What does HackerNews think of BOLT?

Post-build optimization of binaries without changing the target CPU is common. See BOLT https://github.com/facebookincubator/BOLT

The wide gap between those two options is kind of dissatisfying, it would be cool if LTO could disassemble existing object files and do the unused code removal on the assembly language layer. I guess that Facebook BOLT and Google Propeller are working on an approach like that.

https://github.com/facebookincubator/BOLT https://www.phoronix.com/scan.php?page=news_item&px=Google-P...

The closest previous work would rather be Facebook BOLT I believe: https://github.com/facebookincubator/BOLT

For anyone curious about using something like this technique, Facebook has a similar tool.

https://github.com/facebookincubator/BOLT

From what I understand: The blog answers, how does one store a secret without it being subject to brute force (and other offline) attacks [0], with:

Generation of the secret (on the client):

1. Generate sk: Key-stretch user-provided pass-phrase to 256 bits using Argon2 [1].

2. Generate a verifiable auth-token, token = hmac-sha256(sk, "auth key encrpytion") [2]

3. Generate a split secret-key:

3a. split1 = hmac-sha256(sk, "master key encryption")

3b. split2 = high-entropy-random-256-bits

4. Send key-pair (token, split2) to remote machines running BOLTed [3] server code in a SGX enclave [4] that replicate it using raft-consensus protocol [5] over Noise [6] in an hardware-encrypted RAM [7] and never on-disk.

5. Generate master-key = hmac-sha256(split1, split2)

6. Generate as many application-keys as required, and use these to encrypt user's data, for instance, app-key-sge = hmac-sha256(master_key, "social graph encryption") and so on...

-

Recovery of the secret (by the client):

1. On the client, using user-provided pass-phrase, generate sk, token, and split1, like above.

2. Send the token to a remote machine. If the token is valid, remote lets the client retrieve split2 [8] with which the client can now generate the master-key and app-keys, as before.

3. If the token sent is invalid, remote lets the client retry a very limited number of times before destroying the secret key-pair.

---

[0] From the post, ...we’ve been working on new techniques based on secure enclaves and key splitting that are designed to enhance and expand general capabilities for private cloud storage. Our aim is to unlock new possibilities and new functionality within Signal which require cross-platform long-term durable state, while verifiably keeping this state inaccessible to everyone but the user who created it.

[1] https://en.wikipedia.org/wiki/Argon2 (end-users prefer shorter passwords but one gets better entropy with longer passwords... which is what Argon2 brings to the table)

[2] https://en.wikipedia.org/wiki/HMAC

[3] https://github.com/facebookincubator/BOLT (prevents speculative execution exploits: https://en.wikipedia.org/wiki/Speculative_execution)

[4] https://blog.quarkslab.com/overview-of-intel-sgx-part-1-sgx-... (used for strict code and hardware attestation)

[5] https://www.youtube-nocookie.com/embed/YbZ3zDzDnrw

[6] http://www.noiseprotocol.org/ (Wireguard and WhatsApp use it, too, for end-to-end communication)

[7] https://eprint.iacr.org/2016/204.pdf

[8] Thanks u/jlund: https://news.ycombinator.com/item?id=21839394