NTT Research, Inc. today announced the Zero Trust Data Security (ZTDS) Suite, a novel cybersecurity solution leveraging advancements in attribute-based encryption (ABE) to provide data-level protection against both conventional and quantum computing-enhanced cyberattacks. Developed by the Cryptography & Information Security (CIS) Lab, directed by Dr. Brent Waters—building upon his 2005 foundational work with Dr. Amit Sahai—the suite incorporates Post-Quantum Cryptography (PQC-ABE) to overcome prior performance limitations of ABE. The Center for Research and Development on Secure Computer Systems (CRADSEC) will license this ABE software, integrating it with Trusted Execution Environments to address emerging security use cases and facilitate a proactive migration toward a post-quantum security posture.
NTT Research Launches Quantum-Secure Data Security Suite
NTT Research has launched the Zero Trust Data Security (ZTDS) Suite, a new solution leveraging Attribute-Based Encryption (ABE) to secure data even against quantum computing threats. This suite addresses a critical gap in Zero Trust architectures – protecting data after it leaves the protected network perimeter. Built on decades of ABE research, including work by Dr. Brent Waters dating back to 2005 (“Fuzzy Identity-based Encryption”), ZTDS allows fine-grained access control based on attributes like role or affiliation – going beyond simple user-based permissions.
A key breakthrough overcomes previous performance limitations hindering real-world ABE deployment. NTT Research scientists achieved quantum-safe ABE (PQC-ABE) operating within the Ring-LWE setting—a standard for post-quantum cryptography. This enables practical, decentralized multi-authority access policies, representing the first viable candidates for large-universe PQC-ABE based on established cryptographic assumptions. NTT Research’s Crypto Agility software further simplifies adoption by allowing transparent migration from legacy algorithms.
The Center for Research and Development on Secure Computer Systems (CRADSEC) will integrate NTT Research’s ABE software within Trusted Execution Environments (TEE). This combination enhances security through features like revocation and flexible protection domains. ZTDS offers a commercially supported ABE solution for academic, public sector, and enterprise environments, positioning NTT Research as a leader in proactively addressing the quantum computing threat to data security.
Understanding Attribute-Based Encryption (ABE) Technology
Attribute-Based Encryption (ABE) is an encryption technology gaining prominence for its fine-grained access control. Unlike traditional methods, ABE doesn’t rely on who is accessing data, but what attributes they possess. Policies are defined based on these qualities – like job role or affiliation – determining decryption access. NTT Research highlights three primary control categories: content-based (access to specific data types), role-based (access by organizational level), and multi-authority (requiring keys from multiple organizations), enabling highly customizable security.
Previously, practical ABE deployments faced performance limitations, particularly with the looming threat of quantum computing. NTT Research has overcome these hurdles with a breakthrough enabling “Post-Quantum Cryptography based Attribute-Based Encryption” (PQC-ABE). This utilizes constructions working in the Ring-LWE setting – a standard for post-quantum encryption – and allows for decentralization across multiple organizations. This advancement offers a viable path to quantum-safe data security, addressing a critical need as quantum computing capabilities advance.
The Center for Research and Development on Secure Computer Systems (CRADSEC) is integrating NTT Research’s ABE software within Trusted Execution Environments (TEEs). TEEs create isolated, secure processing spaces, enhancing cryptographic operations like revocation. Combined with NTT Research’s Crypto Agility software – allowing seamless migration to post-quantum algorithms – this solution offers robust, adaptable security for academic, public sector, and enterprise deployments. This positions ABE as a core technology for a future-proof security strategy.
Overcoming Performance Barriers for Quantum-Safe ABE
NTT Research has overcome a key barrier to deploying quantum-safe Attribute-Based Encryption (ABE), previously hampered by performance limitations. Their breakthrough enables practical PQC-ABE constructions operating within the Ring-LWE setting – a crucial paradigm for post-quantum cryptography standardization efforts. This isn’t just theoretical; it allows for decentralized, multi-authority environments, representing the first viable candidates for large-universe PQC-ABE based on standard cryptographic assumptions. This leap forward is critical as organizations face looming deadlines for quantum readiness.
This advancement addresses a significant weakness in conventional zero-trust architectures: data leakage. While perimeter security is strong, once data leaves the protected network, access control is lost. NTT’s solution maintains those controls at the file level, even after copying or leakage. Coupled with their “Crypto Agility” software for seamless algorithm migration, this provides a proactive security strategy, ensuring compatibility with evolving quantum-resistant standards and mitigating post-quantum risks for mission-critical applications.
The Center for Research and Development on Secure Computer Systems (CRADSEC) is further leveraging this technology within Trusted Execution Environments (TEEs). By combining ABE with TEEs, CRADSEC enables secure cryptographic operations like revocation, enhancing data protection. This collaboration highlights the growing ecosystem around quantum-safe ABE and positions NTT Research’s commercially available solution as a leading option for academic, public sector, and enterprise deployments seeking robust, future-proof security.
CRADSEC Integration with Trusted Execution Environments
NTT Research is integrating Attribute-Based Encryption (ABE) with Trusted Execution Environments (TEEs) to bolster data security, particularly against quantum computing threats. This pairing addresses a critical weakness in traditional Zero Trust architectures – data vulnerability after exfiltration. ABE, now quantum-resistant through advancements like Ring-LWE constructions, enforces access policies at the data level, even if the file is copied. CRADSEC’s implementation within a TEE isolates cryptographic operations, enabling secure functions like revocation and flexible protection domain configuration.
The breakthrough enabling practical Post-Quantum Cryptography-based ABE (PQC-ABE) overcomes prior performance limitations. NTT Research’s solution supports multi-authority environments – where multiple organizations issue credentials – and seamless decentralization, crucial for complex data sharing scenarios. This PQC-ABE operates within a TEE, providing a secure enclave for sensitive key management and decryption processes, independent of the underlying operating system’s security. This is a significant step toward regulatory compliance and proactive security.
CRADSEC’s use of TEEs alongside ABE isn’t merely about encryption; it’s about creating a robust, adaptable security framework. TEEs provide versatile hardware primitives allowing flexible configuration of protection domains. NTT Research’s Crypto Agility software further ensures compatibility, enabling seamless migration from legacy algorithms to PQC options. This combined approach offers enterprise-grade support, positioning ABE as a viable, long-term data security solution in the emerging quantum computing landscape.
