Comment by redleader55
6 months ago
Full homomorphic encryption is not the future for private internet, confidential VMs are. CVMs are using memory encryption and separation from the host OS. ARM has TEE, AMD has SEV and Intel has been fumbling around with SGX and TDX for more than a decade.
As long as the key and compute are custodied by the vendor, confidential compute is little more than "trust us, we'll keep your data safe."
https://sgx.fail
I think SGX (et al) can still be useful as part of a layered defense. We know how to defeat security mitigations like NX and ASLR, but that doesn't mean they're useless.
The problem is that SGX is marketed as the solution.
NX and ASLR make it harder for other people to exploit your code on your computer. SGX tries to make it easier for other people to run code on your computer without you seeing the code or what it's doing. They're not in the same category.
3 replies →