Solutions

"Whoever gets to true quantum computing first will be able to negate all the encryption that we’ve ever done to date"
-- Chairman of the House IT Subcommittee

Modern Encryption vs VaultChain™

The State of Modern Encryption

In 1977, the Data Encryption Standard (DES) became the federal standard for block symmetric encryption. Back then, DES was considered unbreakable except by brute- force attack – i.e. trying every possible key (DES uses a 56-bit key, so there are 256, or 72,057,594,037,927,936 keys to try). For the next 20 or so years, DES was the de facto method used by both public and private entities to secure data. However, by the late 1990s advances in computing horsepower made it possible to break DES in a matter of days. A variant of DES called Triple DES (3DES) was used to extend the longevity of DES by simply repeating the DES encryption process three times thereby creating a 168- bit equivalent key. This provided a relatively simple method of increasing the key size of DES to protect against such brute-force attacks without the need to design a completely new block cipher algorithm.

However, with the rapid advances in computing horsepower continuing, it was clear that the era of DES (and 3DES) encryption was coming to a close and a new way to secure data was needed. Thus, in January 1997, NIST announced a competition designed to identify a successor to DES and after intense analysis by the world's foremost experts on encryption, the Advanced Encryption Standard (AES) was chosen as the successor. This was made official when the FIPS 197 guidelines were published in November 2001 and thereafter, AES became the cipher of choice for both government and commercial use.

Nearly 15 years later, AES has become the de facto method used throughout the world for encrypting data. It is built into virtually every security product, protocol, and application whenever there is a need to secure data. However, with the passage of time, even AES has become susceptible to the massive amounts of computing horsepower available in today’s world and the increasing sophistication of cyber criminals...

AES Encryption is Broken?

How is this possible? To begin to understand this, it is first useful to acknowledge the incredible advances in computing performance that has occurred over the last 40 years. Beginning in 1975, computational horsepower has been doubling on a regular basis every 18- 24 months. In fact, the fastest computers today can process over 33 quadrillion calculations per second – that is 33,000,000,000,000,000 operations every second! Granted, this type of performance is currently only possible in the realm of supercomputers, but even mainstream computers today that can be bought off-the-shelf for less than $1000 can support over 1 trillion operations per second. When you combine this type of desktop performance with the ability to add additional capacity via on-demand computing (e.g. Amazon Web Services) or distributed computing (multiple computers working on a single task), and it becomes clear that computing performance has reached unfathomable heights.

However, the massive amounts of computational horsepower available today is only part of the answer. A “brute force” attack consisting solely of trying every possible key to try and expose the substitution cipher, S0, would not in and of itself be enough to break through the defenses of modern encryption algorithms. But in reality, it is not actually necessary to try every possible key. There are techniques that can be readily used to reduce the number of possible keys in the solution set which, when combined with the computational horsepower available today, makes modern encryption algorithms such as AES susceptible to attacks.

NIST is the de facto standard bearer for the field of cryptography, and it has been widely reported that it’s working to replace current standards with those that would be resistant to quantum attacks.

According to these same reports, NIST has received 69 algorithms that could be potentially resistant to quantum attacks, and the hope is to update the crypto standards by 2022 to 2023.

 

VaultChain™ Security

VaultChain™ is the only quantum resistant solution for blockchain and beyond. VaultChain™ is the only technology that offers quantum-hardened Layer 2 scaling as a selectively open source approach that can be “baked” into any existing technology making it 100% secure, and hackproof.

VaultChain™ solves the security problem with something radically different than the traditional cryptographic approach. While the technology is complex, the concept is simple - if hackers cannot find the data, they cannot decrypt the data. VaultChain™ is proven, fast, smart, and simple.

VaultChain™ is uniquely disruptive because it begins with the assumption that adversaries will have computers with infinite computing power. Unlike the new “quantum-resistant” encryption that still depends on complex math to protect how data is stored, VaultChain™ assumes that math can always be broken so it’s based on where data is stored. If a perpetrator cannot find the data, he or she cannot break the data, even with infinite computing power.

A good analogy is the license plate on a car. The random characters contain no information, but a person with the knowledge of where to look, proper authentication, and permission can get the owner’s driving history, address, criminal record, etc. The information associated with the license plate does not fit on the license plate, so there is no Enigma-type risk of being broken, there is no mathematical formula that – by decoding the license plate number – can reveal the associated sensitive data.

In addition, there is no limit to the amount of associated data that can be stored elsewhere (such as off-chain). A computer with infinite processing power cannot “break” license plates, and car owners happily drive around without the risk of a security breach.

 

VaultChain™ Use Cases

Protection from quantum computing. These new computers will be so fast that they will complete in one second what a “classical computer” will complete in ten million years (Microsoft). Many feel that this computing power will end encryption security. According to Silicon Valley VC’s, quantum computers may be just two years away, but it’s worse than that because adversaries are already “sucking up” data to be cracked later (U.S. IT Subcommittee). The only way to eliminate the risk of encryption keys is to eliminate the need for encryption keys. VaultChain security stores data in random locations and cannot be cracked by infinite computing power because adversaries cannot break what they cannot find.

New cloud security. VaultChain’s design is based on what we call “control after disclosure.” This permits data to be secured, changed, and even deleted in the cloud or in unknown locations. This for example adds privacy to apps (Facebook POC) that will give control back to people (former FBI agent comments). VaultChain provides quantum-proof security to any cloud app including Google Docs, Office 365, and email.

GDPR compliance. The new EU privacy law mandates the Right to be Forgotten and most firms are woefully unprepared for giving users this kind of control. VaultChain’s “control after disclosure” was specifically designed to comply with the most stringent privacy laws. We include additional functionality, such as redactable email, that may be a future GDPR requirement.

Blockchain privacy and security. While the content of ledger data is trustworthy, it is neither private nor secure. VaultChain adds the scaling proven by banks while making ledger content private, secure, and GDPR compliant (POC here). It includes additional features for specific apps, such as removing the “hot” portion of wallets and exchanges so that no certificates are at risk. Another example is our wallet having biometric control so that pass phrases are no longer needed, and a trusted person can recover coins from a user who has passed away.

Legacy database security. Upgrading legacy systems can be slow and expensive. For example, the Y2K review cost an estimated $400 billion worldwide and took years to complete. VaultChain has been designed to make legacy databases quantum-proof and GDPR compliant without the need for programming changes.

IoT security. VaultChain being agnostic means that the same privacy, security, and compliance can be added IoT devices and tiny RFID tags without the need for additional hardware or encryption. This eliminates the cost vs. control dilemma faced by many manufacturers.

Network security. The focus of most security products is the containment of data. VaultChain assumes that networks have already been compromised and that data will always leak out. Our “control after disclosure” design secures data, whether perpetrators obtain it from inside the network our from unknown locations outside the network.

Embedded forensics. Unlike encryption, VaultChain warns about attempted attacks even though the data is not at risk. This permits the content owner to learn about the attack while gathering information about the perpetrators location, biometrics, and even chain of command. These unique features enable detection and response in real time.

Supply chain improvements. We’ve designed token security to also protect physical items, such as the identification of fake pharmaceutical drugs that kill an estimated 700k in Africa each year. We do this by connecting the end user directly with the original supplier to detect unauthorized, counterfeit, grey market, and expired items. This secures the supply chain even when it has been compromised. Real time instructions can be included for, say, use of an ordinance in the actual weather conditions.