Cobbled together with Clanker Claude over a few weekends, based on work I was doing on the RAPTOR project for automated vulnerability finding. Based on the CHEESECLOTH by Cueller et al. from USENIX '23 - https://www.usenix.org/conference/usenixsecurity23/presentat...
With a lot of disclosure chatter going around like it's 2000-and-great, perhaps we can utilise the cryptography of ZKPs and tlock cryptography to disclose bugs; I can prove the bug works in a zkVM, without anyone knowing the details of the exploit except those who have the keys. Then you can timelock it to reveal after disclosure period, or not... your choice. Either way, we can assess the risk and determine important facts about an exploit without ever diclosing it until required.
Aim - to upgrade the conversation around disclosure. It's the future, let's act like we have more options.
I'm actually very impressed how many people are now playing with Zero Knowledge on HN... I put this out a week ago, and have seen many more popping up. Amazing!
So two parts to a reply - first is, you don't need the encryption per se, but you can add that in the case that you give it some key and then it's encrypted. I don't see the value unless you're using this to generate frames for a video, which isn't current functionality but totally doable.
Second part, Charlie Bennet said "the only entropy source is one you can trust" and the best entropy source is quantum fluctuations, so we built a fully open source phase diffusion QRNG at Quantum Village and released it. Link: https://github.com/QuantumVillage/EntropyLoop
There is a toggle where you can show what chunks have been received. This is also where the 'show specific chunk' function comes in... the receiver can see "oh, I'm only missing chunk 125, so just show me that" etc. etc.
This seems to get impressive results cross compiling models from torch (with vollo-torch) into FPGA friendly formats. Speedups look quite impressive...
Single page file transfer using QR Codes and a browser. Sending device loads a file into the page, gets chunked. Receiver gets all the chunks through a camera, tosses lightly and reassembles, CRC to garnish. Designed to push data from an old phone that had broken comms after it took a swimming lesson in a coffee mug, it's been quite handy.
Not OP, but I'm guessing by running the code on itself, i.e. turning the code into a QR code (or a series of them), then scanning those QR codes on the phone and reassembling them using a text-editing app on the phone.
Okei, I tested yours and it works. I would change one thing: You could start receiving chunks at any point. I had total chunk amount and chunk order in every chunk, so you can start receiving at any point.
With a lot of disclosure chatter going around like it's 2000-and-great, perhaps we can utilise the cryptography of ZKPs and tlock cryptography to disclose bugs; I can prove the bug works in a zkVM, without anyone knowing the details of the exploit except those who have the keys. Then you can timelock it to reveal after disclosure period, or not... your choice. Either way, we can assess the risk and determine important facts about an exploit without ever diclosing it until required.
Aim - to upgrade the conversation around disclosure. It's the future, let's act like we have more options.
reply