We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Making & Breaking Matrix's End-to-end encryption

00:00
subtitles
off
playback rate
1
subtitles
off
English (auto-generated)
playback rate
0.25
0.5
0.75
1
1.25
1.5
1.75
2
quality
576p
47
 Cite
 Share
 Related Material
 Download Purchase
Logo of FOSDEM VZWFOSDEM VZW
 Hodgson, Matthew

Formal Metadata

Title
Making & Breaking Matrix's End-to-end encryption
Subtitle
In which we exercise the threat model for Matrix's E2E encrypted decentralised communication
Title of Series
Number of Parts
490
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Matrix is an open protocol and open network for decentralised real-time communication; shifting control over communication from the big proprietary silos back to the general population of the Internet. In 2016 we added E2E Encryption based on the Double Ratchet, and since then have been working away on getting the encryption so polished that we can transparently turn it on by default everywhere. In this talk, we'll show how we have finally done this, what the blockers were, and then try to smash the encryption to pieces to illustrate the potential attacks and how we mitigate them. Matrix is an ambitious project to build a open decentralised real-time communication network; providing an open standard protocol and open source reference implementations, letting anyone and everyone spin up a Matrix server and retake control of their real-time communication. Matrix is looked after by the non-profit Matrix.org Foundation, and as of Oct 2019 we have over 11.5M addressable users and around 40K servers on the public network. Over the course of 2019 we spent a huge amount of time finalising Matrix's end-to-end encryption so we could finally turn it on by default without compromising any of the behaviour users had grown accustomed to in non-encrypted rooms. Specifically, the main remaining blockers were: Ability to search in E2E encrypted rooms (now solved by Seshat: a Rust-based full-text-search engine embedded into Matrix clients) Ability to get compatibility with non-E2E clients, bots and bridges (now solved by pantalaimon: a daemon which offloads E2E encryption) Reworking the whole encryption UI to expose cross-signing to radically simplify key verification (including QR-code scanning for simplicity) Ability to receive notifications in E2E encrypted rooms. However, we have finally got there, and this talk will demonstrate how the final E2EE implementation works; the final problems we had to solve; the threat model we have implemented; and how we're doing on rolling it out across the whole network. More interestingly, we will then demonstrate a variety of attacks against the encryption (e.g. shoulder-surfing QR codes during device verification; MITMing TLS; acting as a malicious server implementation; global passive adversary) to demonstrate how well we handle them.
00:00
TelecommunicationData modelMatrix (mathematics)EncryptionEncryptionSpecial unitary groupBitMultiplication signMatrix (mathematics)DatabaseTelecommunicationReal-time operating systemLine (geometry)Right angleSoftwareUniform boundedness principle
01:00
Matrix (mathematics)Real numberOpen setTelecommunicationComputer networkComputing platformTelecommunicationServer (computing)DatabaseInternet der DingeWeb 2.0BitHierarchySoftwareOpen setReal-time operating systemComputing platformStandard deviationMatrix (mathematics)Client (computing)Polygon meshBridging (networking)Data conversionService (economics)Matching (graph theory)Computer animation
02:02
Matrix (mathematics)ArchitectureSanitary sewerIdentity managementServer (computing)Client (computing)Local GroupEncryptionRule of inferenceMotif (narrative)Repository (publishing)Content (media)Data conversionMatrix (mathematics)Server (computing)SoftwareRepository (publishing)Identity managementGroup actionMessage passingSingle-precision floating-point formatCartesian coordinate systemClient (computing)Computer animation
02:44
Matrix (mathematics)Local GroupEncryptionServer (computing)Rule of inferenceMotif (narrative)Content (media)Repository (publishing)Default (computer science)EncryptionGroup actionData conversionRatsche <Physik>Matrix (mathematics)Revision controlParity (mathematics)Doubling the cubeAlgorithmCAN busLine (geometry)Multiplication signSubject indexingRight angleGoogolComputer animation
03:27
Matrix (mathematics)Local GroupEncryptionRule of inferenceServer (computing)Motif (narrative)Content (media)Repository (publishing)Service (economics)Scalable Coherent InterfaceAndroid (robot)Point (geometry)Term (mathematics)BitElectronic signatureMatrix (mathematics)AverageCategory of beingMoment (mathematics)EncryptionScalabilityFocus (optics)Service (economics)Sampling (statistics)TelecommunicationInternettelefonieClient (computing)Android (robot)HorizonCrash (computing)Mobile appCartesian coordinate systemBridging (networking)CountingPhysical systemInsertion lossWritingServer (computing)Computer animation
04:57
Matrix (mathematics)Message passingServer (computing)EncryptionStatisticsDifferent (Kate Ryan album)Server (computing)Android (robot)Message passingPressureImplementationParabolaTerm (mathematics)Set (mathematics)Projective planeScaling (geometry)DreizehnRadio-frequency identificationMatrix (mathematics)Computer animation
05:53
Matrix (mathematics)Default (computer science)Level (video gaming)Server (computing)Transport Layer SecurityIdentity managementFormal verificationSurfaceServer (computing)Identity managementService (economics)Matrix (mathematics)Scaling (geometry)Metropolitan area networkData conversionSurfaceEncryptionKey (cryptography)Software frameworkComputer animation
06:45
Ratsche <Physik>Key (cryptography)Formal verificationData recoveryBackupDefault (computer science)Client (computing)Matrix (mathematics)View (database)Subject indexingError messageSynchronizationIdentity managementFlash memorySlide ruleSign (mathematics)Right angleClient (computing)Direct numerical simulationData conversionPhysical lawMatrix (mathematics)Formal verificationRandomizationHacker (term)RobotComputer fileDocument management systemComputer animation
08:03
Matrix (mathematics)Client (computing)Bus (computing)Data managementInterface (computing)Online chatDemonComponent-based software engineeringCompact spaceDemonServer (computing)Matrix (mathematics)Proxy serverRandomizationScripting languageInterface (computing)Data managementWritingMaterialization (paranormal)Physical systemData conversionGroup actionRight angleUltraviolet photoelectron spectroscopyClient (computing)ImplementationService (economics)Computer animation
09:01
Matrix (mathematics)DemonClient (computing)Bus (computing)Data managementInterface (computing)Online chatComponent-based software engineeringCompact spaceMatrix (mathematics)Client (computing)ImplementationProjective planeSoftware frameworkEntire functionStack (abstract data type)FraktalgeometrieSoftware developerCASE <Informatik>Video gameData structureMultiplication signComputer animation
10:16
Execution unitClient (computing)Message passingSubject indexingWeb-DesignerRight angleSystem callWeb 2.0Software development kitSimilarity (geometry)ExistenceMultiplication signMatrix (mathematics)Projective planeFreewareSoftware testingCASE <Informatik>Computer animationSource code
11:19
AngleMenu (computing)SynchronizationSimulationInclusion mapSalem, IllinoisMatrix (mathematics)Software testingLine (geometry)Point (geometry)Client (computing)Connected spaceMatrix (mathematics)Server (computing)Computer virusFormal verificationSign (mathematics)Source codeComputer animation
12:08
Matrix (mathematics)Client (computing)Bus (computing)Data managementInterface (computing)Online chatDemonComponent-based software engineeringLibrary (computing)Message passingSubject indexingStandard deviationPrice indexMiniDiscEncryptionThread (computing)Data storage deviceWrapper (data mining)Formal verificationWeb 2.0Java appletKeyboard shortcutCross-platformDifferent (Kate Ryan album)Matrix (mathematics)Multiplication signMessage passingServer (computing)EncryptionSubject indexingClient (computing)RandomizationSoftware developerHomomorphismusStability theoryLaptopBuildingProduct (business)Basis <Mathematik>Branch (computer science)Exception handlingModule (mathematics)RobotMiniDiscThread (computing)Structural loadDemosceneWeb crawlerRight angleSequelVideo gameGradientSearch engine (computing)Service (economics)Source codeComputer animation
14:57
Vector spaceMIDIMatrix (mathematics)Office suiteTerm (mathematics)Uniform boundedness principleLocal ringPoint (geometry)Web 2.0Computer animation
15:39
MathematicsMatrix (mathematics)Message passingCore dumpKey (cryptography)SynchronizationComputer networkPartition (number theory)Term (mathematics)Server (computing)Maximum length sequenceDistribution (mathematics)Error messageSeries (mathematics)Right angleMessage passingBijectionTelecommunicationBitDifferent (Kate Ryan album)Key (cryptography)Server (computing)Core dumpEncryptionComputer architectureService (economics)AreaSource codeComputer animation
16:40
Matrix (mathematics)Message passingCore dumpKey (cryptography)SynchronizationComputer networkPartition (number theory)Term (mathematics)Server (computing)Maximum length sequenceDistribution (mathematics)Error messageSeries (mathematics)EncryptionElectronic mailing listSanitary sewerClient (computing)SharewareGraph (mathematics)Sign (mathematics)Complex (psychology)Server (computing)MereologyInformationClosed setDenial-of-service attackNP-hardMechanism designTrailSocial classCache (computing)Client (computing)BitProper mapDifferent (Kate Ryan album)Message passingMatrix (mathematics)Link (knot theory)NeuroinformatikNetwork topologyPolygon meshDistribution (mathematics)Key (cryptography)Row (database)AlgorithmQuicksortSoftware bugINTEGRALElectronic mailing listData recoveryWeb 2.0Point (geometry)Synchronization1 (number)Matching (graph theory)AreaTerm (mathematics)Presentation of a groupHeegaard splittingDigital photographyRational numberComputer scienceFilm editingSign (mathematics)Validity (statistics)Multiplication signSharewareComputer animation
20:07
Matrix (mathematics)SharewareGraph (mathematics)Sign (mathematics)Complex (psychology)BitMultiplication signMathematicsMatrix (mathematics)Sign (mathematics)Key (cryptography)Centralizer and normalizerLoop (music)Computer animation
21:03
Matrix (mathematics)SharewareWhiteboardKey (cryptography)Sign (mathematics)Server (computing)Similarity (geometry)Message passingData storage deviceSynchronizationPublic-key infrastructureSurjective functionDifferent (Kate Ryan album)Key (cryptography)Proxy serverLine (geometry)MathematicsData structureSign (mathematics)Server (computing)Web 2.0BackupElectronic signatureLevel (video gaming)Flow separationSoftware bugInstance (computer science)19 (number)Heegaard splittingMatrix (mathematics)Data storage deviceUsabilityFormal verificationService (economics)Multiplication signComputer animation
22:59
Matrix (mathematics)Data storage deviceData recoveryBackupComputing platformEncryptionKey (cryptography)Matrix (mathematics)Data storage deviceBackupMultiplication signProxy serverData recoveryInformation securitySign (mathematics)Network topologyMereologyPublic-key cryptographyWeb 2.0BitOrder (biology)Computer animation
24:24
Matrix (mathematics)Proof theoryFormal verificationOrder (biology)Social classSuite (music)Game controllerMathematicsLengthComputer animation
25:07
Game controllerAndroid (robot)Figurate numberFrame problemDataflowBitSocial classMetropolitan area networkSound effectWeb-DesignerVisualization (computer graphics)Right angleComputer animationProgram flowchart
25:54
Matrix (mathematics)Formal verificationCodeKey (cryptography)Message passingMathematicsDataflowFormal verificationVisualization (computer graphics)QR codeMetropolitan area networkModal logicPublic-key cryptographyKey (cryptography)Lipschitz-StetigkeitMobile WebCodeMedical imagingMoment (mathematics)Interactive kioskMusical ensembleComputer animation
27:09
Matrix (mathematics)Default (computer science)Client (computing)Subject indexingSynchronizationError messageEncryptionIdentity managementFormal verificationAndroid (robot)Vector spaceChemical equationMenu (computing)Sign (mathematics)Right angleSoftware developeroutputWeb 2.0Random matrixWindowMultiplication signArithmetic meanDifferent (Kate Ryan album)Address spaceCodeServer (computing)Computer animationSource code
28:00
PasswordDataflowMessage passingKey (cryptography)Default (computer science)EncryptionQuadrilateralFormal verificationData recoveryBitBackupData storage deviceLine (geometry)Disk read-and-write headCodeCASE <Informatik>Sign (mathematics)Computer animation
29:38
WebcamWeb 2.0QR codeEvent horizonCoefficient of determinationBranch (computer science)Right angleEncryptionSparse matrixFreezingService (economics)Computer animation
30:23
Hill differential equationGraphical user interfaceMathematical analysisPasswordImage registrationAndroid (robot)Goodness of fitProcess (computing)Cartesian coordinate systemRight angleComputer animationProgram flowchart
31:41
DreizehnBeta functionInformation securityExecution unitEncryptionMaize2 (number)QR codeAndroid (robot)CodeCartesian coordinate systemWritingComputer animationProgram flowchart
32:24
Information securityCodeMultiplication signMobile WebComputer animationProgram flowchart
33:06
Default (computer science)EncryptionAndroid (robot)Matrix (mathematics)Menu (computing)Software bugWeb 2.0Data storage device1 (number)Server (computing)Sign (mathematics)Right angleEvent horizonFormal verificationGoodness of fitComputer animationProgram flowchart
33:47
Formal verificationMatrix (mathematics)QR codeSubsetSharewarePhysicalismReal number
34:59
Multiplication signOffice suiteMoment (mathematics)Public-key cryptographyExterior algebraQR codeSign (mathematics)Endliche ModelltheorieSound effectMatrix (mathematics)Computer animation
35:42
Matrix (mathematics)Model theoryTransport Layer SecurityServer (computing)Client (computing)Perfect groupConsistencyClient (computing)Matrix (mathematics)Natural numberDifferent (Kate Ryan album)ConsistencyControl flowMessage passingHeegaard splittingServer (computing)View (database)Moment (mathematics)Context awarenessArithmetic mean2 (number)Service (economics)Computer animation
36:45
Matrix (mathematics)Transport Layer SecurityToken ringBackupKey (cryptography)Server (computing)Client (computing)PasswordSpywareFormal verificationCodePlastikkarteMusical ensembleDatabaseMessage passingSocial engineering (security)Moment (mathematics)BackupPhysical systemToken ringClient (computing)Key (cryptography)Vector spaceProxy serverSharewarePasswordServer (computing)Social engineering (security)QR codeMultiplication signInformation securityAlgebraField (computer science)WordType theoryImpulse responseSoftware developerSimilarity (geometry)CodeFormal verificationSpywarePublic-key cryptographyMusical ensembleComputer animation
38:52
Matrix (mathematics)Server (computing)CodePlastikkarteFormal verificationMusical ensembleDatabaseMessage passingSocial engineering (security)Key (cryptography)BackupControl flowClient (computing)Data storage deviceGame theoryCodeFormal verificationRight angleMultiplication signQR codeMessage passingKey (cryptography)Sign (mathematics)Shooting methodDressing (medical)Ultraviolet photoelectron spectroscopyEndliche ModelltheorieCASE <Informatik>Data storage deviceClient (computing)Web 2.0Pulse (signal processing)Information securityFreezingTouchscreenForcing (mathematics)Computing platformGame theoryServer (computing)Computer animation
40:12
CryptographyEncryptionMatrix (mathematics)Maximum length sequenceInformation securityKolmogorov complexityNetwork topologyPolygon meshGame theoryLikelihood functionVulnerability (computing)Term (mathematics)Bounded variationComplex (psychology)Matrix (mathematics)Computer animation
40:54
Matrix (mathematics)Canonical ensembleLoginCryptographyWeb 2.0Mobile appComplex (psychology)DataflowMultiplication signSoftware developerRight angleElectronic mailing listMatrix (mathematics)Point (geometry)Suite (music)Computer animation
41:40
Matrix (mathematics)NP-hardSoftwareTwitterFerry CorstenHand fanComputer animation
42:23
Matrix (mathematics)System administratorSelf-organizationInstance (computer science)WordSign (mathematics)Basis <Mathematik>NumberDataflowSocial classCASE <Informatik>Term (mathematics)AuthenticationLevel (video gaming)Web 2.0BitPlastikkartePublic-key cryptographyTouch typingQuadrilateralKey (cryptography)Limit (category theory)CurveComputer fileEnterprise architectureMatrix (mathematics)Sensitivity analysisSlide ruleSharewareCommunications protocolPhysical systemRule of inferenceCodeINTEGRALWhiteboardPerspective (visual)Computer animation
45:05
Matrix (mathematics)Communications protocolSoftware bugCASE <Informatik>Electronic mailing listFundamental theorem of algebraEncryptionMatrix (mathematics)Server (computing)Message passingVector spaceBackupQuadrilateralPlanningComputer networkFile formatFormal languageKey (cryptography)Replication (computing)Metric systemSynchronizationInformation securityPlastikkarteSign (mathematics)Content (media)BootingDataflowTheoryCloningProjective planeLevel (video gaming)Asynchronous Transfer ModeExtension (kinesiology)Line (geometry)Dynamical systemBitWaveCartesian coordinate systemProduct (business)Group actionCryptographySmartphoneInsertion lossTournament (medieval)OvalComputer animation
49:53
Matrix (mathematics)Client (computing)Matrix (mathematics)Semantics (computer science)Communications protocolCryptographyInformation securityDialectMessage passingCASE <Informatik>Event horizonCartesian coordinate systemGame theoryMultiplicationComputer animation
50:43
Matrix (mathematics)Line (geometry)Public domainBridging (networking)Matrix (mathematics)LaptopBitGame theoryBit rateEncryptionWeightComputer animation
51:37
Matrix (mathematics)Software bug1 (number)PseudonymizationDifferent (Kate Ryan album)Data conversionRemote procedure callFuzzy logicDegree (graph theory)Flow separationSign (mathematics)Information privacyElectronic mailing listWeb 2.0Term (mathematics)QuicksortMatrix (mathematics)Partition (number theory)Order (biology)MetadataLeakSystem administratorNetwork topologyServer (computing)CausalityMathematical analysisHeegaard splittingPersonal identification numberFaster-than-lightSoftwareReal numberClient (computing)Graph (mathematics)InformationComplete metric spaceInformation securityDirection (geometry)Cellular automatonOpen sourceArithmetic meanMusical ensembleUniform resource locatorWordPoint (geometry)Formal verificationComputer animation
54:44
Point cloudOpen sourcePresentation of a groupComputer animation
Transcript: English(auto-generated)