Check out all the on-demand sessions from the Intelligent Security Summit here.


Accelerated by COVID-19, the digital economy is booming in incredible ways: more organizations are embracing digital transformation, migrating workloads to the cloud, exploring artificial intelligence (AI)-powered solutions for real-time business insights, and much more. 

But there’s bad news, too: a soaring increase in the number of touchpoints across mobile and web interfaces has broadened the attack surface, causing a sharp rise in data breaches that threaten both businesses and individuals. At the current rate of growth, damage from cyberattacks will amount to about $10.5 trillion annually by 2025 — a 300% increase from 2015 — according to estimates by Cybersecurity Ventures.

But enterprises are now rising up to fight in the never-sleeping, always-on cybersecurity war zone with new technologies like confidential computing and quantum computing. While quantum computing will unlock powerful analytic and AI-processing capabilities, it also opens the door to serious security vulnerabilities, due to the ability of these super-computers to decrypt public-key algorithms in the very near future. This would give cybercriminals and nation-states the ability to openly decrypt information protected by public-key algorithms — not just in the future, but also retrospectively — by collecting encrypted data today to decrypt when quantum computers finally reach maturity.

Although researchers estimate quantum computers could do that as soon as 2030, with the Biden administration’s CHIPS and Science Act being approved — and setting aside $52 billion in subsidies to support semiconductor manufacturers, as well as $200 billion to aid research in AI, robotics and quantum computing — this development could happen even sooner.  

Event

Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.

Watch Here

While the cybersecurity dynamics point to significant potentials in an evolving market, the risks will be increasingly heightened in a post-quantum world. Currently-available commercial solutions do not fully meet customer demands for automation, pricing, services and other capabilities — which is why NTT, a global telecommunications and IT service and consulting company headquartered in Tokyo, is now pushing for the commercialization of attribute-based encryption (ABE).

Quantum computing’s full potential hasn’t been explored yet

ABE was introduced in a 2005 paper co-authored by NTT Research’s cryptography and information security (CIS) lab director, Brent Waters, Ph.D., and is now approaching commercialization, according to a blog post published today by NTT.

On the heels of this development, NTT is currently conducting a proof-of-concept (POC) information-sharing platform using ABE with the University of Technology, Sydney (UTS). “As part of a broader technology partnership with UTS, this initial platform will focus on internal UTS applications,” NTT noted in its official statement.

“Compared to the prevailing coarse-grained access model of public-key encryption, where giving out a secret key essentially amounts to giving access to all the encrypted data, ABE is a more finely tuned approach that grants prescribed access of encrypted data to someone with a set of matching traits. The checking of those attributes happens mathematically, ‘inside the crypto,’ which shifts attention away from servers or software engineering towards policies and the encryption itself,” NTT further stated.

In addition to exploring the commercialization of ABE, NTT Research has also begun primary research into post-quantum ABE schemes. To show the growing maturity of this encryption scheme, NTT Research recently held a 14-day ABE hackathon, where five NTT global teams gathered in Sunnyvale, California, to build potential implementations of the technology.  

During the just-concluded NTT R&D Forum, Waters noted that there is a fundamental difference between what quantum computers can potentially do and what quantum computers can do at the moment.

Use cases for attribute-based encryption

There are several real-life use cases for ABE in the business world and across the board, but especially in addressing the challenge of data lakes. Many companies today are swimming in large volumes of data lakes, so much that they find it difficult to effectively categorize their data. Apart from the huge difficulties with deriving accurate analytics from their datasets, another problem persists: much of the data is highly sensitive — like salary data in HR records and customer information. But ABE offers a solution in such scenarios by enabling companies to make data available to employees who need access to it, while protecting such sensitive information.

“We can control access rights at the data layer,” said Kei Karasawa, Ph.D., NTT research vice president of strategy, who added that the same process could be used in protecting smart city applications. “Governments may collect all kinds of information to fuel smart city applications — including transportation and supply chain data, images of peoples’ faces and more. That kind of information should be protected at the data layer,” he noted.

On the road to commercializing attribute-based encryption

NTT has continuously worked on the ABE model for a while. A relatively recent paper on ABE — which shows the first collusion-resistant, post-quantum, decentralized, multi-authority (MA-ABE) scheme — was co-authored by Waters and CIS lab scientists Pratish Datta and Ilan Komargodski and presented at EuroCrypt 2021. “It was proved under the ‘learning with errors (LWE)’ assumption, which has become a pillar in post-quantum security. The scheme also supports access policies captured by disjunctive normal form (DNF) formulas, which are useful in automated theorem proving,” NTT said in its official statement.

So far, NTT’s research team has implemented a prototype of the scheme, but not yet the full MA-ABE. Led by Takashi Goto, the team claims it’s conducting tests for decryption correctness and performance. To be deployed commercially, however, Goto said it would need to undergo further adaptation.“

Although practical quantum attacks do not constitute an imminent threat, NTT customers can rest assured that some of the world’s top cryptographers are exploring post-quantum ABE solutions and that NTT will provide migration paths down the road,” Goto noted.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.