Building trust in cryptography | Insights by new.New Festival partner GFT Technologies

05/11/2018  |  CODE_n18 Startup CONTEST, Digital Transformation, new.New Festival

As the world goes digital, there is even greater reliance on cryptography because of its fundamental role in facilitating data transformation. In this modern era of information, secure digital communication and transactions are of critical importance and managing the risk surrounding information systems is considered fundamental to effective cyber security. Given these challenges, it has become increasingly important to develop effective cryptographic systems.

Furthermore, technologies such as blockchain are becoming increasingly popular, especially in the field of finance and industry 4.0, where it is crucial to ensure transactions or e.g. supply chains offer transparency, trust, and security. In addition to supporting financial transactions, blockchain solutions can also be used for agreements and smart contracts. As a result, they are set to impact the entire digital asset management industry.

Building trust in these emerging fields of technology and gaining a better understanding of them can bring significant value to all types of businesses. With this in mind, we chose Cryptographic Trust as one of the focal areas of this year’s CODE_n CONTEST and new.New Festival.

For the following interview, we tapped into our network and sat down with GFT’s Richard Miller, Strategy Head – Disruptive Technology, to discuss and explore the importance of cryptography, decentralized ledgers, and the growing list of blockchain usage scenarios.

Iulia: Hi Richard. To get us started, why don’t you tell us a little bit about yourself and your work?

Richard: I look after the Disruptive Technology practice in the UK. This means that I explore emerging technologies, usually strongly associated to digital business, and curate them as they mature and we understand what our client’s challenges and needs are. At the same time, as part of a professional services firm I’m building capability to then meet those needs. This involves thought leadership, solution design, technology risk management, and capability development.

Iulia: The world needs people who can explain things to a non-technical audience. Many of the major problems our society faces have a technical aspect, and there’s still general distrust of science and technology that could hold back progress. The more we can counter that, the better off we’re going to be. Could you explain in simple terms the basic principle of cryptography?

Richard: Cryptography concerns the hiding of information from unauthorized parties. Critically, the reading of the information (or unencrypting) requires some sort of key which may or may not be the same key that was used to encrypt the information (may be = symmetric, may not be = public key).

The idea that in some situations there may be no authorized parties gives us “hashing.” Hashing is the reduction of an arbitrary-length piece of data to a (probably) unique fixed length string. Key here is that the function is one-way, i.e that given a hash it is theoretically impossible to recreate the data from which it comes. So for example you could hash a 200-page Word document to a unique 30-digit number, but given the 30-digit number it’s impossible to find out what Word document generated it.

Beyond providing confidentiality for data between parties, cryptography can also help provide:

  • Authentication – giving the receiver confidence in the identity of the sender
  • Integrity – allowing a receiver to tell whether the message has been modified or corrupted in transit
  • Non-repudiation – making it impossible for the sender to later deny that they sent the message

Iulia: How is cryptography used in everyday communication?

Richard: Cryptography is used extensively on the internet every day. For example, symmetric and asymmetric encryption is used whenever you use https in a web browser for the secure transmission of data; asymmetric encryption is used in the digital certificates that underpin the identity of who you’re communicating with; and hashes are one of the building blocks of the blockchain mechanism. To expand on this in more detail:

  • Communication – the message or plain text to be sent between parties over a potentially public network is combined with a key using an algorithm creating the ciphertext. This renders the message unintelligible to anyone who doesn’t have the key. Crucially, in modern cryptography while the key is a secret between parties, the algorithm is not. In fact most algorithms are now fully public, which provides a lot of the security by a) allowing the open source community to try to “break” it and b) avoiding the need to change algorithms if a trusted party becomes an untrusted party.
  • Digital certificates – here, identity is guaranteed as a party demonstrates that it is they and only they that could have done something. For example, using public key cryptography, Alice can encrypt a message with Bob’s public key. If Bob is able to decrypt the message with his private key, he can show that to Alice, which proves Bob is who he says he is.
  • Hashes – hashing a piece of information is a portable record of the state of the larger piece of information at a particular point in time. For example, Alice hashes a file and sends the resulting hash to Bob. If Bob later comes across the file from Charlie, he can tell that it is the same file he received from Alice by performing the same hash Alice did. There are many ways hashing can be combined with encryption to create protocols which solve problems. As with encryption, hashing algorithms are fully open now.

Iulia: What is the business value of cryptography? Why would companies want cryptographic solutions to solve security problems?

Richard: The principles or techniques mentioned so far (encryption, hashing, certificates) act as building blocks upon which different business functions can be built. For example, ecommerce requires sensitive information (credit card information, SSN, etc.) to be sent over the public internet. Fundamentally the business value of cryptography stems from the ability to keep certain data confidential, which is one of the important foundations of business. Ultimately, this is about being able to electronically communicate these ideas – safe in the knowledge that even if the message is intercepted it can only be read by the intended recipient.

The other main dimension is to guarantee the identity of the person you are communicating with. As mentioned, this is achieved using digital certificates. Knowing who you’re doing business with (in the ecommerce example above) or where your email is coming from (in the case of secure email) is essential. This is even more important with the various regulations surrounding the protection of data, know your customer (KYC) and anti-money laundering.

Iulia: What type of information can be secured with cryptography? Could you possibly describe one or two of the main areas it’s used in?

Richard: Fundamentally, if data can be represented electronically then it can also be encrypted. Usually there are some intermediate steps – e.g. converting a document into a series of characters and then into a series of bytes. Once encrypted, it can be sent over a public or open network. For example, this could be an email, a WhatsApp message or a picture on Facebook.

Iulia: When we talk about cryptography, it’s impossible not to mention blockchain. The technological potential of this technology is immense, and its uses will only grow with time. What are the current and future uses of blockchain technology?

At the moment, blockchain technology is covering the cost- or friction-reducing use cases. In this, they disintermediate a process by getting middlemen to focus on what value they are adding to a part. As they concentrate on value-added services, the fees they charge should be more directly justified. Examples of this would be international payments and reducing the number of parties involved in sending money from one country to another. Alternatively, streamlining the post-trade process as the need for confirmations, affirmations, and reconciliations is diminished.

The capital markets industry has hardly scratched the surface of the revenue-generating use cases, but that’s where the interesting work will come from. An example from another industry is around the proof of provenance that blockchains give you. For example there’s a blockchain solution coupled with IOT sensors that allows you to ensure that a bottle of wine has been kept in ideal conditions for its life – or that a carton of drugs delivered in Africa is authentic and not counterfeit.

Iulia: How can we keep up with the latest developments in the blockchain market?

Richard: My advice here would be not to panic! This is a long-term technology revolution and there will be quite some time to pick things up. In some ways, it’s similar to the time when relational databases were being invented: Everyone worried about how the hundreds of startups implemented ACID transactions and two-phase locking, etc. Now we pick one of the five or so major vendors for 95% of the use cases. The same is true with distributed ledger technology (DLT) platforms: There are many today but I see them being reduced to less than ten in a few years – when the technology will have matured. As background, DLTs are the superset of blockchain technology and probably where most of the business value will be achieved. They use cryptographic techniques (encryption, hashing, digital certificates, etc.) to ensure that data stores held by untrusting parties are kept in sync. This is revolutionary, as up until now a lot of effort (or cost) has been put into reconciliation processes and protocols to fix inconsistencies between legal entities. DLT promises to remove a big chunk of the cost by getting it right first time.

Iulia: Blockchain tech is being implemented throughout the financial sector. Extending beyond finance, what’s the impact of blockchain on other sectors and industries?

Richard: One of the big use cases outside finance is the supply chain in manufacturing. As I mentioned, the proof of provenance is key here.

I should point out that as part of the hype, blockchain has been touted as a solution for most of the problems the world faces today. Obviously that won’t be the case and so the real challenge here is selecting the use case that has the highest ROI. Being able to “smell” the right use case is a skill. To do it requires a good understanding of what benefits blockchains bring, namely
a) getting a consistent data view across untrusting parties
b) the ability to execute business logic on that data

Iulia: As you know, CODE_n is looking for the most disruptive founders and companies out there – who are eager to spearhead digital transformation with pioneering technologies. What in your opinion would be the most favorable environment for startups developing cryptography techniques to succeed and thrive?

Richard: The major challenge at this stage in the life cycle of a technology is access to high-quality resources. As with the AI revolution, combining these cryptographic techniques into new solutions will take several decades. Understanding the concepts, challenges, and opportunities will require in-depth knowledge. Unfortunately, due to the high level of math required, those resources will be in short supply. Therefore in my opinion CODE_n should be liaising with universities and across industries to smoothen that as far as possible. Beyond that, the usual strategy of finding the right level of abstraction layer will allow less specialist resources to use the technology. Lastly, the technology can always be bought in as part of a package.

Thanks a lot Richard for these in-depth tech insights into the crypto space! We couldn’t agree more – thinking and working across industries and with universities will help us solve complex problems and accelerate the adoption of new technologies. This is exactly what we’re going to do at this year’s new.New Festival where we’ll bring together a diverse network of leading experts from industry, academia, and technology startups eager to create synergies and drive the latest innovations.