JeffG on Nostr: Yes, but there are two levels to be aware of there is the ratchet tree keys which ...
Yes, but there are two levels to be aware of there is the ratchet tree keys which only get rotated when there is a commit message on the group. There are also the secret tree keys, which are used to derive the keys that actually encrypt individual messages.
The ratchet tree is only rotated when there is a commit message that changes the state of the group overall.
The secrets tree is used to create individual message keys, which are only used for a single message and then thrown away.
And there are actually other secrets that are derived from the main ratchet tree too, we're using one of these for the NIP-44 encryption of the kind: 445 events we send to relays.
So - depending on which key material is leaked, the FS or PCS is more or less impacted. But I really like this multi-layer system because it also provides a cryptographic guarantee that everyone in the group has exactly the same state and authenticates every member of the group constantly.
The ratchet tree is only rotated when there is a commit message that changes the state of the group overall.
The secrets tree is used to create individual message keys, which are only used for a single message and then thrown away.
And there are actually other secrets that are derived from the main ratchet tree too, we're using one of these for the NIP-44 encryption of the kind: 445 events we send to relays.
So - depending on which key material is leaked, the FS or PCS is more or less impacted. But I really like this multi-layer system because it also provides a cryptographic guarantee that everyone in the group has exactly the same state and authenticates every member of the group constantly.