This New Cryptography Tool Could Ease Compliance Burdens, Part II: Three Ways NTT’s Cryptography Research Could Aid Data Privacy Compliance
Last month, NTT presented 17 new notable research papers co-authored by its Cryptography & Information Security (CIS) Lab and NTT Social Informatics Laboratories (SIL) at Eurocrypt 2023. Eurocrypt 2023 is a conference organized by the International Association for Cryptologic Research (IACR) to present information gathered from articles submitted to the IACR “on any cryptographic topic, including but not limited to: foundational theory and mathematics; the design, proposal, and analysis of cryptographic primitives and protocols; secure implementation and optimization in hardware or software; or applied aspects of cryptography.”
According to NTT, its papers address attribute-based encryption, quantum cryptography and multi-party computation. Here’s how and these encryption technologies can affect your business:
Attribute-based Encryption (ABE):
According to this article in Venture Beat, ABE “is a more finely tuned approach” when compared to “grained access model of public-key encryption,” which requires utilizing a key to obtain access to encrypted data — a method which currently acts as a cross-industry standard.
ABE, on the other hand, “grants prescribed access of encrypted data to someone with a set of matching traits.” The computer software will conduct mathematic checks to ensure that the attributes match, which NTT told Venture Beat will “shift[] attention away from servers or software engineering towards policies and the encryption itself[.]”
ABE can be applied in “real-life use cases . . . in the business world and across the board, but especially in addressing the challenge of data lakes.” ABE can be applied to a data lake in order to encrypt sensitive data existing in the data lake such that the employees who require access to this data receive the necessary information to sort the data into a data lakehouse, while maintaining the anonymity of the sensitive information.
Three of the papers presented at Eurocrypt 2023 will address ABE.
One of the papers, co-drafted by CIS Lab Director Brent Waters, who introduced ABE as co-author of a landmark paper in 2005, “proposes the notion of registered ABE, which allows users to generate secret keys on their own and then register the associated public keys with a ‘key curator.’” The second paper “constructs a method for making decentralized, multi-authority ABE ‘fully adaptive’ or better able to resist real threats.” The third paper, drafted by NTT SIL cryptography researcher Junichi Tomida addresses “functional encryption, of which ABE is a special case.”
Quantum Cryptography:
According to Tech Target, Quantum cryptography is “a method of encryption that uses the naturally occurring properties of quantum mechanics to secure and transmit data in a way that cannot be hacked.” Through the use of this encryption technique, “it is impossible to copy or view data encoded in a quantum state without alerting the sender or receiver.” Quantum cryptography differs from traditional “cryptographic systems in that it relies on physics, rather than mathematics, as the key aspect of its security model.”
There will be three papers addressing quantum cryptography. One of the papers, co-authored by CIS Lab Senior Research Scientist Mark Zhandry, “provides both negative and positive results for publicly verifiable quantum money.”
The other papers will “discuss an application of quantum gravity to quantum cryptography and introduce a leasing notion to quantum decryption keys.”
Multi-Party Computation (MPC):
MPC is a technique which allows parties to calculate outputs without sharing individual inputs. To learn more about MPC, you can read this Forbes article by NTT Research CEO Kazuhiro Gomi addressing the technique.
Four papers addressing MPC techniques will be co-authored by NTT Research Senior Research Scientist Elette Boyle, Senior Research Scientist Vipul Goyal, and Research Scientist Ilan Komargodski.
* * * * * * *
To read our news alerts discussing: Brazil’s enforcement criteria, the FTC’s fight with Facebook, and Indiana’s privacy law, click here.
This week’s breach report covers the following organizations: NextGen Healthcare, Catholic Health, Medicalodges. Click here to find out more.
Jody Westby hosts our podcast, ADCG on Privacy & Cybersecurity, bringing together leaders in the privacy and cybersecurity arenas to discuss a wide range of issues ranging from the proposed federal and state regulations to best practices and standards for compliance. Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe!
Our most recently released episodes:
91 | Managed Detection & Response; The Path Forward (with Guest Sam DeNormandie)
90 | AdTech Meets Privacy Laws (with Guest Susan Israel)
89 | Quantum Technologies: What is Possible, Where We Are Headed & Policy Issues to Consider
To browse our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.