First BlackHat, now DEFCON: We talk “Trojan-tolerant hardware security in practice”BlackHat US or DEFCON-25, come and see our talks about practical “ultra-secure” multi-party encryption for the cloud and some of the technology enabling it (Unchaining the JavaCard Ecosystem).
While our encryption and signing protocols have unique security properties, they are also practical and can be used in a number of use-cases. Just digital signing is used in a number of applications — from code-signing to validating legal documents (especially in the EU), or distributed ledger and blockchain updates (each blockchain update is technically a digital signature).
In the blockchain use case, the technology allows to shift the distributed ledger updates to the moment of signing. It means that all ledgers will show new transactions at the same time. Also, our new signing algorithm has a constant-time, regardless of the number of parties and it is suitable for blockchain schemes with a large number of distributed ledgers.
We are really excited about the potential for code-signing too. Code-signing is mandatory for all mobile phone apps, but it is also important for secure distribution of packages for servers and desktop computers. The simplest implementation would involve just two parties:
- computer of the developer (or whoever is responsible for signing new apps’ versions); and
- cloud-based (on-premise or in public cloud) service.
The developer initiates the signing process and requests the cloud service to contribute its part of the computation. The cloud service logs all signatures (as requests to its secure processors), and provides these logs to (project or risk) managers, who are responsible for correct use of code-signing keys.
The cloud service can also be used to introduce “release time-windows”, i.e., developers can only sign and publish new software versions in certain release days. The ability to control when new signatures can be created further reduces impact of developers’ and users’ computers and mobile devices being stolen, taken over by malware or similar situations.