Making Encryption Harder, Better, Faster and Stronger
In response, the industry is advancing encryption on several fronts. Some efforts are focused on increasing key sizes to protect against brute-force decryption. Other efforts are looking at new cryptographic algorithms. For example, the National Institute of Standards and Technology is evaluating a next-generation public key algorithm intended to be quantum safe.
The trouble is that most quantum-safe algorithms aren’t efficient in classical computer architectures. To address this problem, the industry is focused on developing accelerators to speed up algorithms on x86 platforms.
A third area of research is homomorphic encryption, an amazing concept that allows users to perform calculations on encrypted data without first decrypting it. So, an analyst who needs to can query a database containing classified information without having to ask an analyst with higher clearance to access the data or request that the data be declassified.
A big advantage of homomorphic encryption is that it protects data in all its states — at rest (stored on a hard drive), in motion (transmitted across a network) or in use (while in computer memory). Another boon is that it’s quantum safe, because it’s based on some of the same math as quantum computing.
A downside is that homomorphic encryption performs very poorly on traditional computers, because it’s not designed to work with them. The industry is collaborating to develop x86-style instructions to make these new cryptosystems operate at cloud speeds. Practical applications are still a few years away, but we’re confident we’ll get there.
EXPLORE: How can agencies combat encrypted attacks on government traffic?
Encryption Innovations Agencies Can Use Today
In the interim, a new encryption capability has emerged that organizations can take advantage of right now: confidential computing. Confidential computing safeguards data while it’s being acted upon in computer memory; for example, while a user is conducting analytics on a database.
Confidential computing works by having the CPU reserve a section of memory as a secure enclave, encrypting the memory in the enclave with a key…