Keychat's avatar
Keychat 6 days ago
Keychat’s one-to-one messages and small-group messages are encrypted using the Signal protocol, while large-group messages are encrypted using the MLS protocol. Marmot (WhiteNoise), on the other hand, encrypts all messages—both one-to-one and group messages—using MLS. It’s worth emphasizing that for one-to-one messaging, the Signal protocol is more efficient (and therefore more secure), because the new public key needed to advance the DH ratchet (which provides post-compromise security) is carried in the header of normal messages, without requiring extra messages to transmit a new public key. In Keychat, as long as the two parties exchange messages back and forth, the DH ratchet advances automatically. By contrast, if MLS is used to encrypt one-to-one chats, advancing the ratchet responsible for post-compromise security is less efficient and requires separate messages to transmit new keys. This is largely because MLS was designed with large-group messaging as its primary use case. MLS is built for large groups; one-to-one support is a byproduct rather than an optimization target.
↑ Parent

Replies (1)

Default avatar
npub1gm7t...8rf6 6 days ago
Thanks! That sounds a lot more complicated. So in Keychat when you add a third person to the chat, you switch from Signal chat to Signal group chat and when the tenth joins you switch to MLS? That also looks a bit complicated and spicy to implement without surprises for the users especially if each tier works slightly different. If MLS does work for 10000 users, it surely does for 2 or not? How consistent are these groups on a non-consistent protocol like nostr?
2 replies ↓