Anti Tempering in a data center you control provides very different tradeoffs
I’ll paint a picture for how this could naively look:
We put the GPUs in something equivalent to a military base. Someone can still break in, steal the GPU, and break the anti tempering, but (I’m assuming) using those GPUs usefully would take months, and meanwhile (for example), a war could start.
How do the tradeoffs change? What creative things could we do with our new assumptions?
Tradeoffs we don’t really care about anymore:
We don’t need the anti tampering to reliably work (it’s nice if it works, but it now becomes “defense in depth”)
Slowing down the attacker is already very nice
Our box can be maintainable
We don’t have to find all bugs in advance
...
“Noticing the breach” becomes an important assumption
Does our data center have cameras? What if they are hacked? And so on
(An intuition I hope to share: This problem is much easier than “preventing the breach”)
It doesn’t have to be in “our” data center. It could be in a “shared” data center that many parties monitor.
Any other creative solution to notice breaches might work
How about spot inspections to check if the box was tampered with?
“preventing a nation state from opening a big and closing it without any visible change, given they can do whatever they want with the box, and given the design is open source” seems maybe very hard, or maybe a solved problem.
“If a breach is noticed then something serious happens” becomes an important assumption
Are the stakeholders on board?
Things that make me happy here:
Less hard assumptions to make
Less difficult tradeoffs to balance
The entire project requires less world class cutting edge engineering.
Anti Tempering in a data center you control provides very different tradeoffs
I’ll paint a picture for how this could naively look:
We put the GPUs in something equivalent to a military base. Someone can still break in, steal the GPU, and break the anti tempering, but (I’m assuming) using those GPUs usefully would take months, and meanwhile (for example), a war could start.
How do the tradeoffs change? What creative things could we do with our new assumptions?
Tradeoffs we don’t really care about anymore:
We don’t need the anti tampering to reliably work (it’s nice if it works, but it now becomes “defense in depth”)
Slowing down the attacker is already very nice
Our box can be maintainable
We don’t have to find all bugs in advance
...
“Noticing the breach” becomes an important assumption
Does our data center have cameras? What if they are hacked? And so on
(An intuition I hope to share: This problem is much easier than “preventing the breach”)
It doesn’t have to be in “our” data center. It could be in a “shared” data center that many parties monitor.
Any other creative solution to notice breaches might work
How about spot inspections to check if the box was tampered with?
“preventing a nation state from opening a big and closing it without any visible change, given they can do whatever they want with the box, and given the design is open source” seems maybe very hard, or maybe a solved problem.
“If a breach is noticed then something serious happens” becomes an important assumption
Are the stakeholders on board?
Things that make me happy here:
Less hard assumptions to make
Less difficult tradeoffs to balance
The entire project requires less world class cutting edge engineering.