78 lines
4.7 KiB
TeX
78 lines
4.7 KiB
TeX
|
||
\chapterquote{Meredith Whittaker~\cite{greenbergSignalMoreEncrypted2024}}{
|
||
It’s not for lack of ideas or possibilities. It’s that we actually have to start taking seriously the shifts that
|
||
are going to be required to do this thing—to build tech that rejects surveillance and centralized control—whose
|
||
necessity is now obvious to everyone.
|
||
}
|
||
\chaptertitle{Introduction}
|
||
|
||
\section{Centralized Authority}
|
||
% ACAB is a anti-authoritarian sentiment
|
||
% In anarchist discourse, "cops" are not just policemen and -women, but also other means of centralized control.
|
||
% Anarchism rejects centralized authority in favor of the freedom of individuals because it recognizes the dangers
|
||
% inherent in centralized authority
|
||
|
||
% While anarchism is one extreme of the spectrum, the dangers of centralized control are well-established.
|
||
% The constitutions of all modern democracies recognize these dangers, and contain elaborate provisions such as a
|
||
% separation of powers, and extensive protections for civil society and journalism
|
||
% While modern democratic policy rejects anarchism, it embraces it's criticism of power in some vital niches.
|
||
% Examples: Whistleblower protection, attorney-client privilege, doctor-patient confidentiality and protections on state
|
||
% agents such as judges or politicians
|
||
|
||
% Centralized authority promises efficiency, but it has a tendency to go awry.
|
||
% These sanctuaries carved out from the state's authority in democracies are vital to the functioning of the system
|
||
% In today's computing environment, we observe some parallels to this limitation of centralized authority
|
||
% In classical computing, centralized control was used abundantly to create order
|
||
% Like absolute political authority becomes dangerous when subverted, centralized control in computing becomes dangerous
|
||
% when systems are compromised through hacking.
|
||
% Allocating control can be done using cryptography
|
||
% Cryptography provides near-perfect mathematical solutions to almost any control problem
|
||
% However, as anyone who has taken an introductory crypto course knows, encrypting things isn't the hard part. The hard
|
||
% part is managing keys.
|
||
|
||
% computing solutions to these problems include: Air-gapping, separation of concerns, extreme case: HSMs and TEEs
|
||
% provide security even during compromise
|
||
% interesting parallel to state control / anarchy discourse above:
|
||
% they are secure even against the state/police if implemented correctly
|
||
% observation: competent hackers are about as competent as competent police
|
||
% observation: cannot digitally encode ethics or legal stuff, so no "good guys only" backdoors
|
||
|
||
% other applications of this principle of distrusting systems are (perfect) forward secrecy
|
||
% see signal
|
||
% however, system such as TEEs and HSMs are largely a niche solution
|
||
% while some are widely deployed, e.g. TEEs for DRM and as secure boot root of trust in phones, desktops
|
||
% they are not usually democratic. despite wide deployment authority is with their manufacturer.
|
||
% To ordinary users, these capabilities are distant
|
||
% EU regulation was necessary to force apple to open up some APIs cf. nfc payment
|
||
% normal users are shit out of luck
|
||
|
||
% Thus, we need new tools. Tools that enable normal people / small orgs to assume control of their data/keys/etc.
|
||
% we need to open up the power of TEEs to everybody
|
||
% right now, open source is often less secure than closed-source
|
||
% trusted boot rarely implemented (right) in open source
|
||
% no TEE security at all because of lack of access
|
||
% we want to create democratic, open source HSMs
|
||
|
||
% open source HSMs enable many use cases to the public and small orgs that up to now only large corps or states could do
|
||
% email encryption
|
||
% secure group messaging
|
||
% signing key servers
|
||
% secure video / audio calls
|
||
% private data storage
|
||
% things like that twitter/x protocol for pin-based key recovery
|
||
% timestamping / attestation services
|
||
% base for distributed consensus protocols
|
||
% might have applications in cryptocurrencies when operated as heterogenous cluster
|
||
|
||
% but beyond that, they enable entirely new use cases.
|
||
% conventional hsms limited in computing power, crippled for the purpose of market segmentation
|
||
% ours are much more powerful, enable much higher computation crypto such as generic smpc
|
||
% generic smpc can do things like key management, pin-based security, secret statistics etc.
|
||
% furthermore, above we noted parallel between anarchist distrust of authority and core cryptographic principles
|
||
% our hsms not only protect against classical attackers, but also against states
|
||
% can be used as democratic check and balance
|
||
% example: secure comms that cannot be accessed by the state / police
|
||
% example: secure, authenticated photo and video capture
|
||
% that's especially relevant in the age of ai
|
||
|
||
%\section{The Trust Perspective}
|