Encryption and Key Management , Events , RSA Conference
The risks posed by AI chatbots and quantum computing are also among the topics analyzed
Mathew J. Schwartz (euroinfosec) •
April 25, 2023
Prepare now for the advent of quantum computing and its potential ability to crack current cryptosystems, panelists from an annual panel of cryptographers at the RSA conference have warned. Despite their current status as expensive science projects, superfast computers that use atomic-level uncertainty states are likely only a matter of time, raising concerns that current encryption standards are doomed. obsolescence.
While the hype is high around quantum computing, panel cryptographers Radia Perlman, a Dell EMC fellow who is an expert in network routing protocols and network security, said it was clearly imperative for "good guys" to research the risk posed by quantum computers because "bad guys" will do the same. If that happens, she said, "we'll all have to replace our current public-key algorithms."
At least some organizations should plan for the potential eventuality that quantum computers break current cryptographic systems. Long-time panelist Adi Shamir - the S in the RSA cryptosystem and who is a professor of computer science at Israel's Weizmann Institute - said the big danger is that a quantum computer capable of cracking today's encryption today could well be developed 30 years from now, and that "the NSA or other bad guys are going to record everything everyone says today, then wait until quantum computers are available, then crack the crypto."
For anyone who needs to secure a set of data for more than 30 years, his advice is simple: don't rely on public-key cryptography.
Shamir added that "99.99% - and maybe a few more nine - of what is encrypted and signed today does not require a 50-year secure lifespan", given that most email relate to mundane matters - think about lunch plans. Even sensitive information, such as an organization's product development efforts, can become public in 12 months.
It is unclear whether quantum computers will ever be able to crack today's cryptosystems. Perhaps simply increasing existing cryptosystem key sizes will be an appropriate defense, said panelist Anne Dames, a prominent engineer at IBM who is leading its efforts to develop quantum-safe cryptography.
The US National Institute of Standards and Technology last year chose four algorithms designed to resist decryption attacks mounted by a quantum computer, as part of its effort to establish a post-quantum cryptographic standard. Panelists noted that NIST has signaled that it may expand the shortlist, in part because all four use a similar mathematical approach, which isn't ideal.
Chatbots: security risk and promise
Arguably the hottest topic at RSA Conference 2023 is the impact of AI and machine learning, driven by chatbots such as ChatGPT. "What they seem to be pretty good at is human engineering," said Whitfield Diffie, who along with Martin Hellman pioneered public-key cryptography in the early 1970s.
Shamir said that until last year he thought AI might have purely defensive use cases for cybersecurity, and very few offensive use cases.
“I completely changed my mind following the developments over the last year including ChatGPT etc.,” he said. "I now believe that ChatGPT's ability to produce perfect English, to interact with people, is going to be misused on a large scale" and "have a major impact on social engineering".
Blockchain's bad year
If ChatGPT rises on the hype ladder, the blockchain star seems to fall.
“Blockchain had a bad year,” Diffie said, perhaps in part solely because of revelations such as how cryptocurrency exchange FTX crashed (see: 3rd FTX manager pleads guilty to criminal charges).
"Well, there's cryptocurrencies and there's blockchain," Perlman said.
She said her longstanding advice to project teams interested in applying blockchain remains the same: Evaluate different strategies to achieve your goal, "and if it's blockchain, which is unlikely," select -le, she said, to make the audience laugh.
An engineer once told him that his manager demanded the use of blockchain. In such a case, his advice was “to look at all the alternatives, pick the best one, build it, then tell your manager you built it with blockchain; he'll never know the difference.”