Google's fully homomorphic encryption package
Google's fully homomorphic encryption package
Posted Jun 15, 2021 12:14 UTC (Tue) by kleptog (subscriber, #1183)In reply to: Google's fully homomorphic encryption package by Cyberax
Parent article: Google's fully homomorphic encryption package
Posted Jun 15, 2021 13:27 UTC (Tue)
by anselm (subscriber, #2796)
[Link]
If you want random people to help maintain a distributed public ledger, you have to incentivise them somehow to expend the required resources (CPU cycles, storage, …). Otherwise there will be problems keeping the ledger “distributed enough” that no single entity can go back and change stuff because they're in a position to spend more resources than everyone else together.
“Cryptocurrencies” have an advantage here in that you can use the “currency” itself to pay people for mining, but even that doesn't seem to prevent de-facto centralisation (as with Bitcoin). Public blockchains used for other purposes will be facing still more of an uphill battle in that respect.
Posted Jun 15, 2021 17:10 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link] (3 responses)
And then there's also a distinct lack of need for a decentralized public ledger.
Posted Jun 15, 2021 19:35 UTC (Tue)
by job (guest, #670)
[Link] (2 responses)
Posted Jun 15, 2021 22:34 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link] (1 responses)
But yep, it's the closest practical example where blockchain can be useful.
Posted Jun 19, 2021 2:29 UTC (Sat)
by tialaramex (subscriber, #21167)
[Link]
It's just that the only allowed "changes" are logging certificates with specific characteristics, and in many cases all the interesting certificates have been logged. You can't log the same certificate again.
Historically, prior to the mandate, and to a lesser extent up until this month (at the end of May 2021 near as I can tell the last possible certificate that could have existed, trusted in the Web PKI without ever being logged, would have expired) it was possible to find certificates out in the wild which hadn't been logged and go log them. But by 2017 or so you'd need to be on the ball because Google's spiders, the ones which power the search engine, were doing the same thing.
If you have money, and thus can afford to make it worth their while, a CA can sell you (No Let's Encrypt doesn't offer this, they could but there's no obvious reason why you should want it or why it would be in their interests to offer it) a certificate which hasn't been logged, even now. The mandate from Chrome isn't a root store policy, it's just a mandate for Chrome. You can then submit that certificate to logs yourself, the CA which sold it to you likely has some suggestions for where to do that. So long as you keep your receipts (SCTs, everybody else's are burned inside their certificate, but since yours was not logged when you received it, it's too late for that) you can prove this certificate was properly logged and it will work just fine.
Google does that, for some of their systems. But they know what they're doing (or at least, they employ teams of people to know).
Google's fully homomorphic encryption package
Google's fully homomorphic encryption package
Google's fully homomorphic encryption package
Google's fully homomorphic encryption package
CT