Wallet Hybrid

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

It should be possible to create a wallet that protects the user assets that are contained in the wallet.

Context

The user has a digital Wallet that can contain secrets like private keys or similar data elements that are not to be shared with any other human. Two general solutions have been proposed.

  1. The user keeps their wallet in a single device that as a TPM that can protect their keying material.
  2. The user keeps their wallet in the cloud and access from their devices.

Problems

  • A private key that is only contained in a wallet is subject to loss or destruction.
  • A user may wish to use the information on their wallet in more that one digital device.

Solutions

Pluton Security Processor

  • Microsoft Pluton Security Processor has achieved FIPS-140-3 Certification. The Pluton Security Processor ROM module is a sub-chip cryptographic subsystem within the AMD Ryzen 6000 Series System on a Chip (SOC).

Given the importance of key protection for scenarios like auth and encryption Pluton based PCs (which now includes Intel with Lunar Lake!!) should be at the top of your list during a hardware refresh

Jamie Smith

Apple adds Homomorphic Encryption - and nobody noticed.

This is a big deal.

As I’ve written before, this kind of thing is very much below the waterline. Invisible to most users.

Here’s what their new post announces:

“By performing computations locally on a user’s device, we help minimize the amount of data that is shared with Apple or other entities.

“Of course, a user may request on-device experiences powered by machine learning (ML) that can be enriched by looking up global knowledge hosted on servers.

“To uphold our commitment to privacy while delivering these experiences, we have implemented a combination of technologies to help ensure these server lookups are private, efficient, and scalable.

“One of the key technologies we use to do this is homomorphic encryption (HE), a form of cryptography that enables computation on encrypted data.

“HE is designed so that a client device encrypts a query before sending it to a server, and the server operates on the encrypted query and generates an encrypted response, which the client then decrypts.

“The server does not decrypt the original request or even have access to the decryption key, so HE is designed to keep the client query private throughout the process.”

Oddly, I’ve seen very little of this announcement online. Perhaps because it’s kind of a technical, nerdy article?

But as I’ve written before, privacy tech like Homomorphic Encryption (HE) is coming. And now it’s coming to Apple, at scale.

Can you see the threads coming together?

  1. Digital wallets with secure, portable and private digital ID
  2. Personal storage and vaults
  3. Small Language Models and on-device LLMs
  4. Privacy-enabled cloud AI using HE

The most interesting bit is that Apple has open sourced its Swift implementation of HE. Meaning it’s now available to all app developers:

“Introducing HE into the Apple ecosystem provides the privacy protections that make it possible for us to enrich on-device experiences with private server look-ups.

“To make it easier for the developer community to similarly adopt HE for their own applications, we have open-sourced swift-homomorphic-encryption, an HE library.”

The path to Empowerment Tech is getting clearer.

And Apple is opening the door.

References