[messaging] Encrypted Pulic Contact Discovery

[Mike Hearn]

Useful article Moxie, thanks.

There is a way to do practical PIR for the contacts use case, although
nobody here will like it much.

You use the new SGX features in the Intel Skylake+ processors to create a
trusted computing "enclave" that generates some encryption keys. Then your
other servers do the same, and remotely attest to the first what software
they're running. The first then gives them copies of the keys as well. Now
you have a server farm with encryption keys you don't yourself know, and
cannot extract without impractical time and expertise spend breaking the
hardware security on the x86 chips.

This isn't as good as mathematically unbreakable security that relies on
heat-death-of-the-universe type arguments, but it's in practice nearly as
good, and would actually be deployable.

Once you have provisioned the keys, you can then use regular encrypted
block storage to protect the database which can be stuffed onto regular
sharded disk storage. Or you can store the whole thing in RAM on some of
the lookup servers, if it fits (SGX encrypts RAM). Or get fancier and use
one of the new ORAM algorithms.

SGX isn't quite launched yet. There is a lot of technical documentation
about it, but it's not quite clear when Intel will consider the tech
production ready and release all their tools/SDKs publicly.

Once it's out there, I think it'd be the next step for protection of
contact lookups.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150823/a1349ba0/attachment.html>