Evolving Encryption and Unlocking Schrödinger's Data

There is a long tradition of building fortified walls to protect precious assets. Look at the Tower of London or, indeed, any city wall. The problem is: whatever lies within that fortification by necessity becomes isolated from people. If it’s jewels, people want to wear them. If it’s wealth, people want to spend it. 

In 2023, those assets are less tangible but no less valuable and – whether cryptocurrencies, national secrets or world-changing ideas – in one way or another, they present as data. Secure though those assets – jewels, money, data – may be, how valuable are they really when nobody can use them? In a sense, if something is locked away for nobody to benefit from, do those assets even exist in the first place.

Recognising this, the monarchs unlocked the Tower to wear their jewels, the banks opened the vaults to withdraw their money and companies decrypted their data so they could gain the valuable insights that technology increasingly allows.

But in doing so, they left those assets open to attack. And, from anyone who has ever bought insurance knows, put its value at risk. 

So does decrypting data to unlock its usefulness reduce its value? It very likely could. With increasing concerns over data privacy, regulatory restrictions, and the reputational risk associated with data breaches and misuse, businesses must find ways to extract value from data while ensuring data privacy.

So how do we solve the problem of Schrodinger’s Data? Here, we explore the evolution of encryption technology, discussing its balance between data usability and security, with a particular focus on Privacy Enhancing Technologies (PETs) and the role of innovative companies like Vaultree – our portfolio company – in this rapidly evolving field.

Privacy Enhancing Technologies embody fundamental privacy protection principles that have become essential to businesses as cybersecurity threats increase from bad actors, nation-state cyber-attacks, and human error within an organisation. PETs exist to allow companies the option to unlock data's usefulness while preserving privacy and security. 

Their potential has not been ignored: Gartner estimates that by 2025, 60% of large organisations will adopt PETs for data processing, as they play a crucial role in protecting consumer data and intellectual property. So what’s the dominant technique? And how is the PET market evolving?

Hardware: locking it up

A hardware wallet acts as a form of Privacy-Enhancing Technology (PET) by offering a safe and isolated space for keeping cryptographic keys, essential for accessing digital currencies like cryptocurrencies. Unlike software wallets that function on standard computers and are prone to malware infiltration, a hardware wallet is a specialised device engineered to defend against multiple forms of security threats. 

This unique "cold storage" setup guarantees that the private keys stay within the device, significantly impeding unauthorised transfers of assets without physical possession of the hardware wallet. This boosts both privacy and security, especially for dealings and safekeeping of non-fungible assets such as cryptocurrency and NFTs.

Ledger, one of Molten's portfolio companies, provides consumer-focused hardware wallets for the secure storage and exchange of cryptocurrencies. Ledger offers two types of wallets—Ledger Nano S and Ledger Nano X. For enterprises, Ledger Vault offers a complete custody technology platform deployed as SaaS for financial institutions that store and manage crypto assets. Ledger Vault also offers insurance, private key recovery and multi-currency solutions.

Synthetic Data: Replace sensitive data entirely

Synthetic data is used as a PET as it generates a new dataset that closely reflects the statistical traits of the original one, but without including any sensitive, real-world information. This enables analysts, researchers, and organizations to engage in data analysis, model construction, and insight generation without revealing individual data points.

For instance, if a healthcare provider wishes to share patient information for new drug research, using real patient data would compromise privacy. A synthetic dataset can be created instead, maintaining the general trends and characteristics—such as age distribution and medication response—of the original data, but without any personally identifiable details.

Among Molten's portfolio companies, Mostly AI specialises in creating synthetic data as a technology for privacy enhancement. Mostly AI produces software that allows businesses to create synthetic datasets suitable for various applications like training AI models, conducting data analytics, and product testing.

Using Generative AI they convert original datasets containing sensitive and private information into synthetic versions that comply with privacy regulations. These synthetic copies usually preserve 80-99%+ of the original data's underlying patterns, offering a secure method for training models, making business and product choices, and externally sharing data without risking data breaches or privacy infringement.

Encryption: Secret codes and keys

Encryption is the act of encoding data to render it unintelligible to someone who doesn’t have the authorisation to access the data, also known as ciphertext. Once data is encrypted, only authorised parties who have a “key” can read it or use it. 

The problem with encrypting data is that sooner or later, you must decrypt in order to analyse it, and decrypting data makes it vulnerable. Cloud files can be kept cryptographically scrambled by using a secret key, but as soon as you want to use those files — from editing a word document or querying a database of financial data — you have to decrypt that data thus rendering it unsecured and at risk of infiltration.

The emergence of advanced cryptographic methods has aimed to overcome this issue, allowing for computations on encrypted data without the need for decryption. The north star being the speed of cleartext with the security of ciphertext. These methods include zero-knowledge proofs, differential privacy, and homomorphic encryption, which have their own unique strengths and limitations, which are discussed below. 

1. Zero-Knowledge Proofs
   Zero-knowledge proofs verify the truth of a claim without exposing the underlying data. They require significant computational power, aren't suitable for all business applications and are not absolute proofs in a mathematical sense. Imagine you want to prove to a friend that you know the password to a locked vault, but you don't want to reveal the password itself. Using a zero-knowledge proof, you could demonstrate you know the password without actually disclosing it. 
   
   
2. Differential Privacy
   Differential privacy adds a layer of randomness to datasets to protect individual entries while still allowing for broad statistical analysis. It's not ideal for tasks requiring individual-level data, like fraud detection, and it can affect data accuracy. For example, a medical researcher wants to understand the average age of patients with a certain condition but doesn't want to risk revealing any individual's age. By applying differential privacy, the researcher can get an approximate average without compromising individual data. 
   
   
3. Fully Homomorphic Encryption
   Recent advancements make Fully Homomorphic Encryption increasingly practical for various sectors. It's especially valuable in sensitive fields like healthcare, as it allows operations on encrypted data. For example, a hospital wants to use patient data to improve its services but needs to keep the data private. With fully homomorphic encryption, the hospital can perform analyses on the encrypted data directly, without needing to decrypt it. 
   
   
4. The Importance of Zero Trust
   The zero-trust model calls for verifying every actor or system, no matter where they are in relation to the security perimeter. Rather than assuming safety behind a corporate firewall, it operates on the assumption of breach and vets each request as if it came from an open network. For instance, if a company employee wants to access a secure database, their identity and permissions are checked even within the company's network.
   
   IndyKite, a company in Molten's portfolio, has implemented this zero-trust approach in identity management. They use a knowledge graph database at the heart of their tech. Identity is key to establishing and securing trust. Traditionally, businesses viewed managing identity as a liability. But IndyKite's tech captures rich metadata and analyses data point relationships, turning digital identities from a liability into a business asset based on the zero-trust model.

Fully Homomorphic Encryption (FHE) lets you work with data while keeping it encrypted, offering both security and utility. Created in 2009, one of the primary challenges associated with FHE is its inability to scale non-linearly, meaning that larger datasets result in slower, less efficient operations and high compute cost, making it inefficient for both large datasets and time-sensitive tasks. 

However, new advancements in cryptography enable the same results while simultaneously delivering speed and efficiency. This technology caught our attention and led us to invest in Vaultree, a company that uses innovative methods to enable speed and security for customers that wish to process large amounts of sensitive data in a zero-trust setting.

Vaultree: A Competitive Edge in the Encryption Market

Vaultree's long-term goal is to enable organisations to unlock value from their data in a secure, scalable way. Use cases include secure data pipelines, analytics on sensitive customer and employee data, internal & external data collaboration, training AI on encrypted data.

Vaultree's approach stands out in this market, offering simplicity, security, control, and scalability to organisations looking to use and protect their data in an increasingly complex digital landscape.  

The company differentiates itself through four key pillars:

1. Simplicity: Vaultree's solution requires only a few lines of code, making it easy for data owners or database administrators to implement without extensive integration efforts.
2. Zero Trust: Vaultree never holds or sees any keys or decrypted data, ensuring full control remains with the client.
3. Novel Approach: Vaultree's Fully Functional Data-in-Use Encryption uniquely combines FHE capability and searchable encryption, providing a competitive edge in the market.
4. Performance & Scalability: Vaultree’s algorithms enable near plaintext speed processing, a significant breakthrough in the field. 

As organisations continue to collect and process vast amounts of valuable data, the need for sophisticated encryption technologies and PETs, which allow both usability and security will only grow. Fully Homomorphic Encryption seems to be the panacea today, but what about tomorrow? The future of encryption technology lies in the continuous development and refinement of these techniques to meet the ever-evolving demands of both the effective use and the efficient protection of data. Some key areas of future development include:

1. Quantum Computing
   Imagine current encryption methods as a complex lock that would take centuries for a traditional computer to pick. A quantum computer would be like a master locksmith that can pick these locks in mere seconds. Quantum computing could revolutionize cryptography by breaking existing encryption methods. Future security will rely on quantum-resistant algorithms which are designed to withstand quantum attacks.
   
   
2. Standardisation
   Moving towards standardised encryption methods will ensure all systems can work together safely and smoothly. As encryption technologies become more common, standardisation is crucial for ensuring they work well together and are easy to adopt. Organizations like NIST are setting guidelines to help standardise these technologies.
   
   
3. Integration with Emerging Technologies
   Imagine a smart city where traffic lights, public transport, and utility services are all interconnected. Without integrated encryption, a breach in one system could compromise the entire city’s operations. New and interconnected technologies are becoming more important, requiring encryption to be seamlessly integrated to keep data secure and private. Organizations will need to evolve their encryption methods to adapt to these new technologies.
   
   
4. Continuous Research and Development
   It's akin to constant updates to a computer's operating system to fend off new types of viruses and malware. Ongoing innovation in encryption and PETs is essential for improving data security. For instance, new methods like Vaultree's show how emerging companies are constantly pushing the boundaries of cryptography.
   
   
5. Increased Collaboration
   Think of this as different car manufacturers coming together to create a universal electric car charger. It benefits everyone and promotes faster adoption of electric cars. Collaboration between public and private sectors is key for the development and adoption of encryption and PETs. Working together, they can better understand the challenges of data privacy and security and create more robust solutions for an interconnected world.

As data becomes ever more valuable to enterprises across all sectors, so too does the importance of having the right technologies in place to maximise data utility and minimise risk. Privacy Enhancing Technologies in their many forms have been instrumental in pursuit of a balance between data usability and security and represent a huge opportunity for emerging companies in this space.

Fully Homomorphic Encryption, or whatever technology succeeds it, will be essential for organisations to unlock the full potential of their data while maintaining privacy and security. 

As that landscape continues to evolve, ensuring that the walls we build around the assets we value are strong is essential. Those that win, however, will be businesses that allow these prizes to be enjoyed and protected in a single stroke.