An experimental MLS-based encrypted messaging protocol with a verifiable, fully-public relay.
Alpha software. This project is in early development. Its security guarantees have not been vetted or audited by any third party. Do not rely on it for messages where privacy is critical.
The server is an authenticated message relay — it accepts, stores, and serves encrypted blobs, but never interprets them. The database is fully public. Anyone can read it; security comes entirely from cryptography.
An S3-compatible view of the production database, streamed via Litestream, is available at pub-79c66fa976db448ca884c6210813aa1a.r2.dev.
- MLS group encryption — all messages use Messaging Layer Security (RFC 9420) for group encryption
- Seed phrase identity — a 12-word BIP-39 mnemonic derives all keys (SLIP-10 / Ed25519), providing human-readable backup and multiple identity support
- Public verifiability — the server has no confidentiality or integrity privilege; anyone with a copy of the database can verify every write independently
- Bounded retention — messages carry a client-signed
expires_at; the server deletes expired data automatically, but local copies are permanent
Requires Rust (nightly).
git clone https://github.com/rictorlome/mum.git
cd mum
cargo build --release
cp target/release/mum /usr/local/bin/The recommended way to use mum is the interactive TUI:
mum client tuiThis launches a terminal interface that walks you through identity creation, contact exchange, and messaging.
For scripting or one-off commands, the CLI is also available:
mum client init # generate a seed phrase and signing key
mum client status # show identity, groups, and contactsBy default the client connects to https://mum-server.fly.dev/rpc. To use a local server:
mum server --migrate # start a local relay
mum client --server http://127.0.0.1:8080/rpc initcargo test --lib # unit tests (pure logic across all modules)
cargo test --test integration # integration tests (in-process client–server scenarios)
cargo test # bothThe specs/ directory contains TLA+ specifications that model-check core protocol invariants (message safety, HLC causality, epoch transitions). See the spec files for details on running TLC.