Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

British Firm Tackles ‘Harvest Now, Decrypt Later’ Problem With Sharding Technology

Quantum-proof secure data distribution platform released to enterprise market

A UK firm believes it has solved the ‘harvest now, decrypt later problem’.

Quantum-proof secure data distribution platform released to enterprise market

A UK firm believes it has solved the ‘harvest now, decrypt later problem’.

Harvest now, decrypt later is a pressing concern. Criminals and nation states are stealing personal data and company IP knowing future quantum computers will be able to decrypt any encrypted content. Business is already being urged to switch to some form of quantum-proof security for data transmissions.

Much of the effort in developing quantum proof document distribution has been focused on what is called ‘quantum-proof encryption’. Majenta Solutions has taken a different route, adding a form of sharding to its existing MX data transfer platform. 

Sharding is a technology more commonly associated with databases – a form of horizontal partitioning that splits large databases into smaller components, which are faster and easier to manage and can be spread across multiple servers.

The Majenta product, known as MX ASR (MX is an existing managed file transfer platform, while ASR is a new anonymize, shard and restore technology) breaks sensitive documents into four shards that are sent separately to four different cloud servers around the world. The ‘anonymize’ part of the process is a patented technology that ensures no single shard contains any meaningful information without being combined with the other three shards in the ‘restore’ process. If the transmission of one of the shards is intercepted, or the cloud server being used is breached, no information can be lost.

Since this is fundamentally not a form of encryption, it is not susceptible to decryption even with the potential power of future quantum computers.

Alan Scrase from the UK Government’s Defense and Security Accelerator (DASA, part of the Ministry of Defense) explained, “We identified through extensive research that brute force attacks against anonymized and sharded data would be unsuccessful since the ASR process provides perfect secrecy against a threat actor having access to anything less than the total number of shards. As well as this, it was identified that the ASR process would be immune to quantum computing-based brute force attacks.”

Advertisement. Scroll to continue reading.

The data is anonymized, sharded and uploaded by the sender. Only the authorized recipient can download the data from the four servers and restore the content. At any point before the full restore, the sender can rescind the process, while an auditing facility shows precisely by whom and when the data was downloaded.

Majenta has a long history in working with automotive supply chains, and the original purpose was to develop a method to enable the automotive industry to securely share IP between plants that could be down the road or across the ocean. IP plans developed at a research office in Germany can be sent securely and with confidence to a manufacturing plant in the U.S.

The Chinese Landwind X7 was a direct copy (in appearance) to the Jaguar Land Rover Evoque. Both cars were revealed in 2014, with the Chinese version selling at just one-third the price of the Evoque. Majenta believes that documents were stolen from Jaguar Land Rover. In December 2021, Volvo revealed that hackers had stolen research and development data. Automotive IP is big business.

Supply Chain Security Summit

The MX ASR principle, however, has multiple applications in the supply chain for many different verticals. It could be used, for example, in the export of personal data (jurisdictional data privacy legislation permitting) to ensure that personal information cannot be intercepted in transit.

It could also be used to protect the software supply chain. The software developer would need to ensure that the source has not been compromised. SolarWinds has described its new methodology to ensure this after its own breach. But if the source is known to be clean, customers can receive software updates and be confident that that they haven’t been compromised between the supplier and themselves.

Majenta’s Director of MX, Simon Ordish comments, “MX ASR will change the landscape of commercial and industrial data integrity in favor of business. Current security protocols are being progressively eroded while the operational need to share data is growing exponentially. All this is presenting rich pickings to threat agents. MX ASR is… a completely new and revolutionary technology. It delivers a new generation of impenetrable security, a host of features that have evolved from MX’s lengthy experience of supporting the requirements of business workflows and above all, it is quick and easy to adopt.”

Related: Solving the Quantum Decryption ‘Harvest Now, Decrypt Later’ Problem

Related: Don’t Fall Victim to IP Theft and Corporate Espionage

Related: Vade Secure Ordered to Pay $14 Million to Proofpoint in IP Theft Lawsuit

Related: Huawei Hit with New US Charges of Trade Secrets Theft

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.