I agree we need real private messages and groups.
I’ve looked at lots of ways to do this and I believe this is most promising.
https://p2panda.org/specification/encryption
We’ll need to figure out how for clients to store a set of keys for the groups they’re in. We can do it by encrypting a key collection in an event for the client itself.
MLS is a pretty well thought out of way of doing encrypted groups. In particular p2panda has found a way to do it in a decentralized architecture where the servers simply are dumb data stores like exists with nostr.
From the notes:
Private groups with Sender Ratchet Secrets
Ephemeral AEAD secrets, derived from MLS Secret Tree of current group epoch, used on a per-message base, gives Forward Secrecy (FS) and Post-Compromise Security (PCS).
Advantages:
* Provides strong security for any size of group, even very large groups
* Every message is encrypted with an individual key, attackers will not be able to read past data or future data when a key got compromised
Disadvantages:
* Members joining a group later will not be able to decrypt past data
* Clients have to store decrypted messages somewhere on their end as keys get useless soon
rabble
npub1wm…jg240
2023-05-13 09:59:04
in reply to nevent1q…c8lh
Author Public Key
npub1wmr34t36fy03m8hvgl96zl3znndyzyaqhwmwdtshwmtkg03fetaqhjg240Published at
2023-05-13 09:59:04Event JSON
{
"id": "0100216c54cac22b3be887463b0f6f734607f064a7f23b74871c1cde2ee15bc2",
"pubkey": "76c71aae3a491f1d9eec47cba17e229cda4113a0bbb6e6ae1776d7643e29cafa",
"created_at": 1683971944,
"kind": 1,
"tags": [
[
"e",
"751a3622501d953286b0b1ba0de56e7c9fcc202dc4bf505c25f0aa81aabd8a7e"
],
[
"e",
"700afe97a5833a796cc6e4c4d35d4ebd5ea4569bc7268f3fbbbaaef734498cda"
],
[
"p",
"c1fc7771f5fa418fd3ac49221a18f19b42ccb7a663da8f04cbbf6c08c80d20b1"
],
[
"p",
"ecad7a30a24bd09fd0f009e38e5b5f81e41d43e36d7f353edb0a6c2272fd87f4"
]
],
"content": "I agree we need real private messages and groups. \n\nI’ve looked at lots of ways to do this and I believe this is most promising. \n\nhttps://p2panda.org/specification/encryption\n\nWe’ll need to figure out how for clients to store a set of keys for the groups they’re in. We can do it by encrypting a key collection in an event for the client itself. \n\nMLS is a pretty well thought out of way of doing encrypted groups. In particular p2panda has found a way to do it in a decentralized architecture where the servers simply are dumb data stores like exists with nostr. \n\nFrom the notes: \n\nPrivate groups with Sender Ratchet Secrets\n\nEphemeral AEAD secrets, derived from MLS Secret Tree of current group epoch, used on a per-message base, gives Forward Secrecy (FS) and Post-Compromise Security (PCS).\n\nAdvantages:\n\n* Provides strong security for any size of group, even very large groups\n* Every message is encrypted with an individual key, attackers will not be able to read past data or future data when a key got compromised\n\nDisadvantages:\n\n* Members joining a group later will not be able to decrypt past data\n* Clients have to store decrypted messages somewhere on their end as keys get useless soon",
"sig": "99f1ebc7bcf9464afeaf8442b7794d0a56c3209767d5ee606de95e334528959d1c2d0908f325becb7e5a6b5eb49d6dafbb53734d8dc1065b353e5b51f4862728"
}