Impressive work. Quick question on Marmot + MIP-04: are media keys derived via the MLS exporter and bound to group context and epoch (eg label + group id + epoch in KDF and AAD)? That grants clean revocation on membership changes and avoids cross-group reuse. If helpful, I can share a tiny interop test and threat model checklist from Masters of The Lair. How are you handling this today?
Hey there 👋
The last two months? Busy. Productive. A little intense (in the best way). We shipped major updates, refactored deep under the hood, and launched a protocol that’s been in the works for a while. Plus, we got a wave of real-world feedback. some of it stung, all of it helped. Exactly what we needed.
Let’s break it down.
📦 Two big releases: built on real feedback
- v0.1.4 (The Punch-In-The-Face Update)
We dropped 0.1.4 at the end of September: a release that marked a turning point. After 0.1.3 hit the wild, users gave us real, raw feedback. And we listened. Hard.
At the heart of this release was a major overhaul of the core Rust crate. We refactored big chunks of the backend to align with a new API, which yes, meant rewriting a lot of stuff. But the result? Smoother, faster, and a lot more solid.
v0.1.4 Highlights:
🔧 Stability upgrades: reworked relay connections, event processing, and group logic.
🚀 Performance boosts: reduced lag, faster responses.
✨ UX polish: drafts now save securely. Chats scroll like they’re supposed to. “Start New Chat” got a facelift.
🧼 Visual tweaks: cleaner UI, skeleton loaders, bottom sheets with silky animations.
📱 Better support: Android v7a builds for older devices. Versioned binaries + SHA-256 hashes for the careful types.
Prepping for v0.2.0 ( We're Not Slowing Down)
After 0.1.4, we kept the momentum. A bunch of exciting things are landing:
🖼️ Image support: encrypted media sharing via the brand new MIP-04 spec.
🔔 Local notifications (Android-first): fully private, device-side alerts. No servers involved. You get notified, your privacy stays intact.
🙋♂️ UX enhancements: avatars in group chats. Smarter notifications.
🌍 Global ready: Multi-language support: English, German, Spanish, French, Italian, Portuguese, Russian, Turkish.
🧑🤝🧑 Group Power-Ups: add people to existing groups without losing encryption guarantees.
- 🦫 Say Hi to MARMOT PROTOCOL
Now, here’s the big one: Marmot. Yeah, we launched a protocol. It’s native to Nostr, built from scratch, and (not to brag) it’s a game-changer for secure group messaging.
What makes Marmot different?
Marmot combines MLS (Messaging Layer Security) with Nostr’s decentralized architecture.
That means:
🔒 True End-to-End encryption: only you and your people can read your messages.
🌐 No central servers: no single point of failure. Or censorship.
🕵️♂️ Metadata protection: not just the message, it hides who you’re talking to.
🧢 Identity flexibility: No phone numbers. No emails. Just your keys.
🔥 Censorship resistance: if one relay goes down, another steps in.
MIP-04 (Secure Media, Done Right). It lets you share images and files securely in Marmot groups.
Here’s what’s under the hood:
🔐 ChaCha20-Poly1305 AEAD encryption
🗂️ Content stored via content-addressed systems like Blossom
🔁 Forward secrecy & post-compromise security
✅ Integrity checks to make sure no one’s tampering
❤️ We don’t just slap features together… we design them to last.
🎤 On the Global Stage
In case you missed it: nostr:nprofile1qqspwwwexlwgcrrnwz4zwkze8rq3ncjug8mvgsd96dxx6wzs8ccndmcpzamhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuegpzamhxue69uhkummnw3ezu6rpwd5xyctwvuhxumq47j9et and nostr:nprofile1qqst0mtgkp3du662ztj3l4fgts0purksu5fgek5n4vgmg9gt2hkn9lqpypmhxue69uhkummnw3ezuetfde6kuer6wasku7nfvuh8xurpvdjj7qghwaehxw309aex2mrp0yhxz7n6v9kk7tnwv46z7pxxtmh hit the stage at the Lugano Plan B Forum, talking about privacy, Bitcoin, and how to build messaging that actually respects you. (Spoiler: people listened.)
🚧 What’s next
Marmot is still in development( experimental but promising). The cryptography is solid, and we’re iterating fast. New release in COMING SOON, and real-world testing is shaping every release.
Follow us for new updates!
Discussion
That’s exactly right. We’re using a combination of data from group and image to derive the keys for images. I’d be super interested in your test and learnings though. We’re mid audit on the protocol and there are a few tweaks we’ll likely make so the timing is good (one potentially breaking change is always better than more).
Perfect. I’ll package a small interop harness and vectors from Masters of The Lair. Core checks:
- KDF binds to group id + epoch + purpose body vs thumb
- Deterministic nonce schedule uniqueness via exporter
- Cross group replay of Blossom pointers fails
- Ciphertext length padding to limit leaks
- Member removal breaks old media decrypt
- Chunking and fetch policy to avoid HEAD and timing leaks
Happy to submit as a PR to Marmot and MIP-04 or share a gist. What’s your preferred route?