The Man Who Wants To Encrypt Everything
The Los Angeles Police Department has its own Eye of Providence, a 20-foot-long flat-screen mosaic in a windowless downtown control room fed by dozens of info?streams, including the police scanner, CCTV feeds, YouTube, Twitter TWTR -1.17% and criminal databases. When crime occurs, it shows up as a blinking alert on a yards-wide video map designed by Palantir, the deep-analysis software startup out of Silicon Valley with a $20 billion valuation. Its brainiacs are prized for their ability to find needles in haystacks for three-letter agencies around the world.
Matthew Tamayo-Rios built much of that map while at Palantir, but the 29-year-old computer scientist switched teams a year ago to start Kryptnostic, whose potentially groundbreaking data encryption could stymie the police and intelligence agencies from finding any needles whatsoever. At the heart of Kryptnostic’s offering is something called “fully homomorphic encryption,” a chimera in security circles until now.
Standard encryption scrambles data and locks it up using numerical keys generated algorithmically by multiplying huge primes. It’s so difficult to crack that hackers usually go after the data when it’s being worked on in a decrypted state by another application. Homomorphic encryption adds a different layer of algorithms that allow you to work on the data without ever unscrambling it, leaving no openings for bad guys.
What’s hindered homomorphic technology in the past is that it was horribly computation-intensive. IBM IBM +0.68% scientist Craig Gentry, whose influential 2009 paper confirmed homomorphic technology could work, said it would multiply the time it takes for a typical Google GOOGL +0.61% search a trillionfold. But Gentry’s approach added an extra step or two of math in order to correct errors naturally cropping up in the encryption and decryption steps. Kryptnostic’s approach eliminates the need for the extra calculations by correcting errors on the fly.
What a libertarian utopia it would be were all data encrypted all the time. Suddenly the extremely valuable mountains of data now off-limits would become available to interested parties free of privacy or surveillance concerns, a boon to democracy activists and nihilists alike. Drug researchers could analyze reams of personal health records with no fear of de-anonymizing patients. Politically motivated tax agents could never snoop on their enemies’ returns if the data were all homomorphically encrypted.
And yet such are the paradoxes at play in the realm of cybersecurity that Kryptnostic is already in bed with the cops. The startup is working with California’s Association of Law Enforcement Intelligence Units to let police nationwide share sensitive case files securely across state lines without exposing the information. Other early users include insurers and a cybersecurity firm, all of which asked not to be named. Tamayo-Rios says one of the world’s largest private equity firms is on board, too.
The young founder understands the conundrum he’s spawned, but he’d rather provide armor for everyone than witness more breaches. Tamayo-Rios was one of 22 million government employees and contractors whose data was leaked in the devastating attack on the U.S. Office of Personnel Management revealed in June. “Not working with the government is not going to stop them from doing what they’re doing, and it’ll just result in stuff like my own personal records being leaked,” he says.
The corkscrew-haired, quietly confident coder has a mischievous side, though. He says he once hacked his own mom’s latin music store to access a stock database. He then ensured a consistent supply of ice cream. He’d later apply his skills to more serious tasks, like shoring up Windows operating system security during nearly five years at Microsoft MSFT +0.00%
He has now assembled a small yet stellar cast of engineers pinched from Palantir, Google and Microsoft. In March it raised $2 million from Index Ventures, Felicis Ventures and superangel Michael Dearing’s Harrison Metal. Despite the various customer trials under way, Kryptnostic has yet to coax any customers to pay for its software.
Homomorphic technology’s biggest hurdle to mainstream adoption is persuading businesses and individuals to go through the inconvenient step of converting their data to a new, more secure service when it already exists on other services. To raise awareness of his technology, Tamayo-Rios says he’s prepping Kodex, a free “lite” version of his file-sharing and chat service as a consumer app on iOS and Android. It will have similar features as Dropbox or Slack but will give users the ability to share and search confidential data without ever decrypting it. An early version seen by FORBES looked less slick than Slack, but Tamayo-Rios would rather get to market with a secure alternative to Dropbox and Slack, both of which have suffered security breaches, than wait for something polished.
Tamayo-Rios also suffered through a rocky first year. His cofounder and childhood friend Ivy Nye quit within six months of the company’s founding, heading back East to Virginia, where his wife was due to give birth. In May the third cofounder, Sina Iman, also left after disagreements over how to manage new hires. “We had our differences, and it just didn’t work out,” Tamayo-Rios says. Iman is joining other former Palantir colleagues at Aurora Technologies, a financial services tech startup, but he had no bitter valedictory words for Kryptnostic. “I’m very excited for it–I think it’s going to change the way the people use the Internet,” he says, Skypeing in from a hotel in Ho Chi Minh City.
The company has to prove its software does a proper job of homomorphic encryption before that happens. As Gentry notes, Kryptnostic hasn’t yet produced enough evidence its algorithms do what Tamayo-Rios says they do. “I would be wary of creating false expectations,” Gentry adds.
Tamayo-Rios hopes to prove doubters wrong with a soon-to-be-released paper outlining Kryptnostic’s encryption scheme, co-written with noted French cryptographers Ludovic Perret and Jean-Charles Faugère, who work across Paris university UPMC and research facility INRIA. Perret says he has “no reason to believe that Kryptnostic uses in practice something different from what is described on the paper”. Either way, the release of that paper will be a sink or swim moment for Kryptnostic.
Meanwhile, competitors are on the way. Gentry says the cryptography community has developed his methods to the point that Google searches would take a million times longer, down from a trillion. And whilst they’re not as functional as homomorphic systems, searchable encrypted databases, where specific kinds of operations can be performed on information, are being readied by a range of firms, from giants like IBM to startups like ZeroDB.
There have also been some delays. The Android app, originally planned for August, won’t arrive until Thanksgiving, with an iPhone version out early next year. Kryptnostic expects the first corporate customers to start coughing up money within a month, Tamayo-Rios says. Beyond that, though, the outlook gets a little, well, cryptic. “It could be no one cares enough to move the bar. … It might be a fundamentally intractable problem.”
What the 70 million Forbes.com users are talking about. For a deeper dive go to Forbes.com/technology
THE IMPACT TEAM
The hacker coalition grabbed global attention when it breached infidelity site Ashley Madison; its data dumps exposed the company’s inner workings and the dirty little secrets of potentially tens of millions.
After its stock sinks back to its IPO price, all eyes are on the little blue bird as it restructures its leadership in the wake of ex-CEO Dick Costolo’s July departure.
THE GIG ECONOMY ON TRIAL
A federal court ruling granting three Uber drivers class-action status in a lawsuit against the ride service brings the debate over the legality of the contractor model to the fore.