Replying to Avatar Sirius

What attack does the symmetric ratchet protect from? If your device is compromised, your message history will be revealed anyway.

Maybe it would help in the case when you locally delete earlier messages in a chain ("disappearing messages" or otherwise) but they're still on relays.

Maybe I answered my own question, but is there something else besides this?

Why not more difficult? Implementing DH + symmetric ratchet is more complexity than just DH.
Avatar
Sirius 1y ago

Deriving a single-use public key for signing each Nostr event would have the advantage of messages not being linked to any other message or user, though.

Reply to this note

Please Login to reply.

Discussion

Avatar
Keychat 1y ago

Correct, the sending address (which also signs the messages) can be random.