looking forward to DMs no longer being a pariah use case for this protocol
E2EE DMs are coming to Nostr 🔒
After being nerd sniped by hearing nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 mention OTR for the millionth time on the Bitcoin Review podcast, I spent the last few weeks digging into OTR, the Signal protocol, and a grab-bag of other cryptography.
The end result is that I (am pretty sure at least) that I found a way to do E2EE (end-to-end encrypted) DMs on Nostr in a way that is both forward and post-compromise secure AND doesn't require any centralized servers.
Demo video: https://share.cleanshot.com/nMKk6cn0
Live demo app: https://drdm-demo.vercel.app
And finally, the NIP (for those of you with bikes in need of a shed): https://github.com/nostr-protocol/nips/pull/1206
Huge thanks to nostr:npub1klkk3vrzme455yh9rl2jshq7rc8dpegj3ndf82c3ks2sk40dxt7qulx3vt and nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft for the chats while I worked out the details.
Discussion
still need to have NIP-42 tho goddammit!!!!!!!
What do you mean? Do you not like Nip-42 for some reason?
the opposite! stil-waiting-skeleton.jpg meme on nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr adding it, also nostr:npub16c0nh3dnadzqpm76uctf5hqhe2lny344zsmpm6feee9p5rdxaa9q586nvr both of them have said they will get it done but are not putting it on priority
Ahh right. Yeah, this should be another kick to get clients to add it.
yeah, i am gonna be stoked to see this get done
also, if there isn't already someone building a #golang implementation i know my way around ECDH, have a reasonable grasp of double ratchet and did plenty of fun stuff with multi-layered encryption in my previous work last year with indranet
indranet is only on hiatus tho... we hit up against a serious scaling problem with the routing that it needs to be possible for clients to create routes that nodes along the path may not know about... just here's the damn IP send it goddammit... not possible with the straight libp2p i built off... so i need to build a better p2p DHT scheme, simpler, probably, something more like bitcoin's p2p than bittorrent maybe