Why not work with nostr:nprofile1qyfhwumn8ghj7ur4wfcxcetsv9njuetn9uqsuamnwvaz7tmwdaejumr0dshsz9nhwden5te0v4jx2m3wdehhxarj9ekxzmny9uq3wamnwvaz7tmjv4kxz7fwwpexjmtpdshxuet59uq3samnwvaz7tmwdaehgu3wvekhgtnhd9azucnf0ghsqgqh88vn0hyvp3ehp238tpvn3sgeufwyrakygxjaxnrd8pgruvfkaulgaw42 on MLS via nip 104?
I'm at Bitcoin Amsterdam, but spent half the day finishing some Signal-style double ratchet messaging.
Deployed an experimental version on https://iris.to. You can create chat invite links and give them to friends via QR or other messaging. The UI is still lacking and glitchy, but just had to demo at the conference.
The chats cannot be publicly linked to either participant, and even if your main Nostr key is revealed, the content and existence of past messages stays hidden.
Also published npm package nostr-double-ratchet 0.0.1: https://www.npmjs.com/package/nostr-double-ratchet
It's not actually double ratchet yet, but the single ratchet already achieves forward and backward secrecy.
The second ratchet would help secure the latest consecutive messages by same author, in case a message key for the most recent of their messages is compromised. That makes disappearing messages or manually deleted messages more secure. I guess we'll have to do it so we can say "Signal-level security".
This is obviously not tested or audited yet, but probably it's not worse than normal Nostr DMs 😅
You can take a look at the source code, but I'll write a better technical description later. It's using existing Nostr cryptography + some key derivation stuff. Chat invites use gift wrap -like arrangement addressed to the inviter's temporary session key. https://github.com/mmalmi/nostr-double-ratchet
Discussion
Agreed. As a decentralized organism, I dont feel like we have the luxury of waste.
Double ratchet is simple to implement and works well for 1-on-1 chats. MLS is better for groups. In case the MLS is also good for 1-on-1, happy to change.
Came here to say this. 🤝