draft optional author:vishalxl author:soplwang
This NIP defines new event kinds for encrypted group chat using Matrix's Megolm group ratchet algorithm.
It reserves 4 event kinds (104 and 140-142) for immediate use and 7 event kinds (143-149) for future use.
104 - used to communicate the Megolm session data140 - create encrypted channel141 - change channel metadata including participants142 - send encrypted messageThe Megolm ratchet is intended for encrypted messaging applications where there may be a large number of recipients of each message, thus precluding the use of peer-to-peer encryption systems such as used in kind 4.
It also allows a recipient to decrypt received messages multiple times. For instance, in client/server applications, a copy of the ciphertext can be stored on the (untrusted) server, while the client need only store the session keys.
Each participant in a conversation uses their own outbound session for encrypting messages. A session consists of a ratchet and an Ed25519 keypair.
Secrecy is provided by the ratchet, which can be wound forwards but not backwards, and is used to derive a distinct message key for each message.
Authenticity is provided via Ed25519 signatures.
The value of the ratchet, and the public part of the Ed25519 key, are shared with other participants in the conversation via secure peer-to-peer channels. Provided that peer-to-peer channel provides authenticity of the messages to the participants and deniability of the messages to third parties, the Megolm session will inherit those properties.
Create an Encrypted chat channel.
In the channel creation content field, the Client SHOULD include basic channel metadata (name, about and picture).
content MUST be equal to the base64-encoded, aes-256-cbc encrypted json string of channel's metadata, encrypted using Megolm group ratchet algorithm; by a unique/new Megolm session. The format is as follows: