NCSC Steering on “Superior Cryptography”
The UK’s Nationwide Cyber Safety Centre simply launched its white paper on “Superior Cryptography,” which it defines as “cryptographic strategies for processing encrypted information, offering enhanced performance over and above that offered by conventional cryptography.” It consists of issues like homomorphic encryption, attribute-based encryption, zero-knowledge proofs, and safe multiparty computation.
It’s full of excellent recommendation. I particularly recognize this warning:
When deciding whether or not to make use of Superior Cryptography, begin with a transparent articulation of the issue, and use that to information the event of an applicable resolution. That’s, you shouldn’t begin with an Superior Cryptography method, after which try to suit the performance it offers to the issue.
And:
In virtually all circumstances, it’s unhealthy follow for customers to design and/or implement their very own cryptography; this is applicable to Superior Cryptography much more than conventional cryptography due to the complexity of the algorithms. It additionally applies to writing your personal utility based mostly on a cryptographic library that implements the Superior Cryptography primitive operations, as a result of delicate flaws in how they’re used can result in critical safety weaknesses.
The conclusion:
Superior Cryptography covers a variety of strategies for safeguarding delicate information at relaxation, in transit and in use. These strategies allow novel functions with completely different belief relationships between the events, as in comparison with conventional cryptographic strategies for encryption and authentication.
Nonetheless, there are a variety of things to contemplate earlier than deploying an answer based mostly on Superior Cryptography, together with the relative immaturity of the strategies and their implementations, important computational burdens and sluggish response occasions, and the danger of opening up further cyber assault vectors.
There are initiatives underway to standardise some types of Superior Cryptography, and the effectivity of implementations is frequently bettering. Whereas many information processing issues may be solved with conventional cryptography (which is able to normally result in an easier, lower-cost and extra mature resolution) for people who can’t, Superior Cryptography strategies might sooner or later allow revolutionary methods of deriving profit from giant shared datasets, with out compromising people’ privateness.
NCSC weblog entry.
Posted on Might 2, 2025 at 7:03 AM •
3 Feedback
