White Noise has requested that Least Authority perform a review of the Marmot Protocol and conduct security audits of both MDK and White Noise in three phases. Marmot combines the MLS (Messaging Layer Service) Protocol with Nostr’s decentralized network to provide private group messaging without relying on centralized servers or legacy identity systems. MDK is the Marmot Development Kit. White Noise is the Rust backend of their Flutter application, and the whitenoise crate uses the MDK library to implement all components required for a messenger application. This review focuses on the Marmot Protocol Specification and aims to provide best-practice recommendations, which may not fully account for the specific characteristics and nuances of the underlying subprotocols and subsystems.
Our summary report was completed on November 7, 2025.
To read the full report, including our findings, click here: