Fact 1 :
In one-on-one chat mode, the Signal protocol does not require an additional message (regardless of what it is called, to the relay it's just a note) to operate the DH ratchet and achieve backward secrecy of messages.
Fact 2:
MLS protocol requires such a message (regardless of what it is called, to the relay it's just a note) to update the ratchet tree to achieve backward secrecy of messages.
Our opinion:
We believe this is a key difference, especially from the relay's perspective, as Signal is more efficient in one-on-one chat mode.
Signal protocol is designed ofor one-on-one chats, whereas the MLS protocol is designed for large-scale group chats.
Ok. We’ll just have to agree to disagree.
Do you all have a spec or draft NIP about what events you’re using and how they’re structured?
🤝
The reason we emphasize the additional message in MLS is because we use postage to solve spam issues, so an extra message means users have to pay for an extra stamp.
The MLS protocol is very complex, and we need a lot of time to understand it; we haven’t started working on MLS groups yet. Next week, Keychat will support both small and medium groups. Perhaps the medium group will eventually be replaced by a large group based on MLS. Much of what we are doing now is experimental, since Keychat hasn’t been added to the app stores yet, and we can continue to experiment.
If you’re asking about the spec for Keychat’s one-on-one chats, we haven’t written it yet. However, the code has already been open-sourced. Regarding one-on-one messages, we want to emphasize that although the nostr protocol and Signal protocol use different encryption suites, when we encrypt messages using the Signal protocol, we do not alter any encryption suites.”