Shamir’s “post-crypto world” quote has been making lots of waves. A British cryptographer suggests that the best solution to crypto being no longer as useful as it once was is… more crypto.
While I don’t agree (“let’s fix unexpected failure modes by introducing a more complex system with failure modes we haven’t found yet!”) it’s still worth thinking about — at least conceptually.
The propsed solution is Multi-Party Computation (MPC). Under this model, it’s possible to do things to data without decrypting it, or necessarily learning what other parties’ parts actually were. Used practically, this would mean that instead of having to compromise only one or a small number of workstations, an attacker would need to compromise ALL of them in order to get the underlying data.
“The usual cryptographic model is that there is at least one honest person in a protocol. This is still true, the user of a system may be honest, but if we cannot trust the system they are on to not be compromised, we can essentially not trust anything. What is the point of encrypting data if the attacker already has the key? Even if the data has been encrypted successfully, at some point it needs to be decrypted so as to process it. At the point of decryption, if the attacker controls the machine, he also controls the decrypted data. So with such all pervasive threats, how can crypto be of any use what-so-ever? In some sense this means “Crypto is Dead!”.
Luckily, however, cryptography is about more than just encryption and authentication. Modern cryptography gives us a number of tools which we can use to secure systems. In Bristol we have been working for a number of years in turning a theoretical technology called multi-party computation (MPC) into a practical reality. The basic idea behind MPC is the following: Suppose a set of n parties have their own secret inputs, for example party i has input xi. Now suppose they want to compute some function on these inputs say f(x1,…,xn)
MPC allows us to do this, via a protocol, in such a way that the parties learn the output of the function, but no one learns anything about the other parties inputs. Traditional use-cases which have been proposed for MPC are the sharing of databases etc.
However, MPC also allows one to solve the problem of what hardware to trust in an enterprise environment such as that described above. In other words we can use MPC as a threat mitigation strategy to avoid APTs and other malware on our systems. We do this by altering the standard use case of MPC, instead of having multiple parties we have one party who just happens to be using multiple computers.
Suppose we expect that an attacker is inside our network. If we put in place enough protection to ensure he is not on all of our computers at once, then we may be able to hold a secret key on that uncompromised computer. But we do not know which computer is uncompromised. Using MPC we can get around this.”