Discover what is secure Multi-Party Computation and why CISOs should pay closer attention to this advanced technology for encryption key generation, storage and management.
In today’s rapidly evolving digital landscape, Chief Information Security Officers (CISOs) are now tasked with not only protecting their organisation’s sensitive data but also ensuring compliance of their businesses from diverse and rapidly-changing regulations.
The emergence of new threats, such as AI-powered attacks, ransomware and sophisticated breaches, coupled with the rise of cloud computing, remote work and new regulations, call for new roles for CISOs. Traditional security measures, such as encryption and secure storage, are no longer sufficient in the face of sophisticated cyber threats. They need to adapt to new realities and go beyond traditional security methods.
Against this somewhat murky background, the implementation of secure multi-party computation for key generation and management emerges as a valuable tool in the arsenal of CISOs to secure data, prevent unauthorised access, and ensure compliance.
Here’s why.
What is secure Multi-Party Computation (MPC)?
Secure Multi-Party Computation or MPC is a cryptographic protocol that enables multiple parties to perform a computation on data without revealing their data to each other. In other (and simpler) words, it’s a cryptographic trick that allows people or organisations to work together and get specific results, while keeping everyone’s information private and secure.
MPC is based on two key properties:
- Privacy: The information held by each party remains confidential throughout the process.
- Accuracy: The results are accurate and reliable even if someone tries to manipulate the process.
To illustrate how this technique work, let’s take a simple example.
Imagine a scenario with three colleagues on a team, named Alice, Bob, and Carol. They are interested in determining the average salary of their team, but they prefer not to reveal their individual salary figures for obvious privacy reasons.
Instead of giving their actual salaries and computing a straightforward average, they opt to employ secure multi-party computation.
To do this, each of them input their salary in a function, which outputs random numbers that add up to their actual salary. Let’s call those number shares (see figure 1).
These shares are then randomly distributed among the colleagues, resulting in each person having a new set of values (see figure 2). The new total values can then be combined to derive the team’s average salary without anyone having to disclose their specific salary information.
All in all, when we add up the salary shares (3851 + 5508 + 7641) and divide them by 3, we get a total of 5666.67. This gives us the average salary of the three colleagues. It is basically the same as doing a standard average of the actual salaries (7500 + 4500 + 5000) / 3. The only difference is that when using multi-part computation, we never saw the actual salaries. We only got access to the randomly generated salary shares.
While this is a very basic example of secure Multi-Party Computation, this cryptographic concept can be used for more complex applications, like data collaboration and information sharing between organisations, but also for security or privacy purposes.
Let’s have a deeper look at how CISOs can use MPC for data security, in particular key encryption.
How can MPC enhance data security?
One of the key (no pun intended) applications of MPC to protect sensitive data is in generating distributed encryption keys through MPC-based key generation. As every CISO would know it, protecting encryption keys is critical in today’s digital landscape when one wants to safeguard sensitive data and ensure data confidentiality and integrity of one’s organisation.
Traditionally, encryption keys have been stored in methods like hardware security modules (HSMs), software-based key storage solutions, secure key vaults and many other ways. The problem with these methods is that the key is stored in a single location. This poses a serious security risk known as the “single point of comprise”. If attackers successfully target and gain access to the location where encryption keys are stored, they can potentially access sensitive information, control systems or disrupt operations. This shortcoming keeps quite a few CISOs awake at night, which is definitely not ideal.
An alternative to this sleep-depriving situation is MPC-based key generation and management, which refers to the use of multi-party computation for generating and managing encryption keys.
In a MPC setup, encryption keys are no longer stored in a single location. Instead, they are divided into shares, encrypted, and distributed among multiple parties (we usually speak of decentralised key shares). Each party can independently compute their part of the encryption key share without revealing their encryption key to others. It is similar to the example of team’s average salary we saw above.
This decentralised approach to key generation and storage offers significant advantages in terms of security. It ensures that the key is never formed and accessible in one place (unlike traditional methods) and minimise data exposure. This drastically mitigates the risk of theft or compromise, as it would require attackers to simultaneously breach multiple parties across different locations. This is great news for the quality of sleep of our CISOs!
A good and high-level metaphor for MPC-based encryption key generation is of a treasure map. Think of your encryption key as a map that is torn into multiple parts and shared to multiple parties. It is only when all the parts are brought together that you know where to find the treasure. It’s pretty much the same process that is at play when generating encryption key through MPC.
Why CISOs should embrace MPC?
As we enter 2024, the role of CISOs in safeguarding sensitive data and ensuring compliance with regulations is becoming more critical than ever. Embracing technologies like MPC appears to be essential to enhance data security, ensure compliance, and migrate cyber risks.
In fact, by implementing MPC-based key generation and management system, CISOs can :
- Eliminate Single Points of Compromise: With MPC, the encryption key is stored in multiple locations, making it difficult for attackers to gain access to encryption keys and associated sensitive data.
- Meet regulatory requirements: With fast-evolving regulations, MPC offers a robust solution that helps organisations protecting data, minimising data exposure and facilitating audit procedures.
- Remove dependence on third party: MPC allows organisations to maintain full control over their encryption keys and data without the need to rely on external service providers or third-party intermediaries.
The adoption of MPC for securing data is actually gaining significant traction among major organisations, including financial institutions, pharmaceutical organisations and automotive companies, among others.
Implement MPC-based key generation in your organisation
Leveraging MPC, DuoKey advanced encryption module provides a simplified key management system designed for enhanced security and maximum control of your cloud environment. This encryption module splits encryption keys into multiple parts and hold them in multiple independent locations. This approach ensures an efficient and scalable way for various security use-cases, like managing encryption keys and secrets, encrypting data, authenticating devices or managing identities.
Learn how to enhance your data protection, while enjoying true peace of mind with DuoKey for Key Management System (KMS), compatible with AWS, Microsoft 365, Google Cloud, Salesforce and many more.
About DuoKey
DuoKey is a Swiss-based company, which specialises in advanced encryption and key management solutions. The company offers a comprehensive suite of key management and encryption products for various platforms like Microsoft 365, Amazon S3, Salesforce and AWS XKS, which features Multi-Party Computation (MPC) encryption.
DuoKey helps businesses worldwide safeguard their confidential information and comply with ever-evolving regulations and industry standards, while maintaining full control over their encryption keys in multi-tenant and vault solutions powered by MPC or Hardware Security Module (HSM).
