Going for quantum protection
How Storgrid safeguards your files against Quantum computer cracking.
Currently, the most advanced method to provide access control to files in a cloud environment is attribute-based encryption (ABE). The main difficulty when using a general ABE approach within a corporate cloud infrastructure is the relative complexity in setup, requiring additional work and procedures.
Additionally, a general ABE implementation is not very flexible and does not provide the mechanism for key renovation or controlling the access to particular file shares. In a corporate cloud infrastructure these problem are very important, because a stable key renovation method provides the most important protection against malicious users who left the organization.
Encryption implementation in Storgrid
Storgrid already implemented an extension on ABE with some additional parameters to be used within a corporate infrastructure and is able to control the key renovation and particular file shares based on the attributes within ABE. The Storgrid ABE extension supports the whole range of practical procedures for file access control in a cloud environment.
Additionally, the flexibility of the implemented solution allows Storgrid to use any public key cryptosystem as the base of the attribute-based access control.
Why is this so important you might ask?
The basis of the original ABE is the PBC (Pairing-Based Cryptography) which:
- Does not have a fast key generation procedure
- Can be broken by a quantum computer
That is why it is good to use a set of cryptographic primitives in your cloud system that can be substituted by another, more secure one if it is necessary, without changing the whole infrastructure.
Solving the Quantum computer cracking problem in Storgrid
In Storgrid, we have currently implemented the Extended ABE (EABE) together with PBC. Because we have done this, the EABE construction in Storgrid can be substituted in the future with the following advanced public key encryption systems, especially designed to withstand Quantum Computing attacks:
- SIS, invented in the EPFL, Switzerland, that provides a fast algorithm of key generation that avoids generation many primes. In other words, the construction EABE+SIS can be easily implemented within the Storgrid infrastructure. The fast key generation opens up numerous possibilities for the security of the whole system. It improves performance and allows to set up the periodical key renewal rather often, for example, once a day, that will make cracking infeasible (the hackers won’t have resources to find the key in a day).
- TCHo, this is an advanced stream cypher, also invented in the EPFL, Switzerland. This cypher relies on a hard problem that cannot be solved effectively by means of quantum computer. In other words, it is more secure than popular RSA or ECDSA cryptosystems based on the integer-factorization and discrete-logarithm problems, which are solved in polynomial time on a quantum computer using Shor’s algorithm. The cypher is hardware-oriented, i.e. it can even be implemented as an encrypting device.
While the generic ABE construction cannot be implemented along with SIS or TCHo, the EABE construction in Storgrid allows us to incorporate any cryptosystem as the base of user access control, so constructions like EABE+SIS and EABE+TCHo are possible in Storgrid.