Ineffable cryptography – Manifesting unobtainable secrets

Wednesday
 
27
 
November
10:30 am
 - 
11:10 am
Topic
Academic Research Stream
Agenda
Sign in to add this session to your agenda
Add to My AgendaAdded to My Agenda
Location
Room 204
Theme
Emerging Technologies

Speakers

Michael Loewy
Michael Loewy

Michael Loewy

Michael Loewy

Co-Founder / CEO
Tide Foundation

Synopsis

At the core of every security aspect, lays trust. In cybersecurity, there’s an ongoing effort to reduce the need for trust to the absolute minimum, utilizing evidence-based approaches. Today’s peak cybersecurity levels are achieved with principles of verifiability/attestability, cryptographically hard problems to solve, Zero-Trust models – all sharing the common trend of reducing the trust-levels to narrower reliance on mathematically proven principles. Today’s best cybersecurity levels rely purely on cryptographic principles, offering mathematical proofs for its validity – however, it all makes the naïve assumption that the secret private keys are secure. An assumption entirely made on blind trust – which represent the most appealing attack surface of our age.

Managing keys is a particularly hard and expensive problem to solve, in the best cases. For those that can afford it, key lifecyle management is an already mature and robust solution, with numerous global success stories. Unfortunately, due to their centralized nature, all key management solutions eventually concentrate their ultimate authority in a single vulnerable honeypot of a sort – whether it’s a privileged access manager, a password manager, centralized HSM, or even a distributed key vault. All fail somewhere, at a point of key assembly, hardware wiring or administrator access – which has proven critical in numerous high profile attacks over the last 12 months.

We propose a system that manages keys, at hyperscale, economically, in such a way that the key is never assembled, never revealed – introducing a cryptographic solution using keys that no one will ever hold. Keys no one can steal, lose or misuse. Utilizing end-to-end decentralized principles, we introduce a system where keys are generated, operated and governed across a decentralized network of collaborating nodes, under the assumption of a dishonest majority, at a carrier-grade availability, on an equitable, affordable micro-payment model. The approach has broad applications from privacy protection, data security, access management through to securing critical infrastructure and OT environments.

A research paper on the subject and underlying cryptography is in pre-publish ‘Manifesting Unobtainable Secrets: Threshold Elliptic Curve Key Generation using Nested Shamir Secret Sharing’ https://arxiv.org/abs/2309.00915

Back to Program

Acknowledgement of Country

We acknowledge the traditional owners and custodians of country throughout Australia and acknowledge their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging.

Acknowledgement of Country