Blog

If there is one constant in the tech news, it is the reality of the varied sorts of individuals and countries who are all trying to steal the most valuable data generated and used by enterprises. When you think about the many defense-in-depth security a

The idea of security with zero trust is somewhat of an oxymoron. If I can’t trust anything, then it’s impossible to achieve security. However, the fallacy here is in the interpretation of what “zero trust” itself actually means. In the NIST, The Institute of

In an interview on 60 minutes on April 11, 2021, the Federal Reserve Chairman Jerome Powell stated cyberattacks as the major risk to our economy today. In answer to a question about the probability that a crash like 2008 will happen again now, Powell

  The importance of cryptographic key management and protection is well known. All of cryptography relies on secrets and keys, and these need to be managed as well as kept out of the hands of attackers. Due to this, solutions for key management and p

It’s an interesting time in the world today.  We were plagued by many distractions over the past year; COVID-19, a shifting political climate, and a long-awaited demand for equitable sociocultural enhancements. Now, my statement does not mean that I see these things as true dist

It is with great pleasure that we announce the Unbound CORE platform, our next generation solution offering that delivers comprehensive cryptography orchestration for enterprises. This new offering marks a major shift in our approach as a company and how we support the evolution of cryp

Encryption has evolved significantly since the first signs of it in 1900 BCE. The one unifying trend? The need to keep secrets, as can be seen in how encryption has evolved over the years. If we go back in time, it is clear that e

Cybersecurity professionals not only have to worry about the increase in security breaches and attacks that have dominated the news in recent weeks; they must also contend with the persistent feeling of not doing enough, risking too much, and overall cyber burnout. When

When my co-founders, Prof. Nigel Smart and Guy Peer, first founded Unbound and our cryptography orchestration platform that enables organizations to protect and manage keys of any type in any environment, it was a result of years of research on secure multiparty computation

After almost a decade as a digital marketer, I have seen the digital experience change year over year – but 2020 proved to be the one that has challenged us all.  Here are my confessions as a digital marketer. Digital marketers are challenged to

Mimecast reported yesterday (January 12, 2021) that attackers had compromised a certificate used to authenticate some Mimecast services to Microsoft 365 Exchange. They haven’t released many details, but it seems that the private key used to authenticate Mimecast products to Microsoft 365 was breached. Mim

On January 5, 2021, several US government agencies formally blamed a nation-state entity named “Cozy Bear” – widely thought to be of Russian origin – for infiltrating at least 18,000 US-based private networks and government agencies. The attack resulted in the distribution of malwa

The problem isn’t a new one, yet it seems we have to continue to state the obvious – SMS-based OTP just does not provide good enough security. As this recent headline can attest, massive fraud that resulted in millions being stolen from online bank

  Researchers from three universities in Europe (Austria, Germany, and the UK) have recently published a new attack on Intel chips, called PLATYPUS. Not to be confused with the well-known monotreme, this PLATYPUS is a new side-channel attack that is worth taking note of. In this blo

As our digital footprint continues to grow even more rapidly by the expanding remote work world, more and more enterprises have shifted their focus to the cloud. For those with heavy investments in on-premise infrastructure, hardware security modules (HSMs), or even apps partial

As we head towards the start of a new year and begin our planning cycles, we do this with renewed confidence in our leadership in cryptographic solutions. I am pleased to announce that we have just closed a Series B investment led by Evoluti

There are very few scenarios where security is more important than in the world of digital assets. If the key protecting a digital asset is compromised, then it’s game over. At the same time, trading digital assets will only enter the mainstream when it’s

Cryptographic Validated and Easy to Use Multi-Party Approval Structures The setting of multiparty computation (MPC) is one where a number of distinct, yet connected, computing devices (or parties) wish to carry out a joint computation of some function while preserving certain security properties in th

Cryptography forms the basis of much of our digital infrastructure and the services built around that infrastructure. Whether it be about accessing mobile phone networks, our online or ATM accessed bank accounts, paying for something online, or the task of passing through automated passpor

SIM swapping has become one of the most common attacks on Internet-of-Things (IoT) devices over the past 5 years – and anyone with a cell phone is at risk. In January 2020, Princeton researchers determined that 17 out of 140 online services and websi

In security, a “root of trust” is an element that can be trusted and then used to ensure that the entire system is secure. In cryptography, it can be used to mean many things, but the most basic root of trust is that cryptogra

The old adage of “why do robbers target banks? Because that’s where the money is,” has never rung truer as it does today when we consider the increase in security attacks designed to gain access to identity credentials. Now more than ever, businesse

When you think “authentication,” what comes to mind? For most security professionals, authentication = passwords, and the many security issues which passwords have created over the years when verifying identity. Password-driven security has always incurred a bad reputation. This is primarily due to

Let’s play out a scenario: you’re a mid-sized organization (or larger) dealing with cryptocurrency and blockchain keys – and you must keep them secure. Your organization has decided not to develop its digital asset security infrastructure internally. (Perhaps after reading our last blo

In Bitcoin and other cryptocurrencies, the use of hierarchical deterministic wallets (HD wallets) is a widely accepted practice. Loosely speaking, such wallets work by having a single master key (or master secret) and then deriving all keys from the master key. There are

The world is in the grip of a pandemic that has shut down the economies of all countries, imposed restrictions on freedom of movement, and more importantly is leading to the deaths of thousands of people. The problem is that the virus can be c

This is the fourth blog in a series about infrastructure for protecting tokenized assets. To recap: “Do-it-yourself” (DIY) – or in-house, self-built solutions – rely heavily (or exclusively) on internal resources (for setup, execution, and maintenance) to build and maintain their transaction signing and cryptocurrency holding systems. Security-as-

In April 2020, over 4 billion people are under a form of shelter-in-place or stay-home orders worldwide due to the coronavirus pandemic.[1] With work-from-home as the new normal, videoconferencing application Zoom has become the preferred platform – experiencing a spike from an aver

In honor of Women’s History Month and #HyperledgerWomen, we interviewed Unbound’s Director of Digital Asset Security & Blockchain, Rebecca Aspler to get her thoughts specifically on blockchain security. RA: “Worldwide spending on blockchain solutions reached 2.7 billion USD in 2019, and is projected

Looking for new infosecurity influencers to follow? Tired of the same personalities on your feed? Unbound chose to shine a new light on 7 influencers with two of three characteristics in common:   They have under 20,000 followers; or  They cover infosec topics from new and innovative angles; or  They cover multiparty computation

In this blog series, I will describe what secure multiparty computation is, what it can be used for, how it works (to some extent), and more. My aim is for the majority of the content to be accessible to a general reader, wit

A look at digital asset security infrastructure via the in-house deployment of a platform solution developed by a security expert vendor. Scenario: You’re a CISO looking to secure your financial services organization’s digital assets — and secure them effectively and efficiently for the l

  This is the eighth and last blog in a series aimed at explaining the growing use of MPC and threshold signing to protect cryptocurrencies. Check out the rest of the blog posts in this series: Shamir Secret Sharing and Quorums Threshold Signature Schemes A

If you’re managing a custodian service, you may be feeling a new wave of change starting to impact your business. Long gone are the days of strictly physical asset protection, investment, and transfer; and with blockchain and cryptocurrency adoption on the rise, the latest ad

CyberHub Engage hosted Prof. Yehuda Lindell, Co-founder & CEO of Unbound Security on their Friday Wrap Up discussing the latest headlines in cybersecurity. Breakdown of episode: (2:25) Defending against Sodinokibi Ransomware (4:29) An encryption defense against Ransomware (7:50) How to prevent Ransomware from encr

Using the public cloud has become the de-facto standard for many organizations, many of which use two or more public cloud services providers, along with on-premise data centers and the private cloud. IT environments for many organizations are now more distributed than ever bef

Last week, I had the pleasure of attending the Real-World Cryptography conference (RWC 2020) in New York. There was a large attendance with over 600 people (yes, this is a large number for an academic cryptography conference), who came to hear about academic

This is the seventh blog in a series aimed at explaining the growing use of MPC and threshold signing to protect cryptocurrencies. The rest of the blog posts in this series can be found at the end of this article. Brief Recap In the

A new paper by researchers at KeyFactor shows how an extremely high number of RSA keys on the Internet can be completely broken, in a very short time. Out of 75 million RSA certificates scraped from the Internet between 2015 and 2017, a whoppin

This is the sixth blog in a series aimed at explaining the growing use of MPC and threshold signing to protect cryptocurrencies. The other posts in this series can be found at the end of this article. Brief Recap In the first five blog

A new yet another attack on SGX, called Plundervolt, works by playing around with the clock speed and voltage to the chip in order to induce an error in the computation that can be used to extract cryptographic secret keys. To an ordinary per

You’ve probably noticed when surfing the web, some browsers show a special indicator like a green bar containing the company name, or in some instances, completely replacing the URL with the company name. This is a result of Extended Validation (EV) certificates—a type o

As your digital asset services business grows, so does the risk of loss. Scaling your businesses means scaling your blockchain key security. With the “gold standard” being cold (offline) storage for blockchain keys, however, keeping both security and trading speed at the top standar

This is the fifth blog in a series aimed at explaining the growing use of MPC and threshold signing to protect cryptocurrencies. Brief recap In the first four blog posts in this series (Shamir Secret Sharing and Quorums, Threshold Signature Schemes, Additional Properties of Threshold

 This week, Prof. Nigel Smart answers the latest of the internet’s burning questions: What is public-key cryptography in layman’s terms? How is it related to prime numbers? How do I teach the workings of public and private key encryptions as a game among

 In this all-new episode of “Ask the Professor,” Prof. Nigel Smart addresses a medley of the internet’s best cryptography questions: Can a combination of a digital signature and public-key cryptography be considered a hybrid cryptosystem? How can cryptography be explained to a lay

 In this all-new episode of our hit series, “Ask the Professor,” Prof. Nigel Smart answers the following questions: What is the difference between a one-shot MPC protocol and an unbounded invocation of multiple MPC protocols? Would public key cryptography have been possible

This is the fourth blog in a series aimed at explaining the growing use of MPC and threshold signing to protect cryptocurrencies. Brief recap In the first three blog posts in this series (read Shamir Secret Sharing and Quorums, Threshold Signature Schemes, and Additional Prop

One is often asked as a Professor to explain some complex aspect of security in an easy way. This week I saw an interesting talk which explained cache attacks via means of cookery. So let me share this with you. Imagine you are in

This is the third blog in a series aimed at explaining the growing use of MPC and threshold signing to protect cryptocurrencies. Brief recap In the first two blog posts in this series (Shamir Secret Sharing and Quorums and Threshold Signature Schemes), I describe

In this episode of “Ask the Professor,” Prof. Nigel Smart answers the internet’s burning questions: Why can’t one figure out the private key by looking inside the public key? How can you lose your head in cryptography? Why did you get into cryptography? In the �

Quantum computers. They’re making headlines for all sorts of use cases – but what will it mean for the future of cryptography?   Plus: Why garbled circuits can’t be reused, and the skinny on government backdoor policies in crypto.   In the ‘Ask the Professor’ video series,

In July 2019, the cryptocurrency investment community woke up to shocking news: Japanese exchange BitPoint had been hacked – withstanding $28 mil USD in losses. Here’s what we know:   In the heist, hackers pilfered the funds from the company’s software-based, or “hot” wallets. These wallets held 5 different coins,

This is the second blog in a series aimed at explaining the growing use of multiparty computation (MPC) and threshold signing to protect cryptocurrencies. Brief recap In the first blog post in this series, I described why key protection alone is not enough for p

In this video, Prof. Smart gives an analogy about distributed trust: sharing secrets without knowing who you’re sharing with. He also answers if it’s better to learn classical cryptography vs. quantum key distribution and the question we’ve all been wondering: Why would an academic cry

In the crypto-native community, exchanges get a bad rap. Between a plethora of cryptocurrency exchange breaches since 2014 and high-profile insider theft cases, the smart investor usually chooses a custodial solution, not an exchange, to keep their vital funds. Exchanges’ poor reputation is

Cryptocurrency began as a venture of the anarchist underground. In 2009, Satoshi Nakamoto’s genesis block debuted with text referencing the front page of the Times, and the January 3 headline about bailouts. Crypto arose as the ultimate antithesis of the traditional banking system and

2018-9 continues to be the year of the hack, with 23 recorded exchange hacks within the past 18 months. 2018 had an “ebb and flow” of hacks, with a cluster of hacks every 2-3 months. But as 2019 continues with what seem

This is the first blog in a series aimed at explaining the growing use of MPC and threshold signing to protect cryptocurrencies. The Problem: Key Protection is Not Enough As we all know, one of the primary features of cryptocurrencies and blockchain-based distributed l

“Ask the Professor” is back!   For those not familiar with “Ask the Professor” – it’s a series worth watching for anyone involved in the cybersecurity or cryptography communities. Professor Nigel Smart, a world-renowned expert in applied cryptography, and professor at the COSIC group at the KU Leuven,

What is MPC? Secure multiparty computation (MPC) is a technology that enables different parties with private inputs to carry out a joint computation on their inputs without revealing them to each other. For example, it is possible for two people to compare thei

Ever wondered how it’s possible to hack a hardware security module (HSM)? ​We recently had the opportunity to chat with Dr. Fotis Loukos, researcher at the Aristotle University of Thessaloniki and Director of Security Architecture at SSL Corp.  We also spoke to him about standardization testing

When it comes to secure custody solutions for cryptocurrency and digital assets, the golden era of hardware is on its way out.   On the surface, HSMs remain popular for institutional cryptographic key custody, blockchain or not – and cold wallets reign supreme in crypto-enthusiast culture on Twitter and Google alike.

Code signing proves the identity of the source vendor of a software (only the private code signing key holder can create the signature) and verifies that the code has not been tampered with since being published. Code signing can be done in two p

Hardware Security Modules (HSMs) are physical boxes that carry out cryptographic operations, and never reveal the keys inside. They are designed to have very high security, and as such, are used to protect an organization’s most valuable cryptographic keys. Due to their long hist

In this blog, we will explore how one can provide a highly available key management and vHSM service, for the relevant cryptographic use cases, comparing Unbound pure-software technology to the legacy HSMs. The digital revolution has transformed the landscape of business. Traditional high availa

Gluing the terms software-defined and cryptography together in one phrase may seem counter-intuitive at first. Just like the realm of networking where the software-defined trend first gained momentum, cryptography has firm roots in hardware. To be more specific, purpose-built hardware has been the

Crypto hygiene, surprisingly enough, is a lot like personal hygiene. Just like showering regularly and brushing teeth twice daily is vital for combating and preventing illness and maintaining overall well-being, organizations must practice good crypto hygiene to reduce security risk and maintain good business health.    However, just like one needs to brush one’s teeth correctly in order to prevent cavities, organizations need the know-how and c

Those familiar with the cold storage/hot storage debate know that in the eyes of the public, cold storage wins. Google trends data from the past 5 years reveals that while multi-sig has the most buzz, cold storage is more talked about than hot wal

It was revealed two weeks ago that hackers had broken into computer giant ASUS’ servers and compromised their code signing keys.  According to Kaspersky Labs, ASUS’ software update system was hacked and used to distribute malware to about 1 million Windows computers. The malware was

Blockchain breaches and cryptocurrency heists continue to change in 2019 – from the exchange hacks we know to a new, scary brand of theft from rogue insiders. The latest victim of the rogue insider trend is Bitthumb, which suffered its third hack in

Samuel Ranelluci, Unbound’s Chief Scientist, had the opportunity to attend and speak at the NIST Threshold Cryptography Workshop this year. What is threshold cryptography? In a nutshell, threshold cryptography involves having multiple parties run a computation over private data to generate a public outpu

We’ve taken the past couple of weeks to reflect on RSA and consider the many things we learned. In addition to receiving socks, t-shirts, pens and iPads, attendees were genuinely interested to learn about the many new products and technologies exhibiting at the

Hardware Security Modules (HSMs) have been the financial sector’s go-to key protection strategy for the past two decades. Multi-Sig has become the default choice for crypto-native institutions that want to secure cryptocurrencies and blockchain transactions. Both are well-known and well-documented – but have many disad

Imagine a scenario where data is kept on hard drives or disks you own, phones can only… well… make phone calls (or send simple text messages), and the currency is only of the traditional fiat kind. Welcome to 1999. Back then, cryptographic keys wer

We’re several days after 2019’s “Proof of Keys” — an annual event, started by crypto investor and podcaster Trace Meyers, encouraging cryptocurrency investors to withdraw their holdings from cryptocurrency exchanges in order to promote Bitcoin’s founding principles of monetary independence and decentralization �

2018 was a stormy year for the crypto-asset market. We’ve seen the market cap swing from a nearly $800 billion high in January to $100 billion low in December, according to CoinMarketCap. Governments and leading financial institutions contemplated their stances on and activity in t

The anatomy of attacking a crypto exchange There is a famous quote associated with Willie Sutton, a famous 20th-century American bank robber. When he was asked why he robbed banks, he simply answered: “Because that’s where the money is.” This simple and obvious tr

Prof. Nigel smart answers: What are garbling circuits? What books would you recommend to learn more about public-key cryptography? Is cryptography concerned with worst or average case difficulty to solve problems? In the ‘Ask the Professor’ video series, Professor Nigel Smart, a world-renowned

Most exchanges — fiat or cryptocurrency — maintain an operational strategy that involves aggregation of funds from multiple consumers’ accounts into a single higher-level account. In the cryptocurrency space this is known as a ‘co-wallet’ strategy. By means of introduction, the co-wallet strategy ass

10 years into the blockchain revolution, how do we safeguard crypto assets today? Soon, on 3 Jan 2019, it would be exactly a decade since the day when the genesis block of bitcoin was mined. Interestingly, this block included a header published at the

In this video, Prof. Nigel Smart answers whether double layers of encryption make information more secure. What’s the best way to make sure data is protected when one layer can be breached? What is the most ideal way to encrypt information? In the �

Preface In this blog, we will delve into BYOK approach to security model of the encryption keys in the cloud. We will also cover how Unbound Key Control can be used to securely enable a multi-cloud strategy for the enterprise. Cloud Security Model for Cry

Since the publication of the Spectre and Meltdown attacks in January this year, security researchers have been taking a close look at speculative execution and its security implications. Recently, research independently conducted by two groups of researchers (a first team from KU Leuven in

In our recent blog post on NY-DFS compliance requirements, we discussed the significant role of encryption as a means for financial institutions to implement security controls over non-public data in their possession. Encryption is an intricate topic, as there are multiple ways to analyz

If you’re a financial institution that does business in New York State, then you most likely already know about the New York State Department of Financial Services Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500), commonly referred to as the NY-DFS Cybersecurity Regula

In our latest video from Prof Smart we hear about a number of issues in cryptography: The one which sticks out is how to securely implement online dating. This is particularly timely given the recent upgrade to Tinder in encrypting photos…Prof Smart however ta

Preface In this blog post, we’ll review some of the greatest breaches of 2017 & 2018, and how they could have been avoided by proper use of encryption and key management best practices, including crypto-anchors. So without further ado, here is the list: Ma

Do you happen to have a crypto algorithm you’d like to introduce? Then get ready to do a thorough security proof; just because you can’t break it, doesn’t mean it’s secure. Prof. Nigel Smart discusses the process of introducing a cryptographic algorithm, what applica

As May 25th, the effective date of GDPR inception is just around the corner, we decided to take a closer look at how encryption can be leveraged to achieve GDPR compliance. A Few Words About GDPR The General Data Protection Regulation (GDPR) harmonizes data p

It was announced in early February that AV-TEST, an independent organization that tests antimalware and security software, discovered 139 samples of malware that “appear to be related to recently reported CPU vulnerabilities”—otherwise known as Spectre and Meltdown. The organization previously reported the discov

In this episode of ‘Ask the Professor,” Prof. Nigel Smart talks about Yao’s Millionaire Problem (how to reveal who is the richest millionaire w/out revealing how much money they actually have), in the case of two or more parties. Additionally, what do

In the first part of the cloud-native blog series, we introduced the various types of secrets that need protection in the cloud, the technical challenges and the business implications of security compromises. In the second part we deep-dived into current methods and gaps in

Data encryption. Cryptocurrency. These two crypto-based technologies are game-changers—the former old and tried, the latter still in its infancy—shaping the way business is done in the digital world. While most of us typically think of their positive, legitimate uses (consider secure communications, digital transac

Professor Nigel Smart is back for another episode of ‘Ask the Professor’. This time he discusses the Ideal World vs. the Real World in relation to protocol creation. He also answers the question—will Quantum Key Distribution ever replace Standard Cryptography (as we know i

Since hitting the news early January, the havoc caused by Meltdown and Spectre refuses to abate. These software side-channel attack vulnerabilities affect current and past processors, from 1995 and on. Problems with Patches Over the past few weeks, Intel has worked diligently to release software

Spectre and Meltdown The recent discovery of Spectre and Meltdown has once again highlighted the fact that we have a huge trust problem in our systems. In an idealized view of the world, software provides isolation between different processes, VMs, and so on,

Where is crypto headed? What does this mean for Post-Quantum Cryptography, Privacy, and Machine Learning? Prof. Nigel Smart discusses the future of crypto and explains the difference between Homomorphic Encryption vs. Multiparty Computation vs. Blind Computation and why the breaking of the Enigma Machin

Ever wondered what the difference between public key vs. private key cryptography actually means? Furthermore, why is quantum cryptography even important? Prof. Smart answers all of your questions and also explains how cryptography has changed in the past five years. In the ‘Ask the Pro

 Prof. Nigel Smart answers some fundamental questions about the mathematical guarantees of cryptographic algorithms, explains how Multiparty Computation (MPC) works, and most importantly, why he became a cryptographer in the first place. In the ‘Ask the Professor’ video series, Professor Nigel Smart, a world

This is the second part in a three-part blog series titled “Introduction to Cloud-Native Secrets Management”. In the first part of the Cloud-Native blog series we introduced the various secrets types, the technical challenges, and the business implications of misusing secrets in a Cloud-Native enviro

This is the first part in a three-part blog series titled “Introduction to Cloud-Native Secrets Management”. The Need to Protect Cloud-Native Technologies Over the last several years, a massive transition from on-premises to the cloud is taking place, resulting in a significant increase in the ad