Recovering from a Database Breach
Highly interactive databases have succumbed to intruders time and again, even when managed by the most security-conscious, and most security-sophisticated organizations. Theoretical considerations have related degree of interactivity and action-versatility with penetration vulnerability. The BitMint designers by their background, are very well aware of this vulnerability, and mindful of the high-degree of interactivity of the BitMint mint, they operated under the assumption that despite deploying the most powerful security means known, hackers may end up compromising the mint. Since the mint is the central repository of coin information, such an event can be catastrophic.
This acknowledged reality has focused primary interest on data recovery technology . These are means to prevent the potential great harm that may be unleashed as a result of failing of the database walls and defenses. The BitMint lab conceived of a fundamental recovery idea based on the distinction between the identity of data and its utility.
In the digital world the identity of data is the the exact composite of the bit identities of the string expression of that data. The utility of data is the service it provides. In the context of the BitMint mint the service is the decision to redeem, or not. Let D be a body of data used to provide a service S. We say D → S. In a nominal database, D is kept at the fast-access area in order to provide the service S. Using BitMint data recovery technology, one modifies D to a derived form D' ≠ D, but such that D' can perform the service S: D' → S. D' (the modified data) is kept in the fast-access area while D (the original data) is kept off-line. The BitMint mint then operates with the modified data D' providing the service S. Namely D' (not D) is used to make the decision of whether to redeem or not to redeem, a claimed coin.
Should the defenses of the database fail, the intruder will get access to the modified data D', not to the original data D. When such a failure takes place, the BitMint operator will resort to the untouched original data D, and derive from it a different modified version D" ≠ D, but which is also not equal to D': D" ≠ D', and install D" for the service of the BitMint mint. The intruder in possession of D' will be cut out of the loop.
For extreme measure the off-line data repository (D) will be further removed from attack by removing the data from digital territory to analog territory. BitMint developed the Rock of Randomness which accomplishes this mission.