An Advance in Cryptographic Key Management

Unbound Tech’s motto is “Math over Matter.” This concept is on display as the company fields a cryptographic key management solution that spans the cloud and on-premises instances. Their goal is to disrupt the traditionally exclusive use of hardware for key management. While there isn’t anything necessarily wrong with relying on Hardware Security Modules (HSMs) for storing cryptographic keys, HSMs are expensive and they don’t work well in a cloud or hybrid-cloud architecture.

HSM use tends to lead to inefficient siloes of key management in a distributed organization. This can be problematic, as Professor Yehuda Lindell, co-Founder and CEO of Unbound, explained. “Managing keys in silos leads to complexity and increased risk.” He added, “Managing workloads in hybrid public/private environments is challenging, especially when you are using dedicated hardware to secure and manage crypto keys.” This scenario translates into having different key management systems and different levels of trust interacting with dedicated hardware in multiple locations.

Solving this problem was easy in theory, but extremely complicated in practice. Customers were reluctant to trust software to manage keys. They expect hardware-level security, even if the key management solution is software-based. This is the problem Unbound applied itself to solving.

Yehuda Lindell – CEO – Unbound Tech

Lindell spent the bulk of his career researching cryptography and related technologies at the Weizmann Institute and Bar Ilan University. From this background, Lindell and his team were able to develop software that leverages the Multi-Party Computation (MPC) paradigm to storage parts of crypto keys in multiple locations, including the cloud. MPC a subset of cryptography that creates methods that enables joint computing a function by parties that control their inputs while keeping the inputs private.

The Unbound solution splits crypto keys into random shares and puts them on different machines. Even if a hacker can breach one set of machines, they cannot learn anything about the key. Current customers include large corporations and banks. They use the solution for code signing and general purpose encryption. The company is also working in the crypto currency space.

“MPC is more viable now than it was 20 years ago,” Lindell explained. “Initially, it was all theoretical research. A lot has been done to make it more efficiency.” Hardware improvements, such as the AESNi instruction set used by Intel, have also contributed to MPC’s viability. It’s all about math over matter.

Photo Credit: School of Mathematics – University of Manchester Flickr via Compfight cc