Amethyst's new DM model will allow users to backup their outgoing DMs to a separate Nostr pubkey. If somebody gets access to the main key, they won't be able to find or even count your outgoing messages.
That will create a new class of micro apps to manage DM backup and recovery.
To recover DMs, the backup client re-signs all past messages to a new key your main client just created. If you have two or three clients, you can use 2-3 DM keys. The backup client can keep forwarding your own backed-up DMs to 2-3 other keys so that all clients can sync and see the same messages.
There are lots of interesting features of this model. The most important one is that when re-signing, the date/time of the original message doesn't need to be shown. The backup client re-signs everything as of today.
The public doesn't know these are DMs and doesn't even know if the public date is relevant or not.
Want to know more? Here: https://github.com/vitorpamplona/nips/blob/sealed-dms/24.md
Another cool feature of this system is that you don't need to trust the counter party or the group you are talking with. They cannot expose your messages without significantly exposing themselves (leaking their main account's private key).
In many other proposals, all an unsatisfied person has to do is to expose the conversation's shared secret and boom, everyone can see and verify your messages. And they can leak that secret anonymously, without any damage to themselves.
👀
Awesome!
But it's still clear that the receiver got a message, just not who the sender is, right?
How does the disappearing messages work?
Disappearing is for your outgoing messages only. Just don't send the Gift wrap to yourself and you won't be able to recover your messages.
Thanks.
This scheme does NOT have forwarded Secrecy of the receiver, right?
I guess there is forward Secrecy for the sender due to the ephemeral key of the gift wrap. But the receiver has only a single long term static key.
And as soon as your backup scheme is used, there is no forward secrecy anymore anyhow.
Is that true? I was hoping the link between the keys remained offline. The secrecy would only break if the attacker got the main key and the backup key.
Ah, so the main key does a gift wrap to send the backup to a new pubkey, thats why the relationship between these two keys is private?
And thus even if the main key leaks, the backup keys are not known.
And if you need to access the backups just giftwrap them with yet another key so that they backup key never leaves the backup client.
Yep, the main key doesn't have any gift wrap to recover from.
It's clear the receiver got something encrypted. It might not be a message (it could be a private zap) and it might not be from the day.
