As long as people have been having conversations, they have been having secret conversations. The history of cryptography is the story of keeping these secrets secret, and it’s an ancient tale common to nearly all peoples. The future of cryptography is bigger than mere secrets, however. The future of cryptography is about securing the electronic infrastructure of our modern world, including the blockchain technology that is being developed.
Cryptographic technologies function in the background of the electronic devices we use every day, transposing our confidence in the physical world into confidence in cyberspace. No matter how big or small, how significant or arbitrary, we pay these technologies little mind and take for granted the reassurances they provide. Perhaps that is the role of cryptography and technology, more generally: to fade into the background of our lives, quietly enabling an ever-increasing number of our activities.
To better understand the subtle, yet crucial, intricacies of how cryptology effects our lives, ETHNews spoke with Andrew Regenscheid, a mathematician in the National Institute of Standards and Technology’s (NIST) Cryptographic Technology Group and the Project Lead for Cryptographic Applications:
“Cryptography provides a set of fundamental tools for securing information and information systems in the digital age. These tools give us the ability protect the confidentiality and integrity of information, and to securely authenticate users and systems. Modern cryptography has been vital to the development of electronic commerce by providing a means to communicate securely online. People rely on cryptography on a daily basis – when they log in to check their email, when they make online purchases, and even when they use a credit card at a local merchant. These types of transactions, and many others, simply could not be secured without using cryptography.”
Cryptography’s Coming Confidence Crisis: The Advent of Quantum
“Throughout space there is energy. Is this energy static or kinetic? If static our hopes are in vain; if kinetic – and this we know it is, for certain – then it is a mere question of time when men will succeed in attaching their machinery to the very wheelwork of nature.”
– Nikola Tesla, 1892
Tesla’s inference was indeed correct and, 35 years later, in 1927, the most notable physicists in the world gathered together in Brussels to discuss the ramifications of the newly (at the time) formulated quantum theory. The mathematics derived from these discussions still set a precedent from which our current era draws inspiration and insight. Based on these principals, our technology has reached a point where the convergence of sciences has finally allowed us to begin to manipulate the fundamental building blocks of our reality. New technologies, like quantum computers, are being theorized and built to interact with some of the smallest physical processes known to science, creating new paradigms in technological utility.
Inventions like quantum computers open up new frontiers but also pose dangers to today’s technological status quo, especially cryptography. Regenscheid went on to say, “If large-scale quantum computers are built, they will seriously threaten the security of nearly all public-key cryptosystems in use today. These cryptosystems, including RSA, Diffie-Hellman, and [the elliptic curve digital signature algorithm] (ECDSA), rely on the difficulty of solving certain mathematical problems that are difficult on a conventional computer, but can be efficiently solved by a quantum computer. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere unless new cryptographic algorithms that resist these attacks can be developed and deployed.”
This sentiment is echoed by Dr. Nigel Smart, an expert in elliptic curve cryptography, in his highly regarded book Cryptography: An introduction, which states “at some point in the future we should expect our system [of cryptography] to become broken, either through an improvement in computing power or an algorithmic breakthrough.”
The NIST has taken a long-term approach to solving this theoretical problem before it becomes an actual liability. “NIST’s Cryptographic Technology Group has a large-scale project to identify, evaluate, and standardize quantum-resistant, public key algorithms,” Regenscheid said. “Modeled after the international competitions to select the Advanced Encryption Standard (AES) and the SHA-3 Cryptographic Hash Function Standard, NIST has initiated an open process that will involve cryptographers around the world.” Almost two decades were needed to deploy the public key cryptographic infrastructure that enables our modern world to function. This is why it is reassuring to see the NIST taking a methodological approach to address this concern. However, there may be another way.
The Vernam Cipher: Not So Random After All
100 years ago, in 1917, Gilbert Vernam was working at Bell Laboratories in New Jersey. It was there that he patented the cipher which would eventually bear his name. Building upon the Vernam Cipher’s breakthrough, some 25 years later, the father of modern information theory, Claude Shannon, shook the world of cryptography by proving that the Vernam Cipher is unbreakable, no matter how smart you are and regardless of how fast your computer is. To better understand the Vernam Cipher’s implications ETHNews asked Dr. Gideon Samid, a cryptographer, computer scientist, and mathematician, to elaborate on why cryptography followed a path created by mathematical complexity and not the idea of randomness that was stipulated by Vernam:
“While all other ciphers lacked any proof of efficacy, Vernam’s idea was mathematically secure. So why was Vernam not embraced right away? The reason is technology. The Vernam Cipher requires oodles of high-quality randomness to operate. There was no technology then to handle this randomness demand, the science of cryptography pivoted. Over the years, the new direction where randomness is sparingly used and security is provided by algorithmic complexity, moved ahead, amassed a lot of inertia, to the extent that we overlook the fact that technology caught up with 100-year-old Vernam. We now have readily available quantum-quality, large quantity, inexpensive randomness. Vernam is being exhumed from his grave.”
Samid broke down the Vernam Cipher’s emphasis on randomness: “Randomness is the absence of order, a lack of predictability. Computers are the most common generator of randomness, but this is all ‘fake randomness’ or more politely ‘pseudo randomness’. Namely, a computer uses a very ordered and predictable algorithm to generate a sequence of ones and zeros that ‘appears’ totally chaotic. But since it was generated via computer order, it is really ‘fake disorder’. It fools most of us, but it does not fool the NSA and its counterparts in other countries. They discern the order and break the cipher. True randomness is generated by sub-atomic processes. Are we sure that such randomness is true and does not hide a secret order? No, but this conclusion represents the consensus of modern quantum physics. So quantum-mechanical processes that generate randomness are certified by Einstein, Heisenberg, Bohr, Feynman – it does not get any better.”
The Vernam Cipher’s stance on true randomness is still revealing important truths to cryptography. Perhaps the most important of which is an overreliance upon the complexity of our cryptologic algorithms. Our most dangerous security flaw may lie not in a failure to create ever more complex algorithms, but rather in our approach to cyber security as a battle of human intelligence and computational horsepower. The peril of today’s cyber security methodologies is that a better cryptographer can crack the ciphers of a lesser cryptographer. This is similar to the way Alan Turing cracked the Enigma code of World War II. This paradigm is upended by the Vernam Cipher’s use of true randomness. “As in other industries,” continued Samid, “the big players in cryptography are wedded to the existing paradigm where randomness is used in small, well-known amounts (fake randomness at that), and security is provided by algorithmic complexity. (This is also the philosophy behind blockchain technology). The cryptography industry very effectively hides its nakedness. Those complex algorithms are only good against a dumber mathematician. A smarter mathematician will break them into smithereens. True randomness, by contrast, will withstand any math-attack and successfully defend itself against any quantum or other computing machines.”
The capacity and aptitude to produce true, cost-effective cyber security is finally within the grasp of humanity. Cryptography will have to evolve, one way or another, to keep pace with the ever-growing list of cyber threats. Our entire economy and public infrastructure today rely on the security of devices linked by the Internet. Tomorrow, medical devices and self-driving cars will rely on these security standards. The stakes are already too high to continue to assume that everything was previously secure, will remain secure. This quickly devolves into a game of hoping our cyber security professionals are smarter than every hacker on Earth, and that our computers remain better than theirs. Einstein and his fellow physicists were shocked when they discovered that it was the randomness of quantum mechanics that ruled the universe and not the equations of relativity. Today, modern cyber security professionals and cryptographers are equally as shocked to see the ramifications that randomness can have in cyberspace.
Kyle Lee, head mathematician at Nanome, told ETHNews about the need for cryptography to become more widespread among the general population. “I’d like to hope that with the rise of technological advancements in consumer electronics and algorithm development, people will become much more interested in cryptography because their devices and accounts incorporate it one way or another. Sadly, I think that’s not the case. I find the words of Rutherford D. Rogers to be quite stirring: ‘We are drowning in information and starving for knowledge.’ There is so much being thrown at us in the blockchain and cryptography space these days that we don’t even have the time to process it all. I fear people will not even desire to understand the basics of cryptography because they’re too tired of all the noise and lack of signal in the space.” This sobering sentiment was championed by the late, great Carl Sagan who said:
“We’ve arranged a global civilization in which most crucial elements profoundly depend on science and technology. We have also arranged things so that almost no one understands science and technology. This is a prescription for disaster. We might get away with it for a while, but sooner or later this combustible mixture of ignorance and power is going to blow up in our faces.”
When the internet was created, it took great insight and imagination to conceive of how ubiquitous the technology would become in the lives of so many people. As our technology continues to advance, the importance of being educated about it will inch closer and closer to the forefront of our society; one of the ways that might best be able to benefit humanity is if we stop developing complex mechanisms and focus on something a little more random.