[messaging] Encrypted Pulic Contact Discovery
ben at links.org
Wed Aug 26 01:51:36 PDT 2015
On Sun, 23 Aug 2015 at 14:34 Mike Hearn <mike at plan99.net> wrote:
> Useful article Moxie, thanks.
> There is a way to do practical PIR for the contacts use case, although
> nobody here will like it much.
> You use the new SGX features in the Intel Skylake+ processors to create a
> trusted computing "enclave" that generates some encryption keys. Then your
> other servers do the same, and remotely attest to the first what software
> they're running. The first then gives them copies of the keys as well. Now
> you have a server farm with encryption keys you don't yourself know, and
> cannot extract without impractical time and expertise spend breaking the
> hardware security on the x86 chips.
> This isn't as good as mathematically unbreakable security that relies on
> heat-death-of-the-universe type arguments, but it's in practice nearly as
> good, and would actually be deployable.
Heh. If anyone had managed to make remote attestation work, that is. That
said, it seems like SGX makes it more possible than previous attempts,
since (in theory) you only need to attest to the enclave contents. Not 100%
sure I believe that yet, though.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging