[foresto]

> this is pretty much what Matrix does, if I understand correctly.

I think it has senders encrypt messages with each room member's public key, rather than a single shared key. (At least, that's what the behavior I've seen suggests to me.)

Here's the spec, in case you want to comb through it:

https://spec.matrix.org/v1.11/client-server-api/#end-to-end-...

[kitkat_new]

> When creating a Megolm session in a room, clients must share the corresponding session key using Olm with the intended recipients, so that they can decrypt future messages encrypted using this session. An m.room_key event is used to do this. Clients must also handle m.room_key events sent by other devices in order to decrypt their messages.

https://spec.matrix.org/v1.11/client-server-api/#mmegolmv1ae...

OLM is the public key encryption scheme, similar to the Signal Protocol. It is used to exchange room_key messages, but not the room messages itself.

MEGOLM as linked in the specification: https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/me...