[papercruncher]

Apologies if this is a dump question, but isn't it trivial to derive the public key if you have the private key? If so, couldn't an adversary just keep a list of public_key->service mappings and profit by casting a wider net?

[gizmo686]

Fair point, this attack on the crypto code would be sufficient to extract publicly identifiable information. However, in many encryption schemes, the public key is not a function of the private key. So a targeted attack would allow you to succeed with recovering fewer bits of data (only the purely private bits), and with less complexity. Also, even if this attack would work on any crypto system (instead of the specific code it is optimized for), I suspect that it would still be more econommical to target high value VMs.