Image
Abstract
An end-to-end encrypted application needs a mechanism for backing up secret keys. Existing deployed systems create a single point of privacy failure: by compromising one secure hardware device, an attacker can recover many users’ secrets. In this talk, I will describe two architectures for encrypted backups that split secrets across different system components. Both architectures are motivated by deployment constraints. First, I will present one system that splits secrets across different types of enclaves run by different cloud providers (SVR3, OSDI’24). Then, I will discuss another system that splits secrets across application clients and offloads work, but not secrets, to the application server (Chorus, IEEE S&P’26). This talk is based on joint work with Graeme Connell, Vivian Fang, Allison Li, Raluca Ada Popa, Deevashwer Rathee, and Rolfe Schmidt.