Is Encryption Broken?
It seems AI and Quantum Computing are on a collision course toward shattering existing security standards
A few weeks ago Sam Altman was ousted from OpenAI, (a nearly $100 billion) non-profit that invented ChatGPT. A real-life episode of Succession played out. Altman soon returned as CEO and replaced the Board that fired him. But why did this happen in the first place? Well, there are rumors that a project within OpenAI covertly named Q* (pronounced Q-star) may have accelerated the power of artificial intelligence to the point where “all encryption is solvable.”
The cryptography world has been concerned about quantum computers eventually breaking encryption. More on that in a minute. But with AI potentially getting powerful enough to mathematically solve encryption poses a real question — is the current state of encryption at a breaking point?
Why should I care?
Everyone’s got a lot on their plate right now. But this warrants attention. To borrow an analogy about AI from Sam Harris, “Imagine if aliens contacted us and said ‘People of Earth, we’re on our way and should arrive in 50 years, get ready.’ What would we do?” That is the level of severity we are at, mainly because of the exponential growth of these LLMs.
It’s kind of like a bullet. You can see it on the table, you see it being loaded…and then it’s gone.
Not to be too alarmist here but if encryption is broken everything goes to hell. Banks, email, missiles…imagine the locks on every door, safe, nuclear bunker being vanished instantaneously. That is a world without encryption.
Enter Quantum
Common cryptography leverages several kinds of encryptions with AES (Advanced Encryption Standard) which uses Symmetric Encryption and RSA, a popular asymmetric encryption algorithm. There’s also Elliptic Curve Cryptography (ECC), another form of asymmetric encryption based on elliptic curves which is known for providing strong security with shorter key lengths compared to RSA.
Encryption typically relies on the ability to solve complex mathematical problems one way and nearly impossible (by today’s standards). The time it would take for a classic computer to compute these encrypted keys is thousands of years. And that’s what our banks, military, and communications rely on.
But quantum computers don’t calculate by 0s or 1s, instead, they can have superpositions and can be in the same mathematical state simultaneously. That brings the ability to solve complex mathematical feats down to seconds…
Post-Quantum World
Okay, so we have quantum computers at Google, IBM, and in China. Some are operating as high as 1,000 qubits. Quantum supremacy is around the corner.
Hackers, nation-states, nefarious actors and opportunists are committing to stealing private, encrypted data to “Store Now and Decrypt Later” (SNDL). Waiting for the day to have a quantum computer powerful enough to break through this valuable data.
Sounds wild but what if I told you there was a giant safe filled with $500 billion in it and all you need to do is hold on to the safe until I send over a key? It’s a strong incentive.
What’s Being Done
Signal is leading the charge on providing post-quantum cryptographic solutions to their users of the secure messaging app. Effectively it’ll be two layers of encryption, their standard Elliptical Curve Cryptography, as well as this new quantum-resistant protocol.
It’s great Signal is leading the charge here but… who else is doing this? Well, not as many organizations as you’d think. Banks aren’t as on top of implementing post-quantum cryptography, though plenty of research (and I’m sure bullshit meetings) are being done.
From my research it appears the experts are saying “yeah yeah we’ll get to it soon.” As if it was a leaky kitchen sink and not a 1,000 lbs alien with drooling fangs seeing in five dimensions.
What can I do?
Use Signal for your comms. Practice good OPSEC. And spread the word about this. If you work anywhere near security this should be a major point to bring up for 2024. OpenAI showed that their computing ability with the secret project Q* may be able to break encryption before quantum does.
To return to the alien analogy. With Quantum computing and AI advancing…it’s as if we have two alien civilizations barreling towards earth with competing arrival times. The only thing we can do is stay secure and spread the word.
Author’s Note:
Citing sources and backing up claims with real data is the crux of independent journalism. I work hard at ensuring all the data and assertions I present are accurate and clearly cited. I will include citations of tangential works that I may not have covered in the article or video but feel it’s still relevant. If you see any errors or have questions, kindly let me know.
Bibliography
Chen, Lily, Dustin Moody, and Yi-Kai Liu. “Post-Quantum Cryptography: CSRC.” Computer Security Resource Center, August 24, 2023. https://csrc.nist.gov/projects/post-quantum-cryptography.
Coker, James. “HSBC Joins Quantum-Secure Network.” Infosecurity Magazine, July 7, 2023. https://www.infosecurity-magazine.com/news/hsbc-quantum-secure-network/.
“Crystals — Cryptographic Suite for Algebraic Lattices.” Kyber. Accessed December 8, 2023. https://pq-crystals.org/kyber/.
DARPA. “DARPA-Funded Research Leads to Quantum Computing Breakthrough: Harvard-Led Team Develops Novel Logical Qubits to Enable Scalable Quantum Computers.” Defense Advanced Research Projects Agency, December 6, 2023. https://www.darpa.mil/news-events/2023-12-06.
Freedberg, Sydney. “‘Off to the Races’: DARPA, Harvard Breakthrough Brings Quantum Computing Years Closer.” Breaking Defense, December 7, 2023. https://breakingdefense.com/2023/12/off-to-the-races-darpa-harvard-breakthrough-brings-quantum-computing-years-closer/.
Gururaj, Tejasri. “The 5 Most Significant Breakthroughs in Quantum Computing.” Interesting Engineering, May 11, 2023. https://interestingengineering.com/science/5-breakthroughs-in-quantum-computing.
“How Quantum Computers Break Encryption | Shor’s Algorithm Explained.” Minute Physics, May 1, 2019. https://www.youtube.com/watch?v=lvTqbM5Dq4Q.
Khan, Alex. “Why Financial Institutions Need Post-Quantum Cryptographic-Agility — Fintech Weekly.” FinTech Magazine Article, March 13, 2023. https://www.fintechweekly.com/magazine/articles/why-financial-institutions-need-post-quantum-cryptographic-agility.
Kret, Ehren, and Rolfe Schmidt. “The PQXDH Key Agreement Protocol — Signal Messenger.” Signal Docs, May 23, 2023. https://signal.org/docs/specifications/pqxdh/pqxdh.pdf.
Kret, Ehren. “Quantum Resistance and the Signal Protocol.” Signal Messenger, September 19, 2023. https://signal.org/blog/pqxdh/.
Kumar, Ajoy. “Post-Quantum Security Considerations for the Financial Industry.” Depository Trust & Clearing Corporation, September 21, 2022. https://www.dtcc.com/dtcc-connection/articles/2022/september/21/post-quantum-security-considerations-for-the-financial-industry. Ajoy Kumar is the DTCC Managing Director and Chief Information Security Officer, though other staff contributed to the article.
Moody’s Analytics, ed. “BIS and Central Banks to Address Cyber Threats from Quantum Computing.” Moody’s Analytics, June 6, 2023. https://www.moodysanalytics.com/regulatory-news/jul-06-23-bis-and-central-banks-to-address-cyber-threats-from-quantum-computing.
Okta Updated: 06/26/2023–3:35 Time to read: 6 m. “What Is Public Key Infrastructure (PKI) & How Does It Work?” Learn how Adaptive Multi-Factor Authentication combats data breaches, weak passwords, and phishing attacks., June 26, 2023. https://www.okta.com/identity-101/public-key-infrastructure/.
O’Brien, Matt. “Sam Altman Reinstated as OpenAI CEO with New Board Replacing the One Which Fired Him.” PBS, November 22, 2023. https://www.pbs.org/newshour/nation/sam-altman-reinstated-as-openai-ceo-with-new-board-replacing-the-one-which-fired-him.
Packman, Ben. “How Financial Institutions Can Chart a Roadmap to Post-Quantum Security.” Global Banking & Finance, March 21, 2023. https://www.globalbankingandfinance.com/how-financial-institutions-can-chart-a-roadmap-to-post-quantum-security/.
Ponemon Institute LLC. Preparing for a Safe Post Quantum Computing Future: A Global Study, October 2023. https://www.digicert.com/content/dam/digicert/pdfs/report/ponemon-preparing-safe-post-quantum-future-report-en-v1.pdf.
“Post-Quantum Cryptography.” Microsoft Research, May 30, 2023. https://www.microsoft.com/en-us/research/project/post-quantum-cryptography/.
Radauskas , Gintaras. “OpenAI’s Q* Mystery: Was Coup Sparked by Major and Concerning Technological Milestone?” Cybernews, November 28, 2023. https://cybernews.com/editorial/openais-artificial-intelligence-sam-altman-qstar-singularity/.
Russell, John. “CEO Jack Hidary on Sandboxaq’s Ambitions and near-Term Milestones.” HPCwire, October 20, 2022. https://www.hpcwire.com/2022/10/18/ceo-jack-hidary-on-sandboxaqs-ambitions-and-near-term-milestones/.
Sanzeri, Skip. “Banks Need to Act Now to Ensure Post-Quantum Cybersecurity.” Security Today, May 7, 2022. https://securitytoday.com/Articles/2022/03/07/Banks-Need-to-Act-Now-to-Ensure-PostQuantum-Cybersecurity.aspx?Page=2.
Smith, Chris. “Did Sam Altman Just Confirm OpenAI’s Q* Ai Breakthrough?” BGR, November 30, 2023. https://bgr.com/tech/did-sam-altman-just-confirm-openais-q-ai-breakthrough/.
Tong, Anna, Jeffrey Dastin, and Krystal Hu. “OpenAI Researchers Warned Board of AI Breakthrough Ahead of CEO Ouster, Sources Say.” Reuters, November 23, 2023. https://www.reuters.com/technology/sam-altmans-ouster-openai-was-precipitated-by-letter-board-about-ai-breakthrough-2023-11-22/.
Townsend, Kevin. “Solving the Quantum Decryption ‘harvest Now, Decrypt Later’ Problem.” SecurityWeek, February 16, 2022. https://www.securityweek.com/solving-quantum-decryption-harvest-now-decrypt-later-problem/.
