author: Nathan Acks
date: 2022-07-24

Notes for the final day of A New HOPE.

(4th Track) Matrix

The Matrix project requires spec changes to be presented along with a working implementation. The non-profit Matrix Foundation stewards the specification.

Rooms can be grouped in a hierarchical fashion using “spaces”. Spaces can include highlighted/recommended rooms, and can be restricted by invite, user, server, or domain.

What’s coming next:

There seem to be hints here that the EU directive to force chat interoperability may result in broader Matrix support. (Whether this is because there’s already discussions, or because Matrix is the most advanced federated messaging spec right now, is unclear…)

The Synapse server is considered “legacy” at this point; Dendrite is the future, though it’s not ready for prime-time yet.

Matrix uses a double-ratchet protocol modeled after Signal. For P2P Matrix, there’s a (planned?) capability to allow clients approved by a user to exchange encryption keys. Keys can optionally be stored on a server using password-based or public key encryption.

Apparently the different versions of Element don’t share any code currently, though there’s a move to break out client functionality into a Rust library that will be shared (at least on mobile/desktop; not clear how this works for the web). There’s a lot of work focusing on mobile right now.


Electronic Warfare on a Budget of $15, or So

The ideal antenna for catching a particular radio frequency has a length equal to the wavelength of that frequency. The next best length is ½ the wavelength, then ¼ the wavelength, then ⅛ the wavelength, and so on.

Remember that lower frequencies have lower maximum data rates, since you’re limited to at most one bit per cycle. ELF and ULF transmissions have maximum data transmission rates measured in baud.

Unidirectional jamming is energy-prohibitive, so most jamming is directional. But the source of directional jamming can be detected using directional antennae, which is obviously is useful for targeting attacks.

A general approach to avoid both jamming and hide transmissions is frequency hopping. The general approach here is similar to data encryption (which should also be used) with a pre-shared key, where the “ciphertext” is not ones-and-zeros, but rather the “base” frequency of the radio transmission.

It’s possible to use the GPIO pins on a Raspberry Pi as an SDR. But be careful — without a band-pass filter, it’s really easy to run afoul of the law / FCC regulations.

Two versions of Postel’s Law (the “robustness principle”):

Be conservative in what you do, be liberal in what you accept from others.

Or, in radio:

Be conservative in what you send, be liberal in what you accept.


Programming in Zero Knowledge

At a high level, zero knowledge proofs (ZKPs) involve a “prover” and a “verifier”. Both parties know a function F and a public input x, but only the prover knows a witness value w. The function satisfies F(x, w) = 1; the idea here is that the prover needs to convince the verifier that it knows w satisfying this without disclosing this value.

ZKPs are central to a variety of contexts — things like Zcash, but also things like TPMs and distributed protocols (Bluesky uses ZKPs on the back end). These are not actually a new thing — ZKPs originated in the 1980s.

A “succinct” ZKP can be verified in polynomial time. Succinct ZKPs are important for supporting low-power devices.


Parts of a ZKP:

An example of recursion in the accumulation scheme is the Mina blockchain, which embeds the proof of correctness for the previous block within the proof of correctness of the current block. (This means that once you’ve verified the proof for the current block, you’ve automatically verified the entire chain’s state.)

The key here is that we’re not actually doing a logical proof, but rather a probabilistic proof — a set of conditions that, if satisfied, make it incredibly unlikely (but not technically impossible) that the witness value hasn’t been verified.

PLONKish Arithmetisation

This is constructed almost like an electrical circuit, where each gate takes two inputs, adds or multiplies them, and then sends an output to the next gate.

PLONK requires that each gate satisfies the following condition:

Ax + By + Cz + Dxy = 0

A – D are pre-chosen, while x – z are the values we’re verifying. This can be decomposed into a series of “custom” gates representing addition, multiplication, and boolean truth/false:

A (x + y - z) + B w (xy - z) + C w² (x² - x) = 0

There are two types of “wires” connecting the gates — wires that represent witness values, and wires with values fixed by the overall system.

This is all done over some finite field.

Circuits can be represented as tables, where each column can be represented as Lagrange interpolation polynomial. Circuits can get quite large — some circuits in Zcash are up to 2²⁵ rows. Circuits can be divided into regions, which are composed of logically related gates that don’t depend on I/O from other regions.


Circuits need to be linear; things like hash functions are possible in this context, but expensive. To get around this, UltraPLONK implements pre-computed lookup tables.

Lookup tables can be thought of as a generalization of permutations — instead of enforcing equality, we simply enforce inclusion in a set.


Five Dollar Cyber Weapons and How to Use Them

Apparently Chrome-based web browsers support serial connections over HTTP, and some microcontrollers (like Arduinos) can be flashed this way.

CircuitPython can be used on microcontrollers. After flashing the appropriate firmware, the microcontroller will appear as a USB mass storage device that Python scripts can just be written to.

MicroPython is an older project than CircuitPython that is not nearly as easy to use and has a lack of (recent) documentation, but supports a much wider range of boards.

Be aware that some of the ultra-cheap microcontrollers (for example, the Attiny85) are so cheap that they won’t always have evenly-spaced USB traces — while they might look like they’d work in a normal USB port, they won’t.

Taking a step up to something like the Atmega32u4 will vastly improve your experience, if just because of the manufacturing process is more reliable.

The ESP8266 has a lot of features (including USB and Wi-Fi) and seems to be the Swiss army knife of microcontrollers. Lots of projects for this. However, there’s not enough memory to store entire wireless packets, which limits its ability to attack targets (though some interception attacks are possible, and surveillance is eminently feasible).

Interesting idea: Wi-Fi network passwords are presented as hashes, and these can be harvested and then cracked offline using fake access points.

An ESP32 is a bit more capable than the ESP8266 (among other things, it has enough memory to actually grab full Wi-Fi packets); however, it does not support CircuitPython.

The ESP32cam contains a camera and can do facial recognition!!!

The ESP32s2 is the most recent version of the ESP32 and is better in almost every way… Except that the manufacturer removed the ability to send arbitrary Wi-Fi packets, so attack potential is limited.

The ESP32c6 is a really new microcontroller with a 32-bit RISC-V microprocessor! It’s so new that there’s not a lot of developer support… Yet.


Seize the Means of Computation: How Interoperability Can Take the Internet Back From Big Tech

Cory Doctorow is advocating for a Fediverse-like approach to moderation, where communities/individuals have the power to moderate themselves as they see fit. Doctorow is open that such an approach will be fragmented and will still allow offensive speech to persist, but believes that overall such a system will be better at moderating the content that is actually problematic for that community within that community. (I personally reached the same conclusion a few years ago — I have no idea when Doctorow came to think this — but do think that this framing profoundly calls into question the viability/wisdom of the very idea that a “global community” is possible… Or even desirable.)

Interesting idea (attributed to Lawerence Lessig): There are four overlapping forms of governance — (computer) code, law, (social) norms, and markets.


A New HOPE Closing Ceremonies

HOPE attendees only used ~600 Mbps of bandwidth at peak. (I wonder if this had to do with coverage. For example, I wan’t able to reliably connect to Wi-Fi in the workshop rooms; I didn’t try elsewhere, however, as I didn’t have a strong use case for networking outside of the workshops this year.)

There were just over 900 conference attendees this year. It’s implied that overall ticket sales were lower this year than for past HOPEs, but it sounds like there may have been a number of folks who bought tickets and then didn’t show up…