It's essentially a way of storing your password hash in the cloud such that nobody - not even the cloud providers - can read the hash and try to brute force it. All anyone can do is send password attempts to the cloud server's SGX system, which in theory is completely private, even to the host OS.
It also provides a way for the client to verify the code that is running in the SGX system, so you know you're sending your password attempts to some program that really does do all this fancy stuff. You don't have to take Signal's word for it.
It's basically equivalent to the chip in iPhones that stores your PIN and counts failed attempts. Except it's in the cloud and distributed, which is way harder to do.
Not really. The goal is to safely store an extra random value that's mixed with the password hash to derive the master key for the account, because they don't want to fully trust the password hash, because some passwords are too weak.
Could've just made password requirements stronger, but that doesn't provide an excuse to play with SGX I guess :)
It's an attempt at storage of secrets on a remote server using SGX and consensus protocols. Signal seems to be using this to store people's social graphs "in the cloud".
4. Send key-pair (token, split2) to remote machines running BOLTed [3] server code in a SGX enclave [4] that replicate it using raft-consensus protocol [5] over Noise [6] in an hardware-encrypted RAM [7] and never on-disk.
6. Generate as many application-keys as required, and use these to encrypt user's data, for instance, app-key-sge = hmac-sha256(master_key, "social graph encryption") and so on...
-
Recovery of the secret (by the client):
1. On the client, using user-provided pass-phrase, generate sk, token, and split1, like above.
2. Send the token to a remote machine. If the token is valid, remote lets the client retrieve split2 [8] with which the client can now generate the master-key and app-keys, as before.
3. If the token sent is invalid, remote lets the client retry a very limited number of times before destroying the secret key-pair.
---
[0] From the post, ...we’ve been working on new techniques based on secure enclaves and key splitting that are designed to enhance and expand general capabilities for private cloud storage. Our aim is to unlock new possibilities and new functionality within Signal which require cross-platform long-term durable state, while verifiably keeping this state inaccessible to everyone but the user who created it.
[1] https://en.wikipedia.org/wiki/Argon2 (end-users prefer shorter passwords but one gets better entropy with longer passwords... which is what Argon2 brings to the table)
