The future of data security and blockchain

Copyright ©Protegrity Corp.
The Future of Data Security and
Blockchain
Discussion of Post-Quantum Cryptography
and other technologies
Ulf Mattsson
Chief Security Strategist
www.Protegrity.com

Topics
• Data Security Techniques
• Secure Multi-Party Computation (SMPC)
• Homomorphic encryption (HE)
• Differential Privacy (DP) and K-Anonymity
• Pseudonymization and Anonymization
• Synthetic Data
• Zero trust architecture (ZTA)
• Zero-knowledge proofs (ZKP)
• Private Set Intersection (PSI)
• Trusted execution environments (TEE)
• Post-Quantum Cryptography
• Blockchain
• Regulations and Standards in Data Privacy
Machine
Learning
(ML)
Homomorphic
Encryption
(HE)
Trusted
Execution
Environments
(TEE)
Quantum Computer (QC)
PKE (Public Key
Encryption),
RSA, ECC, …
Analytics
Lattice
based
encryption
Blockchain

Machine
Learning
(ML)
Homomorphic
Encryption
(HE)
Trusted
Execution
Environments
(TEE)
Some HE
algorithms
are QC
resistant
Quantum
machine
learning
integrate QC
algorithms
with ML
Shield
code or
data
An ML
algorithm
and data can
live inside
the TEE
ML
algorithms
can be
optimized
for QC
PKE (Public Key
Encryption), RSA,
ECC, …
Analytics
Asymmetric
encryption may
not be QC
resistant: HTTPS
(TLS)
Lattice based
encryption
Lattice based
encryption
can be QC
resistant
(NTRU is an
open source
HE )
An ML algorithm can use HE data
Blockchain
Bitcoin
SHA-256
(Secure
Hash
Algorithm)

Area Timing Focus Comments
Requirements Short Internal requirements International regulations
Cloud Short Machine Learning Start with basic ML training and inference on senstivie data in cloud
Competition Short Competitive advantage ML and NLP-powered services can give banks a competitive edge
Short Encrypted data Important
Long Synthetic data Computing cost?
Medium AML / KYC What are other Large banks doing?
Short Analytics Initial focus
Short
Operation on encrypted
data
Computation on sensitive data to the cloud. Trade-offs with performance, protection and utility?
Industry Short Industry dialog Working groups in standard bodies (ANSI X9, Cloud Security Alliance, Homomorphic Encryption Org)
Model Short Encrypted model Important
Short Experimentation What are other Large banks doing?
Short Scotia Bank case study Query solution for AML / KYC
Proven Medium Fast follower What are some proven solutions?
Short
Homomorphic
Encryption post-
Lattice-based cryptography is a promising post-quantum cryptography family, both in terms of
foundational properties as well as its application to both traditional and homomorphic encryption
Medium Quantum Plan for quantum safe algorithms
Long Quantum Plan for quantum ML algorithms
Sharing Short
Secure Multi-party
Computing (SMPC)
Without revealing their own private inputs and outputs. Encrypted data and encryption keys never
comingled while computation on the encrypted data is occurring or an encryption key is split into
shares
Short Vendor positioning
Nonlinear ML regression needed? Linear Regression is one of the fundamental supervised-ML. Linear
and non-linear credit scoring by combining logistic regression and support vector machines
Short Framework integration Important
3rd party Long 3rd party integration Mining first
Long Federated learning Complicated
Long TEE Emerging
Analytics
Data
Quantum
Solutions
Training ML
Pilot
Use case: Bank

Opportunities
Controls
Regulations
Policies
RiskManagement
Breaches
Balance
Protect datainwaysthatare transparent to business processes andcomplianttoregulations
Source: Gartner
DataSecurity GovernanceStakeholders
Operations

Source: Gartner
TheLanguageof Stakeholders
Protect datainwaysthatare transparent to business processes andcompliantto
regulations

Agenda
• Data Security Techniques
• Synthetic Data
• Blockchain
Machine
Learning
(ML)
Homomorphic
Encryption
(HE)
Trusted
Execution
Environments
(TEE)
PKE (Public Key
Encryption),
RSA, ECC, …
Analytics
Lattice
based
encryption
Blockchain

Differential
Privacy
(DP)
2-way
Format
Preserving
Encryption
(FPE)
Homomorphic
Encryption
(HE) K-anonymity
model
Tokenization
Static
Data
Masking
Hashing
1-way
Data store
Clear Text
Data Source
Algorithmic
Random Noise added
Format
Preserving
Fast Slow
Very
slow Fast Fast
Format
Preserving
Dynamic Data
Masking
Anonymization
Of Attributes
Pseudonymization
Of Identifiers
Fastest
User
Fast
Synthetic
Data
Static
Derivation
Computing
on encrypted
data

2-way
Format
Preserving
Encryption
(FPE)
Homomorphic
Encryption
(HE)
Tokenization
Data store
Clear Text
Data Source
Algorithmic
Random
Format
Preserving
Fast Slow
Very
slow
Dynamic Data
Masking
Pseudonymization
Of Identifiers
Fastest
User
Computing
on encrypted
data
Quantum Computers?
• Quantum computers and other strong
computers can break algorithms and
patterns in encrypted data.
• We can instead use random numbers to
secure sensitive data.
• Random numbers are not based on an
algorithm or pattern that computers can
break.
Tech giants are building their own machines and
speeding to make them available to the world as a
cloud computing service. In the competition: IBM,
Google, Microsoft, Intel, Amazon, IonQ, Quantum
Circuits, Rigetti Computing

Example: Tokenization vs. FPE

Differential
Privacy
(DP)
K-anonymity
model
Static
Data
Masking
Hashing
1-way
Data store
Clear Text Data Source
Noise
added
Fast Fast
Format
Preserving
Dynamic Data
Masking
Anonymization
Of Attributes
User
Fast
Static
Derivation
Example of Data Generalization
Non-reversable Data
Transformations
Synthetic
Data

Data protection techniques: Deployment on-premises, and clouds
Data
Warehouse
Centralized Distributed
On-
premises
Public
Cloud
Private
Cloud
Vault-based tokenization y y
Vault-less tokenization y y y y y y
Format preserving
encryption
y y y y y
Homomorphic encryption y y
Masking y y y y y y
Hashing y y y y y y
Server model y y y y y y
Local model y y y y y y
L-diversity y y y y y y
T-closeness y y y y y y
Privacy enhancing data de-identification
terminology and classification of techniques
De-
identification
techniques
Tokenization
Cryptographic
tools
Suppression
techniques
Formal
privacy
measurement
models
Differential
Privacy
K-anonymity
model
12

10 000 000 -
1 000 000 -
100 000 -
10 000 -
1 000 -
100 -
Transactions per second*
I
Format
Preserving
Encryption
(FPE)
Examples of Speed for Different Data Protection Techniques
I
Vaultless
Data
Tokenization
I
AES CBC
Encryption
Standard
I
Vault-based
Data
Tokenization
*: Speed will depend on the configuration
AWS Cloud
example:
20 million/s
Teradata
example:
10 million/s
Example of
one FPE
encryption
implements
10 rounds of
AES
Example of Vaultless Tokenization
performance is comparable to AES
Linus on Intel® Xeon®
Processor E5 Family
example:
200 k/s
Example of 1
k/s with a
centralized
Token Vault
on Oracle

Increased need for Data Analytics
Data Lake,
ETL, Files
…
U
Analytics, Data Science, AI and ML
Data Pipeline
Data Privacy
Cloud
14
Reduce Risk
• Secure AI & ML
Use-cases
• Analysis
• Insight
• Dashboarding
• Reporting
• Predictions
• Forecasts
• Simulation
• Optimization
Values
• Savings
• Revenue add
Anonymization to minimize the risk of identification
Examples in Banking Credit Card Approval,
• Reducing the risk from 26% down to 8%
• 98% accuracy compared to the Initial Model

Agenda
• Use Cases in Machine learning (ML)
• Synthetic Data
Machine
Learning
(ML)
Homomorphic
Encryption
(HE)
Trusted
Execution
Environments
(TEE)
PKE (Public Key
Encryption),
RSA, ECC, …
Analytics
Lattice
based
encryption
Blockchain

Increased need for data analytics drives requirements.
Data Lake,
ETL, Files
…
• Policy Enforcement Point (PEP)
Protected data fields
U
• Encryption Key Management
U
External Data
Internal
Data
Secure Multi Party Computation
Analytics, Data Science, AI and ML
Data Pipeline
Data Collaboration
Data Pipeline
Data Privacy
On-premises
Cloud
Internal and Individual Third-Party Data Sharing
16

https://royalsociety.org
Secure Multi-Party Computation (MPC)
Private multi-party machine learning with MPC
Using MPC, different
parties send
encrypted messages
to each other, and
obtain the model
F(A,B,C) they wanted
to compute without
revealing their own
private input, and
without the need for a
trusted central
authority.
Secure Multi-Party machine learning
Central trusted authority
A B C
F(A, B,C)
F(A, B,C) F(A, B,C)
Protected data fields
U
B
A C
F(A, B,C)
U U
U
17

Trusted execution environments
Trusted Execution Environments (TEEs) provide secure computation capability through a combination of special-purpose
hardware in modern processors and software built to use those hardware features.
The special-purpose hardware provides a mechanism by which a process can run on a processor without its memory or
execution state being visible to any other process on the processor,
• not even the operating system or other privileged code.
*: Source: http://publications.officialstatistics.org
Computation in a TEE is not
performed on data while it
remains encrypted.
• Typically, the memory space
of each TEE (enclave)
application is protected from
access
• AES-encrypted when
and if it is stored off-
chip.
Usability is low and products/services are emerging in MS Azure, IBM’s cloud service Amazon AWS (late 2020)*
20

Random
differential
privacy
Probabilistic
differential
privacy
Concentrated
differential
privacy
Noise is very low.
Used in practice.
Tailored to large numbers
of computations.
Approximate
differential
privacy
More useful analysis can be performed.
Well-studied.
Can lead to unlikely outputs.
Widely used
Computational
differential privacy
Multiparty
differential
privacy
Can ensure the privacy of individual contributions.
Aggregation is performed locally.
Strong degree of protection.
High accuracy
6 Differential
Privacy
Models
A pure model provides protection even against attackers with
unlimited computational power.
In differential
privacy, the
concern is about
privacy as the
relative difference
in the result
whether a
specific individual
or entity is
included in the
input or excluded
22

Zero Trust Architecture (ZTA)
• Understanding who the users are, which applications they are using and how they are connecting
• Enforce policy that ensures secure access to your data
• Controls close to the protect surface as possible, creating a microperimeter around it
• This micro-perimeter moves with the protect surface, wherever it goes
• Continue to monitor and maintain in real time
NIST
Zero-knowledge
proofs (ZKP) are
privacy-preserving
messaging protocols
• Different from
ZTA concept

Secure AI– Use Case withSyntheticData
25

Differential Privacy (DP)
2-way
Format Preserving Encryption (FPE) K-anonymity
Tokenization
1-way
Data Store
Clear Text
Data Source
Algorithmic
Random Noise added
Format
Preserving
Fast Slow Fast
Format
Preserving
Anonymization
Of Attributes
Pseudonymization
Of Identifiers
Fastest
User
Fast
Synthetic
Data
Static
Derivation
Example: Data Privacy for Machine Learning

Secure AI & ML
Use-cases
• Analysis
• Insight
• Dashboarding
• Reporting
• Predictions
• Forecasts
• Simulation
• Optimization
Values
• Savings
• Revenue add
Anonymization to minimize the risk of identification
• Examples in Banking Credit Card Approval,
• Reducing the risk from 26% down to 8%
• 98% accuracy compared to the Initial Model
Pseudonymization and Anonymization

Agenda
Machine
Learning
(ML)
Homomorphic
Encryption
(HE)
Trusted
Execution
Environments
(TEE)
PKE (Public Key
Encryption),
RSA, ECC, …
Analytics
Lattice
based
encryption
Blockchain
• Synthetic Data
• Blockchain

Quantum - NIST Lattice-Based Cryptosystems
cloudsecurityalliance.org
Finalist Lattice-Based Cryptosystems
Lattice-based cryptosystems are based upon the geometric construct known as a lattice.
Lattices are periodic structures of points that exist within an n-dimensional space.
Problems such as the Shortest Vector Problem (SVP) are NP-
hard and involve determining the shortest non-
zero vector that exists between two points within such a lattice.
Crystals-Dilithium is one such digital signature scheme based on the computational
hardness associated with lattice-based cryptosystems. It is recommended by the
Crystals (Cryptographic Suite for Algebraic Lattices) organization that the
Dilithium-1280x1024 parameter set should be used in order to achieve approximately
128 bits of security against all known classical and quantum attacks. The
Crystals-Dilithium digital signature scheme is a NIST candidate for digital
signature algorithms.
Falcon is another lattice-based signature scheme selected as a finalist.
The use of Fast Fourier sampling also results in faster digital signature

Quantum - Main cryptographic tools
cloudsecurityalliance.org
Random Number Generation
Quantum theory is indeterministic and random number generation on quantum is therefore a safer way.
Hash functions
To guarantee the immutability of the blocks. The most commonly used hash function, SHA256, has a 256 bits output. A
brute force attack on this function would require 2256 operations, well beyond the capacity of even the largest
supercomputer. A quantum attack with the Grover algorithm would reduce this to 2128 , which is still unfeasible.
The second purpose of hash functions for many blockchains is to provide theso-called Proof-of-Work (PoW), which
nodes on the network have to complete in order to add a new block. Here again, the Grover algorithm implemented
on a quantum computer will allow a much faster calculation.
Public-key signatures
Digital wallets are typically used to securely store a blockchain user’s private key along with transaction-related data
that may be relevant to the blockchain application. The public-key signatures used in the blockchain are based on
Elliptic Curve Cryptography (ECC), which has a very small key size and is easy to implement in the blockchain
environment. Unfortunately it is now known that the current ECC will be destroyed by the Shor algorithm implemented
on a quantum computer. This means any public key published on the blockchain will leak the corresponding private key
to an adversary equipped with a quantum computer. This is a catastrophe for some blockchains where publishing the
public key is required

Quantum Computing (Gartner)

Post-quantum cryptography
Time
frame
Area Comment
Short
Upgrade to AES, preferably AES-256 with
strong random seed
Immediate-medium step
Short Use SHA-512 for hashing Immediate step
Short
Use stateful hash-based signatures for
signing
Immediate review
Short
Use hybrid cryptography to protect against
both weaknesses in RSA/ECC and potential
weaknesses in post-quantum algorithms
Immediate steps
Medium Lattice based algorithms Tools study and integration plan
Medium Homomorphic Encryption Tools and partner integration
Medium Operation on encrypted data Integration of protocols
Medium Secure Multi-party Computing (SMPC) Integration of protocols
Medium
2022 NIST to complete review of quantum
safe algorithms
Tools integration
Medium 2022 NIST Standards to be released. Tools integration
Long
2024 Industry standards based on NIST
algorithms from NIST Standards
Tools integration
Long Analytics and Machine Learning ML algorithms optimized for Quantum processors
Long Full industry adoption 2019+ Tools integration
The future of Cryptography

Post-quantum cryptography research is
mostly focused on these approaches
1. Lattice-based cryptography This approach includes
cryptographic systems such as learning with errors,
including NTRU.
2. Supersingular elliptic curve Isogeny cryptography This
cryptographic system relies on the properties of
supersingular elliptic curves and supersingular isogeny
graphs to create a Diffie-Hellman replacement with forward
secrecy.
3. Code-based cryptography This includes cryptographic
systems which rely on error-correcting codes, such as the
McEliece and Niederreiter encryption algorithms.
4. Multivariate cryptography This includes cryptographic
systems such as the Rainbow (Unbalanced Oil and Vinegar)
scheme which is based on the difficulty of solving systems
of multivariate equations.
5. Hash-based cryptography alternative to number-theoretic
digital signatures like RSA and DSA.
6. Symmetric key quantum resistance Provided one uses
sufficiently large key sizes.

• Synthetic Data
• Blockchain
Agenda
Machine
Learning
(ML)
Homomorphic
Encryption
(HE)
Trusted
Execution
Environments
(TEE)
PKE (Public Key
Encryption),
RSA, ECC, …
Analytics
Lattice
based
encryption
Blockchain

Blockchain Business Value, Worldwide
Gartner
Why What How

Gartner
Hype Cycle
for
Blockchain
Technologies,
2020

Gartner, 2020
Seven enterprise blockchain project mistakes
1. Misusing or misunderstanding blockchain technology
Gartner states that the vast majority of projects focus on recording data. Many fail to use major capabilities such as decentralized consensus,
smart contracts and tokenization.
2. Assuming technology is more mature than it is
Some corporates believe blockchain technology is ready for production use, even though many platforms are still immature for large-scale
production. Gartner expects this will change within the next few years.
3. Confusing a protocol with a business solution
A protocol is the underlying technology such as Hyperledger Fabric of R3’s Corda and is invariably applicable to several industries.
4. Viewing blockchain as a database
Databases are capable of creating, reading, updating and deleting data. Not so with blockchains.
5. Assuming that interoperability standards exist
Although some platforms talk about interoperability, Gartner finds it challenging to envision interoperability when all the protocols are evolving
quickly.
6. Assuming smart contract technology is a solved problem
Smart contracts don’t just execute code on a single system. Instead, they are run by all nodes on a blockchain.
7. Ignoring governance issues
In private or permissioned blockchain governance is usually by the owner or contractual. While challenging, the problem is far bigger for public
blockchains.
Why What How

Major
Blockchain
platforms used
by Enterprises
Forbes
• Hyperledger –
extendable,
various industries
• Ethereum -
independent of
specific field
• Corda - financial
service industry
Enterprise Blockchain platforms
Amazon Hyperledger Fabric
Ant Financial Ant Blockchain Technology, Hyperledger Fabric and Enterprise Ethereum (Quorum)
Anthem Hyperledger Fabric
Aon R3 Corda
Baidu Hyperledger Fabric—
Bitfury Bitcoin, Exonum
BMW Hyperledger Fabric, Ethereum, Quorum, Corda and Tezos
Broadridge Hyperledger Fabric, Quorum, Corda, DAML (Digital Asset Modeling Language)
Cargill Hyperledger Sawtooth, Hyperledger Grid
China Construction Bank Hyperchain, Hyperledger Fabric
Citigroup Axcore, Symbiont Assembly, Quorum
Coinbase Bitcoin, ethereum, XRP and 24 others
Credit Suisse Corda, Paxos
Daimler Hyperledger, Corda, Ethereum
De Beers Ethereum
Depository Trust & Clearing Corporation (DTCC) Axcore
Dole Foods IBM Blockchain, Hyperledger Fabric—
Facebook Hotstuff
Figure Hyperledger Fabric
Foxconn Ethereum
General Electric Microsoft Azure, Corda, Quorum, Hyperledger
Google Chainlink, Bitcoin, Ethereum, Bitcoin Cash, Ethereum Classic, Litecoin, Zcash, Dogecoin, Dash
Honeywell Hyperledger Fabric
HSBC Ethereum, Corda, Hyperledger Fabric
Enterprise Blockchain platforms
IBM Stellar, Hyperledger Fabric, Burrow and Sovrin
ING Group Corda, Quorum, Ethereum, Hyperledger Fabric, Hyperledger Indy
Intercontinental Exchange Bitcoin
JPMorgan Quorum, a private version of Ethereum

Major
Blockchain
platforms used
by Enterprises
Forbes
• Hyperledger –
extendable,
various industries
• Ethereum -
independent of
specific field
• Corda - financial
service industry
LVMH Ethereum
Mastercard Its own platform, built from scratch
Microsoft Ethereum, Corda, Hyperledger Fabric
Nasdaq Assembly, Corda, Hyperledger Fabric, DAML and others
National Settlement Depository Hyperledger Fabric, Hyperledger Iroha, NXT, Ethereum, Waves, Bitcoin
Nestlé Hyperledger Fabric
Optum Ethereum
Overstock Bitcoin, Ethereum, Hyperledger Fabric, Ravencoin, Florin and others
Ripple XRP Ledger
Royal Dutch Shell Ethereum
Samsung Nexledger, Ethereum
Santander Hyperledger Fabric, Ethereum
Signature Bank Ethereum
Silvergate Bank Bitcoin, Ethereum, XRP, 20 other cryptocurrencies supported by its customers
Square Bitcoin
Tencent TrustSQL, Hyperledger Fabric
T-Mobile Hyperledger Sawtooth, Hyperledger Fabric, Ethereum
UBS Hyperledger Fabric, Ethereum, Quorum, Corda
United Nations Bitcoin, Ethereum
Vanguard Symbiont Assembly
VMware Project Concord, its proprietary blockchain that supports multiple frameworks including Ethereum and DAML
Walmart Hyperledger Fabric
19-Feb-20

Major
Blockchain
platforms
Source: https://medium.com/@philippsandner/comparison-of-ethereum-hyperledger-fabric-and-corda-21c1bb9442f6

Resilience
Resilience is one of the main motivations for companies to use blockchain technology, although this
property may not be as inherent as some believe.
Blockchain technology eliminates a single point of failure
• Resilience via its embedded redundancy.
• Relies on internet connectivity, sufficient node distribution (especially in private blockchain
networks) and PKI
Disaster recovery controls is facilitated by the decentralized nature of the blockchain technology.
• Consensus mechanism impact the system’s availability if a subset of nodes becomes unresponsive.
• Business continuity is tightly coupled with the availability of the PKI
• Secure key backups and tamper-resistant hardware environments for private key storage.
Cryptography, is an arms race
• Advancements in cryptoanalysis that could potentially break certain protocols or reduce systems’
security.
• Quantum computing
Source: Deloitte
Why What How

Data Protection
Blockchain does not provide any data confidentiality.
• Digital signatures leverage Public Key Infrastructure (PKI) which can also be used to protect on-chain data, i.e.
• Data stored on the blockchain itself, through encryption.
• Other cryptographic techniques can be used to reduce or remove dependencies on single nodes
• Requiring multiple nodes to collectively
decrypt using shared keys or collectively sign
critical data using multi-signature schemes.
• Data tokenization
Data minimization,
• Keeping sensitive data securely stored
off-chain and only allowing non-critical data to
be on-chain.
Leveraging the existing PKI to achieve data
confidentiality is appealing
• Introduces an availability risk due to heavy
reliance on PKI for multiple purposes, including
authentication, authorization, and data
protection.
Deloitte, NIST

• By 2023, blockchain will be scalable technically,
and will support trusted private transactions with
the necessary data confidentiality.
• Over time, permissioned blockchains will integrate
with public blockchains.
• Blockchain adds little value unless it is part of a
network that exchanges information and value.
• The network collaboration challenges have initially
driven organizations to turn to consortia to derive
the most immediate value from blockchain.
• Four types of consortia exist:
• technology-centric; geographically centric; industry
centric and process-centric.
Source: Gartner
Blockchain Will Be Scalable by 2023
Blockchain remains immature for enterprise deployments due to a range
of technical issues including poor scalability and interoperability.
Scalability
Roadmap
Why What How

If there is a Picasso’s painting valued at $50
million, it can be tokenized.
• The same applies to gold and
diamonds.
Company stocks are more complicated
because in most jurisdictions it is
prohibited to sell fractional parts of
company shares.
• Bankex — “Bankex provides the universal solution which can transform different asset classes to a digital
system/field/economy/area providing it with liquidity, flexibility, and safety for asset owners and investors
like never before”
• Maecenas — “Maecenas is a new online marketplace promises to give art lovers the chance to buy shares
in famous paintings.[The Telegraph]”
• LaToken — “LATOKEN’s mission is to make capital markets and trading available 24/7 T+0, with a broader
range of asset classes. We aim to facilitate capital reallocation into promising businesses, which will foster
job creation with higher productivity.”
Transform different asset classes

• Synthetic Data
• Blockchain
Agenda
Machine
Learning
(ML)
Homomorphic
Encryption
(HE)
Trusted
Execution
Environments
(TEE)
PKE (Public Key
Encryption),
RSA, ECC, …
Analytics
Lattice
based
encryption
Blockchain
TLS

Homomorphic Encryption Market Size (USD Million)
PHE (Partially
Homomorphic
Encryption) schemes are
in general more efficient
than SHE and FHE, mainly
because they are
homomorphic w.r.t to only
one type of operation:
addition or
multiplication.
SHE (Somewhat
Homomorphic
Encryption) is more
general than PHE in the
sense that it supports
homomorphic operations
with additions and
multiplications.
SHE scheme is also a PHE. This implies that PHE's are at least as efficient as SHE's.
FHE (Fully Homomorphic
Encryption) allows you to
do an unbounded number
of operations
Source: Market Intellica
SHE and PHE are not suitable for data sharing scenarios.

Homomorphic
Encryption
History
Paillier cryptosystem a probabilistic
asymmetric algorithm with additive
homomorphic properties. This means that
given the ciphertexts of two numbers,
anyone can compute an encryption of the
sum of these two numbers.
El-Gamal encryption system is an asymmetric
key encryption algorithm for public-key
cryptography which is based on the Diffie–
Hellman keys
Source:
Research Gate, Department
of Software Engineering,
University of Engineering &
Technology, Taxila, Pakistan
Source:
Medium
Process time
of RSA,
ElGamal and
Paillier on File
Decryption

Microsoft SEAL is a
homomorphic encryption
library that allows additions
and multiplications to be
performed on encrypted
integers or real numbers.
• Other operations, such
as encrypted
comparison, sorting,
or regular expressions,
are in most cases not
feasible to evaluate on
encrypted
Algorithm BGV BFV CKKS
Operation
Addition
Multiplication
Division
Exponent & encrypt
Limited to polynomial
Resticted to integers
Major Homomorphic
encryption algorithms
& libraries
Library/Scheme
FV-NFLib y
HEAAN y
Helib (IBM) y y
PALISADE (Duality) y y y
SEAL (Microsoft) y y
TFHE y y
IBM
Duality
Microsoft
Addition,
multiplication
and other
operations
Algorithms
supported
in crypto
libraries
Operation
Fast integers y y
Fast integer vectors y y
Fast real number vectors y
Fast polynoms y
Fast scalar multiplication y y
Optimized
data types

https://www.biorxiv.org/content/10.1101/2020.07.02.183459v2.full.pdf
Different implementations and workflows that
make use of three cutting-edge HE schemes
(BFV, CKKS, TFHE)
Brakerski/
Fan-
Vercauter
en (BFV)
HE operation encrypted data BGV BFV CKKS
Addition y y y
Multiplication y y y
Division n n n
No exponentiating a number by an encrypted one n n n
No non-polynomial operations n n n
Only be performed on integers y y
Complex numbers with limited precision y
Linear models for the UTMSR-CKKS
approach and measured the total time
(training + evaluation) and
the memory for the 80K
Non-secure methods show that our
pipelines can provide perfect genomic data
security with very similar, or slightly lower,
accuracy Cheon-
Kim-Kim-
Song
(CKKS)
Fully
Homomorphic
Encryption over
the Torus (TFHE)
Microsoft
Used by IBM
Used by Duality

We provide five different implementations
and workflows that make use of three
cutting-edge HE schemes (BFV, CKKS, TFHE)
State-of-the-art HE cryptosystems, namely
Brakerski/Fan-Vercauteren (BFV),
Cheon-Kim-Kim-Song (CKKS),
and
Fully Homomorphic Encryption over the Torus (TFHE)
HE operation encrypted data BGV BFV CKKS
Addition y y y
Multiplication y y y
Division n n n
No exponentiating a number by an encrypted one n n n
No non-polynomial operations n n n
Only be performed on integers y y
Complex numbers with limited precision y
Linear models for the UTMSR-CKKS
approach and measured the total time
(training + evaluation) and
the memory for the 80K
non-secure methods show that our pipelines
can provide perfect genomic data security
with very similar, or slightly lower,
accuracy

HE-based methods provide full genetic data security with comparable or slightly lower accuracy.
In addition, HE-based methods have time and memory requirements that are comparable and even
lower than the non-secure methods.
scalability of secure methods. For this, we report the time requirements for 20,000 (20K), 40,000 (40K), and 80,000 (80K) target variants to
present how the time requirements scale with the number of target variants. The secure methods spend up to 10 milliseconds for key
generation. In the encryption step, all methods were well below 2 seconds. The most time-consuming step of evaluation took less than 10
seconds, even for the largest set of 80K variants. Decryption, the last step, took less than 2 seconds. Except for the key generation and
encryption, all methods exhibited a linear scaling with the increasing number of target variants. Overall, the total time spent in secure model
evaluation took less than 25 seconds (Fig. 3b). This could be ignored when compared to the total time requirements of the non-secure
imputation. Assuming that time usage scales linearly with the number of target variants (Fig. 3a), 4 million variants can be evaluated in
approximately 1,250 seconds, which is less than half an hour. In other terms, secure evaluation is approximately 312 microseconds per variant
per 1000 individuals ((25 sec×1000 individuals)/(80,000 variants×1004 individuals)). It can be decreased even further by scaling to a higher
number of CPUs (i.e., cores on local machines or instances on cloud resources). In terms of memory usage, all methods required less than 15
gigabytes of main memory
IMPUTE2, there was no option for specifying multiple threads. Hence, we divided
the sequenced portion of the chromosome 22 into 16 regions and imputed variants
in each region in parallel
secure pipeline provides competitive timing (2nd fastest after Beagle)
ultra-fast homomorphic
encryption
non-secure methods on a Linux workstation with 769
Gigabytes of main memory on an Intel Xeon Platinum
8168 CPU at 2.7 GHz with 96 cores.

Post-quantum cryptography research
1. Lattice-based cryptography
• This approach includes cryptographic systems such as learning with errors, ring learning with errors
(ring-LWE*), the ring learning with errors key exchange and the ring learning with errors signature.
2. Multivariate cryptography
3. Hash-based cryptography
4. Code-based cryptography
5. Supersingular elliptic curve isogeny cryptography
6. Symmetric key quantum resistance
*: Ring learning with errors (RLWE) is a computational problem which serves as the foundation of new cryptographic algorithms, such as NewHope,
designed to protect against cryptanalysis by quantum computers and also to provide the basis for homomorphic encryption.
Shortest vector problem (SVP)
In the SVP, a basis of a vector space V and a norm N (often L2) are
given for a lattice L and one must find the shortest non-zero vector
in V, as measured by N, in L.
Lattice problems are an example of NP-hard problems which have
been shown to be average-case hard, providing a test case for
the security of cryptographic algorithms

Risk
Reduction
Source:
INTERNATIONAL
STANDARD ISO/IEC
20889
54

PaymentApplication
Payment
Network
Payment
Data
Policy, tokenization,
encryption
and keys
Gateway
Call Center
Application
PI*Data
Salesforce
Analytics
Application
DifferentialPrivacy
AndK-anonymity
PI*Data
Microsoft
ElectionGuard
Election
Data
Homomorphic Encryption
DataWarehouse
PI*Data
Vault-less tokenization
Use-Cases of Some Data Privacy Techniques
Voting
Application
Dev/testSystems
Masking
PI*Data
Vault-less tokenization
55

Big DataProtectionwith GranularField Level Protectionfor GoogleCloud
56

Use Case (Financial Services) - Compliance with Cross-Border and Other
Privacy Restrictions
57

Use this shape toput
copy inside
(you can change the sizing tofit your copy needs)
Protection ofdata
in AWS S3 with Separation ofDuties
• Applications can use de-identified
data or data inthe clear based on
policies
• Protection of data inAWSS3 before
landing in a S3 bucket
Separation of Duties
• EncryptionKeyManagement
• PolicyEnforcementPoint(PEP)
58

Securosis, 2019
Consistency
• Most firmsarequite familiar with their on-premises
encryption andkeymanagement systems, so they often
prefer toleverage the same tool and skills across multiple
clouds.
• Firms often adopt a “best of breed”cloud approach.
Data SecurityManagement forHybrid Cloud
Trust
• Some customers simply donot trusttheir vendors.
Vendor Lock-in and Migration
• A commonconcern is vendorlock-in, andan
inabilitytomigratetoanothercloud serviceprovider.
Google Cloud AWSCloud Azure Cloud
Cloud Gateway
S3 Salesforce
Data Analytics
BigQuery
59

IS: International
Standard
TR: Technical Report
TS: Technical
Specification
Guidelines to help
comply with ethical
standards
20889 IS Privacy enhancing de-identification terminology and
classification of techniques
27018 IS Code of practice for protection of PII in public clouds acting
as PII processors
27701 IS Security techniques - Extension to ISO/IEC 27001 and
ISO/IEC 27002 for privacy information management - Requirements
and guidelines
29100 IS Privacy framework
29101 IS Privacy architecture framework
29134 IS Guidelines for Privacy impact assessment
29151 IS Code of Practice for PII Protection
29190 IS Privacy capability assessment model
29191 IS Requirements for partially anonymous, partially unlinkable
authentication
Cloud
11 Published International Privacy Standards
Framework
Management
Techniques
Impact
19608 TS Guidance for developing security and privacy functional
requirements based on 15408
Requirements
27550 TR Privacy engineering for system lifecycle processes
Process
ISO Privacy Standards
60

References A:
1. C. Gentry. “A Fully Homomorphic Encryption Scheme.” Stanford University. September 2009,
https://crypto.stanford.edu/craig/craig-thesis.pdf
2. Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process,
https://csrc.nist.gov/publications/detail/nistir/8309/final
3. ISO/IEC 29101:2013 (Information technology – Security techniques – Privacy architecture framework)
4. ISO/IEC 19592-1:2016 (Information technology – Security techniques – Secret sharing – Part 1: General)
5. ISO/IEC 19592-2:2017 (Information technology – Security techniques – Secret sharing – Part 2: Fundamental
mechanisms
6. Homomorphic Encryption Standardization, Academic Consortium to Advance Secure Computation,
https://homomorphicencryption.org/standards-meetings/
7. Homomorphic Encryption Standardization, https://homomorphicencryption.org/
8. NIST Post-Quantum Cryptography PQC, https://csrc.nist.gov/Projects/Post-Quantum-Cryptography
9. UN Handbook on Privacy-Preserving Computation Techniques,
http://publications.officialstatistics.org/handbooks/privacy-preserving-techniques-
handbook/UN%20Handbook%20for%20Privacy-Preserving%20Techniques.pdf
10. ISO/IEC 29101:2013 Information technology – Security techniques – Privacy architecture framework,
https://www.iso.org/standard/45124.html
11. Homomorphic encryption, https://brilliant.org/wiki/homomorphic-encryption/ 61

UlfMattsson
Chief SecurityStrategist
www.Protegrity.com
Thank You!

The future of data security and blockchain

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to The future of data security and blockchain

Similar to The future of data security and blockchain (20)

More from Ulf Mattsson

More from Ulf Mattsson (20)

Recently uploaded

Recently uploaded (20)

The future of data security and blockchain