Symmetrical Cryptography Pioneer Targets the Post-Quantum Era

1 week ago 9
News Banner

Looking for an Interim or Fractional CTO to support your business?

Read more

A glowing purple and pink key, with dots and numbers in the background

Source: ArtemisDiana via Alamy Stock Photo

A future that uses quantum computing is not far off — but not quite here either. When it does arrive, it will ultimately render the methods we use to encrypt information useless. And while some organizations and businesses may be slow to act, bad actors are already preparing, stealing large amounts of encrypted data and putting it on hold until a later date, when quantum capabilities become available and allow them to decrypt it.

These attacks are known as harvest now, decrypt later (HNDL) attacks — and they pose a serious threat in the future, should bad actors gain access to quantum computers and find the means to actually use them.

"What we need is a new way for us to be able to encrypt data which protects that data now and in the future as well," says Frey Wilson, co-founder and CTO at Cavero Quantum.

The Cavero Method

Cavero has created a cryptographic system that uses symmetric keys in two different ways, one using computation complexity and the other using an information theoretical method. The latter typically uses physical resources, but Wilson notes that Cavero achieves it by using the properties of random numbers.

"If you can create two correlated data sets and ensure that any third data set is correlated [but] not in the same way as the initial two, then from the correlated data, you can use essentially low entropy sections of that data to be able to generate a key mutually," says Wilson, ahead of a Black Hat Europe 2024 briefing on the approach.

Related:Library of Congress Offers AI Legal Guidance to Researchers

These keys aren't passkeys, though the intention is on the same track, Wilson stresses. Passkeys fall under the category of asymmetric keys, a cryptographic method of encrypting and decrypting data. The risk with this, however, is that passkeys are limited within their own ecosystems, such as Apple or Amazon, unable to cross-correlate with other ecosystems.

"Because this key is sent from a central server initially, there's a moment that the key is in transit to get to a device," says James Trenholme, CEO of Cavero Quantum. "It has the potential to be hacked or viewed by a third party."

Cavero aims to solve this problem by providing a solution that doesn't share any information publicly. Keys are mutually generated for each party using the correlating numbers mechanism, so that even if a threat actor is watching the exchange in the middle, they are unable to gather enough information to calculate or intercept the key, Trenholme adds.

The Past & Future of Cryptography Keys

Wilson says the solution, which uses smaller key sizes and is deployable on any device regardless of the size, is unique in its approach.

Related:'White FAANG' Data Export Attack: A Gold Mine for PII Threats

"That appeal to history is absolutely something that we hear regularly," says Wilson of their solution, which is nearly 12 years in the making. "This is based off a body of work that has existed here that we’ve taken, and we've expanded on. It just so happens that we've taken it in a direction that's been slightly different to other people."

Wilson plans to go into detail on that at Black Hat Europe, noting that "it's a new way of looking at the methodology that sits underneath it."

Going forward, the pair would like to see Cavero's keys used as the cornerstone in many, if not all, types of communications. And while its natural for a CEO to say this about their company's product, it seems as though Cavero's keys are in the best interest of communications processes in the name of privacy and security.

Some industries will benefit from Cavero's technology sooner than others, like those that manage high-value data or have a long-term data source.

"We'd like to see it used in every kind of communication, whether it be a voice call, a message, a data transfer, logging applications, the list goes on," says Trenholme, including telecommunications, defense, financial services, identity frameworks, and more.

Related:'Bootkitty' First Bootloader to Take Aim at Linux

Read Entire Article