While we should not overhype Quantum Computing and Artificial Intelligence [Q-AI] potential to unlock new opportunities in the near future across various verticals and to solve quickly in parallel all our problems across the entire eco system from manufacturing, healthcare, medicines, currency, finance, energy, supply chains, chemistry, biology, and even unlocking new revenue streams, we should make sure that simultaneously Q-AI does not disrupt our life and especially our national and private security.
Q-AI industry integration potential within the next decade seems to be very real. Therefore, we should not underestimate their threats. This article shines a spotlight on the key challenges and vulnerabilities surrounding adoption of Q-AI while safeguarding our data and electronic information and preserving the minimal privacy that is still left.
AI and data risks
AI algorithms could be used in a malicious manner, such as in the form of deliberate disinformation campaigns, sensitive information disclosures, denials of service and may cause unknown significant harm toward humans.
Let’s look at the financial sector. AI helps streamlining operations, enhancing customer experiences, reshaping data analysis and decision-making, and many implications for payments, however, it comes with risks and vulnerabilities.
The challenge that should not be ignored is exposing payments behaviour that could be exploited by AI to mis-profiling people. AI analytics compares the expenditure pattern of each of us to the patterns of all of us. Genetic algorithms build brain-like inference networks that draw clear conclusions from messy payment and expenditure data.
Even if these profiles are made known to their subjects, there will be no way to contest them, the way we contest credit scores today. This no-recourse feature reflects human ignorance as to how AI draws its conclusions. Regulation cannot really protect us. A competent coder can plug into the software stealth algorithmic entities that would bypass top-level regulatory restrictions.
How to mitigate?
An efficient way to tame AI is to control the data it digests. There are technologies to effect payments on a solid cryptographic foundation that will keep the payment behaviour unexposed, while offering powerful AML tools.
Such technologies are part of BitMint’s toolkits, that are resilient against prevalent and unexpected AI exploitation techniques and are also quantum secure, by default.
If we don’t deploy such technologies, we could all become innocent victims that will be denied a loan, a job, school admission on account of what Artificial Intelligence said about us.
Q-DAY
Quantum computing will significantly improve computational efficiency and large machine learning models, which are typically constrained by high computational costs, power consumption and time requirements, offering solutions to current computational bottlenecks. Simultaneously, it would very easy breach prevailing encryption, which carries a heavy load in modern digitized society.
As part of the preparation for transition from pre-to-post quantum computing, a whole family of new algorithms is being developed in the field called Post Quantum Cryptography (PQC), which are aimed to be ready for the Q-Day, which refers to the moment when quantum computers are able to break existing cryptographic algorithms – meaning all data held online will be vulnerable. Q-Day is predicted to occur in the next five to 10 years, but the timeline could be even sooner.
NIST PQC standards may resist academic attack but yield to governments
Most efforts are taking place at governments level, particularly in the US. The US National Institute of Standards and Technology [NIST] released three finalized Post-Quantum-Cryptography [PQC] standards for general encryption and protecting digital signatures, following a thorough examination of PQC candidates submitted until 2016, mostly by large teams and big-tech companies. NIST encourages computer system administrators “to begin transitioning to the new standards as soon as possible”, to secure a wide range of electronic information, from confidential email messages, to e-commerce transactions that propel the modern economy.
National security experts around the world, a few in public and most in private, wonder why do NIST people, whose professionalism cannot be doubted, push so hard the implementation of encryptions that were developed eight years ago, and do not take into account the development in the malicious capabilities of adversaries during the last eight years, while it is also clear to everyone that these NIST standards have no mathematical proof?
The premise of “security by complexity”
A White House report on Post Quantum Cryptography, presented to the US Senate Committee on Homeland Security and Governmental Affairs House Committee admits that PQC utilize a different type of mathematical algorithm, that a quantum computer “CANNOT EASILY solve”, i.e., NOT unbreachable.
In an international conference focused on migration to quantum-resistant cryptography in Singapore, two ‘brave’ speakers, one from Banco D’ Italia and the second a Chinese official, dared to admit that “the king is naked”, i.e., PQC that is based on solving a mathematical problem (a.k.a. complexity-based cryptography), like NIST’s PQC – cannot have mathematical proof.
In light of the above, it is doubtful whether the NIST standards alone can really provide a quantum-resistant encryption standard to ultimately enable organizations to prepare for Q-Day.
Is it a dead-lock – “The Emperor’s New Clothes?”
Complexity-based ciphers CANNOT protect us against AI-cryptanalytic today and quantum computers tomorrow. Hinging on algorithms that claim their quantum resistance only on unpublished breach – might be too risky and vulnerable, since bad actors and adversaries will not notify us when they have quantum computing capabilities to breach our cryptography. (Recall the German “Enigma” from WWII).
NIST claim that “time will show how their PQC algorithms are secure” – because their PQC are supposed to be Hard-to-Break ciphers.
Hard-to-break ciphers are not unbreakable ciphers.
Hard to break ciphers are easy to break if you are a good enough mathematician and use a fast enough computer.
Unbreakable ciphers — are unbreakable — stamped with the authority of a mathematical proof.
Are there such ciphers? – YES!
In 1917 Gilbert S. Vernam filed for a patent for which 25 years later Claude Shannon provided a mathematical proof of unassailable secrecy. Quantum computers are powerful, but math is more so.
BitMint, a cyber innovation company running on the InnovationSP AI-methodology, takes a working solution (in our case the Vernam cipher), redefine it with greater abstraction, and then re-implement this abstraction as better, more convenient, more useful ciphers – Trans Vernam Ciphers. They all carry the Vernam legacy — being unbreakable, mathematically proven.
Technical advances in cryptography beyond NIST standards
Quantum Key Distribution (QKD) is not a replacement for current applications of cryptography, but it could be a way of securely communicating in the future. Research on the security and scalability of QKD is still maturing.
Earlier this year, a respectable London publisher came out with a new thoroughly vetted book – ‘Biometrics and Cryptography’, in which a peer-reviewed chapter is devoted to ‘Pattern-Devoid Cryptography’, authored by professor Dr. Eng. Gideon Samid, who serves also as scientific and technological leader of BitMint.
Simultaneously and independently, Wuhan university scientists advocate to migrate to deploying rich randomness and Pattern-Devoid Cryptography, referring to several of BitMint’s technologies as THE solution to mitigate the looming threat of quantum computers.
Main differentiation of BitMint’s Pattern-Devoid-Cryptography:
Immunized against a mathematical edge claimed by the attacker over the designer
Mathematically proof of efficacy
Scales up easily
Relatively straightforward implementation
Unlocking the future of Generative AI and quantum computing
The call to action is clear: organizations and governmental agencies must urgently adopt cryptographic foundation that will keep the user’s personal data and behaviour unexposed, as well as quantum-resistant cryptography, before cybercriminals and hostile nation-states can exploit the AI-Cryptanalytic capabilities and the quantum computing to catastrophic effects.
While the quantum threat looms, we express optimism in the advancements being made in Pattern-Devoid Cryptography, which has mathematical proof of efficacy, and grants full control to the user on the level of security, being secure against both quantum and classical computing threats. It will have a significant impact on cryptographic practices across all industries, assuring the confidentiality, integrity, and authentication of data stored or in transit.
Concluding remarks
Any framework for a quantum-safe migration is going to be NOT a one-size-fits-all solution. Enterprises are encouraged to leverage several DIFFERENT solutions to create the most appropriate migration strategy to become quantum resistant.
“You can think of the NIST standardization as basically the starting gun” said a vice president for IBM Quantum Adoption and Business Development in an interview.
There is an alternative way to achieve the security aims currently sought after through mathematical complexity, pivoting towards Pattern-Devoid Cryptography running on large quantities of high-quality randomness. It is designed to be flexible, can be scoped and tailored as needed, and will not impact the day-to-day operations, while applications and systems will continue performing as usual.
You may feel duty bound to implement BitMint’s Quantum Emergency Recovery [QER] capability, that is NOT based on algorithmic complexity, to kick-in, in case of a catastrophic scenario (e.g. an adversary breached the cryptographic system and cause a collapse), so you are able to recover fast from a catastrophic cyber collapse. If you ever need to activate the QER, you will be relieved that you overcame your hesitation and invested in getting ready as early as possible.