RMIT researchers and Sydney cyber startup Tide are claiming a mathematical breakthrough has allowed them to spread system access authority across a network using decentralised keys, meaning there is no one weak link or human vulnerability.
The research has been conducted over several years but has now been translated into a prototype developer tool touted as offering a fundamentally new approach to cybersecurity and a genuine sovereign capability.
“We’re effectively addressing something that in cybersecurity has no way of being addressed today,” Tide Foundation co-founder, Michael Loewy told InnovationAus.com.
“Because today there’s always someone or something that has authority over a system. We allow the platform developers to remove the need to have that authority or even a business using the platform to have a systems administrator that has root access.”
The researchers say they can now generate cryptographic keys ‘in secret’ that are operated in secret in perpetuity in a certain way based on verifiable mathematics rather than a “promises of security” that require blind-trust, effectively “closing the loop” of cryptography.
Dubbed ‘ineffable cryptography’, in practice the approach means there is no longer any individual, company or system holding supreme access powers, so there is no single point of catastrophic failure.
“The actual owners relinquish their god-like authority to a system that they know that doesn’t need to be trusted… you can trust the mathematics behind it because it’s built to give you a verifiable proof at any point that it’s working as it should,” fellow co-founder Yuval Hertzog told InnovationAus.com.
“Now imagine how much of a relief it is for business owner, for example, that knows that the system that now holds the supreme authority over the security of the system is not controlled by anyone. It’s controlled by a set of rules and instruction that they gave initially, that can only be changed with a whole process that requires the approval of eight people [for example].”
The Tide cofounders said tech and security giants like NTT, LastPass and Logitech have made inbound inquiries about the Australian tech because they realise the current approach is unsustainable and makes them the weakest link.
“They’re sitting on a massive liability,” Mr Loewy said.
“If you look at some of the most the most damaging breaches, that IT team or those people with that godlike authority, have been chased into their homes. Their home computers have been breached, their families have been put at risk. No one wants to walk around with a target on their back and all that kind of liability.”
Ineffable cryptography is seen as particularly promising for the cybersecurity of critical infrastructure assets, with these industry partners involved in early testing of access control systems.
New security of critical infrastructure laws have imposed tougher security standards and disclosure requirements on the operators of Australian assets, like ports, energy grids and water supplies.
In 2022/23, the Australian Signals Directorate responded to 143 incidents reported by entities who self-identified as critical infrastructure, an increase from the 95 incidents reported the year prior.
The new approach that could help protect the assets is explained in a joint study by Tide and RMIT mathematicians with its lead author Dr Joanne Hall from RMIT’s School of Science.
The bold claims have also been tested by other RMIT researchers and students at RMIT’s cloud supercomputing hub, RACE.
“This is a new sovereign capability developed in Australia that has all the relevant validation for it to be something that’s meaningful,” Mr Loewy said.
Tide has raised about $2 million from a range of angel investors, with a quarter of its funding also coming from grants and research awards. The company has also collaborated with NTT Research, Wollongong University, and Deakin University, while still owning all of its IP.
Tide was recognised as a finalist in the InnovationAus 2023 Awards for Excellence earlier this month for its decentralised technology.
Do you know more? Contact James Riley via Email.