Cameron Robertson, Founder of Arx
21 March 2024Summary
My guest today is Cameron Robertson, founder of Arx.
Arx is an NFC chip with a ECDSA private key.
On this episode, Cameron and I dive into the devices and protocols at the intersection of NFC and blockchain. We discuss tamper resistance, signing APIs, and the interaction patterns available in today's mobile device ecosystem.
It was great learning more about Arx from Cameron. This episode was recorded in person at EthDenver. I hope you enjoy the show.
As always, this show is provided as entertainment and does not constitute legal, financial, or tax advice or any form of endorsement or suggestion. Crypto has risks and you alone are responsible for doing your research and making your own decisions.
Links
Transcript
Nicholas: Welcome to Web3 Galaxy Brain. My name is Nicholas. Each week I sit down with some of the brightest people building Web3 to talk about what they're working on right now. My guest today is Cameron Robertson, founder of ARX. ARX is an NFC chip with an ECDSA private key inside. On this episode, Cameron and I dive into the devices and protocols at the intersection of NFC and blockchain. We discuss tamper resistance, signing APIs, and the interaction patterns available in today's mobile device ecosystem. It was great learning more about ARX from Cameron. This episode was recorded in person at ETH Denver. I hope you enjoy the show. As always, this show is provided as entertainment and does not constitute legal, financial, or tax advice or any form of endorsement or suggestion. Crypto has risks and you alone are responsible for doing your research and making your own decisions. Cameron, thanks for coming and hanging out with me to talk about ARX. Is it pronounced ARX?
Cameron Robertson: It is ARX. Yep. Latin for fortress.
Nicholas: Latin for fortress. Yeah. So I guess from a technical perspective, maybe that's the best place to start, what can an ARX chip do? Yeah.
Cameron Robertson: So an ARX chip, it looks like a little NFC tag. We've got a few here in front of us. So it looks like a little NFC tag, but in fact, it's way more powerful. It can sign messages. So it can do everything that MetaMask or Rainbow Wallet can do as a wallet. And it's much more powerful as a result. It has this full asymmetric cryptographic capability.
Nicholas: And so what, on a technical? And so it's a private key inside of a physical object? Right. NFC scannable. I guess, which signature curve does it use, for example?
Cameron Robertson: So, today, we support K1, SecP-256K1. And we're going to be very shortly, in all of our chipskills, supporting Baby JubJub, which is cool.
Nicholas: What's the advantage of that?
Cameron Robertson: The advantage of Baby JubJub is that it is much more efficient to use in the zero knowledge context. Okay. So in circuits and stuff, you have way less computation. computation required to resolve a baby jub jub signature to verify one as opposed to a k1.
Nicholas: okay and yeah. so like what? what i guess? what's the bill of materials of an arcs chip? what's inside? what's inside of it?
Cameron Robertson: actually yeah. so previously we used to make uh like back in the day we used to make like actual little circuit boards and we had um a totally separate isolated secure element that was off the shelf and actually those were p256 which okay um we were very early doing p256 on a ethereum and it was extremely gas intensive. but in 2019 that didn't really matter um and that had. then there was a separate little nfc front end chip which would power the whole circuit and then there was actually a third microcontroller which would like uh arbitrate the messages over. i squared c bus between the two chips and so that was. that was our first iteration of circuit and you had a lot of challenges because you you powering the thing up was really tricky. you had to hold your phone precisely for three to five seconds to generate a signature so long. and so then we found we moved on to a different class of secure element chip which um is really cool because the nfc silicon is co-located with all of the cryptographic processing capabilities. and so it's all on this tiny little single chip and you just need to hook up a single antenna wire and uh you you don't even use a traditional circuit board process. it's called an inlay process. you compress the chip between two pieces of plastic with the antenna and boom voila you have you know the fully functional tag.
Nicholas: okay very cool okay. so so repeat to me back now the second version has what components? it's just the nfc and everything co-located right right.
Cameron Robertson: so the the second version the silicon um includes different ip cores and so it has an nfc ip core. it has the cryptographic processors and a little bit of general compute um so they're all co-located single piece of silicon. and then it basically has two pin outs um and the two pin outs connect the antenna uh and then the whole package is just uh compressed between a couple pieces of plastic. and so that's an inlay manufacturing process. normally with circuit boards you have um what's called like a pcba printed circuit board and that is an inlay process. um it's a it's a low temperature process where they're just kind of gluing them together sandwiching them together.
Nicholas: wow so they're. but they're not soldered. even these components.
Cameron Robertson: no soldering no it's all compression based. wow that's very.
Nicholas: i guess it's natural to be so precise but it's interesting that you can achieve it. that kind of precision without even the physical connection is just force exerted from the outside right right and there's.
Cameron Robertson: there's a lot of benefits. so one thing i should note is our tag. so normal nfc tags you can wear a little bit later this year but our current tags are rigid and that's on purpose because it gives you a lot of strength. so normally with um a pcb. uh you can do flex pcbs but you start to like break down the components and the solder starts to come off if you add too much flex with these we eliminate the flex um and they're just really tightly bonded. and the cool thing is since it's fully sealed you can put it through water and wash cycles and dry and stuff like that does that also? it helps with tamper resistance of the chip itself. so if someone wants to go and like decap the chip and stuff you get a little added benefits. um in traditional chip world i guess if you if you want to hide your chips you'll put them under this sort of uh epoxy blob. they call it a conformal coating. in our world you have to like get the plastic off and then you have to scrape the chip off and then you attach a bunch of tiny wires to it and try to start hacking the chip. so it does give you a little bit of tamper resistance there but it doesn't really help in terms of like pulling the chip off of the thing you've put it on to. that's a little bit of a little bit of out of scope so you can. that's usually where our customers will figure out how to attach the chip to something.
Nicholas: okay okay i see i see like a t-shirt or something or a physical object that you're kind of embedding. uh but okay. so i'm curious. i guess the reason that it might be important to be tamper resistant is that you want the private key to be really stuck in this object. you don't want someone to be able to exfiltrate the pk and then reproduce it or delocate you know decolocate it from the physical object that it's embedded.
Cameron Robertson: yeah there's exactly. so there's two those two things. the the first thing you mentioned is like getting the private key out of the chip which is very very bad and the second one is getting the chip off the thing which is again slightly out of scope. it can be very bad depending on how you've used it. um so if you're using a chip on i don't know something that's never had a chip before. we always describe the use case of like air jordans from the 90s. they have value inherent in of themselves. you attach a chip to it. cool that chip doesn't add value to it. but if you make a new have a chip in it uh. and then someone rips it off and it doesn't have a chip later on that thing is lost value because the chip is gone. so we like to delineate between the two because i think there's certain cases where chips are really good and there's other cases where it's like. well no matter how you really try to attach this to a 40 year old sneaker like someone will probably figure out a way to get it off there.
Nicholas: but for example you could embed it directly in like the plastic when you're molding the thing or something such that it's really you would destroy the object too to get it out again.
Cameron Robertson: yeah um i think there's ways to do that exactly. so there's different kinds of epoxies you could use. you have to be really careful though depth wise. so if you put the chip too far under something then the read range gets really right of course. um so plastic you can go under like let's just say a millimeter of it and be okay. um you can use all sorts of there's uh like uv cure epoxies which are really tough. um you could put like a void label under it. so even if you pry it off then you like create all sorts of different stuff. but yeah i would say we the solving the problem of not getting the chip off. i think you can make it really difficult but like in everything in crypto it's like there's. it's always the cost of hacking something not the impossibility of it right.
Nicholas: and i guess i think what you say holds true in my mind that if the physical object came with a chip and a key if you remove the chip from the object if you imagine uh two you know one chip removed from its object and one object coherent with its chip it seems more from. it seems more interesting to have the original object rather than just harvested chip right.
Cameron Robertson: um but we do think a lot about people like then at the next level trying to get the keys off. so we have we have actually on our next gen chips like we've paid for a hardware audit and they went really low level and they they do all these crazy things with side channel analysis which is really cool. so you're looking at like em frequencies coming off of the chip and you're trying to listen for the chip to like accidentally do some cryptographic process where then you can derive the key from it. there's a lot of chips that have no side channel protections uh and so they can do signing really fast for instance so they can create a signature very rapidly but it's because then it's all just basically beamed out via em radiation. uh. and so in this case uh the chips we use like it's you know it has pretty good protections against that sort of thing. you know putting a dollar figure on those i don't know i mean it probably means that you can you can safely store approaching six figures. um and it depends on the context like obviously a chip that i have on me say like a card in my wallet is going to be a lot safer than a chip attached to some. you know figurine which might be resold on ebay multiple times.
Nicholas: what would the difference be?
Cameron Robertson: one of them becomes more like a bearer instrument like it's getting passed from person to person right. therefore there's more chance that someone has been able to do something malicious to it.
Nicholas: like for example there's a i don't know figurine with a sculpture with a chip in it. i create a fake sculpture and extract the keys and put those fake keys also in the second.
Cameron Robertson: exactly right yeah. and so this is fine. this is actually where we got started super early on as we made. our first example was a cash note the idea we put a chip on a physical piece of cash. um and the whole idea was that is the that is the ultimate test of silicon in the world. um if you have this thing that is truly floating from person to person the security of that chip has to be really really good because there's a lot of chances for someone to try and you know decap the chip and duplicate the private key.
Nicholas: that's true. i mean the cash is this is con cash. this is a con cash right and so sort of prior iteration of the project. and con cash just out of curiosity the same technology the first iteration of the the chip or the second iteration that you described earlier.
Cameron Robertson: um so con cash was the first iteration.
Nicholas: so p256 uh curve nfc right how would i use the cat? or like you don't really want to sign away the cash. the cash has to stay in the physical note right.
Cameron Robertson: yeah it was. um it was a really interesting that was more art project and theoretical than actual product. okay speculative and the whole the whole concept was um there's a lot there's actually a lot of problems with it. so like how do you know a cash note is loaded versus unloaded and so you can always scan the note and verify. so that's the cool thing. you can challenge it and say like does this private key have a course money value or does the public key course when the private key have value on chain and so you can authenticate that system has value? um but the really cool thing is is like the. the interesting thing about cash is you can spend it and just by looking at it you have a reasonable confidence like this. twenty dollar bill is a reasonable confidence like this twenty dollar bill is a real twenty dollar bill. um we did. we did a ton of research on like the psychology of cash and history cash. and so with the con cash notes the reason why we create our own token was because we could actually lock up the entire supply on the cash notes for a period of time. okay so there's no other supply uh that anyone could get except via the cash notes. and so you can scan the note and verify on the smart contract that the tokens were locked for the first three years of the life of the note and no one could pull them off. um and so anytime you saw a con cash note for the first three years you had a like a strong a really pretty good guarantee that that was backed by the token like it's almost like a voucher for a vesting token. yeah right right except in this case the it was just an unlocked switch. so like all the token was available for anyone to pull off after three years and so then you couldn't really trust notes at that point unless you also first tapped commerce which no one used them in commerce.
Nicholas: it was all theoretical right right but a cool project nonetheless and also an interesting experiment at this because i feel a lot of the early experiments with this kind of thing are going to be sort of artistic or speculative. yeah it's hard to find really solid. i mean eventually they'll be very obvious. and integrated industry we were talking about it earlier and thinking about in the supply chain or something like that to be sure that you got received your your package um right or other kinds of applications where the integrity of the i guess i guess it will depend on where industry finds that there are situations where people are falsifying
Cameron Robertson: the
Nicholas: presence of an object in a certain location because it does seem because it is a physical object that is has a provable identity. and i do want to come back to the tamper resistance stuff. yeah eventually but it's. it means that it has a kind of location um element to it. that seems to become important. it's not just a digital artifact on a blockchain it's a physical location.
Cameron Robertson: least the tag. yeah there's there's actually a. yeah i mean there's a lot of really interesting stuff to unwrap there. i think there's a lot of questions around the value of the thing that you're putting a chip on like. uh not every package is valuable enough to put a chip on. i would argue. i mean maybe at some point the chips are so low cost that every single thing has it. but like your amazon package that's delivering your robo's tea or something like probably not worth doing that. although there was um there was someone at the eth global hackathon in istanbul and they built a decentralized package delivery where you can. they inverted it. they they said the person who's delivering the package. they'll like scan in at a location and prove that they picked up the package and then scan out at the delivery point. um which is of course presuming there's chips in all these locations that you can scan it out of. but it was a really interesting idea of like. then you could have any person be a delivery person and they can like stake some token and then go pick up packages and drop them off and get paid some of that decentralized like trustlessness maybe leaking out of the physical world. yeah yeah and it was. it was a really interesting approach. i think it's all a rabbit hole. i think you can get pretty good guarantees of like. i put this chip here and people scanned it. if there's some consensus around what here is and that that occurred. and that's where actually it's funny. we were. we were just in a conversation this morning with um with foam and you start to bring in the idea of decentralized location and that's where you couple the two together and get really powerful results of saying like okay there's there's really strong consensus that this location is this location. and now someone saw a chip and they also got like a proof of location um signature from foam and like those two things together start to be really interesting.
Nicholas: so we talked about the bill materials. um what like? how do you talk to an arcs chip? yeah as a developer i guess or right right so everything happens via nfc.
Cameron Robertson: we like simplify the interfaces and stuff. um we you know we could do secure elements that are like something they put on the circuit board and people have asked us for that. but realistically like just getting the concept of the line. nfc is a great interface because it's on all our smartphones.
Nicholas: um and so sorry when you say you could do secure elements. what would the distinction be?
Cameron Robertson: the distinction with the secure element is you could have like an electrical connection so you could do an i squared c bus or some other connection where then you could have a talk to another chip and okay then that other chip could do some sort of messaging. but um from a crypto developer perspective you know 99 of which are software developers they don't want to mess around with building circuit boards and things like that. they just want something that they can touch and pick up and start using right away. um and so nfc is cool so nfc near field communication there's. there's actually a whole family of kind of protocols into that. um since i'm trying to think iphones have had it more recently. androids have had it for over a decade. um and you can. you can use all sorts of means to communicate it from the phone so you can use a native app. uh we've worked out how to do it in browser both in ios and android and that's really powerful. uh because then you're not locked into like apple and google saying oh hey you have a crypto app we're gonna lock you out.
Nicholas: so you don't assume they have any particular app either right exactly you don't need we.
Cameron Robertson: we don't maintain an app. we um we explicitly don't. so we have this library where you can plug in a few lines of javascript and then all of a sudden boom you can scan a chip. uh and that's um you can use some progressive web apps or whatever.
Nicholas: so let's say i'm a dev and i can interface with with the nfc arcs chip. what do i? what kind of commands can i send? what are what are the options?
Cameron Robertson: yeah so um at its core every chip has a few different key slots but the the main one is uh the primary key and that one anyone can always get a signature from that key. there's no restrictions about that. and that's on purpose because you want to attest to that key being the authentic chip key and the corresponding to the public key. exactly. so uh from that we with um with lib halo the library that we have you can you can sign messages you can get the public key you know fairly basic interface. then there's a few other functions that we've had in there. so we have an internal key which is really interesting. it attests to internal states. so the chip will generate a random number for instance and that key will sign the random number but it won't sign external numbers. so you can get use the chip for entropy. so that's the second key.
Nicholas: and then we have would that be like similar to the way otp codes work exactly? you can use it like otp codes okay yeah you can use it like kind of on-chain otp codes so one-time passwords or is there a more generic term for otp like the kind of those little keys?
Cameron Robertson: yeah rsa stuff yeah um i think otp is probably the best one.
Nicholas: yeah just like number generator. yes there's some seed that's in the device that you can't get out right and then you sign those random numbers with the private key with the second private key exactly the second private key.
Cameron Robertson: and and specifically then it also has an incrementing tap count or so it signs the tap counter and the random number.
Nicholas: oh okay so it's got like a nonce almost exactly.
Cameron Robertson: and so it's nice because um that occurs on every single tap and it gets fed into the url. um so like. so we have like. i'm talking about this library where you can interact with chips. but there's also like a normal nfc chip there's like an ear url when you tap it. there's a url that comes up every single time you tap it. there's actually a new signature in the url and you can immediately take that signature and start using on chain.
Nicholas: wow okay so that's because that means you can know for sure the order of which you know a particular signature when it was signed. so you can know i guess you don't naturally know that new ones have been generated if exactly. but you do have. if someone taps it today and taps it tomorrow you can know which was tap which first which occurred first. right right.
Cameron Robertson: so you have sort of like a height at which you can then invalidate all taps under that right exactly. but it is not. it is it is vulnerable to a lot of different attacks. so a lot of other i would say like lower less security. nfc chips work the same way but that's that's their highest level security. is these incrementing taps?
Nicholas: is this any type four nfc standard?
Cameron Robertson: or uh yeah we're type four. there's also type five which you can do slightly longer range and stuff. but we don't support that. the reason why? uh we're type four is it? lets us do this in browser scanning. um so that all has to be type four. um but yeah so a lot of other chips will have kind of symmetric scheme. so they'll have a symmetric key where the chip has a key and a server has the key. the server knows the incrementing tap. so fairly centralized type solution. but it it's secure as long as you believe that the key over the wire between the chip and the servers.
Nicholas: so in that case every time i scan it i get a url and the server increments the.
Cameron Robertson: the chip increments the count and the server verifies the count and says oh yeah i can i can decrypt that message and that count and that's valid from this chip which has that private key. so it's um it's purely a symmetric key.
Nicholas: no okay okay yeah.
Cameron Robertson: but so the overall vulnerability of both that approach with those chips and our chips in the background is you can cache taps so you could tap a chip a thousand times right and then you could take those taps and you could put them on the like. lower cost basic chips. you just write the urls and so if you hand them out in the right order then people might think they have say an authentic garment as long as they tap them at the the right heights. so we always recommend that you challenge a chip and you say hey chip sign this message to get a really strong guarantee of authenticity because in the other case but you could still the same spoofing could occur.
Nicholas: no no no because you you can um challenge it with your own challenge that you exactly that you invent. okay so not these predefined exactly right. uh okay interesting. so that way you're able to check that it's the chip is live it has the private key is in its physical memory like live. right now exactly there's a liveness test. that's interesting yeah.
Cameron Robertson: and so i guess like in theory there's problems of doing it remotely. so if you're like hey scan this chip for me remotely then i'm going to scan this chip for you remotely. so i'm going to scan this chip for you remotely then i'm a presence aspect to it. um yeah there's a whole interesting sort of like category of like secure element research because it's like okay let's say i want to prove i have 100 servers in the cloud and they all have 100 secure elements. well they could also be faking out to pretend there are 500 other servers in a different cloud. so there's there's a lot of challenges remotely. but when you're physically interacting with a chip in near-field communications like the name it's it is the scan range is very very short. like you have a really very solid guarantee that that chip you're interacting with signed the message that you you wanted right and just to return to the the tampering and exfiltration of keys.
Nicholas: so it is not. it is possible to like. there's no physical system that can be perfectly resistant to a motivated enough actor extracting the keys right.
Cameron Robertson: so we've gone through hardware audits. um you know we've also read a ton of papers on the state of the art in chip hacking and eventually we're able to hack the chips at some point in the future. they can't do it today. whether it's five years in the future or ten years in the future is up for debate. um but a motivated enough actor will probably be able to extract a key from a chip now. does that mean that they can easily extract a thousand keys from a thousand chips?
Nicholas: probably not probably not. it's a manual process right and so you can imagine you start to think about like multi-factor solutions to make sure even i guess you could even potentially put multiple chips in a single device.
Cameron Robertson: actually really good papers around that. so there's a fascinating paper which is like okay and this is not even related to cryptocurrency it's purely crypto world right which is. um like i basically put 15 different chips from 15 different vendors. wow to sort of give you a really strong guarantee of like you'd have to break a lot of chips to break the security.
Nicholas: so cool and practically cheap to implement but difficult to. uh very difficult to break. wow yeah that's a pretty interesting approach. so okay. so we were talking about ways that you can talk to the signature. right that so you can make sure that the public key corresponds. uh you can ask it to sign a random number that includes a nonce that it generates and you can i guess present it also some data to sign exactly.
Cameron Robertson: yeah. so like um signing with any other key pair whether it's on your computer or in a wallet. uh you can present it with a digest. um the interesting thing is the chips actually can't do the hashing themselves like ketchak 256 so they can do shaw 256 but that's not really super useful in ethereum like in a smart contract i guess you can verify shaw 256 but if you want to sign a transaction. well all that goes through ketchak and these chips are not performing enough to do ketchak interestingly enough because they're having to vampire all their energy from the nfc tap right exactly they have to like suck all the energy from the phone inductively within um a few hundred milliseconds. so you have to do all this really quickly. um and so that's you know. the challenge is if there's not a specific cryptographic like co-processor that handles that given operation. so shaw 256 has optimized the chip but ketchak is not then it goes really slowly.
Nicholas: okay so you can't have it. sign a struct for solidity for example. you can.
Cameron Robertson: what you do is have the client hash it and then the client gives you the the 32 byte digest.
Nicholas: okay that's pre-hashed.
Cameron Robertson: there's no real trust issue there because if a client just malforms the hash then it just won't validate on chain right or i guess the client.
Nicholas: if the client prevents presents and this is one thing that's weird about it because it's like if you have physical access to the device it's signing. that's weird about it because it's like if you have physical access to the device it's signing whatever you give it correct within the limitations of the api correct.
Cameron Robertson: and so that's actually the then we have the third category of key on it. well really i guess there's probably like a fourth but we'll just say the third which is we've started to add pin code controlled or passcode control keys and and then the chip signs. that oh interesting. so that's our solution around it as we said.
Nicholas: well that's weird about it because it's like if you have physical access to the device it's signing and then the chip signs. that oh interesting. so that's our solution around it as we said. well that's weird about it because it's like if you have physical access to the device it's signing whatever you give it correct within the limitations of the api correct and so that's actually the. then we have the third category of key on it. well really i guess there's probably like a fourth but we'll whatever you give it correct within the limitations of the api correct and so that's actually the. then we have the third category of key on it. well really i guess there's probably like a fourth but we'll just say the third category of key on it. well we've started to add pin code controlled or passcodes on tons of devices like that. so yeah you can steal my i don't know keys that have one of these on them. but you actually need three factors and they're spread across my life and totally yeah i don't need to be so precious about any one. you know say in the traditional crypto world harbor wallet yeah where? yeah maybe you can't get the keys off the device but you don't really want someone to steal it because you're principally using one uh to represent your identity. but multi-factor especially with like a pretty low cost device like an nfc is pretty exciting.
Cameron Robertson: yeah that's i mean that's our whole. i would say like our thesis or opinion on hardware wallets is there's. there's currently like one way in which hardware wallets have been sold. it's like this hardware wallet in and of itself is singularly like ultra secure and i think that's just wrong. like ultimately hardware is hackable hardware is breakable and so really the most secure thing is a multi-sig and and so using multiple factors of like a mix of hardware factors from different vendors and or software factors that's where you get really powerful security. um depending that you can disperse them geographically like uh and so that's kind of our approach to it. it's like as we look at self-custody. it's not so much about being end-all like solving that problem it's more like being part of a suite of solutions. um you know one of them can be pass key on your phone and you know secure enclave there and then one can be this hardware element and then one can be your laptop.
Nicholas: so that i think that future is really interesting yeah super compelling and it sort of reduces the pressure on any one of these racks. right which is pretty interesting. but it is kind of odd uh to have i guess the passcode. one feels sort of the analogy of the hardware wallet is easy to relate to. but the all the variations without the passcodes which i think are the dominant form of these devices today is strange. for to think of a physical object where it's just you can walk up to it and make it sign it's really like a. in a way it feels like a hot wallet but even hotter than hot because there's no you don't even need an interaction.
Cameron Robertson: you know it's very minimal interaction just proximity right and that's i mean it comes from us starting with bearer instruments like when you think about a bearer cash instrument it's like anybody who has a physical thing can get the funds like that. that is the whole concept of where we started and that turned out to be really useful for authenticity because you always want to be able to grab a signature to authenticate something. but then as we came back towards uh i guess the money side of things that's where it became very clear like well having the capability to not sign messages when you don't want it to is really nice on it. and so really for us like there's not a huge limitation for us adding multiple key slots to it.
Nicholas: so i see so so a developer then they don't disable them so much as just not make use of these other like you would. uh for example there's the skateboard project. right right use the board apes.
Cameron Robertson: uh that was azuki azuki azuki.
Nicholas: yeah this is like a golden skateboard pure gold skateboard. yeah very cool i'd love to see it. it must look pretty interesting.
Cameron Robertson: i never got to see in person but it was absurd to like see how they mounted the chip to it.
Nicholas: so wow how did they do it?
Cameron Robertson: well so the you can't mount the chips directly to metal right that'll mess with the the induction of actually trying to power them. so they managed to come up with a very subtle piece of plastic which mount the chip mounts under it and it has a gold finish and it somehow scans and like you can't really tell it's i don't know it's crazy.
Nicholas: so that physical device uh they would probably. it's not so much to be used as a wallet right to say it's more to verify its authenticity. it's processing yeah. so if i were to write a client and scan with my custom website yeah. or i guess i can't scan with my custom website because the device needs to be programmed with what url to present to the user.
Cameron Robertson: so that's actually the really cool thing. so a typical nfc chip has a url in it and these have urls as well. but that's just when you sort of like tap your phone from the background like you're directed that you just
Nicholas: vanilla no priors
Cameron Robertson: yeah and and so then you get redirected this website and in our case um for the authenticity use case we actually have those going through like a protocol piece we've gotten it's. it's kind of like a chip namespace. we call it the ethereum reality service. it's like you know. how do you go from? you know that this chip was enrolled by this brand um and so that's one piece. but the cool thing is let's just say permission lessly. i want to build you know cameron's chipscanner.com. i can do that uh and then cameronshipscanner.com. using our library i can tap a scan button and i can go scan the yuzuki skateboard even though it has a different url on it.
Nicholas: right. so this is like a qr scanning. for example you can make your own app to scan qr codes and interpret them however you want. you don't necessarily use the os native camera app exactly. and so those uh if i do write my own website for example or app i can i suppose it would have to be an app to no no web. even you can do web app. okay great web-based yeah. so i can have a web app that when i pass it in front of this nfc it won't you know it'll use my web app versus as opposed to the os.
Cameron Robertson: yeah um right. so this is the. this is the different modes of nfc on phones and i guess folks don't really realize that. so there's the. there is what i guess apple and google refer to it as background scanning. so your phone at all times is doing background scanning. um so even if it's like locked and you come up to a i don't know a poster with a chip in it um you'll get the little notification dialog coming down.
Nicholas: so that's the background scan.
Cameron Robertson: then you have foreground scanning and foreground scanning used to be historically the realm of only uh native apps. and that's where you press a button and on ios you'll get this big dialog that comes up from the bottom and it's like you know searching for the chip um and so that's an explicit action from the user to be like i'm gonna scan this thing. so we've worked out a way to basically do that explicit action in the browser um from javascript. and that's where you as sort of the permissionless website builder can build that in um. so somehow a person gets the website qr code text message they find on twitter um they hit a button it says scan and then they just at that point the phone is actively looking for a chip and they can tap the chip and sign a message and so forth.
Nicholas: very cool. so then so my custom web scanner could ask for a type three or type four signature of an arbitrary data or a hashed like a digest right.
Cameron Robertson: so so through um. so through our library we we actually built it like totally generic. it wasn't even like ethereum focus but now i make it more ethereum focus where you can say like um i want you to like sign an eip 191 message. i want you to sign 712 type data or i want you to sign this transaction i've constructed and the library helps to pipe all that through to the chip.
Nicholas: wow so it could sign a 0x order.
Cameron Robertson: right exactly exactly yeah.
Nicholas: so if my golden skateboard signs a 0x oh so i use a web app that's going to augment a the arcs. uh key space yeah with uh uh 0x orders or something right. so i scan arcs objects and have them sign. uh i don't know. claim some free drop or something exactly uh. and then maybe i pay the gas to uh.
Cameron Robertson: so this is this is like we actually just finally built this. um i mean not 0x orders specifically. but so for the longest time we thought about this problem of like. okay so you treat the chip as a quote-unquote wallet but i don't know. a project puts out a thousand chips they don't want to like put gas onto all those chips right. and so just recently we finally got around to saying okay well this is silly let's try building this. and so we did an um erc 2771 relay where the chip signs a message which then gets relayed by a forwarder contract to the end contract. um and the relay pays the gas for you so never have to have gas on them. but in fact they are the message dot sender of whatever action you're doing minting tokens out of some contract and relayers.
Nicholas: there's like a pool of eos that will yeah.
Cameron Robertson: so like a lot of folks are hosting relayers i mean they're effectively centralized. but the cool thing is it's it's pluggable. so like uh we did the demo with an open zeppelin relayer. um gelato has relayers i bet alchemy does like. it's a pretty common service.
Nicholas: so basically my uh zero x order book app would scan the. i scanned the arcs chip. it signs the 712. uh struct i then on my website pass it to a relayer like open zeppelin or one of the many providers and whichever one won't censor me. if they choose to censor my there's enough of them that i'll get it through ideally and they will propagate the. they'll pay the gas they'll an eoa on their behalf will call a relayer contract. that will ultimately the object itself is the message sender in the ultimate transaction.
Cameron Robertson: exactly exactly yeah.
Nicholas: so the object can claim a free mint precisely even though it doesn't have any eth because the relayer basically i pay with a credit card maybe even open zeppelin to sponsor the transactions.
Cameron Robertson: exactly exactly cool.
Nicholas: that's cool. so you can't have physical objects claiming their own nfts even though they don't hold gas and even though they're not signing. they're signing messages. they're not signing transactions.
Cameron Robertson: right and you'd have them sign transactions too.
Nicholas: i mean sure they just have to have eath in it.
Cameron Robertson: or yeah i mean right. i guess 2771 relies on like. well let me step back for a second. it's actually not opinionated as the message coming in. so like a lot of people have written examples using 712 type data but you could have a forwarder which takes a 191 message. it doesn't really matter. all the spec cares about is saying hey contracts be aware that message.sender is not this middleman contract.
Nicholas: it is this original signer interesting which is not a given. it would be x origin but not exactly sender. we have to look more into that. yeah i'm not super familiar.
Cameron Robertson: yeah i wasn't either. and then i we built this whole thing. we're like whoa cool now we can have chips be like senders and claimers and stuff without having to like send each one. you know dust gas to start with.
Nicholas: yeah exactly i guess. um listeners of this show will be familiar with aa4337 which is where my head goes and using a k1 signer on a uh four three three seven i mean as you say you can just do regular transactions. it is an eoa but it's also easily a signer on a 4337 which also facilitates gas sponsorship via the paymasters affordances of 4337.
Cameron Robertson: so another angle yeah multi-factor angle. so we're gonna have a a couple ways in which you can use the chips in 4337. i guess the one i can talk about is like there will be a cool example where uh the chip is like the first entrant to the 4337 contract. it is the first signer and so it gives you a really cool chance to give someone a chip and then onboard them. and then it's like oh sign in with an email and then boom now all of a sudden you have two signers because you have the npc and you're the ship and then all of a sudden boom you can add in like other ones. and so through through folks like what is it privy and and is it pamlico? like all these guys are trying to build out all the infrastructure. yeah it's super exciting to start to be able to plug in and i think the chip is sort of a novel. like third way everyone always typically thinks about like npc and secure enclave and maybe software is the fourth way. now it's this this extra key that can be the starting point or you add it on later. uh because you want that extra security.
Nicholas: so yeah it does especially with the passcode stuff you're talking about. it really does make sense to me because you can do ub keys as signers as well. if you i think ub keys are only p256 right. so you'd have to use the p256 verification contract extensions to 437. but you could use ub keys but you really want a signer. that is. i guess it depends if you're comfortable with like scanning it. you know it's the same kind of risk profile as a nfc.
Cameron Robertson: so i think i do think with ub keys you can have pin code.
Nicholas: um but it's entered on. okay maybe i'm being a purist but it's entered on. the computer device is the same with ours.
Cameron Robertson: so to be fair we that is the big thing. the big difference between us and a ledger is like we don't have there is no screen. so you do have to trust the device. but i think the really cool interesting thing is is like because it's web-based and permissionless you could host your own website that if you trust your phone and you trust the code that you've written like. you have full control over the client and you can even run that client in an offline environment.
Nicholas: you know if you're serious if you're really really serious i guess the risk is that the passcode leaks and then like a keylogger or something and then it effectively has no passcode.
Cameron Robertson: i mean it's you know but you still have to physically tap it right. so it's not like they have continuous access like then they're. they can like try to get their signatures in there before you can.
Nicholas: i think your passcodes are like hard-coded into the thing. you can't change them.
Cameron Robertson: uh no these you can rotate them. so you can. you could on a clean device say oh shoot i think it's you know right and compromised.
Nicholas: so it's kind of like. um you can imagine having a physical device that has a arcs pk inside of it and you also have a passcode on top of it. so even if it's stolen you know right it's like a 25th word.
Cameron Robertson: uh in a seed phrase or something right and and um on the latest version of our devices we're gonna have there's a lockout. so basically at a certain number of attempts um you know if a person tries the wrong passcodes you break the device.
Nicholas: oh really well yeah um what is an ndef uri?
Cameron Robertson: yeah okay so uh ndef records. so in the family of communications you have kind of a subset of uh uh record types. so when nfc first came out this is like almost pre-smartphone days um people are like working on this stuff. uh they had all these ways in which you could like tap and send data. it's actually um. it's very similar to like the early days of bluetooth where they had all these profiles what they were called uh. and this is like in the bluetooth 1.0 2.0 days um and you could have like i don't know. obviously headphones were one of them but like gaming devices and and gamepads and cars peripherals um. and so in nfc world the idea of like different ndef um data is you could have you know i think you could do like a contact or you could um apple actually uses this in very subtle ways where they'll have like custom kinds of ndef records and you can tap this and the phone knows to do something. the most common one which is used 99 of the time is a uri. um it's like a url and most smartphones today are trained to scan uh an f url and present you with um kind of like scanning qr code to present you with the url and then you can tap through and visit it.
Nicholas: okay okay um so it's just a way to standard. it's like a standard for exactly the information that gets passed to the phone when scanned right uh and maybe they can make use or not? just i guess just phone or am i missing?
Cameron Robertson: no yeah you can use uh hardware device. so we have like a lot of usb the uri. so that so that it's a really good question in the case of like uh normal nfc chips for czar chips so normal nfc chips literally the entirety of the logic is the url. in the case of our chips the url is kind of like a thin layer on top of a bunch of lower level logic where you can actually communicate that with the chip completely outside of that layer and it's called adpus. and adpus are kind of this old school communication protocol that's been around for a long time where you can do all sorts of operations. you know and our chips don't let you do this but you could like reprogram them and load on different functions on different kinds of chips with these adpus. and so for instance if you were to use a desktop scanner with our chips and our library. um that's using adpus then to do the sign commands and get public key and so so so bypassing the url and going directly to the talking to the logic.
Nicholas: what's it? what's this called like passive microcontrollers like? it's very cool what we do. yeah we sort of glossed over it but it's like. i mean it's. it's impressive that i guess i have some sense of antennae that can harvest power from a nearby emitter. right but to be able to also execute a function not just return like some solid state programmed. yeah i don't know if you can say anything about that for people who yeah it's a crazy world.
Cameron Robertson: um like in my previous life everything we did was active. so we had like a normal circuit board and you have double a batteries and it's powered up and you're you're siphoning off you know milliwatts of power continuously to do stuff. and so when we first got into the world of passive so passive no battery uh which is really cool for a lot of reasons. you don't need to you don't need to have certain markings on the packages when you ship them you don't have to go through fcc certification because that's an active requirement. um it lasts forever or very effectively it's basically the e-prom memory. so as long as the e-prom memory doesn't uh get trashed. but that's super old school technology that can survive millions of cycles of read write.
Nicholas: so what is that like magnetically stored?
Cameron Robertson: or what's the at a low level? so this is this is beyond my electrical engineering knowledge. no it's not a magnetic storage like in the silicon.
Nicholas: i forget how that works.
Cameron Robertson: yeah that that goes beyond uh where i can authorize. but basically because you can't like just hold up a magnet to them and be like oh my god all the data is right right but it is programmed in it such that when a current is passed through it it returns a certain value.
Nicholas: right and they can be programmed and they will always return the same value. once programmed that way right or it's reprogrammed yeah.
Cameron Robertson: and so you go into really old school memory concepts like the chip has some ram and it has some rom and it has this you know user memory where you can rewrite the memory. um and and that's the same kind of memory that you'd find on like a flash drive basically or firmware on a computer um. and so when people ask about the longevity of these i always can pair it to. i have like an apple ii from 1978. um it still has apple dos. it boots up after 40 years no problem. um obviously that's at a very different nanometer size or that was before nanometers. it's very uh big chips. um but even these chips are using an older process node which has been around for a very long time. they're not like state of the art.
Nicholas: how big what is the nanometer?
Cameron Robertson: so these are um we know a lot more about our next gen chips because these chips we had to source from what we could get in china after the chip shortage. we suspect they're probably a 90 nanometer. our next gen chips are going to be 45 nanometers which these are all antiquated. i mean you can't yeah you can't do anything with them.
Nicholas: they're like what.
Cameron Robertson: early iphone days yeah right exactly early iphone days yeah. and and the the silicon is actually much much smaller than what you'd find away an iphone. so there's just like space flies. you have like a lot less going on. i think in a year or two we'll move to 28 nanometers but still it doesn't matter for the physical size of the device. well so the interesting thing is it does. so we actually started testing our new chips and there's one important reason why it matters is power right because smaller is more efficient exactly and the chip functions aren't changing radically from generation to generation. so actually it helps a ton when you go up. um when you size the chip down because yeah if you're only using 10 more power but you size the chip down 50 a lot. and so we've already seen like the read range improve and certain capabilities improve. like that.
Nicholas: that's cool and lots of for free kind of development given the rest of the chip industry racing towards smaller.
Cameron Robertson: well it means that we get the old fabs. so basically it's just really cheap to produce because you can go on the old process nodes that they're trying to like get rid of.
Nicholas: find someone to use. yeah yeah that's fun. you and i guess like the microwave uh right microcontroller people or whatever. that's right. iot maybe maybe iot not even. but um are silo and halo?
Cameron Robertson: yeah yeah um so silo is the first generation of chips and it was we came up with the term which was silicon lock contract. so the idea was that you have a contract which is locked to the chips and literally back in 2019 it was cheap enough for us to deploy a contract per chip on l1. wow um contract per chip contract pushing falling hard 20 cents per chip and our bill materials cost back then was way more than 20 cents.
Nicholas: we're like yeah sure fine because gas was so because eth was so cheap because both. but but the gas was not. it was not competition for block space right it was like one whatever.
Cameron Robertson: most of the time it was like one guay for wow gas and then it was 90 ethereum. so those two things coupled together just like you to do whatever you want um wow and so we did. we were like why i care about efficiency right now. uh inevitably we would have to care about it later on. so silicon lot um is because uh those chips or those notes had a really cool secure element. all it did was sign messages. there was no general programmability around it which the fact that it was p256 kind of sucked. but um it meant you had a lot of isolation from other logic. uh and we really liked like. i still really like that in terms of like when you think about isolating those gates from the gates where you have general compute where someone can write malicious software to manipulate it. and then we came up with the name halo which is a sort of like superset which is hardware locked and we're saying oh my god it's a super set which is hardware locked. okay your hardware locking contract um. and so that's because our current chips the cryptographic functions are still uh anchored in silicon. um but the reason we're able to do k1 is because there's some configurability around them. we're able to write some code that is able to like use those curves and that actually gives us some really cool future stuff like we're going to be doing baby jub jub soon which is zk optimized. so um but the downside is you have malleability of code the code is immutable like we don't let people do that in the field and stuff. but um we really like conceptually the idea in the long term of all the functions living purely in hardware in gates immutably and that gives you the you know we would i would contend the highest security because then truly someone can't manipulate it in the field.
Nicholas: so programmed in the hardware not even like a um field gatorade like a primary.
Cameron Robertson: is that lower than an fpga like? basically it is. it is um etched into the silicon gates. um uh there's actually something between. uh there's. so everybody in the hardware world typically thinks about uh firmware there is microcode so microcode is like a very very very low level firmware. that's just above the silicon. that's like kind of immutable sort of depending on the setup. but i think like at a gate level it's like if you have a set of gates uh that only do k1 and only store the k the keys and generate them a certain way. that would be the ultimate goal.
Nicholas: um so do you think more about this kind of integrity questions? or i guess the big open question is sort of applications like really yeah needing a killer app. um we talked about the skateboard. what are some other cool projects? and i guess which ones do you think are maybe indicative of what's a possible pmf for this kind of thing?
Cameron Robertson: yeah i mean i think it's interesting. so what we've seen is a lot of authenticity use cases in merch. so clothing shoes vinyl toys and and i think the biggest challenge of this and this comes to the question around integrity is like there's always this low willingness for customers to pay for security like they want the minimum level of security where they don't get caught their pants down and and over time they will because they pay for the minimum level security. and so the biggest challenge that we see is a lot of folks in the authenticity space. if they're not web 3 native don't understand why you should pay more for a chip that can attest to itself. um the biggest reason of course is uh we like to say this like our chips are asymmetric we go away tomorrow. they keep working like the functions of the chips work forever on their own as long as the memory lasts. let's say no centralized dependency dependency right?
Nicholas: um which other people have? which other people have?
Cameron Robertson: yeah you have these symmetric chips where if the private key disappears from the server this you know they sell the company they go under the hacker goes and deletes all the private keys like they can no longer verify all those chips in the field. um and i think that centralized dependency will will ease up over time with crazy little things like that. so i think that's the biggest challenge like fully homomorphic encryption and stuff like that. there will be ways to deal with that. but you're still like you're. you have a much more complex system than a standard asymmetric system where it's like verify from the chip. so that's a hard pitch though for traditional companies who are like well we want to make a hoodie and we're going to hand it out at some event and neither the direct customer nor the ultimate user right really cares about how secure it is. exactly one of the details yeah and a lot of times they don't care about the longevity either because if it's a short-term activation it's like well why does this matter? and that's where zuki really cared? because they're like. you know this skateboard is is whatever. it went for absurd amounts of money like it's. it's a piece of artwork um. and so artwork as say any piece of clothing over a hundred dollars like that category makes sense for us um. but i would say because it's all still web three brands. there's not an emergent killer use case yet i wouldn't say like. um people are like ripping these things off of store shelves. i think it's still like web3. companies are experimenting and so as a result we haven't actually really tried to actively sell the web to companies because it's just an uphill battle of convincing them why to pay more for this thing. and usually what happens is over time we get more web3 projects. they're like yeah we did something with these off-the-shelf nfc chips and we just realized like they had all these dependency problems and we want to be more composable. so we start. we've started to see some of that. but that's where realistically recently we've come back to sort of the roots around self-custody. that's that's i would say core of our mission actually is has always been make self-custody extremely cheap and easy for anyone to use and just distribute it widely. um and so we're going to be doing more of those products to sort of experiment and test on that thesis of like. you know whether we're doing self-custody or someone else who buys our chips to self-custody doesn't really matter to us. it's more around the nature of like. um. i think fundamentally there's a lot of approaches to get crypto into the world. uh con cash in many ways with like a weird variation of say a world coin like world coin is just getting people's eyeballs to give them money. it was con cash like hey people use cash everywhere hand it out to them and so we're not going to make a cash instrument again anytime soon. but we're going to make things that i think approach that. um and kind of see where that goes. because i think self-custody is a real market. there's real people selling products into it every day. so even in the in the hardware wallet kind of lane i would say you know we we have a joke like don't call it a hardware wallet. um i would say i think that the marketer and branding how people think about it is very limiting. um but i think the fact that hardware wallets exist as a category are encouraging for that.
Nicholas: yeah it is it is. it is interesting to see. i just keep coming up with the sort of proliferation of private public key pairs. yeah um it just seems to i. i sometimes think about the original researchers who invented the stuff and how long they've had to wait for it to. i mean it's been used variously over the years but i don't know if mainstream. i wouldn't call it mainstream adoption until really now. it feels like it's happening.
Cameron Robertson: it's i mean super cool. i mean you think back to. you know like pgp and all those guys who worked on this stuff ages ago and i think that what's the really critical thing is they fought the legal battles that let us have it today like have they not done that? like everything we'd be doing now would be like you know super restricted and and everything. and in fact i have restrictions around the fact that like the moment you put crypto into a piece of hardware you start to be classified in a certain way. so we can't. we can't ship these to certain parts of the world. interesting uh it's considered like uh technology yeah yeah and it's a. it's hilarious because we're like guys. the internet runs on ssl like. it's the same stuff. but you know i don't want to go too.
Nicholas: would like a chromebook be classified that way as well.
Cameron Robertson: yeah any any piece of hardware. the moment that you take these functions and you put them into hardware um and so what's really interesting is that a lot of manufacturers have come up with ways to solve this where they have activation keys for those functions. so the piece of hardware can't do that thing until it gets a key and it's activated to do that thing.
Nicholas: wow yeah ps3 style right yeah um there are other providers out there. i guess maybe you're classifying them all as symmetric but there are other nfc tags out there that i have seen in the wild.
Cameron Robertson: how do those work?
Nicholas: you already explained just the symmetrical.
Cameron Robertson: yeah yeah. so a lot of folks use um a component from nxp called an ntag 424. and there's also like this micro devices one which is a similar one. and those um those chips came on the market a few years ago. they're really cool because they aren't just a url that can be cloned. they're this incrementing url with the tap counter and the message that gets uh encrypted.
Nicholas: um so basically i scan it and i get back a url. uh unique data at the end a url parameter or something like that. right and that url parameter is generated by the device and it changes every time it's scanned. can i predict what the next one will be without scanning it you use the end user cop the the holder of the key whoever programmed the thing. yeah right so the company or the client of that company that is embedded in a product could potentially know the future. yes iterations correct that is very much like an otp right except that uh well i guess it is very much like an otp because i think in otp you're essentially right. both parties have the secret material and then are running it through the same function i guess time stamped essentially in typical otp probably so that they can coordinate right.
Cameron Robertson: so this is more like height stamped because of the incrementing right right right uh okay.
Nicholas: so i get back a url with some unique number. at the end. it's the people who programmed it might know what or they have to be right. they're anticipating it. yeah that's exactly the point right. so they're verifying that i'm giving them the right url parameter right when i come to their website right right and i i think um it's a really cool solution.
Cameron Robertson: it's it was designed for like web 2 world. um it's it. uh it gives you like a pretty good guarantee. you do have this sort of like caching issue of urls which some people haven't started to figure out yet but you know what that means. well so i could take a valid chip and i could tap it a hundred times and then i could choose how to build out those. because it's since it's not time based it's only right right it not time based could they not compute time on? and no the all passive devices there's no clock.
Nicholas: ah there's no battery to keep the battery to keep a clock on right.
Cameron Robertson: so so there's. um there's a really there may be like certain badges at certain conferences for certain vips where if you harvest enough taps from it before that vip goes and does something else um you can go and you know get into places that you shouldn't. uh oh interesting going out those urls.
Nicholas: so you right. so you you harvest a bunch of taps and then you replace the physical devices and physical locations with subsets of the ranges right of taps that you've harvested and you hope or you try and design it such that they don't meet each other or they don't get they don't write
Cameron Robertson: past those and they get released at the right time. so it's i mean like the attack is narrow. it's it's more like uh i go up to vip i i'm like oh let me talk to your badge but i'm using a hacked app and i get like two or three taps and then before they're able to go to the vip lounge i write those to you know a chat
Nicholas: mission impossible. you send it to your colleague who's about to walk into the vip exactly and they they go ahead. um okay. and then by contrast we i mean we've talked a little bit about what the the guts of the device are like. but it's very different to have access to to be able to run functions on arbitrary data. right uh and have the pk actually live inside the thing? and right. i think the dimensions that appeal to me most about that are not having the centralized dependency of the server that the the url that you get back from the nfc tag and then also all the composable flexibility of being able to sign arbitrary data.
Cameron Robertson: well and i think there's another piece to that which is uh folks who are running the sort of less centralized servers haven't really anticipated which is if they start to touch any financial applications they become custodians. oh really because like if you're using that chip to arbitrate financial applications uh they're holding the keys to it like if it lets you get ten dollars usdc by tapping the chip like implicitly. now if they lose all their keys you know or if they get hacked and those keys get out they're custodian money they're custodians.
Nicholas: so because really they hold the private key right and it is a private key. in that scenario yeah yeah yeah.
Cameron Robertson: so in a symmetric system you the there is only one key the private key um or shared key because you have to share between at least two parties to do something useful but there is still a public key.
Nicholas: uh that you can verify that private key.
Cameron Robertson: no not even no no no no there's just a private key purely the shared key right right and so it's never exposed to the end user. the end user will have like an identified player of the chip that they can but they're still like hashing something with the private key the the so so in the case. so yeah it's very different than asymmetric world. you're purely encrypting messages and decrypting. so you're you're using the private key or the shared key on the chip to say encrypt the tap plus a random number or really sequential number sequential number uh. and so you take that encrypted and you send the encrypted message to the server and the server decrypts it and says yep this is great okay interesting you mentioned that there's an upcoming new iteration of the chip.
Nicholas: so what are the versions that people might be seeing in the wild right now?
Cameron Robertson: yeah so we uh let's see the com cache notes. we had kind of like we turned the com cache notes in this little chip for a very little while there's very few of those in the wild. that was like in 2020 2021 and then we we launched the first halos early 2022 and that's pretty much been the same silicon. but we've upgraded the functions a lot and then we have silicon coming in a couple of months. um and that new soclin is more performant and lets us do all sorts of zk. yeah so zk compatible signing. so maybe jub jub um is the really cool one where yeah you'll be able to sign messages that are easily verifiable in zk context. and do you think that's important for your application not specifically for our application but i think it's really important for the space i think that you're gonna move towards. i mean everybody always talks about identity but i think around like even financial side things like it's really interesting to be able to identify oneself as a part of a group or spend funds or do all these things anonymously. and so we're actually going to change some of the features on the chip so that you can turn off immediately viewing the the public identifier of the chip from that pk1. if you want to be in sort of a silent running mode you know we're exploring things like that to make this show.
Nicholas: so it wouldn't uh admit its identity exactly exactly.
Cameron Robertson: so you'd have a. so at a very low level. in fc you always have a uid. um but the. the cool thing is the silicon will let you rotate that uid in every time so that becomes useless. uh and then if we don't provide any other identifying information the only thing you can do is get signatures off of it and let's say there may be jub jub signatures. so all you can do is get these signatures and then in whatever zk context that's the only place. that is you know carrying out the verification to dole out funds.
Nicholas: can you generate random numbers?
Cameron Robertson: yeah the chips have their own source of entropy really right? yeah that's very cool. they're their own entropy. the the um private keys get generated and that's how the pk2 signs a random number every tap um. and in fact one thing i should note about how our chips work is they work off of random nonces in every signature which is non-standard from a typical ethereum wallet. so typical ethereum wallet. sequential knots you have like a. well it's it's not so much as a sequential nonsense. this is lower level in the uh the elliptic curve signing that you have a deterministic um. which value is that? you have a deterministic value? that you're you're uh signing with each time and so as a result signatures are deterministic. so if you sign the same message twice you'll get the same result. our chips are actually non-deterministic. every single time you sign a message which creates some compatibility issues. but that's just the way they're designed. random numbers used every single time but you can still verify them. you still verify them yep yep and you can still use them for um for transactions too like ethereum doesn't care about that. there are certain schemes. uh i'm trying to think of which ones. so for instance if you want to create an ephemeral key on a front end that you use very briefly a lot of those will use deterministic signatures from like your metamask wallet to regenerate that key each time. so our chips would not be good for that because they will not give you the same result each time.
Nicholas: i see i see we didn't talk about price yet right? so what? uh what do they cost?
Cameron Robertson: yeah a lot more than a normal nfc chip. they're not not like 30 cents.
Nicholas: what's a normal a normal nfc fee?
Cameron Robertson: yeah let's say like on amazon you can get them between like the really low grade ones probably like 10 cents to 30 cents.
Nicholas: and then and when you say nfc chip that the grade there would just be its hardware.
Cameron Robertson: uh quality oh no no when i say yeah the grade is very subjective. so when i say great i mean um an nfc chip that literally just has a url and no other secure capabilities. and then the slightly more secure ones have these rotating urls. other nfc chips actually via like specific native apps you have like encrypted files. they're not going to be able to do the same thing with a nfc chip that you can have on there. um so they get like slightly up but you'll pay between you know in volume 10 cents and a dollar. let's say um our chips you know today out the gate i think on our website you'll pay like five dollars per thousand. chips like way more expensive and that's why i say like we target things that are those per unit five dollars per unit.
Nicholas: if you buy a thousand right that's gonna come down.
Cameron Robertson: the new version chip is better and cheaper which is pretty cool. um you know when people are buying like ten thousand or we'll quote out a hundred k price is that are you know significantly lower? um we sell a dev kit where it's you get two chips for fifty dollars but we hand out a lot of coupon codes because we love to get them in from developers. um but realistically like so we're at five dollars today and that'll you know probably come down around like twenty percent minimum or so for the next generation chip.
Nicholas: um so a few dollars a few dollars yeah. um so you know if the physical object has to but given that they can reasonably securely protect hundreds of thousands or you know tens of thousands or maybe even hundreds of thousands of you if you're bold a dollar's worth of assets? right uh the it's not. it's pretty low price and especially i mean it's not the equivalent. but and i understand the limitations of the term but compared to something like a hardware wallet right a digital hardware wallet at least is um quite a bit more than that. so it's it's not not so expensive. we talked about azuki. i saw there's a pool suite membership card. yes yeah merchandise i'm curious. i i know we started talking about a few examples but are there any in particular that stick out as like? maybe just give people ideas about what they're going to buy and what they're what they could do with these things. yeah especially in terms of like. actually maybe a different way to ask this is like how can i use it right like aside from just what physical object i might put it in? how can i i guess i've seen airdrops uh free to claim things uh token gating based on having the physical object right. are those the common ones?
Cameron Robertson: those are common ones. uh this is where we're going to be sponsoring you know more eth global hackathons because like that's where the crazy side is come out. so we our first one was in istanbul and that was really fascinating to see what people came up with and there were. it was everything from. you know the common ones were event ticketing and there were some payments ones. but then you got into. i mentioned sort of this package one and it was just completely non-conventional. we're like oh that's really interesting. and then there was another one. where is a social context of like having a wristband with an nfc chip from an event and you can like have friends check in to verify that. uh they you know got home safe and then you're tapping on the chip to like actually release and funds and like do some escrow there. so there's like interesting social context i think as well. um with the social ones though i always like to debate like is it really worthwhile putting this expensive chip in this context? like does a signature matter? and i think in some cases it does. but yeah really interesting exploratory stuff like that.
Nicholas: um i guess provenance is a big one.
Cameron Robertson: province is the core one. yeah most simple most simple.
Nicholas: this is the thing that exactly this is the one that one right right crazy. we've talked about lots of things. i guess developer attention is something you're looking for. so there's the docs. uh what's the website?
Cameron Robertson: uh so it's arx.org. um and then yeah definitely in terms of like developer stuff a lot of we don't do a good job pointing out this out but lib halo is the library that we have which you can use to communicate with chips. you can plug it into. as i i think i said before websites react native apps. there's even a desktop extension. we have this cool gateway thing where you can actually um load up a qr code and it'll be able to send you a message to your desktop. so you can go through a web socket gateway. so say for instance you're on your desktop computer and you want a signature load up the qr code you scan it with your phone and then now with your phone you can tap the chip and get the message sent directly to your desktop. so lots of interfaces. the goal is to give you a ton of interfaces and then a really simple you know sign message get public keys uh you know generate new key in one of these other key slots things like that.
Nicholas: cool. so people check it out at the next eth global.
Cameron Robertson: if they're going to the conference circuit right right yeah i don't know if we'll make it out to equal london but uh we'll. we'll definitely make a show in brussels for sure for ucc.
Nicholas: it's very cool cameron. thanks for coming on the show and telling me all about arcs. uh it's great to learn about.
Cameron Robertson: definitely thanks nicholas.
Nicholas: you're welcome. hey thanks for listening to this episode of web 3 galaxy brain. to keep up with everything web 3 follow me on twitter at nicholas with four leading ends. you can find links to the topics discussed on today's episode in the show notes. podcast feed links are available at web 3 galaxybrain.com. web 3 galaxy brain airs live most friday afternoons at 5 p.m eastern time 2200 utc on twitter spaces. i look forward to seeing you there.
Show less