[Cryptography] Secure erasure

[Henry Baker]

At 01:46 AM 9/10/2016, Jerry Leichter wrote:
>Let's step back a moment here.
>
>The entire stack, hardware to OS to libraries and compilers and languages, are designed to be (a) general purpose; (b) efficient; (c) usable.
>
>Cryptographic code represents a vanishingly small percentage of either bytes or cycles used on any system.
>
>The system is not and *will not* be designed around its needs.

I disagree.  The next 50 years of computer science will revolve around not just computing, per se, but computing with secrets & computing while keeping secrets.  Since computing can be attacked at every level, every level of computing will have to be "hardened" to protect itself.  This will require an entire restructuring of computing hardware, operating systems, computer languages and compilers.

I'm old enough to recall myself saying "XXX code represents a vanishingly small percentage of either bytes or cycles used on any system", and was subsequently proven wrong when "XXX" proved important enough to be embedded in operating systems and hardware.

>Back in the early days of DES, the NSA was reportedly against the idea of doing crypto in software *at all*.
>
>Their approach was always to provide a sealed hardware "black box".
>
>They weren't all wrong....
>
>No matter what you do ... you have to trust the hardware.

Not true; that's what oblivious computing is all about: you can watch the computation all you want, but you won't learn anything about what it's computing.

During the past 80 years or so, we've learned how to reliably compute with unreliable hardware.  During the next 50 years we'll learn how to securely compute with untrusted hardware and software.

Google "garbled circuits", "fairplay", "multiparty computation", etc.

This stuff isn't efficient enough for widespread use today, but then again, there was once a time when floating point computation wasn't efficient enough, either.