Data Encryption Methods

Encryption is kind of a lie. Data can be encrypted at rest, and even in transit…but not “in use”. Fundamentally, CPUs execute arithmetic instructions on decrypted plaintext; even with secure enclaves. But what if we got *really* clever: — Mathematically, there is a solution. It’s just really, really slow. Fully Homomorphic Encryption allows for arithmetic computation *on* encrypted data. First published in 2009, each individual (x86) operation took 30 minutes!  AKA, about 10^12 times slower. — So why bother? Ignoring the performance costs, FHE opens up wild possibilities. Imagine being able to run ML models, Health Data processing, or financial transactions and not having to trust the cloud provider *at all*. — In 2025, we’ve gotten a million times faster; literally. Check out Google’s HEIR project as a quick way to play around with FHE in Python. As for accelerators themselves, there’s growing competition in this space!  Zama, Cornami, and Belfort Labs are doing a lot of interesting work in software, GPUs, FPGAs, and even custom silicon.

✏️CEPS (Centre for European Policy Studies) has just published the report "Strengthening the EU transition to a quantum-safe world" This 125-page publication offers a comprehensive and very timely analysis of the global transition toward quantum-safety, highlighting key recommendations and identifying the hurdles that we, as a community, still need to overcome. Accross its 10 general recommendations and 16 additional sector-specific ones, two key aspects take a prominent role: 👉 Operational challenges of the transition, like establishing business-level priorities, building executive support, addressing the limited cryptographic talent issue, cryptographic homogeneization in products, and building cryptographic inventories based on priorities. 👉 Coordination and the role for regulators, identifying that the EU lacks a coherent, unified transition framework, the need to ensure alignment and coherence across roadmaps and the risks of a fragmented transition. Key conclusions on the later, aligned with previous statements from the Europol Quantum Safe Financial Forum and FS-ISAC, is that quantum-safety is already part of the EU's operational resilience compliance through the “state of the art” security principle embedded in GDPR, DORA, CRA and NIS2. However, there is a recognised need for further guidance that can be achieved through open collaboration between the public and private sector. Although the report focuses on the financial, public, and defence sectors, its main takeaways can easily be extended to other critical domains—transport, energy, healthcare, and many more. The principles are the same, and the urgency is the same. This report is an important step forward, and my hope is that the ideas it lays out help shape the conversations and, more importantly, the actions we need across the EU. A well-aligned and coordinated transition is essential if we want the whole ecosystem to move toward a new age where we manage cryptography in a more mature, proactive, and resilient way. Kudos to CEPS, lorenzo pupillo, Carolina Polito, Swann A. and Afonso Ferreira, PhD for achieving this milestone. https://lnkd.in/dpWJ86q2

🚨Quantum computing is no longer a theoretical debate for blockchain. It is becoming a strategic infrastructure risk. After reading the latest Coinbase Independent Advisory Board report on Quantum Computing & Blockchain, I believe there are 3 critical points every executive in digital assets, banking and blockchain infrastructure should understand: 1️⃣ The real quantum threat is NOT today… but waiting is dangerous One of the strongest conclusions of the report is surprisingly balanced: 👉 the cryptographic collapse is not imminent 👉 but preparing late would be a massive mistake Breaking current blockchain cryptography requires a fault-tolerant quantum computer (FTQC), something enormously more complex than today’s machines. But here is the critical insight: Migration to post-quantum security may take a decade or more across: • blockchains, wallets • exchanges, custodians • validators, institutions NIST is already recommending PQ migration strategies before 2035. This means the strategic problem is no longer “if”. It becomes: “How do we migrate global blockchain infrastructure without breaking scalability, performance and trust?” 2️⃣ The biggest blockchain challenge is NOT encryption. It is consensus. Most people think the problem is simply replacing wallets signatures. The report explains the real issue is much deeper. Modern blockchains depend heavily on: • BLS aggregation • threshold signatures • validator synchronization • consensus-level cryptography And today… There is NO clean post-quantum replacement for many of these systems. This is critical because: • Ethereum • Sui • Aptos • many PoS chains depend on aggregation mechanisms that quantum-safe cryptography still struggles to replicate efficiently. Meaning: Post-quantum migration may require redesigning parts of blockchain consensus itself. Not just changing wallets. 3️⃣ Quantum simulation may become the hidden accelerator of the threat This is probably the most important strategic takeaway in the entire paper. The report explains that the main commercial driver for quantum computing is NOT breaking crypto. It is: financial, liquidity and reserve business Why does this matter? Because if quantum simulation becomes economically valuable, investment and hardware progress could accelerate dramatically. And cryptographic capabilities would emerge as a byproduct. In other words: The future quantum risk to blockchain may not come from “hackers”. It may come from successful industrial adoption of quantum computing itself. My conclusion? The blockchain industry needs to stop treating post-quantum security as a theoretical research topic. This is becoming: • a governance problem • an infrastructure problem • a migration problem • a consensus architecture problem And the organizations that begin preparing now will likely become the trusted infrastructure providers of the next era of digital finance. Alfredo Joaquim John David

Happy to see my article has been published at ABP Live on "Beyond AI: Why Quantum-Safe #Cryptography Is a Business Imperative in 2025" The alarming rise in cyberattacks—both in India and globally—makes one thing painfully clear: traditional encryption is no longer enough. In India alone, businesses stand to lose ₹20,000 crore this year, while global cybercrime costs are projected to reach $13.82 trillion by 2028. Even worse? The impending quantum era threatens to render our current cryptographic systems obsolete. Technologies like RSA, which power everything from internal communications to critical external collaborations, are vulnerable to quantum-enabled decryption. So what must businesses do right now? Embrace Quantum-Safe Messaging: Opt for end-to-end encrypted platforms designed to withstand quantum attacks, especially for communications with clients, partners, and vendors. Follow Standards and Best Practices: NIST has already rolled out the first wave of Post-Quantum Cryptography (PQC) standards—like ML-KEM for encryption and ML-DSA for digital signatures. Think Strategically, Not Just Tactically: Transitioning to PQC is more than a technical upgrade—it’s a strategic initiative. Build governance, crypto-agility, and roadmap planning into your cybersecurity strategy. What the world is doing: - Europe aims to migrate to quantum-safe encryption by 2030, starting with risk assessments and awareness campaigns in 2026 - The UK’s NCSC is urging organizations to begin full migration planning by 2028 and complete it by 2035 - Setting an example in the private sector, it has integrated post-quantum encryption into its WireGuard and Lightway protocols using NIST’s ML-KEM algorithm Reports from India’s BFSI sector show a worrying lack of readiness—yet almost 58% of CISOs recognize the threat within the next three years Key takeaway: Quantum-safe cryptography isn’t a futuristic concept—it’s a present-day necessity. The threat of "store now, decrypt later" attacks means the data we transmit today may be vulnerable tomorrow. Waiting isn’t an option Whether you’re in BFSI, government, telecoms, or healthcare, the time to act is now. Let’s lead the shift toward a secure quantum future. #QuantumSafe #Cybersecurity #PostQuantumCryptography #CryptoAgility #DigitalTrust #QuantumReady #QNulabs QNu Labs

The tension between maximizing data utility and upholding stringent privacy is a defining challenge. How can we leverage sensitive information for analytics, AI training, or collaborative research without ever exposing the raw data itself? Homomorphic Encryption (HE)—a cryptographic approach that promises to solve this dilemma. Imagine performing computations directly on encrypted data, without any need for decryption. It's like giving someone a locked box, letting them process its contents, and getting a new locked box back, all without them ever seeing what's inside. Where could this technology revolutionize data privacy? ✅ Cloud Computing: Securely outsourcing powerful analytics or privacy-preserving AI/ML model training to untrusted cloud environments, maintaining data confidentiality end-to-end. ✅ Healthcare & Genomics: Facilitating collaborative medical research across institutions on encrypted patient records or genomic data, accelerating breakthroughs without compromising individual privacy. ✅ Financial Services: Enabling fraud detection, risk assessments, or credit scoring by analyzing encrypted financial transactions, ensuring regulatory compliance and protecting sensitive customer portfolios. ✅ Government & Defense: Enabling secure intelligence sharing and processing of classified data in multi-party or untrusted environments. However, the challenges are: 🔴 Performance Overhead: Current HE schemes are computationally intensive. Operations on encrypted data are significantly slower and resource-heavy compared to plaintext operations, making real-time applications a hurdle. 🔴 Complexity: Implementing and securely managing HE systems requires deep cryptographic expertise, posing a barrier for many organizations. The learning curve for developers is steep. 🔴 Data Expansion: Encrypted data often becomes significantly larger than its original plaintext, leading to increased storage and bandwidth requirements. 🔴 Limited Operations (Historically): While strides have been made, not all complex operations are equally efficient or even possible with current HE schemes. It's a highly specialized toolkit. 🔴 Bootstrapping: A key technique required to "refresh" noisy ciphertexts to allow for more complex computations, but it's one of the most computationally expensive steps. Despite these hurdles, the progress in libraries like SEAL, HElib, and TFHE is truly remarkable. It promises a future where data utility and privacy can coexist. What are your thoughts on Homomorphic Encryption's potential impact on cybersecurity and data privacy? #DataSecurity #Encryption #HomomorphicEncryption #SecureData #DataPrivacy #CyberSecurity #SecureProcessing #CloudComputing #TechInnovation #DataProtection

The biggest threat to your data isn’t happening tomorrow. It happened yesterday. If you haven’t heard of HNDL (Harvest Now, Decrypt Later), your long-term data strategy has a massive blind spot. Here is the reality: State actors and cybercriminals are capturing your encrypted data today. They can’t read it yet, so they’re storing it in massive data vaults, waiting for the "Qday"—the moment quantum computers become powerful enough to break current encryption. If your data needs to stay private for 5, 10, or 20 years, it’s already at risk. What’s on the line? ↳ Intellectual Property (IP) and trade secrets. ↳ Government and identity data. ↳ Long-term financial records and contracts. ↳ Sensitive customer health data. How do we solve it? 🛠️ We cannot wait for quantum supremacy to react. The fix starts now: ↳ Inventory: Identify which data has a long shelf-life. ↳ Crypto-Agility: Move toward systems that can swap encryption methods without a total overhaul. ↳ Hybrid PQC: Implement Post-Quantum Cryptography alongside classical methods to ensure traffic captured today remains a mystery tomorrow. The transition to quantum-resistant security is a marathon, not a sprint. Are you tracking HNDL on your current risk register? Let’s discuss in the comments. 👇 P.S. If you want help mapping your exposure or building a PQC migration plan, drop me a message. ♻️ Share this post if it speaks to you, and follow me for more. #QuantumSecurity #PQC

Apple adds Homomorphic Encryption - and nobody noticed. This is a big deal. As I’ve written before, this kind of thing is very much below the waterline. Invisible to most users. Here’s what their new post announces: “By performing computations locally on a user’s device, we help minimize the amount of data that is shared with Apple or other entities. “Of course, a user may request on-device experiences powered by machine learning (ML) that can be enriched by looking up global knowledge hosted on servers. “To uphold our commitment to privacy while delivering these experiences, we have implemented a combination of technologies to help ensure these server lookups are private, efficient, and scalable. “One of the key technologies we use to do this is homomorphic encryption (HE), a form of cryptography that enables computation on encrypted data. “HE is designed so that a client device encrypts a query before sending it to a server, and the server operates on the encrypted query and generates an encrypted response, which the client then decrypts. “The server does not decrypt the original request or even have access to the decryption key, so HE is designed to keep the client query private throughout the process.” Oddly, I’ve seen very little of this announcement online. Perhaps because it’s kind of a technical, nerdy article? But as I’ve written before, privacy tech like Homomorphic Encryption (HE) is coming. And now it’s coming to Apple, at scale. Can you see the threads coming together? 👉 Digital wallets with secure, portable and private digital ID 👉 Personal storage and vaults 👉 Small Language Models and on-device LLMs 👉 Privacy-enabled cloud AI using HE The most interesting bit is that Apple has open sourced its Swift implementation of HE. Meaning it’s now available to all app developers: “Introducing HE into the Apple ecosystem provides the privacy protections that make it possible for us to enrich on-device experiences with private server look-ups. “To make it easier for the developer community to similarly adopt HE for their own applications, we have open-sourced swift-homomorphic-encryption, an HE library.” The path to Empowerment Tech is getting clearer. And Apple is opening the door. More about this, and the future of digital customer relationships, in this week’s Customer Futures newsletter. Link below👇 #EmpowermentTech #CustomerFutures #DigitalWallets

🚨 NEW PEER-REVIEWED RESEARCH: PQC Migration Timelines Excited to share my latest paper published in MDPI Computers: "Enterprise Migration to Post-Quantum Cryptography: Timeline Analysis and Strategic Frameworks." The transition to Post-Quantum Cryptography (PQC) represents a watershed moment in the history of our digital civilization. Organizations planning for a 3-5 year "upgrade" will fail. The reality is a 10-15-year systemic transformation. Key Contributions: 📊 Realistic Timeline Estimates by Enterprise Size: Small (≤500 employees): 5-7 years Medium (500-5K): 8-12 years Large (>5K): 12-15+ years ⚠️ Critical Finding: With FTQC expected 2028-2033, large enterprises face a 3-5 year vulnerability window—migration may not complete before quantum computers break RSA/ECC. 🔬 Novel Framework Analysis: Causal dependency mapping (HSM certification, partner coordination as critical paths) "Zombie algorithm" maintenance overhead quantified (20-40%) Zero Trust Architecture implications for PQC 💡 Practical Guidance: Crypto-agility frameworks and phased migration strategies for immediate action. Strategic Recommendations for Leadership: 1. Prioritize by Data Value, Not System Criticality: Invert the traditional triage model. Systems protecting long-lived data (IP, PII, Secrets) must migrate first, regardless of their operational uptime criticality, to mitigate SNDL. 2. Fund the "Invisible" Infrastructure: Budget immediately for the expansion of PKI repositories, bandwidth upgrades, and HSM replacements. These are long-lead items that cannot be rushed. 3. Establish a Crypto-Competency Center: Do not rely solely on generalist security staff. Invest in specialized training or retain dedicated PQC counsel to navigate the mathematical and implementation nuances. The talent shortage will only worsen. 4. Demand Vendor Roadmaps: Contractual language must shift. Procurement should require vendors to provide binding roadmaps for PQC support. "We are working on it" is no longer an acceptable answer for critical supply chain partners. 5. Embrace Hybridity: Accept that the future is hybrid. Design architectures that can support dual-stack cryptography indefinitely, viewing it not as a temporary bridge but as a long-term operational state. 6. Implement Automated Discovery: You cannot migrate what you cannot see. Deploy automated cryptographic discovery tools to continuously map the cryptographic posture of the estate, identifying shadow IT and legacy instances that manual surveys miss. The quantum clock is ticking. Start planning NOW. https://lnkd.in/eHZBD-5Y 📄 DOI: https://lnkd.in/ejA9YpsG #PostQuantumCryptography #Cybersecurity #QuantumComputing #PQC #InfoSec #NIST #CryptoAgility

📌The financial sector has now moved from quantum awareness to quantum execution. Europol , FS-ISAC , and the Quantum Safe Financial Forum (QSFF), together with major financial institutions, published: “Prioritising Post-Quantum Cryptography Migration Activities in Financial Services” ; a practical migration framework designed specifically for financial institutions. What makes this report particularly relevant for #boards, #regulators, and #CISOs? It introduces a structured prioritisation methodology based on two measurable dimensions: 1️⃣ Quantum Risk Score Derived from: • Shelf life of protected data • Exposure • Severity of compromise 2️⃣ Migration Time Score Derived from: • Solution availability • Execution cost and time • External dependencies Migration Priority is determined by combining both scores into a risk–time matrix (see pages 8–10) of the Report below ⬇️ . ♨️ This shifts the conversation from “When will Q-Day happen?” to “Which business use cases require action now, and which require long-term orchestration?” Two examples in the report illustrate this distinction: 🔹 Points of Sale (#PoS) Medium quantum risk but high migration complexity due to hardware lifecycles, ecosystem coordination, and standardisation uncertainty (pages 12–15) . ⛔️Early planning is essential to avoid costly out-of-cycle replacements. 🔹 Public Websites (#TLS_confidentiality) Medium quantum risk but low migration time due to hybrid schemes such as X25519MLKEM768 already supported by major browsers and CDNs (pages 16–19) . ⛔️This is one of the earliest practical deployment opportunities for quantum-safe protection in production environments. Another important contribution of the report is its focus on cryptographic antipatterns (pages 21–24) . Before large-scale PQC migration, institutions can implement no-regret actions: • Automate TLS certificate lifecycle management • Standardise TLS configurations (TLS 1.3 baseline) • Eliminate legacy cipher dependencies • Remove hard-coded credentials • Strengthen key management governance This approach aligns closely with supervisory expectations: #quantum_readiness must integrate into existing risk frameworks, asset lifecycle planning, and vendor coordination. For financial institutions, the message is clear: ❌Quantum safety is not a single migration event. ❌It is a prioritised, staged governance programme that integrates cryptography, procurement, architecture, and regulatory alignment. Full publication: Europol (2026), Prioritising Post-Quantum Cryptography Migration Activities in Financial Services Available via Europol Publications Office: https://lnkd.in/d2bgsVKm #PostQuantumCryptography #PQC #QuantumRisk #FinancialServices #CybersecurityGovernance #DigitalResilience #CryptoAgility #QuantumTransition #FinancialStability

EY’s perspective on securing against #quantum #risks emphasizes that quantum #computing is rapidly evolving from a theoretical concern into a material cybersecurity threat that requires immediate strategic action. The core issue lies in the vulnerability of widely used cryptographic algorithms, such as RSA and elliptic curve cryptography, which could be broken by sufficiently advanced quantum computers. This creates a systemic risk to sensitive data, including financial information, intellectual property, and personal records. A central concept highlighted is the “harvest now, decrypt later” threat model, in which adversaries collect encrypted data today with the intention of decrypting it in the future as quantum capabilities mature. This makes quantum risk a present-day problem, particularly for data requiring long-term confidentiality. EY stresses that organizations must adopt a proactive and structured approach to quantum readiness. A foundational step is to conduct a comprehensive cryptographic inventory, identify sensitive #data, and map existing #encryption methods. This enables organizations to assess which systems are most exposed and prioritize remediation efforts. Transitioning to post-quantum cryptography (PQC) is a complex, multi-year transformation that requires careful planning, integration into existing #technology roadmaps, and alignment with emerging standards. Organizations are encouraged to build crypto-agility, allowing them to adapt encryption methods as technologies and standards evolve. EY also highlights the importance of #governance, #compliance, and #workforce readiness. Quantum resilience requires enterprise-wide coordination, including policy development, regulatory alignment, continuous monitoring, and personnel training. EY frames quantum cybersecurity not just as a technical upgrade but as a strategic #transformation initiative. Organizations that act early can strengthen resilience, improve cyber maturity, and gain a competitive advantage, while those that delay risk long-term exposure to data breaches, regulatory challenges, and erosion of #digital #trust.