Security Experts:

British Firm Tackles 'Harvest Now, Decrypt Later' Problem With Sharding Technology

Quantum-proof secure data distribution platform released to enterprise market

A UK firm believes it has solved the ‘harvest now, decrypt later problem’.

Harvest now, decrypt later is a pressing concern. Criminals and nation states are stealing personal data and company IP knowing future quantum computers will be able to decrypt any encrypted content. Business is already being urged to switch to some form of quantum-proof security for data transmissions.

Much of the effort in developing quantum proof document distribution has been focused on what is called ‘quantum-proof encryption’. Majenta Solutions has taken a different route, adding a form of sharding to its existing MX data transfer platform. 

Sharding is a technology more commonly associated with databases – a form of horizontal partitioning that splits large databases into smaller components, which are faster and easier to manage and can be spread across multiple servers.

The Majenta product, known as MX ASR (MX is an existing managed file transfer platform, while ASR is a new anonymize, shard and restore technology) breaks sensitive documents into four shards that are sent separately to four different cloud servers around the world. The ‘anonymize’ part of the process is a patented technology that ensures no single shard contains any meaningful information without being combined with the other three shards in the ‘restore’ process. If the transmission of one of the shards is intercepted, or the cloud server being used is breached, no information can be lost.

Since this is fundamentally not a form of encryption, it is not susceptible to decryption even with the potential power of future quantum computers.

Alan Scrase from the UK Government’s Defense and Security Accelerator (DASA, part of the Ministry of Defense) explained, “We identified through extensive research that brute force attacks against anonymized and sharded data would be unsuccessful since the ASR process provides perfect secrecy against a threat actor having access to anything less than the total number of shards. As well as this, it was identified that the ASR process would be immune to quantum computing-based brute force attacks.”

The data is anonymized, sharded and uploaded by the sender. Only the authorized recipient can download the data from the four servers and restore the content. At any point before the full restore, the sender can rescind the process, while an auditing facility shows precisely by whom and when the data was downloaded.

Majenta has a long history in working with automotive supply chains, and the original purpose was to develop a method to enable the automotive industry to securely share IP between plants that could be down the road or across the ocean. IP plans developed at a research office in Germany can be sent securely and with confidence to a manufacturing plant in the U.S.

The Chinese Landwind X7 was a direct copy (in appearance) to the Jaguar Land Rover Evoque. Both cars were revealed in 2014, with the Chinese version selling at just one-third the price of the Evoque. Majenta believes that documents were stolen from Jaguar Land Rover. In December 2021, Volvo revealed that hackers had stolen research and development data. Automotive IP is big business.

Supply Chain Security Summit

The MX ASR principle, however, has multiple applications in the supply chain for many different verticals. It could be used, for example, in the export of personal data (jurisdictional data privacy legislation permitting) to ensure that personal information cannot be intercepted in transit.

It could also be used to protect the software supply chain. The software developer would need to ensure that the source has not been compromised. SolarWinds has described its new methodology to ensure this after its own breach. But if the source is known to be clean, customers can receive software updates and be confident that that they haven’t been compromised between the supplier and themselves.

Majenta’s Director of MX, Simon Ordish comments, “MX ASR will change the landscape of commercial and industrial data integrity in favor of business. Current security protocols are being progressively eroded while the operational need to share data is growing exponentially. All this is presenting rich pickings to threat agents. MX ASR is… a completely new and revolutionary technology. It delivers a new generation of impenetrable security, a host of features that have evolved from MX’s lengthy experience of supporting the requirements of business workflows and above all, it is quick and easy to adopt.”

Related: Solving the Quantum Decryption 'Harvest Now, Decrypt Later' Problem

Related: Don't Fall Victim to IP Theft and Corporate Espionage

Related: Vade Secure Ordered to Pay $14 Million to Proofpoint in IP Theft Lawsuit

Related: Huawei Hit with New US Charges of Trade Secrets Theft

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.