Superencipherment Engine is a three-layer encryption protocol that uses existing block cipher standards. The inner and outer layers encipher data in discrete encryption events, each with a discrete algorithm and unique key. The middle layer splits the encrypted inner layer into randomly sized segments and encrypts each segment independently, each with a discrete algorithm/key combination. Since multiple, independent keys are used, breaking a single encipherment won’t reveal your data.
Superencipherment Engine extends the useful life of existing encryption suites and includes FIPS 140-2 approved algorithms as well as other global encryption standards. PKMS2 can also be updated to include new algorithms as they become available. While PKMS2 is integrated into SCI data security products, it is also available as the SCI Superencipherment Engine™, an integratable SDK.
The SuperEncipherment enables users to ensure that the algorithms used comply with legal or regulatory requirements (e.g., AES-256 for compliance with FIPS 140-2 Annex A), regardless of jurisdiction or country. Administrators can also restrict the encryption algorithms used to those compliant with local law.
In April 2016, the US National Institutes of Standards and Technology (NIST) issued NIST Interagency Report (NISTIR) 8105, Report on Post-Quantum Cryptography. NISTIR 8105 indicated that, by 2031, asymmetric encryption algorithms reliant on mechanisms such as the factoring of large prime numbers or the algebraic structure of elliptic curves over finite fields will face significant security challenges due to the advent of quantum computing. Conversely, the report noted that while symmetric encryption algorithms would be impacted by post-quantum (PQ) computing, impacts could be mitigated through the use of longer keys. Secure Channels’ Pattern Key Multi-Segment Multi-Standard (PKMS2) protocol and its software instantiation, the Superencipherment Engine (SeE) are designed to mitigate and minimize the impact of PQ computing on entities reliant on symmetric encryption protocols such as AES, 3DES, Twofish, Camellia or GOST for the protection of sensitive information.
PKMS2/SeE provides PQ computing protections for any set of symmetric block cipher algorithms selected for use by effectively doubling the key length. For example, in cases where symmetric block ciphers with 256 bit keys are used, the result of PKMS2/SeE processing is an effective key length of approximately 520 bits. With respect to impact on an attacker, the PKMS2/SeE process increases the attacker’s workload by a factor of approximately 2.97x10157. This effect is extensible regardless of key length. As a result, if an organization switches to a symmetric block cipher with a 384 or a 512 bit key, the use of PKMS2/SeE processing will continue to provide significantly augmented protection. The use of PKMS2/SeE processing provides an extensible buffer against the threats posed by PQ computing to symmetric encryption. The SE product is a deployable software library that can be integrated into existing application and network capabilities.