Page last updated at 10:24 GMT, Wednesday, 21 May 2008 11:24 UK

Number keys promise safer data

Set of keys
The system hinges on multiple keys for multiple items
Sensitive computer files are to become both more secure and more flexible thanks to advanced mathematics.

Computer scientists at the University of California in Los Angeles have applied a fundamental rethink to improve the "one lock - one key" method that current encryption technologies such as RSA and AES operate on.

Amit Sahai, professor of computer science at the UCLA Henry Samueli School of Engineering and Applied Science, told BBC World Service's Digital Planet programme that they had decided to "rebuild the idea from the ground up," and developed the idea of multiple keys giving access to selected pieces of data.

"In our vision, we'll have some data that can be locked - but now that one lock is openable by many different keys in many different ways," he explained.

Key management

Currently, when information is encrypted, it is secured with a digital lock and key created together.

While this works well for individual computers, it presents problems on an industrial scale because company data has to be stored on large servers and accessed by large numbers of people.

The UCLA computer scientists point out that this leads to a big problem in terms of key management.

"That key management problem, of needing so many different keys to have access to all the files they should be able to have access to... is so complicated that they just don't use encryption," Dr Sahai said.

"Encryption is essentially not used by most large corporations, and to the extent that it is used, it is used incorrectly or in a silly way."

And in many systems, the key is put on the same server that holds the encrypted data.

Doctor examining x-ray
Access to medical records could become much more sophisticated
"If a hacker is able to break into that server, he not only gets the encrypted data, he gets the key that opens that data. So what's the point?" Dr Sahai said.

He said that a good example of how his system could work is a person's medical records. Whereas currently access to the records is on an all-or-nothing basis, the advanced encryption would allow different amounts of access according to a person's relation to the patient.

Dieticians would be able to see blood sugar levels, while oncologists can see cancer reports.

"Similarly, many different people - depending on who they are and what their position is - should be able to access many different aspects of my medical records," Dr Sahai said.

"What we want to do - and what we've done, to some extent - is to have a mathematical encryption scheme where you encrypt your medical record once, and then different people with different keys can open it in different ways."


Doing this with existing technology would mean all different aspects of data would have to be separately encrypted.

Meanwhile, Dr Sahai said that the "clever thing" about his system was that it was approached the problem using maths, rather than just as a data problem.

"We're trying to take some of the very difficult job that we give to the security engineer and actually put it into the mathematics itself," he said.

"Once you have this kind of expressibility in the mathematics itself, it makes the job of the security engineer that much easier - because the mathematics is protecting you."

Download or subscribe to this programme's podcast


Memory trick breaks PC encryption
05 Mar 08 |  Technology
Campaigners hit by decryption law
20 Nov 07 |  Technology
How to keep your wi-fi network safe
27 Apr 07 |  Technology
Largest Prime Number discovered
07 Jun 04 |  Science/Nature

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific