-
Notifications
You must be signed in to change notification settings - Fork 0
Whitepaper
Melvin Carvalho
The traditional web application model relies heavily on centralized servers for data storage and user authentication, creating single points of failure and privacy concerns. We propose Sandymount, a decentralized web application framework built on the Nostr protocol that enables client-side applications to operate without centralized servers while maintaining data persistence and user identity. By leveraging cryptographic key pairs for authentication and distributed storage through the NosDAV protocol, Sandymount provides a foundation for privacy-preserving, censorship-resistant web applications that put users in control of their data.
The World Wide Web has evolved from a simple document sharing system to a complex ecosystem of interactive applications. However, the fundamental client-server architecture has remained largely unchanged, with most applications requiring centralized servers to store user data and manage authentication. This centralization creates vulnerabilities including single points of failure, censorship vectors, and privacy concerns as user data is aggregated on third-party servers.
Sandymount introduces a new paradigm for web applications by leveraging the Nostr protocol (Notes and Other Stuff Transmitted by Relays) to create truly decentralized applications. In this model, applications run entirely in the browser, with data storage distributed across the network and authentication handled through cryptographic key pairs rather than username/password combinations stored on central servers.
At the core of Sandymount is the use of public-private key cryptography for user identity. Each user generates a secp256k1 key pair:
- The private key is kept secret and used to sign data
- The public key serves as the user's identity across applications
This approach eliminates the need for centralized identity providers and password databases, reducing security risks and privacy concerns.
// Example of key generation in Sandymount
async function generateKeyPair() {
const privateKey = secp256k1.utils.randomPrivateKey();
const publicKey = secp256k1.schnorr.getPublicKey(privateKey);
return {
privateKey: secp256k1.utils.bytesToHex(privateKey),
publicKey: secp256k1.utils.bytesToHex(publicKey)
};
}Authentication in Sandymount is performed through cryptographic signatures rather than password verification. When a user needs to authenticate to store or retrieve data, they sign a challenge with their private key. The signature can be verified using their public key, proving their identity without revealing their private key.
// Authentication flow in Sandymount
async function signEvent(event, privateKey) {
const eventString = JSON.stringify([
0,
event.pubkey,
event.created_at,
event.kind,
event.tags,
event.content
]);
const eventBytes = new TextEncoder().encode(eventString);
const eventHash = await secp256k1.utils.sha256(eventBytes);
const signatureBytes = await secp256k1.schnorr.sign(eventHash, privateKey);
return secp256k1.utils.bytesToHex(signatureBytes);
}Sandymount uses the NosDAV protocol for decentralized storage. NosDAV extends the WebDAV protocol with Nostr authentication, allowing users to store and retrieve data using their cryptographic identity.
// Example of storing data with NosDAV
async function storeData(url, data, privateKey) {
const event = {
kind: 27235,
created_at: Math.floor(Date.now() / 1000),
tags: [['u', url]],
content: ''
};
const pubkey = secp256k1.utils.bytesToHex(
secp256k1.schnorr.getPublicKey(privateKey)
);
event.pubkey = pubkey;
const signedEvent = await signEventWithPrivkey(event, privateKey);
const auth = `Nostr ${btoa(JSON.stringify(signedEvent))}`;
return fetch(url, {
method: 'PUT',
headers: {
'Content-Type': 'application/json',
'Authorization': auth
},
body: JSON.stringify(data)
});
}To organize different types of data, Sandymount implements a type registration system. Applications can register data types and their storage locations in a user's public type index:
[
{
"type": "TypeRegistration",
"forClass": "BookmarkCollection",
"instance": "/public/bookmark/bookmark.json"
},
{
"type": "TypeRegistration",
"forClass": "TodoCollection",
"instance": "/public/todo/todo.json"
}
]This allows applications to discover and use the appropriate storage locations for different data types.
Sandymount applications run entirely in the browser, with no server-side code required for core functionality. This approach offers several advantages:
- Reduced infrastructure costs
- Improved privacy as data processing happens locally
- Resilience against server outages
- Censorship resistance
The framework provides a set of components and utilities for building applications, including:
- Authentication management
- Storage interfaces
- UI components
- Data synchronization
While Sandymount applications can operate without centralized servers, they can still leverage traditional web infrastructure when available. This progressive enhancement approach allows applications to:
- Fall back to local storage when network connectivity is unavailable
- Use CDNs for static assets
- Integrate with existing web services through APIs
Sandymount includes several reference applications that demonstrate its capabilities:
A decentralized bookmark manager that allows users to save and organize web links. Bookmarks are stored using NosDAV and can be accessed from any device.
// Saving a bookmark
const bookmark = {
id: Date.now(),
title: "Example Website",
url: "https://example.com",
category: "Development",
createdAt: new Date().toISOString(),
"@type": "Bookmark"
};
await storeData(getBookmarksUrl(), [...existingBookmarks, bookmark], privateKey);A task management application that stores tasks in a decentralized manner. Users can create, update, and complete tasks, with all data stored using their cryptographic identity.
A collaborative document editor that uses Markdown for formatting. Documents are stored using NosDAV and can be shared with other users.
A mind mapping tool that allows users to create and organize ideas visually. Mind maps are stored as JSON structures and can include links to other resources.
The security of Sandymount applications depends on proper key management. Private keys must be kept secure, as they provide complete access to a user's data. The framework provides several options for key storage:
- Browser-based storage (localStorage)
- Extension-based key management
- Hardware wallet integration
To ensure data integrity, Sandymount applications sign all data before storage. This allows verification that data has not been tampered with and was created by the claimed author.
While Sandymount improves privacy by reducing centralized data collection, users should be aware that public keys are visible in the network. Applications should implement appropriate access controls to protect sensitive data.
Improving synchronization between multiple devices using the same identity is an area for future development. This includes conflict resolution strategies and efficient delta synchronization.
Enhancing offline capabilities through service workers and background synchronization will improve the user experience in environments with intermittent connectivity.
Expanding the framework to support social interactions between users, including sharing, commenting, and collaborative editing.
Optimizing data storage and retrieval for larger datasets, including pagination, indexing, and caching strategies.
Sandymount represents a significant shift in web application architecture, moving from centralized server-based models to decentralized client-side applications. By leveraging cryptographic identity and distributed storage through the Nostr protocol, it enables a new generation of applications that respect user privacy and resist censorship.
The framework provides the building blocks for developers to create applications that put users in control of their data while maintaining the rich functionality expected of modern web applications. As the ecosystem grows, we anticipate a flourishing of innovative applications that operate outside the traditional client-server paradigm.
- Nostr Protocol: https://github.com/nostr-protocol/nostr
- WebDAV - RFC 4918: https://tools.ietf.org/html/rfc4918
- Schnorr Signatures - BIP 340: https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
- secp256k1: https://en.bitcoin.it/wiki/Secp256k1
- Solid Project: https://solidproject.org/
- Nakamoto, S. (2008). Bitcoin: A Peer-to-Peer Electronic Cash System.