Decrypting a single file from compromised computer

safecoin

#1

Let’s say I have a SAFE account with lots of files that I don’t want anyone to get access to, but one of these files is PDF with a presentation that I will show on a compromised computer. I don’t mind if the malware can access this single file, but I want to be sure that it wouldn’t be able to access any other files. I think similar situations will be very common. The way to solve this would be with a hardware device of some kind.

I guess this would be similar to using a hardware wallet for transferring SafeCoins, but I think such hardware should have features both to function the same way as bitcoin hardware wallets today and to be able to decrypting one or more files where you get a question on the screen on the external device if you want the files to be decrypted on the connected computer.

Would it be possible to write an app for Ledger Blue where you would see the list of files to be decrypted on the screen and then could click ok to accept?

If the Ledger Blue wouldn’t work. What kind of hardware would have to be made to make this work?


#2

Think laterally.

Male a new account and copy the file to the new account. Do your presentation using that account.

Simple solution and the safest no matter how good bad or indifferent the security of SAFE is or how compromised the computer is.

Personally I will be having a few accounts. One which it doesn’t matter (too much) if others get to see the files in it or even use it if needed (in a controlled fashion). Then others for which ever purpose the account is for. I will not be having one account with “it all”.


#3

“Male a new account and copy the file to the new account. Do your presentation.”

I thought about that and I while that would probably be a best case practice, I don’t think it solves the problem and I don’t think it’s a viable solution for all cases, it would work for this particular example though.

Ultimately I think a hardware solution is needed at some point. If you have multiple accounts and your computer is compromised, then what? What I’d want is something like a flag I could turn on for different files to basically say I want to turn on 2FA with an external device to read or write this file or maybe folder. Then for most stuff I’d just leave it in a less secure folder/less secure flag, but for the important things I’d add the more secure flag so that for every read or write operation I’d have to click accept on an external device, only then would it be really secure.


#4

For this example you could make the file completely public (on a SAFE web site) as well. Just an aside.

However, hardware wallets are 100% something we should be using as they are simpler than a full hardened OS, but still have issues (the app that runs the wallet etc.). A great first start though. Easy way is to have the wallet create the two identifiers needed to log in. It can also then decrypt files on demand as well, similar to signing transactions in btc, but decrypt instead of sign. There are a few options there.

In terms of multiple accounts, several hardware keys can help a lot as well.


#5

Or encrypt the file in a zip and save it on a public share. Load and decrypt it on the unsafe computer.


#6

There are plans for a SAFE OS which eventually make things more secure? The computer could still theoretically be compromised no matter what OS was running I would think, so the need for hardware wallets would never go away, right?

A bit off topic, but regarding SAFE OS, are there any plans for a SAFE Virtual Machine? I see that support for computation is in the pipeline, so I’m wondering if the idea is to make a decentralized VM running on top of SAFE. Related to this, Languages Are Operating Systems over at c2 brings up some interesting points.


#7

All of this needs considered, from the hardware through the OS, however microkernels and boot from network also help. Hardware locked computers also help to. So a secure audited OS (Debian or derivative etc.) flashed onto usb, that can be crc checked by users. If this is read only then we are in good shape. The SAFE network does not need to store any data locally but looks like it contains all your data and more (via vfs etc.).

All of this needs to be in the mix. I n terms of hw wallets, I love them, but how do we know the app that’s used is not compromised? i.e. ledger wallets need the app to run, what if it’s swapped out and you use my bad app, looks the same but in background transfers coin to me etc. All of this also needs to be considered as well.

So when SAFE launches I think we have a critical building block for a much more secure future, it’s only a component mind you, but a component we absolutely need in the case of security for the sake of privacy and ultimately freedom.


#8

Maybe safety critical applications could run on a SAFE VM where computation would be split into chunks, the application would be loaded from a verified location on the SAFE network and each chunk that was run would be verified with zkSNARKs by other nodes, both for protecting against a compromised local machine and making it possible to run the application distributed on potentially hostile nodes?


#9

This part is already done without snarks. The hash of the data is agreed via group consensus, so we are good there. Snark for SAFE is likely more about only the halting problem AFAIK. I mean just to stop recursive code etc. and allow measurements on a computational complexity before running it.

So the process you are looking at could be much closer than is obvious just now :wink:

The issue still is the compromised (heavily) local machine (os/hardware) I think anyway? Perhaps a way to use a petname type system for not dns but valid code that is perhaps an app or OS to be delivered helps a bit, but I am not certain right now. Even a good app on a bad OS is still bad, but better or at least on the right path. I feel this is a multi stage process to fully secure us.


#10

Not sure if I am understanding this. If we are starting with some data A and the code for a function f loaded from SAFE, then run the function f(A), that returns data B that’s then stored to SAFE, how do we know that B wasn’t returned by a compromised or otherwise modified version of f(A)? If some other nodes could verify the computation of f(A) with zk-SNARKs that would be a way to verify that f was run correctly right? I thought what was currently done is that data is agreed on via group consensus, but that this can be used only for verifying data, not any arbitrary computations.


#11

Have you heard of https://genode.org ?

Get their documentation here:

And surprise surprise, read the third objective that they have:
https://genode.org/about/challenges


#12

It’s an option. If we ask group members to compute a function they should all agree on the output. So we can split our computation to multiple functions (multiple groups etc.). So each group will compute the same thing which seems like a waste if we can use snarks to ensure computation was correctly done, however we cannot overuse this. So a snark can say these lines of code run and I can guarantee that. It seems good, however it depends what the code was supposed to do. Say it was to send a transaction to another node, like a coin spend or similar, then it may have run the code against an invalid blockchain (or database). So this means for snarks we need to be careful of the environment they operation in depending on what was asked in the computation. For straight compute it is possibly Ok, but if the compute touches an environment or other API then it’s where I get nervous.

If we use the group consensus approach then we can cover all such cases as the network confirms quorum group did the same thing and we know quorum should not be malicious. Maybe that helps you see my perspective, in any case snark tech is uber cool and has uses we cannot see, yet.

It’s very cool and I think perfectly on track for us and us them so nice to watch this one :wink:


#13

You may have noticed that I was wondering about ways to do decentralised computation on SAFE right now before compute gets built into vaults.

I assume that compute built into vaults will be more powerful (computationally, efficiency, speed) but also perhaps limited by the computational engine (ie having to be programed in a special instruction set in the way Ethereum works). Whereas a system built on top of SAFE might allow distributed computation in a wider range of languages and application types. Rather than having to always code in vault-lang.

@dirvine Do you think there’s any mileage in this, or is it best to wait for compilers that target vault-lang (or whatever might be a better name)? I don’t mean instead of vault-lang, but rather as another option.


#14

100% I do Mark, it is a perfectly valid approach AFIK and should allow at least partial computation, even if slightly less powerful than a lang itself (we will see though). I bet we will find some nuggets of useful information in your existing thoughts. So yes I am all for it.


#15

Would it be possible to leverage what ethereum already does? I don’t confess to know much about writing ethereum smart contracts, but presumably being open source the VMs could run on vaults and execute smart contract scripts?

It would be awesome if it were possible to run/port ethereum easily on safe net. It would be a great POC too.


#16

The computation done in the contacts on the EVM are expensive. For more general purpose computation, a number of projects are aiming to take the computations ‘off-chain’. For example TrueBit, Golem, iExec, SONM. They have different approaches to making sure the computations are executed properly. TrueBit will make a Merkle proof for the different steps of the computations, such that a validator can challenge the validity of a particular step of the computation. SONM I think will follow more of a BOINC approach, where multiple clients execute the same task. Anyway, the point is that heavy computations won’t happen in the EVM directly. This is basically in line with @happybeing’s idea above.


#17

Interesting, haven’t seen this before.

At least can be used for pure functions then and maybe for some other stuff if taking extra care. The ethereum people are looking into snarks also, maybe they will come up with some useful ideas too. I think they are trying to find ways to use them avoid having to execute the smart contracts on all the nodes. Groups consensus would be the way to do it at first anyways I guess and it might be optimized with snarks or other things at some later stage.

@happybeing it’s definitely interesting if there could be multiple ways to do decentralized computation on SAFE. I still need to look more detailed at stuff like TrueBit, Golem, iExec and SONM to get a bit better overview of different approaches, but I wonder if similar stuff to what they’re doing could be done on top of SAFE in a way so when you want to run an app you could choose between multiple implementations of decentralized computation based on different needs for performance, security etc.