back to article Can confidential computing stop the next crypto heist?

Amid the theft of billions of dollars in cryptocurrency over recent months, confidential computing may have a role in protecting people's money in future. Confidential computing aims to isolate sensitive data and code without exposing it to the rest of the host system – including other applications and users, any rogue …

  1. Anonymous Coward
    Anonymous Coward

    Homomorphic encryption ?

    #justsayin

    Problem is that's old and hackneyed, and so unlikely to prise open the wallets of the neophiles.

    1. well meaning but ultimately self defeating

      Re: Homomorphic encryption ?

      Slower than a three legged geriatric tortoise with wagon wheel tied to its shell

      1. Anonymous Coward
        Anonymous Coward

        Re: Homomorphic encryption ?

        That's the purpose of specialized computing hardware.

  2. Anonymous Coward
    Anonymous Coward

    Is "protection" actually needed? Private keys can be transient, random....and never stored......

    CTO Idan Ofrat commented on the need to "protect the private key itself".

    Here's the thing.....this implies that the "private key" is persistent somewhere....stored....so it needs to be "protected".

    If a Diffie/Helman transaction is exchanged between peers, the only exchange will be two random tokens.

    The crucial part of this is that the shared secret key is calculated by each peer, then thrown away.

    Note that a D/H implementation provides that:

    (1) The token exchange can be used to calculate multiple secret keys, and so enable multi-pass encryption/decryption

    (2) The token exchange tells a snooper nothing about the secret key(s), and nothing about the encryption algorithm

    (3) The tokens and the secret key(s) are unique to each transaction

    (4) The secret key(s) are calculated locally when needed (i.e. not stored), and can (and should) be thrown away after use

    If this D/H protocol is used, it would seem that, since keys are never stored, there would be no need to "protect" keys.

    What am I missing?

    1. well meaning but ultimately self defeating

      Re: Is "protection" actually needed? Private keys can be transient, random....and never

      Whilst great for encrypting information between discrete systems, it doesn’t solve for securing information being processed on a machine.

      1. sreynolds

        Re: Is "protection" actually needed? Private keys can be transient, random....and never

        So what about these HSMs - computers that hide the private key and perform the most basic of signing operations on keys.

        Sounds like someone wants funding to produce some kind of slick snake oil

  3. Anonymous Coward
    Anonymous Coward

    "Confidential computing" is a joke when OS can do whatever it wants with the data and every commercial OS leaks all of it to the mothership.

    Even worse with PC machines which have remote control/spying baked at hardware level.Thanks Microsoft/Intel. No amount of software can bypass that, so there's zero confidentality. Only a fool believes there is.

  4. Rich 2 Silver badge

    Confidential Computing

    Groan…..

    Yet another shiny new buzz wank to suffer until someone points out how bollox it is and eventually the billions of venture capital being thrown at it dries up because of lack of interest or demonstrable practical application

    Well I suppose we need something to replace “blockchain” don’t we?

    Yuk

  5. Eclectic Man Silver badge

    What is Confidential Computing?

    From https://www.fortinet.com/resources/cyberglossary/confidential-computing

    "Confidential computing refers to cloud computing technology that can isolate data within a protected central processing unit (CPU) while it is being processed. Within the CPU’s environment is the data that the CPU processes and the methods used to process this data. This is only accessible to specially authorized—for the purpose of providing privileged access—programming code. The CPU’s resources are otherwise invisible and cannot be discovered by any program or person, and that applies to the cloud provider as well."

    OK, so the CPU is isolated and the data cannot be read while inside this protected environment, but the comms in and out of the protected environment can be read and copied, and so can the code to be executed within. Or have I misunderstood?

    1. well meaning but ultimately self defeating

      Re: What is Confidential Computing?

      It’s code for encrypting data in memory so you can’t dump and extract those wonderful api keys and session tokens

  6. thosrtanner

    I like the way the word 'probably' is used in the justification for this. i.e. we have no idea if thi would have stopped them, but it's clearly something else we can sell

    1. MalIlluminated

      Right, weren't a number of the recent heists due to bugs in the "smart contract" implementation? I'm skeptical that an enclave can protect against shitty code.

      1. Michael Wojcik Silver badge

        Yes. Far more than the number that were due to private-key compromises.

        Enclaves also have a number of documented vulnerabilities.

        Frankly, the attack-tree difference between using an HSM for private-key protection and using any variant of creating and signing transactions in enclaves looks very small to me. The vast majority of vulnerability classes in the cryptocurrency / DeFi domain don't seem to be affected by this proposal. There are much bigger challenges in cryptocurrency and DeFi than private-key compromises in shared (cloud) environments, as anyone who reads Molly White's blog or similar sources knows.

      2. diodesign (Written by Reg staff) Silver badge

        Smart contracts

        Yeah, it's a very good point that we've now addressed in the piece.

        C.

  7. Throatwarbler Mangrove Silver badge
    Angel

    Also . . .

    . . . who cares? Everyone who participates in cryptocurrencies appears to deserve the losses that they suffer. What a shame that your get-rich-quick scheme wound up in you getting swindled. No one could have seen that coming!

  8. claimed Bronze badge

    So its security derived from a closed off environment? Like a container, or a VM, or a Java Applet?

    No?

    Oh, OK, but it enables you to share MRI images without sharing patient data... Like by not sharing patient data and only sharing images..?

    El Reg. Can you explain what this is instead of quoting mouthpieces?

    Because it sounds like useless bullshit at the moment

    1. diodesign (Written by Reg staff) Silver badge

      Clarifications

      Hi -- yeah, we've clarified a few parts of it, including enclaves v VMs and the effectiveness of enclaves.

      Thanks for the feedback - we take it all on board.

      C.

  9. Anonymous Coward
    Anonymous Coward

    The Un Plug

    The Un Plug (TM) is a long forgotten previous millennium secure technology for eliminating malware intrusion and data loss.

    Care to learn more? corpuscallosotomy.com

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like