While it’s exciting to read this kind of stuff, and I am glad to see a fellow Soviet emigre come and found a company in the Valley, I have to comment on just <i>how much control is centralized</i> in the hands of a few people, that millions of people come to trust with their data and their money!<p>This is essential commentary to Shamir Secret Sharing, because it requires a <i>trusted dealer</i>, unlike BLS and other bilinear technqiues.<p>Look at this:<p><i>Whatever key that was, it wasn’t the one I generated the day before: only one copy existed, the one I copied to cryptoserv from my computer the night before. Zero copies existed now. Not only that, the push script appears to have also wiped out the backup of the old key, so the database backups we have encrypted with the old key are likely useless.</i><p>So with SSS just have to take his word for it, that he didn’t have a copy of the key back on his computer. Zero copies existed? It’s not like he made another copy of it? Surely he is a reliable narrator and we can trust that at least, right? Actually, NOPE:<p><i>A few hours later, John, our General Counsel, stopped by my cubicle to ask me something. The day before I apparently gave him a sealed envelope and asked him to store it in his safe for 24 hours without explaining myself. He wanted to know what to do with it now that 24 hours have passed.
Ha. I forgot all about it, but in a bout of “what if it doesn’t work” paranoia, I printed out the base64-encoded master key when we had generated it the night before, stuffed it into an envelope, and gave it to John for safekeeping. We shredded it together without opening and laughed about what would have never actually been a company-ending event.</i><p>So the lawyer could have conceivably hired someone to break into the database, steal credit card numbers and salami-slice some value for years, or launch one big attack on the entire database:<p><a href="https://en.wikipedia.org/wiki/Salami_slicing_tactics" rel="nofollow noreferrer">https://en.wikipedia.org/wiki/Salami_slicing_tactics</a><p>Having ONE SET OF KEYS or passwords to access THE ENTIRE DATABASE is the epitome of the whole Digital Feudalism that we have today! But that’s what we have in Web2. Sam Bankman Fried is just one example. This is where Web3 is so different. Everyone has their own keys, and they can only do what the are allowed to by the smart contract code. You reduce the attack surface massively. You reduce the need for celebirties like Max Levchin, and his stories, as much as I like them.<p>Some people on HN might dislike Web3 and smart contracts, and I do agree that blockchains arent a very efficient technology for implementing them, but the idea of <i>being able to trust the code</i> is crucial for our society. Otherwise, the closest we can get to it is this:<p><a href="https://signal.org/blog/private-contact-discovery/" rel="nofollow noreferrer">https://signal.org/blog/private-contact-discovery/</a><p>In an age where Google wants to implement attestations of CLIENTS in Chrome, we as a society should be demanding the other way: proving that the CODE AND DATA cannot be tampered with. SGX extensions are far worse than smart contracts to secure large amounts of value, whether it’s currency balances, votes, or other data.<p>Anyway, for the crypto side I will just say that BLS signatures are far superior to SSS. I mean cryprography when I say crypto. It has NOTHING to do with blockchain, but rather with generation of private keys and verifying transactions that were posted to some decentralized network. Use BLS. SSS is outdated.