With data expected to increase as more and more companies transform into digital processes, concern for privacy and security also grows. Technology giant IBM Inc. (IBM) has been researching and testing cryptography to provide organizations with options to better secure data and networks.
IBM revealed the three critical emerging areas of data privacy and encryption it has been exploring: confidential computing, quantum-safe cryptography, and fully homomorphic encryption. Reasons for exploring these new areas is to encourage more organizations to implement another layer of security measures at a more affordable cost.
“Each of these is solving a different piece of the data security equation,” said Gosia Steinder, IBM Fellow and head of the company’s hybrid cloud security research, during the online event “The Future of Cryptography,” which delved into IBM’s research to improving data security.
In 2018, IBM started offering confidential computing in production. Today, the company embedded confidential computing into the IBM Cloud for Financial Services as well as integrated it into IBM Cloud Hyper Protect Services.
IBM explained confidential computing provides hardware-level privacy assurance by encrypting data within a secure enclave that not even the cloud provider can view or access.
“Confidential computing allows a company running workloads in the cloud or on-prem (on-premise) to maintain full privacy and control over their workloads despite not owning the infrastructure that the workload is hosted on,” Hunter said.
Quantum is becoming to be a buzzword even if it hasn’t gone into the mainstream. IBM, however, has already deployed more than 30 quantum computing systems since 2016. The hardware roadmap details “a clear pathway to viable quantum computers with more than 1,000 qubits and beyond.”
IBM also noted that at the moment, security concerns outweigh the benefits of quantum computing, which has the capacity to factor large numbers, at least in its approach to cryptography.
“One concern is that someone could steal encrypted data and hold onto it until quantum computing advances far enough to crack today’s encryption standards,” said Dustin Modoy, mathematician, NIST, during the IBM event.
After the issue was raised, IBM Research worked with the National Institute of Standards and Technology (NIST) and the cryptography community has “explored new approaches to encryption and data protection to keep sensitive data safe from quantum computers.”
With this in mind, researchers worked on quantum-safe cryptography “o counter efforts to crack encrypted data using quantum computers.”
IBM is now the frontrunner in the area after participating in NIST’s Post-Quantum Cryptography Standardization competition in 2016. The initiative is “to help future-proof data against quantum computers.”
IBM and other top candidates used lattice cryptography, “which has the ability to hide data inside complex math problems (or algebraic structures) called lattices
“In most cases if today’s cryptography is replaced by lattices, the user wouldn’t see any changes, except maybe a speed up in performance,” said Vadim Lyubashevsky, a cryptographer in the Security group at IBM Research–Europe.
Late last year, IBM announced the availability of quantum-safe cryptography support for key management and application transactions in IBM Cloud.
Fully Homomorphic Encryption
Also last year, IBM introduced the Fully Homomorphic Encryption (FHE), “which allows data to remain encrypted during computation — regardless of the cloud or infrastructure used to process it. It is hoped that FHE could help drive greater adoption of hybrid cloud architectures, enabling data to move between clouds without compromising security.
“If we have an application that has to do statistical analysis on a data set, the app needs to decrypt the data,” Eric Maass, director, Strategy, Design and Emerging Technology at IBM Security Services. “But the act of decrypting the data makes that data vulnerable. With FHE, we can avoid exposing the data during computation.”
FHE is based on a different mathematical algorithm than traditional encryption, designed so that computations can be performed directly on encrypted data. This emerging encryption model could allow third parties to process and analyze encrypted healthcare, financial or other data in the cloud and return accurate results to the data owner, without ever exposing the original data in plain text.
Maass noted how IBM researchers addressed the complexity and slowness of FHE adding, “That’s changing, as IBM researchers have refined the FHE process, making it much more efficient.”
Whereas FHE just a few years ago required hundreds of lines of code and hours to process, IBM researchers announced it can now be executed as an API (application programming software) call to the cloud with 12 lines of code in fractions of a second. IBM is helping bring FHE from the research realm into early adoption with clients – publishing open-source toolkits for developers, and in December IBM Security launched its Homomorphic Encryption Servicesfor clients to start experimenting with the technology.