[Cryptography] Shamir's secret sharing

Jeremy Stanley fungi at yuggoth.org
Fri Jun 21 09:57:04 EDT 2019

On 2019-06-20 22:43:55 -0700 (-0700), Henry Baker wrote:
> I have long advocated using Shamir Secret Sharing for storing
> portions of a database in N different countries, where the portion
> and the countries are carefully chosen to minimize the possibility
> of "rubber hose"/warrant-maybe/extradition attacks on the cloud
> providers in each of the N countries.  I'm kinda amazed that this
> isn't already being done -- perhaps because it is difficult to
> find non-AWS, non-Microsoft cloud providers in enough different
> countries.

This is one way open source "cloud" infrastructure is superior. The
major proprietary providers have financial incentives to concentrate
operations so getting geopolitical diversity with any one provider
is challenging, and writing your software or deploying your own
abstraction layer so that it works consistently across multiple
proprietary providers is also daunting. If you choose a single
infrastructure API provided as a service by a variety of independent
providers, you can distribute your application, data, key shares,
whatever, across not only different geographic regions and different
legal jurisdictions, but also across different providers so that the
loss of any one service provider is no longer a catastrophic
failure. As an example, the OpenStack community says there are
providers offering its software as a service in >20 countries:


I distribute my personal systems between providers in Australia,
Canada and Poland. Professionally I help maintain one application
which distributes its work across providers in Canada, China,
France, Japan, Sweden, the UK and the USA who all provide the same
basic infrastructure APIs.
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20190621/65416653/attachment.sig>

More information about the cryptography mailing list