The rise of encryption-breaking quantum computers could pose a major danger to data safety, but until the technology becomes a reality, security professionals have other threats to worry about. One of them is the prospect of a hacker stealing the cryptographic keys that a company uses to scramble and unscramble its information, a risk that Dyadic Security Ltd. is working to mitigate.
The Israeli startup today said it has raised $12 million for its efforts from Goldman Sachs Principal Strategic Investments, Citi Ventures and Innovation Endeavors, the venture capital fund of Alphabet Inc. Executive Chairman Eric Schmidt. Dyadic will use the capital to raise market awareness about its security platform, which promises to enable a new type of “software-defined cryptography.” The offering is touted as a superior alternative to the traditional encryption systems that are in use today.
More specifically, Dyadic is looking to replace the hardware security modules, or HSMs, where many security-conscious companies store their keys. Because of their sensitive role, devices in this category usually come in a tamper-proof case, refresh ciphers on a regular basis and feature a variety of other mechanisms designed to keep hackers at bay. But Dyadic argues that such modules suffer from one critical flaw: They represent a single point of failure.
In other words, a hypothetical attacker who could somehow bypass the defenses of an HSM and steal its contents would have free rein over the targeted company’s data. Dyadic’s platform aims to reduce the risk of such breaches by implementing an emerging brand of cryptography known as multi-party computation that co-founder and chief scientist Yehuda Lindell, a professor at Israel’s Bar-Ilan University, helped pioneer.
Dyadic can distribute a key across virtual vaults it calls vHSMs that are designed to run on separate servers. These nodes work together to encrypt and decrypt data without ever bringing the cipher pieces together again in one place, which eliminates the single point of failure. According to the startup, compromising the platform would require attackers hackers to not only breach all the participating machines but also do so simultaneously thanks to the fact that keys are continuously refreshed.
Dyadic is targeting two main use cases with its technology. The first is protecting data that companies keep on their backend infrastructure, while the other is safeguarding the security credentials used by smartphones and connected devices. It approaches the latter task by providing a lightweight vHSM client that can be installed on end points to provide a “trust level comparable to dedicated secure hardware.”
The startup claims that its platform is already in use at “several” Fortune 500 organizations around the world. Dyadic seems to be placing a particular emphasis on the financial sector in its go-to-market efforts, which explains why Goldman Sachs and Citi contributed to today’s round.