Avatar
Sirius 1y ago

Halp me understand double ratchet. What's the advantage over just periodically generating new keys and doing DH between them? Would be fairly simple to do on Nostr. Even if your main private key was stolen, your message history would be safe.

In addition to DH keys, double ratchet also has individual "message keys" and "sending/receiving chain keys". In what real-life scenario would they be compromised without also compromising all past messages on device?

https://signal.org/docs/specifications/doubleratchet/

Reply to this note

Please Login to reply.

Discussion

Avatar
Sjors Provoost 1y ago

For the latter: if you delete your chat history, but your messages were incepted in flight, you want to ensure the keys that are still on your can't decrypt them.

Not sure about the first question.

In general it's better to stick to a well studied protocol than to make ad hoc adjustments to it.

cc nostr:npub1vadcfln4ugt2h9ruwsuwu5vu5am4xaka7pw6m7axy79aqyhp6u5q9knuu7

Avatar
waxwing 1y ago

Definitely not my area but after a bit of reading it seems like this blog post does a really good job of explaining the pretty complex reasoning behind the double ratchet (used to be 'axolotl') setup:

https://signal.org/blog/advanced-ratcheting/

It seems like they're trying to address the difficulties of *asynchronous* messaging (users often offline for a while), as well as both forward and 'backwards' secrecy.

Avatar
Keychat 1y ago

The advantage of the double ratchet is in the automated operation of the symmetric ratchet and the DH ratchet. However, "just periodically generating new keys" still involves how to generate and exchange new keys.

Moreover, implementing the double ratchet algorithm on Nostr would not be more difficult.

Avatar
Vitor Pamplona 1y ago

We already 'discarded" double ratchet for not adding much on top of nip 17. Now, the focus is on MLS because of the need for large group chats.

Avatar
Niel Liesmons 1y ago

Been having the same question.

This thread is convincing me even more that MLS is a centralizing force that creates more honeypots and bad UX than it gives solutions.

People keep underestimating the simplicity of Keys and Relays.

da
Rand 1y ago

t-y 4 thread