__ __ _ ____ _ ___ __ _ _ __ ___ __ _____ | \ / | | / _| _ _ ___| |_/ _ \ / _` | '__/ _ \ \ \ /\ / / _ \ | V | | \_ (_ | | | |/ _ \ __\// / | (_| | | | __/ \ V V / __/ | |\_/| | |____) \ | |_| | __/ |_ \/ \__,_|_| \___| \_/\_/ \___| |_| |_|____|____/ \__, |\___|\__| () |___/
Messaging Layer Security (MLS) is an (almost) IETF standard for end-to-end encryption in messaging systems. We are investigating bringing MLS to Matrix. So far we have basic encryption and decryption working and can handle membership changes.
Latest demo video: group updates
Previous demo videos:
In most cases, MLS has better performance in large groups than Olm/Megolm. The graph below shows a comparison¹ between some MLS and Olm/Megolm operations.
The graph gives a simplified comparison, but gives an idea of their relative performance. In most cases, MLS is faster than Olm/Megolm. But one case in which MLS can be much slower when adding a large number of users to a group at a time. It is expected that this would not be a common occurrence.
However, integrating MLS into Matrix is not a simple task. One of the biggest hurdles is that MLS assumes that epochs (essentially, the state of an MLS tree in between updates to the tree) have a linear ordering. However, Matrix being a decentralised system with no central authority, it is difficult to enforce a linear ordering. Thus we must either determine a way to do so, or work around this limitation.
In addition, we need to investigate how other Matrix features, such as key backups, interact with MLS.
(tasks are not necessarily in order)
- ✅ create trial implementation of MLS
- ✅ investigate non-decentralised MLS on Matrix
- ✅ investigate and test strategies for decentralised MLS
- ✅ investigate backfilling commit messages
- ✅ performance comparison between (non-decentralised) MLS and Olm/Megolm
- ✅ investigate suitability of OpenMLS (Rust implementation of MLS) as a base for decentralised MLS
- ✅ create a library for decentralised MLS: matrix-dmls
- ⏳ proof of concept implementation in a client (Element Web) ⚠️ This implementation does not persist state, so if you reload the page, you will lose data. Only use with test accounts.
- ⏳ investigate and implement external commits (ability to send an encrypted message before a current member has added you to the MLS tree)
- ☐ investigate decryption of historical messages
- re-decryption of old messages
- key sharing
- key backup
- ☐ integrate decentralised MLS into Rust crypto crate
- ☐ write bindings for other languages
- ☐ fully support MLS in clients
- ☐ write and finalise MSCs for MLS over Matrix
- ☐ write MLS implementation guide for clients
- MSC2883: Matrix-flavoured MLS - (preliminary) description of how to do MLS over Matrix
- Decentralised MLS - an investigation into avoiding the requirement for a linear ordering of MLS epochs
- 🎞️ Demo videos
- 🧑💻 Implementations
- matrix-dmls - Rust library for decentralised MLS in Matrix
- Proof of concept implementation in Element ⚠️ This implementation does not persist state, so if you reload the page, you will lose data. Only use with test accounts.
¹ code for running the comparison is at https://gitlab.matrix.org/uhoreg/mls-comparison. More details on how the comparison was run is at https://gitlab.matrix.org/uhoreg/mls-comparison/-/wikis/home.
c430043 - (2023-05-02) also link to rust lib in implementations
c94bf44 - (2023-05-02) also link to first demo video in top, and add a section heading
15ff4a8 - (2023-05-02) add new demo video and mark external commits as in-progress
d2de8cc - (2023-05-01) Update last updated date
e686ca8 - (2023-05-01) Checkout full repo history
d449c6e - (2023-05-01) Add newline before commit log
a436430 - (2023-05-01) Fix commit log links
0ef051b - (2023-05-01) Create jekyll-gh-pages.yml
4109fa1 - (2023-04-20) more status update
7cbeced - (2023-04-20) update status, include demo
0f0bb93 - (2023-03-30) update status
187c520 - (2023-01-31) change colours to be clearer
9c6e48c - (2022-11-17) add links and more tasks
bbf94eb - (2022-11-17) kick logo.png
899500a - (2022-11-17) use right logo