NTT is developing attribute-based encryption (ABE) to prevent quantum attacks

Watch the Low-Code/No-Code Summit on-demand sessions to learn how to successfully innovate and achieve efficiencies by upskilling and scaling citizen developers. Watch now.


Accelerated by COVID-19, the digital economy growing in incredible ways: more organizations are embracing digital transformation, migrating workloads to the cloud, exploring artificial intelligence (AI) powered solutions for real-time business insights, and much more.

But there’s also bad news: a massive increase in the number of touchpoints across mobile and web interfaces has impacted the attack surface, causing a surge in data breaches that threaten businesses and individuals alike. At the current rate of growth, damage from cyberattacks will reach approximately $10.5 trillion annually by 2025 – a 300% increase from 2015 – according to estimates by Cybersecurity Ventures.

But companies are now rising up to fight in the never-sleeping, always-on cybersecurity war zone with new technologies such as confidential computer use and quantum computing. While quantum computing will unlock powerful analytics and AI processing capabilities, it also opens the door to serious security problems, thanks to the ability of these supercomputers to public key decryption algorithms in the very near future. This would give cybercriminals and nation-states the ability to openly decrypt information protected by public-key algorithms — not just in the future, but retroactively — by collecting encrypted data today to decrypt when quantum computers finally mature.

although researchers estimates that quantum computers could do that as early as 2030, with the Biden administration CHIPS and Science Act is approved — and sets aside $52 billion in grants to support semiconductor manufacturers, as well as $200 billion to support research in AI, robotics, and quantum computing — this development could happen even faster.

Event

Intelligent security stop

On December 8, learn about the critical role of AI and ML in cybersecurity and industry-specific case studies. Register for your free pass today.

register now

While cybersecurity dynamics point to significant opportunities in an evolving market, the risks in a post-quantum world will increase. Currently available commercial solutions do not fully meet customer demand for automation, pricing, services and other capabilities – and that’s why NTTa global telecommunications and IT services and consulting company headquartered in Tokyo, is now pushing for the commercialization of attribute-based coding (ABE).

The full potential of quantum computing has not yet been explored

ABE was introduced in a Paper from 2005 co-authored by NTT Research’s cryptography and information security (CIS) lab director, Brent Waters, Ph.D., and is now approaching commercialization, according to a blog post published today by NTT.

As an extension of this development, NTT is currently executing a proof-of-concept (POC) information sharing platform using ABE with the University of Technology, Sydney (UTS). “As part of a wider technology cooperation with UTSthis first platform will focus on internal UTS applications,” said NTT in its official statement.

“Compared to the prevailing coarse-grained access model of public key encryption, where giving a secret key essentially amounts to giving access to all encrypted data, ABE is a more sophisticated approach that grants prescribed access to encrypted data to someone with a set of matching properties. Controlling those attributes is done mathematically, “in crypto,” shifting the focus from servers or software engineering to the policy and encryption itself,” NTT further stated.

In addition to exploring the commercialization of ABE, NTT Research has also begun primary research on post-quantum ABE schemes. To show the growing maturity of this encryption scheme, NTT Research recently held a 14-day ABE hackathon, where five global NTT teams gathered in Sunnyvale, California, to develop potential implementations of the technology.

During the just concluded NTT R&D forumWaters noted that there is a fundamental difference between what quantum computers can potentially do and what quantum computers can do right now.

Use cases for attribute-based encryption

There are several real-life use cases for ABE in the business world and across the board, but especially in addressing the challenge of data lakes. Many companies today are swimming in vast amounts of data lakes, so much so that they find it difficult to effectively categorize their data. Aside from the huge difficulties of deriving accurate analytics from their datasets, another problem remains: much of the data is highly sensitive, such as salary data in HR records and customer information. But ABE provides a solution in such scenarios by enabling companies to make data available to employees who need to access it, while protecting such sensitive information.

“We can control access rights at the data layer,” said Kei Karasawa, Ph.D., NTT research vice president of strategy, who added that the same process could be used in protecting smart city applications. “Governments can collect all kinds of information to feed smart city applications, including transportation and supply chain data, images of people’s faces and more. That kind of information needs to be protected at the data layer,” he noted.

Towards commercializing attribute-based encryption

NTT worked continuously on the ABE model for a while. A relatively recent one paper on ABE — which demonstrates the first collusion-resistant, post-quantum, decentralized, multi-authority (MA-ABE) scheme — was co-authored by Waters and CIS lab scientists Pratish Datta and Ilan Komargodski and presented at EuroCrypt 2021. “It was proven under the learning with errors (LWE) assumption, which has become a pillar of post-quantum security. The scheme also supports access policies defined by disjunctive normal form (DNF) formulas, which are useful in automatic proofing of theorems,” NTT said in its official statement.

So far, the NTT research team has implemented a prototype of the scheme, but not yet the full MA-ABE. Led by Takashi Goto, the team claims to be conducting tests for decryption correctness and performance. However, to be deployed commercially, Goto said it would need further modifications.”

Although practical quantum attacks pose no immediate threat, NTT customers can rest assured that some of the world’s top cryptographers are exploring post-quantum ABE solutions and that NTT will provide migration paths in the future,” Goto noted.

VentureBeat’s mission is to become a digital city plaza where tech decision makers can learn about transformative business technology and execute transactions. Discover our Briefings.