keychat on Nostr: The latest version of Keychat uses OpenMLS to implement large group chat. Please note ...
The latest version of Keychat uses OpenMLS to implement large group chat.
Please note that MLS large group chat is still in its early testing phase, and we will continue to develop and refine it. OpenMLS is also in its early stages.
If you're interested in learning about the MLS protocol, the note below might be helpful.
https://github.com/keychat-io/keychat-app/releases
Please note that MLS large group chat is still in its early testing phase, and we will continue to develop and refine it. OpenMLS is also in its early stages.
If you're interested in learning about the MLS protocol, the note below might be helpful.
https://github.com/keychat-io/keychat-app/releases
quoting note1h9f…gejsOver the past few weeks, we have been learning and testing the MLS protocol and have gained a deeper understanding of it. Below is a note providing a general description of the MLS protocol.
The MLS group members (A, B, C, D, E, F, G, H) form the leaf nodes of a binary tree as shown below. Each member has a pair of public and private keys.
For member A, they use their private key  and member B’s public key  to perform an ECDH computation. For member B, they use their private key  and member A’s public key  to perform an ECDH computation.
Both compute the same value. This value becomes the private key of Node3, and from this, the public key of Node3 can also be derived.
Similarly, other members perform their respective ECDH computations.
Moreover, nodes higher in the tree also perform their respective ECDH computations up to the Root. Node3 and Node4 compute the private key of Node1 through ECDH, while Node5 and Node6 compute the private key of Node2. Node1 and Node2 compute the private key of the Root through ECDH.
The private key of the Root is the shared key among the MLS group members. Each member uses this shared key along with their respective related keys to derive their message encryption key.
The most important feature of this key tree is that child nodes know the private keys of their parent nodes.
—————————————————
If member A suspects their key has been compromised, they need to update their key.
Member A generates a new key pair  (public key and private key) locally and recalculates the keys for Node3’, Node1’, and Root’.
Then, A encrypts the public keys of Node3’ and Node1’ using the old public keys of Node3 and Node1, respectively, and sends them to all group members.
When member H receives and decrypts the message, they obtain the public key of Node1’ and, combined with the private key of Node2, perform an ECDH computation to calculate the new private key of Root’.
Other members perform similar operations. As a result, all members successfully update the key tree.
The advantage of the MLS protocol is that when a member updates their key, the complexity of updating the key tree is reduced to O(logN).
Imagine if there were no binary tree. When A updates their key, they would need to update the message one-to-one for each group member, resulting in a complexity of O(N).
However, if member B’s key is compromised, member A updating their key cannot rescue member B. Each member’s update key operation can only protect themselves, not all members.
note1guz…mq8y