RSA Cryptographers' Panel Talks Quantum Computing and AIRisks Posed by AI Chatbots and Quantum Computing Also Among the Topics Analyzed
Prepare now for the coming of quantum computing and its potential ability to crack current cryptographic systems, warned panelists of the annual Cryptographers' Panel at RSA Conference. Despite their status today as expensive science projects, superfast computers that use atom-level states of uncertainty are likely a matter of time, leading to worries that today's encryption standards are destined for obsolescence.
While hype is high around quantum computing, panelist Radia Perlman, a fellow at Dell EMC who's an expert in network routing protocols and network security, said there's a clear imperative for "the good guys" to research the risk posed by quantum computers because "the bad guys" will be doing the same. If that happens, she said, "we're all going to have to replace our current public key algorithms."
At least some organizations should organize for the potential eventuality that quantum computers will break current cryptographic systems. Longtime panelist Adi Shamir - the S in the RSA cryptosystem and a professor of computer science Israel's Weizmann Institute - said the big danger is that a quantum computer able to crack today's encryption could well be developed in 30 years, and "the NSA or other bad guys are going to record everything that everyone says today, then wait until quantum computers become available and then break the cryptography."
For anyone who needs to keep a set of data secure for more than 30 years, his advice is simple: Don't rely on public key cryptography.
Shamir added that "99.99% - and maybe a few additional nines - of what's being encrypted today and signed does not require a 50-year secure life," given that most emails are about banal matters - think plans for lunch. Even sensitive information, such as an organization's product development efforts, might become public knowledge in 12 months.
Whether quantum computers will ever be able to crack today's cryptosystems remains unclear. Public key algorithms will be affected, said panelist Anne Dames, a distinguished engineer and head of Cryptographic Technology Development at IBM. As a defense for symmetric key and hashing, cryptographers may be able to increase the key or message digest sizes, she said.*
The U.S. National Institute of Standards and Technology last year picked four algorithms designed to resist decryption attacks mounted by a quantum computer, as part of its effort to set a post-quantum cryptographic standard. Panelists said NIST has signaled that it might expand the shortlist, in part because all four use a similar mathematical approach, which isn't ideal.
Chatbots: Security Peril and Promise
Among the hot topics at RSA Conference 2023, arguably the hottest is the impact of AI and machine learning, driven by chatbots such as ChatGPT. "What they seem to be pretty good at is human engineering," said Whitfield Diffie, who with Martin Hellman pioneered public key cryptography in the early 1970s said.
Shamir said until last year, he thought AI might have some use cases purely on the defensive side of cybersecurity and very few offensive use cases.
"I've completely changed my mind as a result of last year's developments, including ChatGPT, etc.," he said. "I now believe that the ability of ChatGPT to produce perfect English, to interact with people, is going to be misused on a massive scale" and to "have a major impact on social engineering."
Blockchain's Bad Year
If ChatGPT is ascending the hype scale, blockchain's star seems to be falling.
"Blockchain has been having a bad year," Diffie said, perhaps due only in part to revelations such as how collapsed cryptocurrency exchange FTX was being run (see: 3rd FTX Official Pleads Guilty to Criminal Charges).
"Well, there's cryptocurrencies and there's blockchain," Perlman said.
She said her long-standing advice to project teams interested in applying blockchain remains the same: Evaluate different strategies for accomplishing your goal, "and if that is blockchain, which is unlikely," then select that, she said, to laughter from the audience.
An engineer once told her their manager was demanding blockchain be used. Her advice was: "Look at all the alternatives, choose the best one, build that, then tell your manager you built it with blockchain; they'll never know the difference."
Clarification April 26, 2023 17:19 UTC: Clarifies comments about effect of quantum computing on public key algorithms made by IBM's Anne Dames.