For group messages we need encrypted messages to decrypt to something (probably a new protobuf type?) that contains sender, signature, and content, where content is encoded Content protobuf, sender is a Session ID, and signature is an XEd25519 signature*.
(* sort of -- official XEd25519 has a reliance on a random value to make the signature, but since we have full ed keys we can make that EdDSA-style deterministic and do a negation, if necessary, so that we can always verify with the positive of the two possible X->Ed pubkeys).
For group messages we need encrypted messages to decrypt to something (probably a new protobuf type?) that contains sender, signature, and content, where
content
is encodedContent
protobuf,sender
is a Session ID, andsignature
is an XEd25519 signature*.(* sort of -- official XEd25519 has a reliance on a random value to make the signature, but since we have full ed keys we can make that EdDSA-style deterministic and do a negation, if necessary, so that we can always verify with the positive of the two possible X->Ed pubkeys).