Yo. Sorry but as I understand it nostr DM are already encrypted right ? So what are we talking about here, hiding metadas thes kind of things ?
Thanks
E2EE DMs are coming to Nostr 🔒
After being nerd sniped by hearing nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8 mention OTR for the millionth time on the Bitcoin Review podcast, I spent the last few weeks digging into OTR, the Signal protocol, and a grab-bag of other cryptography.
The end result is that I (am pretty sure at least) that I found a way to do E2EE (end-to-end encrypted) DMs on Nostr in a way that is both forward and post-compromise secure AND doesn't require any centralized servers.
Demo video: https://share.cleanshot.com/nMKk6cn0
Live demo app: https://drdm-demo.vercel.app
And finally, the NIP (for those of you with bikes in need of a shed): https://github.com/nostr-protocol/nips/pull/1206
Huge thanks to nostr:npub1klkk3vrzme455yh9rl2jshq7rc8dpegj3ndf82c3ks2sk40dxt7qulx3vt and nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft for the chats while I worked out the details.
Discussion
Yes. But there are varying levels of encryption and metadata protection.
NIP-04 encrypts the content in a fairly naive way and does nothing to hide metadata.
NIP-44 encrypts the content in a much more robust way but does nothing to hide metadata.
NIP-59 is about "gift-wrapping" events, which uses nip-44 encryption but also hides metadata by nesting the real events in other events.
NIP-17 combines NIP-44 and NIP-59 to get encrypted DMs that hide most metadata but don't give you any forward or post-compromise secrecy (meaning, if you lose your keys, the attacker can decrypt all your past and future messages).
NIP-104 (double ratchet) Uses a format very similar to NIP-17 but a completely different encryption scheme that uses two independent key derivation functions (ratchets) to generate encryption keys and give forward and post-compromise secrecy.
TBH, you can use any of them based on your use case. I think we've been building towards double ratchet for a while though. You also hear the double-ratchet scheme referred to as E2EE (end-to-end encrypted).
