Marmot is a protocol for end-to-end encrypted group messaging on Nostr. It combines Nostr’s identity and relay network with MLS for group key management, forward secrecy, and post-compromise security.

How It Works

Marmot uses Nostr for identity, relay transport, and event distribution, then layers MLS on top for group membership changes and message encryption. Unlike NIP-17, which focuses on one-to-one messaging, Marmot is built for groups where members join, leave, or rotate keys over time.

Why It Matters

MLS gives Marmot properties that Nostr’s direct-message schemes do not provide on their own: group state evolution, member removal semantics, and recovery after compromise through later key updates.

That division of labor is the useful insight. Nostr solves identity and transport in an open network. MLS solves authenticated group key agreement. Marmot is the glue layer between them.

Implementation Status

The protocol remains experimental, but it now has multiple implementations and active application use. MDK is the main Rust reference stack, marmot-ts brings the model to TypeScript, and applications such as White Noise, Pika, and Vector have been using Marmot-compatible components.

Recent work has focused on hardening and interop. Audit-driven fixes landed in early 2026, and MIP-03 introduced deterministic commit resolution so clients can converge when concurrent group state changes race across relays.

Primary sources:

Mentioned in:

See also: