Why Nostr? What is Njump?
2024-09-04 07:36:25

BlackCoffee on Nostr: Praise JeffG. This is hard work that he's doing on MLS but vital for bringing private ...

Praise JeffG. This is hard work that he's doing on MLS but vital for bringing private DMs and group chat to Nostr.

This is the fifth in a series of weekly updates detailing progress on bringing MLS protocol DMs and group messaging to Nostr.

Previous Updates

Progress this week

I’m back from a few weeks of family holiday this week and feeling super productive. The major news this week is that I’ve posted the draft NIP to the NIPs repository for how to implement MLS messaging on Nostr. I’ve gotten feedback on the doc from several other Nostr devs but I’m absolutely looking for more feedback from the community.

I’ve also made progress on the dependencies that I was working on before my holidays. Info below.

The NIP

I won’t review the entire proposed NIP here but I wanted to call out one tradeoff that I thought hard about.

In my original proposal, which only supported one-to-one direct messages, all messages between the two parties were sent as NIP-59 gift-wrapped events. This helps to hide metadata but it creates problems of it’s own. Notably, it’s very possible to DDoS Nostr clients with meaningless gift-wrap events since clients must decrypt and unwrap each event to even understand if it’s something that is important to them.

Aside from those problems, gift-wrapping messages to an entire group would be very impractical. It would require the client sending a message to individually gift-wrap the message individually to all other participants in a group.

The tradeoff I’ve come up with is to use a public event, kind:445, tagged with the group ID, so that all participants in the group can easily query for messages from each of the groups that they are a part of. The content field of these event is encrypted using the MLS ratchet keys and thus is only able to be decrypted by members of the group. These events are published using an ephemeral key so that the number and identity of the group members is obfuscated.

This means that observers have a relative idea of the level of activity in a given group but don’t know exactly how many or who is in the group. In addition, it’s easy within the MLS spec to rotate the group ID over time.

Would love to hear thoughts on how people feel about that tradeoff.

HPKE-RS

My PR to add support for secp256k1 is stuck because of bad test vectors for the secp256k1 curve. I’ve been working on generating new vectors that will be usable by other HPKE implementations as well. Huge thanks to @dan for the help on this.

OpenMLS & Ciphersuites

As mentioned in the previous updated, I’ve spoken with the OpenMLS team about how to better support custom ciphersuites. I’ve started to work on the expansive refactor in OpenMLS to make this possible but it’s going to take a while.

One major decision that has come from this is that I’ve decided that the NIP will not require a single custom ciphersuite (built around Schnorr signatures on the secp256k1 curve). Instead, clients can decide which ciphersuites they want to support and are able to implement this NIP immediately with the current OpenMLS version.

I will continue to work on refactoring the OpenMLS library to ensure that it supports custom ciphersuites and to build a custom Crypto Provider focused on the Nostr crypto primitives and I expect that, long-term, many Nostr clients will prefer to support only that ciphersuite to reduce the dependency surface area of their apps.

Onward and Upward

LFG! 🤙 Please take a moment and send me feedback and thoughts on the above and especially on the NIP if you’re a developer.

Author Public Key
npub1dqepr0g4t3ahvnjtnxazvws4rkqjpxl854n29wcew8wph0fmw90qlsmmgt