBOOTH_NOSTR_OPERATOR_NSEC; everything else via Secure Courier
  • No bearer tokens — DPoP is session-bound and replay-protected
  • No ambient authority — proof requires conscious human action
  • No KYC — identity is only a Nostr keypair and there is no PII exchanged with banks

VI. Trade-offs

Key management is the patron’s responsibility. Relay availability is probabilistic. Proof duration is a knob (2h default, 24h cap). These are features, not bugs.


VII. References

For more wisdom, consult the prior art that makes Tollbooth-DPYC secure.

  1. Schneier, Applied Cryptography, 2nd ed. Wiley, 1996.
  2. BIP-340: Schnorr Signatures for secp256k1.
  3. NIP-04/44/17: Nostr encryption specifications.
  4. RFC 9449: OAuth 2.0 DPoP. RFC 7539: ChaCha20-Poly1305. RFC 5869: HKDF.
  5. NIST SP 800-38D: AES-GCM.
  6. Saltzer & Schroeder, 1975: Protection of Information in Computer Systems.
  7. Schnorr, 1991: Efficient Signature Generation by Smart Cards.

Tollbooth-DPYC™ is open source under Apache 2.0. tollbooth-dpyc · dpyc-community

Return to Collection