Blog

Protecting data in a post-quantum world

Written by Christer Roslund | May 24 2022

Encryption has been around for thousands of years, ever since humans started writing down information that they wanted to conceal. And for thousands of years curious parties wanting to know what that information was would eventually crack the code. As the cat and mouse game continued over centuries, stronger and better encryption methods would emerge, humans would break them, and encryption would be improved again. 

Fast forward to World War II and the game evolved. Encryption became more sophisticated and accelerated with the introduction of the Enigma machine used by Nazi Germany to encrypt top secret messages. Fortunately, Alan Turing, a mathematical genius, had been hard at work several years prior inventing a computer that used basic algorithms to complete complex tasks faster than humans. Turing devised a computer specifically capable of quickly decrypting coded messages generated by Enigma. Historians estimate that Turing’s invention shortened the war by as many as two to four years, and credit him as the father of modern computing. 

The movie, “The Imitation Game” tells the story of the race to crack Enigma’s codes and if you haven’t seen it, or haven’t in quite a while, it’s worth a watch. Although the story is now more than 75 years old, it is more relevant than ever. For as Turing told a reporter from The Times in 1949, “This is only a foretaste of what is to come, and only the shadow of what is going to be.” In fact, Turing’s computer signaled the rise of machine intelligence and the impact of computing power on cybersecurity. 

Now we are on the cusp of a new generation of computing devices capable of cracking the most sophisticated algorithms used in encryption, and ultimately eliminating encryption as a reliable way to secure information. Capable of solving problems too complex for today’s computers, at speed and capacity, quantum computing will provide humans with tools to decrypt any type of encryption used today—regardless of length, complexity, and number of algorithms involved.  

Companies like IBM and Google have developed prototypes of quantum computers and in five years’ time it is likely that some form of quantum computers will be generally available. Other countries are also advanced in quantum computing, and the risk of data—including an organizations’ crown jewels—getting into the wrong hands should be taken seriously.  

A quantum-safe approach

At ShardSecure, we decided to tackle the challenge of data protection differently and asked: What if threat actors can’t even get hold of the data to crack the encryption? Then, the old and dying paradigm of encryption would become inconsequential. That’s what we’ve achieved at ShardSecure, devising a quantum-safe approach called microsharding that replaces encryption by concealing data at rest with obfuscation rather than with an algorithm.  

Microsharding essentially makes sensitive data unsensitive and unintelligible to unauthorized users. It is a three-step process that consists of shredding, mixing, and distributing data across multiple storage repositories of the data owner’s choosing – multi-cloud, multi-region, or hybrid cloud. When data is shredded into microshards, they are too small to contain sensitive data. Mixing that data with poisoned data and distributing it helps to ensure unauthorized users never have a complete, intelligible data set should storage be compromised. It’s like trying to put together a puzzle with millions of pieces of equal size, including pieces that don’t belong, with no picture to know what the puzzle should ultimately look like and no way to know if you have all the right pieces. 

Not only does Microshard™ technology replace encryption, but it also does better because it eliminates the challenges and risks that come with key management. A pivotal point in The Imitation Game comes when Turing and his team figure out that the daily weather report always included the same key letters. Weak key management processes gave them an edge that allowed them to set the computer to find and decrypt a new message every morning. 

Relying on individuals and third parties for strong key management remains problematic. Today, users put encryption keys in source code or upload them to GitHub to facilitate collaboration with different systems and users, including their cloud provider. Consultants copy encryption keys and store them on their laptop to have an offline copy. Should encryption keys be compromised due to these poor practices, data and intellectual property (IP) are at risk of breaches, ransomware attacks, cyber espionage, and more. However, with microsharding authorized users have access to data on a project basis with no need for encryption.

Microshard technology provides a path forward to prepare for quantum computing and the end of encryption. Leading companies in sectors including financial services, pharmaceuticals, technology, and biotech are already using it today. By microsharding their data, they’re not just changing the rules of the game, they’re introducing a new game that threat actors simply can’t win no matter how powerful their computer.

Come visit us at RSAC 2022 where we’ll be in the Early Stage Expo at booth #22. We’ll also be presenting on the topic of microsharding on the Early Stage Expo stage on Wednesday, June 8th, from 11:20AM – 11:50AM PT.