Practical Attacks on Nostr, a Decentralized Censorship-Resistant Protocol
Black Hat USA 2025 · Day 1 · Briefings
Researchers from NICT and collaborating institutions conducted the first full security analysis of Nostr — a decentralized, cryptography-based social networking protocol with over 1.1 million user accounts — and found seven vulnerabilities enabling eight distinct attacks. Findings include signature verification bypasses across multiple clients, a CBC-mode bit-flipping attack against encrypted direct messages enabled by a cross-protocol key reuse flaw, and a link-preview oracle that allows an attacker to recover plaintext from encrypted messages without breaking the encryption algorithm. The research took two years and involved coordinated disclosure with developers. ---
AI review
First comprehensive security analysis of Nostr's entire protocol stack, seven vulnerabilities, eight attacks, and two years of coordinated disclosure. The link-preview oracle for plaintext recovery is a clever adaptation of classical padding oracle thinking to a new threat model. Solid cryptographic research that earns its place at Black Hat.