Oddbean new post about login | logout The advantage of the double ratchet is in the automated operation of the symmetric ratchet and the DH ratchet. However, "just periodically generating new keys" still involves how to generate and exchange new keys. Moreover, implementing the double ratchet algorithm on Nostr would not be more difficult.
What attack does the symmetric ratchet protect from? If your device is compromised, your message history will be revealed anyway.
Maybe it would help in the case when you locally delete earlier messages in a chain ("disappearing messages" or otherwise) but they're still on relays.
Maybe I answered my own question, but is there something else besides this?
Why not more difficult? Implementing DH + symmetric ratchet is more complexity than just DH. Deriving a single-use public key for signing each Nostr event would have the advantage of messages not being linked to any other message or user, though.
For the second question, your answer is correct. The encryption keys derived from the double ratchet are deleted once used, and users can set to automatically delete messages that have been read. Therefore, a hacker can only access the most recent messages and cannot retrieve past messages. When I said that deploying the double ratchet wouldn't be more difficult, I meant that we can directly reuse the open-source code, libsignal. If one party in a chat sends multiple messages in succession, the symmetric ratchet will come into play. Moreover, the double ratchet algorithm maximizes the use of the DH ratchet, with the DH ratchet turning each time the chatting parties reply to each other, instead of changing the DH at set intervals.