logo

Shamir Secret Sharing and Quantum-resilient crypto keys

Standard blockchain-based solutions for cryptocurrency, tokenized assets, and data encryption use a single private cryptographic key assigned to the transaction creator.

Mar 03 2021 | Article
cryptographybitcoin

#All cryptography in use today is believed to be vulnerable to quantum computing brute-force attacks

Even a few years ago, experts thought it would take more than 25 years for quantum computers to be able to brute-force crack a standard 2048 bit RSA key. However, recent advancements in quantum code-breaking algorithms have lowered the computational overhead by two magnitudes.[1]

Moore's Law, stating "the number of transistors in an integrated circuit will double every two years,” is now considered void and has been replaced with Nevens law which states quantum computers will grow at "a doubly-exponential rate." [2]

The risk is significant because most financial and governmental institutions estimated that they would have at least ten years to solve the issue of quantum-resistant cryptography. Now depending on who you ask, this time-frame may be compressed into five years from today.

#Let’s not forget that people are fallible

Man who accidentally threw out a bitcoin fortune offers $70 million for permission to dig it up.

James Howells at the Newport Amenity Centre and landfill site, after throwing away a hard drive with 7,500 Bitcoin. Photo - CNN

The majority of the self-managed crypto keys in distribution have no recourse if they are lost, stolen, or destroyed. There are a few third-party custodial services such as Coinbase Custody. They offer an abstraction layer to your digital asset or crypto and can recover or reverse some transactions.

#Multi-signatures are not commonplace

Crypto keys typically come with a single private key, which means if anyone obtains that key, they have complete and unfettered access to whatever is behind that key. This may be an acceptable risk for an individual; however, this approach is not secure for a corporation with significant assets under management.

Many crypto wallet developers now offer multi-signature accounts, which have a physical world analogy of a company check or bank transfer that requires two signatures prior to authorization.

A multi-signature wallet is a good workaround; however, a more efficient solution would be to integrate the key technology into the primary blockchain code rather than a component, effectively a microservice level solution, which brings us to Shamir's Secret Sharing.

#Shamir's Secret Sharing

Adi Shamir, a cryptologist in 1997, presented a cryptographic algorithm which he described in Differential Fault Analysis of Secret Key Cryptosystems. It is more commonly known as Shamir's Secret Sharing.

The algorithm is unique because it can take a single private key and slice it into an arbitrary number of pieces, with a minimum quorum being required to unlock the key.

If you take a key and slice it four ways and then demand a quorum of 3 pieces, even if a piece gets destroyed, the other three keyholders still have access to recreate the original secret key.

#Zero-Trust Shamir Secret Sharing

Zero-Trust is an added layer of security by adding a decryption key to the solution.[3]

The key is responsible for translating the individual pieces into their original characters. If every piece were compromised via collusion or a cyber attack, the contents would still appear to be indecipherable gibberish without the decrypting key. This key is best held by a trusted third party.

One of the more innovative and current approaches is to use Shamir's algorithm in combination with secure multiparty computation (SMPC/MCP). This is frequently used with fully homomorphic encryption (FHE) to enable data processing, analysis, and machine learning of fully encrypted data, without revealing the source.

#Secure Multiparty Computation

SMPC is commonly combined with FHE, enabling analysis, data science, and computation on the underlying data without ever breaching its autonomy.

This encrypted compute level is beneficial for confidential or sensitive information such as medical telemetry, personal finance, insurance adjustment, and other highly regulated fields where a shortage of data exists outside of siloed sources. The above model allows for the commercial and generous use of data without ever compromising someone's autonomy.

Fully homomorphic encryption essentially allows computation on the underlying data without decrypting it first, preserving privacy.

Pros of SMPC in Blockchain-based cryptography

  1. The private key is resistant or immune to quantum brute strength attacks.
  2. Ability to analyze, compute and train machine learning against fully encrypted data sources where privacy is never revealed.
  3. Resistant to common criminal or fraudulent bad-actors.

Cons of SMPC in Blockchain-based cryptography

  1. High computational overhead, which adds price and latency to the solution.
  2. The complex initial design may create too much overhead for smaller developers.
  3. Requires specialized, highly skilled developers or cryptographers.

One blockchain software engineering company, in particular, is actively putting financial cybersecurity at the forefront of its Blockchain services.

#Fintech security in Openware Blockchain solutions

Openware, Inc. (San Francisco, California) has a mission to create a safe, transparent and universally accessible financial ecosystem. The company was initially founded in France by notorious cloud architects Louis Bellet and Camille Meulien and is dedicated to developing advanced Blockchain technologies for economic infrastructure.

Openware's solutions enable enterprises and developers to build cryptocurrency exchanges, advanced distributed ledger applications, open alternative digital marketplaces, and launch next-generation financial infrastructures.

The company is also the core contributor to several Blockchain projects and the license provider for the OpenDAX crypto exchange software stack, provisioning enterprise services on top of the open-source components, including education, support, and software R&D.

For more information about Openware, please visit www.openware.com

#References

[1]: How a quantum computer could break 2048-bit RSA encryption in 8 hours https://www.technologyreview.com/2019/05/30/65724/how-a-quantum-computer-could-break-2048-bit-rsa-encryption-in-8-hours/#:~:text=A%20new%20study%20shows%20that,for%2025%20years%20or%20so.&text=Many%20people%20worry%20that%20quantum,used%20to%20send%20secure%20messages?ref=openware.com

[2]: Neven’s Law replaces Moore’s Law for Quantum Computing https://community.hitachivantara.com/s/article/moores-law-is-replaced-by-nevens-law-for-quantum-computing?ref=openware.com

[3]: Secret Sharing With Trusted Third Parties Using Piggy Bank Protocol https://arxiv.org/ftp/arxiv/papers/1608/1608.05097.pdf?ref=openware.com