Thought Piece

Part 4: I got 99 problems, but a breach ain’t one


< Back to Part 3: How nature holds the key to cybersecurity’s future


Ineffable Cryptography: The science behind a new era of cybersecurity

The future of security—now

Lessons from nature

So far in this series, we’ve explored why today’s cybersecurity models are flawed. We’ve discussed how centralized authority is the Achilles' heel of modern systems and how decentralizing authority, inspired by swarm intelligence, can protect against catastrophic breaches. But how do we make this revolutionary idea work in practice?

Enter Ineffable Cryptography—the breakthrough that makes decentralized authority not just possible but practical, economical, scalable and performant. Think of it as the secret sauce that allows us to decouple authority from individuals, systems, and even organizations, while maintaining airtight security. It’s not just a theoretical model; it’s backed by solid mathematics and years of research, validated by experts from RMIT University, Deakin University, UoW and others.

But don’t worry, we’re not diving into complex formulas. I’ll explain the concept in a way that devs can appreciate—because, at its heart, Ineffable Cryptography unlocks a reality where security is seamlessly integrated into the development process to ensure breaches are no longer a nightmare scenario. And best of all, it’s just an API call away.

The problem with traditional cryptography

Lessons from nature

First, let’s revisit how traditional cryptography works. At its core, cryptography relies on keys to secure data—whether you’re encrypting sensitive information or signing off on important transactions. These keys are the backbone of security. But here’s the problem: those keys have to exist somewhere, and someone always has access to them.

Even in the most secure systems, keys are often stored in key vaults or managed by IAM systems. But no matter how robust your vault or management system is, if an attacker gains access to those keys, it’s game over. Once they have the key, they can decrypt data, bypass security, and access the core of your system.

Despite protections like multi-factor authentication (MFA) and advanced monitoring, we’re still left with the problem of centralized authority. When the wrong entity gains certain privilege—whether it’s a rogue admin or a compromised third-party vendor—they effectively hold the keys to your kingdom, and hackers know it.

Enter ineffable cryptography: the key no one will ever hold

Now imagine a world where no one holds the keys—not the admins, not the system itself, and not even the developers who built it. This is the future made possible by this novel concept, Ineffable Cryptography.

The core concept behind it is deceptively simple: instead of a single entity controlling a cryptographic key, the key is manifested in fragments across a decentralized network of nodes. Each node holds only a piece of the key, and no one node can reconstruct the full key on its own.

When the system needs to perform a cryptographic operation, like decrypting data, authorizing permission, or signing a transaction, these nodes work collaboratively. They don’t share their key fragments; instead, they each partially process the request in parallel, returning meaningless puzzle pieces. Only when those pieces are combined by the system do they form a meaningful result—whether that’s access to a file or verification of a user’s identity.

This means the key is never fully assembled or exposed in one place. Even if an attacker breaches one or more nodes, they can’t get the full key or access any sensitive data. The key is everywhere, but at the same time, nowhere—a perfect balance—that’s ineffable.

How does it work?

Lessons from nature

Here are the five key components that make Ineffable Cryptography so powerful:

  1. Decentralization: Each key is generated in fragments distributed across multiple nodes, across the fabric, each node is protected and managed by a different organization. No single organization holds a full key, and these nodes never communicate with each other directly. Even if nodes are compromised, the key remains secure.
  2. Threshold Cryptography: For any operation (e.g., decryption or signing) to be completed, only a minimum number of nodes (the threshold) must participate. This ensures perpetual continuity and redundancy in the event of network outages and node failures, with no impact on performance or security.
  3. Zero-Knowledge Proofs: Nodes never share their key fragments or reveal any secret that may benefit a hacker. However, in addition to that guarantee, each node guarantees that their “contribution” can only be used as designed, in the Ineffable Cryptography protocol, by utilizing special Zero-Knowledge Proofs (ZKP) to prevent against malicious behavior of other nodes or Man-In-The-Middle attacks. These verifiable ZKP gives all honest participants (the nodes, the user, the platform, etc) a mathematical guarantee for its security, ensuring secrecy throughout the process.
  4. Multi-Party Computation (MPC): MPC allows the system to scale without becoming a logistical nightmare. With MPC, decentralized nodes can achieve “swarm intelligence” and perform complex cryptographic operations while ensuring the key never fully comes together in one place. Think of it as a decentralized network acting like a single key vault—but without the risks of centralization.
  5. Edge cryptography: Today’s “encrypted at rest” and “encrypted in transit” is extended to the edge console, where the raw information is handled. Where the result of a cryptographic process can only be made sense of at the edge, by the legitimate user, on the device they initiated the process—not anyone in the middle.

These combine to enable a security model where authority never sits in one place. The result? A new capability allowing platform developers to lock sensitive data, identities and access rights with keys no-one will ever hold—effectively keys no-one can steal, lose or misuse.

Why this changes everything for developers

Lessons from nature

As a developer, Ineffable Cryptography is a game-changer because it dramatically uplifts the security of your platforms, without burdening you with managing it. Scalable security, without having to scale a security team. In the traditional model, you’d be worried about admin access, compromised keys, and rogue insiders. You’d layer security measures on top of each other—MFA, monitoring systems, access controls—but still live in fear of that one weak link.

With Ineffable Cryptography, those concerns vanish. Here’s why:

  • Rogue admins? No problem: No single person, not even an admin, holds the full key or control over the system. Even an insider—whether malicious or compromised—can’t cause catastrophic damage.
  • Breaches are contained: In today’s world, a breach in one part of your system often leads to a cascade of failures. But with Ineffable Cryptography, not only does compromising a key become improbable, even if a key was compromised, then only a single record is at risk of exposure.
  • Continuous verification: As discussed in Part 1, Two-Way Zero Trust means that systems don’t just verify users—they verify themselves. With Ineffable Cryptography, the system continuously proves its integrity, ensuring no hidden vulnerabilities are being exploited behind the scenes. This gives developers guarantees that a result from a key action can only materialize when security was intact.

This isn’t just about keeping hackers out; it’s about building a system that can suffer a highest privilege breach, without catastrophic damage.

Real-world application: securing the future of your platform

Let’s look at a real-world example. Imagine you’re developing a platform that handles sensitive customer data—financial transactions or medical records. In a traditional setup, you’d encrypt the data, rely on a key vault, and use IAM systems to manage access. A single slip-up—a compromised admin account or a misconfigured permission—and all that data is at risk.

Now imagine your platform runs on Ineffable Cryptography. Each customer’s record is encrypted using different keys, each fragmented across a global network of nodes. Even if your infrastructure is breached, you don’t hold the keys—they’d need to compromise multiple nodes in multiple locations just to unlock a single record.

This decentralized model decimates the attack surface. Your system remains secure because no one holds enough power to compromise it, not even you. This in turn means your customers and investors can trust you, because they never have to.

Critical infrastructure companies are locking cyber-physical devices with Ineffable Cryptography at water facilities to protect against remote attacks. Identity & Access Management systems are using Ineffable Cryptography to ensure user identities can’t be compromised by administrators and provide guarantees that access permissions were authorized by an uncompromised key. Universities are using it to grant students ownership of their identities and credentials. Password managers use it to manage all your secrets with the guarantee they can’t be compromised. Algo-trading platforms use it to trade on behalf of their users without having to be entrusted with the key to their funds. Software companies are using it to sign code in the CI/CD process to ensure QA workflow processes cannot be circumvented.

The endgame: trustless, secure, and scalable

Ineffable Cryptography finally delivers on the promise of Zero Trust, taking it further by removing centralized authority entirely. Two-Way Zero Trust, powered by decentralized key management, eliminates single points of failure and ensures that even in the worst-case scenario, your platform stays secure.

This is more than just the future of cybersecurity—it’s the future of development. A world where developers can rapidly build and innovate without constantly fearing catastrophic breaches. Where no-one is trusted with god-like authority. Where data remains secure by default, not by chance.

The Tide is turning

In this series, we’ve dismantled cybersecurity’s Achilles’ heel—authority—and introduced a new model where organizations create a decentralized cybersecurity fabric, protecting each other and growing stronger with scale. This fabric redefines trust and ownership in the digital age.

Imagine a world where individuals are empowered to bring their own identity and authority to your platform, while you no longer hold the liability. A world where users can share their deepest thoughts with your AI, knowing they will only be used for their benefit. Where users control their medical records. Where your family app allows parents to track their children’s journeys safely—out of the reach of hackers, rogue CEOs, and cybersecurity vendors.

Like any groundbreaking shift, this direction will encounter initial resistance—just as many questioned the wisdom of entrusting IT infrastructure to third parties. Yet today, cloud is the foundation of modern infrastructure, and those who adapted early helped shape that future. Decentralizing authority may seem bold now, but it reflects the direction in which security will inevitably move.

This is security, privacy, and ownership in their purest forms—not based on promises, certifications, or blind trust—but built on a system that anyone can independently verify.

In Part 5, we’ll bring everything together by walking through a real-world implementation, showing you exactly how to turn these concepts into actionable steps. Get ready to see how theory becomes execution, and how this approach can transform your platform’s security.

The revolution has begun. Now it’s your turn to be part of it.

 


Authors:

This 5-part series outlining the worry-free future of cybersecurity for platform developers is an adaptation of Tide Foundation Co-Founders Michael Loewy and Yuval Hertzog’s keynote at ACM SIGCOMM 2024

Michael Loewy is a Co-Founder of Tide Foundation and serves on the advisory board of the Children’s Medical Research Institute.

Yuval Hertzog is a Co-Founder of Tide Foundation and one of the inventors of VoIP.

Series shortcuts:

Recent News

Blog
25 Sep 2024

Rethinking Cybersecurity

The future of cybersecurity for platform developers

Press
4 Nov 2024

Tide Win Tech Impact Award

Award for impact in transforming breaches into a non-issue.

Announcement
18 Nov 2024

TideCloak Secures Developers

Major Organizations Among Early Adopters Reporting Freedom from Security Concerns

Press
11 Mar 2024

Infrastructure Magazine Feature

New approach to securing critical infrastructure.

Press
23 Nov 2023

RMIT, Tide, AWS Collab Unveiled

Tide's "Ineffable Cryptography" to secure critical infrastructure

Blog
25 Sep 2024

Cybersecurity’s Kryptonite

It’s cybersecurity’s kryptonite: Why are you still holding it?

Blog
25 Sep 2024

Nature's key to cybersecurity’s future

How nature holds the key to cybersecurity’s future

Blog
25 Sep 2024

Future proofing your platform

A practical walkthrough of creating the most secure apps on the planet.

Press
25 May 2023

New breakthrough in Zero-Trust

Deakin University researchers prove Tide's tech breakthrough in ZeroTrust cyber security

Announcement
26 May 2023

TideInside Dev Champion Crowned

Sean Nam Crowned Champion in the Prestigious TideInside Development Competition

Press
5 May 2023

CyberWire Podcast Interview

Tide propose we break the model so no one holds the keys to our data

Press
5 Apr 2023

Interview with Dr Zero Trust

New Approach to Security Strategy with Decentralization

Contact

Thanks for getting in touch. We'll get back to you as soon as possible!

Send another message