What is perfect secrecy? Defending intellectual property when the hacker has unlimited resources.

Perfect secrecy, as the name begins to suggest , refers to a state in which no recognisable information whatsoever can be extracted from an encrypted data package. Perfect secrecy, closely linked to a form of cipher known as a one-time-pad, was originally proven by Claude Shannon in a 1945 paper. With quantum computing on the horizon, the concept has been practically realised with new relevance in cyber security.

Originally classified in the 1945 paper A Mathematical Theory of Cryptography, Claude Shannon’s proof of the cryptographical property of perfect secrecy was published in 1948. The 1948 edition would become one of the foundation works of modern cryptography. Though the name Perfect Secrecy aptly describes the cryptographical property, its full significance (as we shall see) is greater.

Definition: perfect secrecy

Perfect secrecy is a cryptographical property according to which an encrypted message (ciphertext) provides no information about the original data (plaintext). The property is proven to be information theoretically secure by Claude Shannon, a forefather of modern cryptography. When true perfect secrecy is achieved, an attacker’s knowledge of the contents of an encrypted message would be the same both before and after they attacked the ciphertext with unlimited resources.

Perfect secrecy, in other words, yields no recognisable information whatsoever to a brute force attack so long as the ciphertext is at least as long as the plaintext. This would remain true even if the attacker possessed the kind of unlimited (read quantum) computing resources which would outmatch regular encryption.

How was perfect secrecy discovered?

The concept remains as relevant to cryptography today as the day it was discovered (perhaps more so, but we’ll get there in a minute), but its first mathematical proof took place against a backdrop which will feel familiar to fans of The Imitation Game starring Benedict Cumberbatch.

In 1918, at the close of a First World War which pivoted on the decryption of the Zimmerman telegraph, a German inventor named Arthur Scherbius patented the Enigma machine. His invention, an electro-mechanical device that enciphered typed plaintext via an array of configurable wiring positions, would be adopted by the German Navy in 1926.

Many of the Second World War’s most important communications would be sent via Enigma machines, with allied codebreakers scrambling to uncover each day’s Enigma settings until Alan Turing designed a vast electronic code breaking machine capable of speeding up Enigma decryption. Enigma decrypts using Turing’s Bombe machines ultimately helped to turn the tide of the war in favour of the allies.

Claude Shannon, making his own cryptographical discoveries, completed A Mathematical Theory of Cryptography in the wake of a conflict which had seen both sides expend considerable resources developing opposing encryption and decryption capabilities. With Turing’s machine basically dependent on a kind of ‘known plaintext’ attack (Enigma machines could not encipher any letter as itself) Shannon asked “How secure is a system against cryptanalysis when the enemy has unlimited time and manpower available for the analysis of intercepted cryptograms?”

Why is perfect secrecy relevant today?

What Claude Shannon discovered is even more relevant today than it was in 1945. The mathematical principles have stayed the same, and an information revolution has taken place around them.

Quantum computing (with staggering brute force potential) is becoming a practical concern – the modern evolution of the ‘unlimited time and manpower’ which Shannon pondered. It’s today, in a world of digital rather than electronic information exchange, that achieving the goal of perfect secrecy will move from theory to agenda item. And in fact, a UK technology company has done just that.

Achieving perfect secrecy practically – and dramatically improving information security where codebreakers have been replaced by cyber criminals – required a novel combination of technologies. Majenta Solutions and Anzen Technologies have teamed sharding (a decidedly unromantic form of database partitioning) with the kind of comprehensive encryption required to meet perfect secrecy’s criteria.

It’s a fruitful if unexpected combination because once sharded (into four discrete datasets each as large as the original to confuse the attacker further), the data can be safely scattered between four continents – quadrupling the amount of conventional security infrastructure an attacker would have to content with to intercept the data.

And because the data has been sharded after anonymisation, this approach renders any one shard (or in fact anything less than the full number) completely useless. With a portion of data safely hidden on the other side of the world, no amount of quantum-powered brute force would yield any information.

For Majenta, this technology has come not a moment too soon as the answer to a modern cryptographical arms race where the prize to be guarded or won is intellectual property. The kind that can ruin product launches and destabilise markets if intercepted. With the Landwing X7 (based on stolen JLR design data) competing directly with the Range Rover Evoque, an answer to the problem of corporate espionage was required.

For the automotive industry, and any other where highly sensitive data needs to be shared quickly, this solution (known as the ASR process) to perfect secrecy has been implemented in a business data exchange system to insulate intellectual property from state or criminal actors when it travels beyond the internal security perimeter. After all, the smart cyber criminal will reinvest their ill-gotten profits in improved offensive capability.

You can read more about the data sharing system which has achieved perfect secrecy here: https://www.mymxdata.com/mx-asr/