Data encryption is ubiquitous in our daily lives and automatic where its use is implied and/or expected. In a minority of use cases, an end-user explicitly chooses to encrypt particular data, such as encrypting an email. Even then, the end-user has little/no control over the encryption process. There are use cases where the initial setup enables autonomous data encryption. An administrator of a computer may enable disk encryption, where according to Wikipedia, “[d]isk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume.” In the process of enabling disk encryption, an administrator is asked to provide configuration information one time, such as a password or security card to unlock the drive, where to save the recovery key, and how much of the drive to encrypt. After this initial setup, data encryption is autonomous. Likewise, home security systems require device installation and initial setup, which may include devices such as a: base station, keypad, range extender, video security camera, video doorbell, motion sensor, glass break sensor, and/or contact sensor. If the administrator of the home security system enables encryption, then the system becomes more secure by encrypting data communication from devices such as a video security camera or video doorbell autonomously. Other use cases require no end-user setup, but encryption use is implied and automatic. When an end-user selects a web hyperlink from their tablet interface, where the link starts with HTTPS, the data communication between their tablet and the website is automatically encrypted. Even if the link started with HTTP, a website or client software may automatically redirect the link to HTTPS to ensure secure communications. Popular website browsers may even balk at a user trying to connect to a website insecurely through HTTP and put up a blocker screen where the end-user must accept the risk of an unsecured connection to continue. Another area where end-users are using encryption behind the scenes in an autonomous fashion is digital signatures. According to Wikipedia, “[a] digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents.” The data itself—a digital message or document—is not encrypted to generate a digital signature.
A digital signature algorithm creates a hash of the data to be signed using a hash algorithm, which is then encrypted using a signer’s private encryption key. The encrypted hash is the digital signature. To verify a digital signature, the original data, hash algorithm, digital signature algorithm, and signer’s public encryption key must be known/available. End-users of digital signature services, such as those provided by DocuSign, are shielded from the implementation and may not even be aware of encryption in the process. Perhaps the most pronounced use of autonomous encryption is watching paid-for television. Paid-for television content, however delivered, including cable, satellite, or streaming services, is most likely encrypted and then later decrypted at the viewer’s end device, computer, or cable box. There is no choice by the end-user regarding content encryption, but the user is in effect using encryption by using the television service. In summary, device manufacturers, service providers, website administrators, application providers, and content providers implement data and/or data hash encryption to provide data confidentiality, data integrity assurances, authentication of communicating entities, and/or non-repudiation. On the other hand, end-users use encryption with little/no knowledge of how encryption is implemented or initiated.
Digital data may be operated on by cryptography ciphers for the purpose of encryption and decryption. Asymmetric encryption algorithms, such as RSA (“Rivest–Shamir–Adleman”), use two different keys: a public key that is generally available and a private key that is kept secret. Data is encrypted by the sender using the receiver’s public key, and the encrypted data exchanged with the receiver is decrypted by the receiver using the receiver’s private key. Symmetric encryption algorithms, such as the Advanced Encryption Standard (“AES”) and the Triple Data Encryption Standard (“3DES”) algorithms use a single key input to the cipher. When the 3DES-3 key cipher is presented with a 192-bit key, it uses 168 bits for encryption. The AES cipher, on the other hand, when presented with a 128/256 bit key uses 128/256 bits for encryption. Data is encrypted by the sender using the key, and both the encrypted data and key must be available to the receiver for decryption. Cascade or multiple encryption, encrypts data multiple times to achieve higher data protection and may use multiple ciphers and/or multiple encryption keys. This means that cascade encryption serially operates on data multiple times, uses additional computer resources, and takes more processing time compared to encryption operating on data only one time.
Encryption security may be associated with a cipher, its key size, and an attacker’s capabilities. The National Institute of Standards and Technology (“NIST”) in its publication NIST Special Publication 800-57 Part 1 Revision 5, “Recommendation for Key Management,” page 53, points out, “[t]he attacker’s capabilities could include the cryptanalysis techniques used to reduce the time to attack an algorithm, the processing power available to the attacker, and the advent of new types of computing systems (e.g., quantum computers)” and on page 59, “[o]ver time, cryptographic algorithms and their associated key lengths may become more vulnerable to successful attacks, requiring a transition to stronger algorithms or longer key lengths.” There are serious implications for data encrypted with a cipher that has become vulnerable to attack, as per page 62-63 states, “[f]or example, the algorithm or key length used may no longer offer adequate security because of improvements in computational capability or cryptanalysis. In this case, applying protection to “new” information can be performed using stronger algorithms or keys. However, information that was previously protected using these now-inadequate algorithms and keys may no longer be secure. This information may include other keys or sensitive information protected by the keys.” There are concerns that quantum computing may provide the computer power to break ciphers with a given key length that are considered safe today. The NIST publication NISTIR 8105, “Report on Post-Quantum Cryptography,” Table 1, indicates that algorithms such as RSA will not be secure in the face of large-scale quantum computers, and AES encryption will need larger key sizes to remain secure.
A new solution is needed to break this data at-risk cycle and future-proof data encryption. Encrypting data using the new solution would keep data secure over time even though attacker’s capabilities increase and quantum computers become mainstream. This is possible if the process of encrypting data one time used multiple ciphers and a much longer key. Multiple ciphers would protect against vulnerabilities found in any one of the ciphers. A longer key length would make the number of permutations faced by an attacker to break such encryption impossible, even with large scale quantum computers.
The new solution will have a similar performance to today’s single cipher-key encryption, considering that each bit of data is encrypted only one time and by taking advantage of parallelism provided by current computers. The new solution will not require modifications to the encryption algorithms themselves.