Advanced cryptography explained: New approaches for data security and privacy in manufacturing and plant engineering.
What does advanced cryptography mean?
The NCSC uses the term “Advanced Cryptography” for techniques that make it possible to process encrypted data directly while providing functionality beyond traditional encryption methods. Examples include:
- Homomorphic encryption: Performing computations directly on encrypted data.
- Multiparty computation (MPC): Multiple parties compute results together without revealing their individual input data.
- Zero-knowledge proofs: Proving knowledge of secret information without disclosing it.
- Attribute-based encryption: Decrypting data based on specific attributes of the recipient.
Why is advanced cryptography relevant for product manufacturers and machine builders?
Especially in industrial environments, such as manufacturers of plants and machines, the need to process and protect sensitive data - like design files, operating parameters, or user data - is growing. Advanced cryptographic techniques offer significant opportunities, for example:
- Secure exchange of sensitive data with suppliers and partners without having to grant full transparency.
- Shared use of data in manufacturing or maintenance without endangering competitive advantages or trade secrets.
- Improved data security for cloud-based analytics and IoT applications, where traditional encryption methods reach their limits.
Challenges and warnings from the NCSC
The NCSC issues clear guidance on when and how these advanced methods should be used:
- Advanced cryptography should never be adopted as an end in itself. A clear problem analysis beforehand is essential to determine whether these techniques will actually provide benefits.
- Implementing your own cryptographic solutions is explicitly not recommended, since subtle errors can cause severe security issues. Manufacturers should instead rely on established, standardized solutions.
- Due to the complexity and high resource requirements of these techniques, thorough feasibility studies and pilot projects are essential to ensure that solutions are practical and scalable.
- There are still few standards or certifications for advanced cryptography, so implementation should be carried out carefully and based on risk.
Conclusion - recognize opportunities and consider risks
Advanced cryptography offers manufacturers and machine builders innovative ways to handle sensitive data more securely while enabling new business models. However, companies should be aware that these techniques are currently complex, resource-intensive, and not widely standardized. A careful assessment of actual needs, a clearly defined problem, and the choice of established solutions and specialized partners are crucial for successful deployment.
Further details and a more in-depth analysis can be found in the NCSC's whitepaper "Advanced Cryptography" (https://www.ncsc.gov.uk/whitepaper/advanced-cryptography).