Computer Science

Beyond End-To-End: unveiling the Quantum threat to Encryption

If you’ve ever used Whatsapp or Instagram to communicate with friends and family, you’d notice that the messages are “end-to-end encrypted”. Upon first notice, it sounds great. All your messages are safe and secure – you’d think. 

However, not every encryption method is created equal, and with the rise of cyberattacks and more sophisticated technology especially in the Quantum field, one must exercise caution when choosing the right tools to use. But to better understand the scale of this issue we must first address the mathematical operation that makes such risk feasible in the first place.

Shor’s algorithm poses a major threat to security provided by current industry-standard encryption methods like RSA and ECC which rely on the difficulty of factoring large integers for security. However this difficulty is limited to the classical world of computing, where operations would be trialed one by one until a solution is found (exponential time) making it almost impossible to decipher such encryption methods. On the other hand, a Quantum computer is able to simultaneously compute all the possible trials in a single iteration due to it being in a superposition of exponentially many states – achieving rapid polynomial time. In simpler terms, many of the “asymmetric” encryption methods are at risk.

Evidently, this causes a domino effect on Symmetric encryption methods, since most Symmetric keys are exchanged between users through an asymmetric exchange process, which could be compromised by Shor’s algorithm allowing potential decryption of all data encrypted with that key: including your texts and photos.

Whilst this threat isn’t currently feasible for ordinary individuals — since Quantum Computers are costly, sophisticated pieces of technology –  many countries and researchers are becoming increasingly aware of its uses and have created their own. Evidently, there is an imminent risk that Quantum threats may have the potential to escalate cyberattacks and transform the digital landscape as we know it. 

Moreover, some authorities and individuals are adopting a technique called “Harvest Now, Decrypt Later”: accumulating databases of encrypted information. In hopes, it could one day be decrypted with sufficiently powerful quantum computers. 

Evidently, many companies and researchers (including NIST) have taken measures to enhance encryption methods and implement Quantum safe or secure encryption in their communication protocols. One example, is the open-source messaging platform signal, which introduced the new PQXDH encryption protocol that claims to be quantum resistant to current advancements in the field of encryption: however, they claim that such technology must be upgraded as future findings and vulnerabilities may require additional security adjustments. If you wish to, the whitepaper for the encryption method can be accessed here.

Conclusion

Finally, we realised that such advancements pose a monumental risk to information security. Although it’s easy to be pessimistic about such advancements, I believe that it’s a step in the right direction towards safeguarding our digital security and communication. Therefore, as individuals and organisations alike we must take proactive measures:

  • Stay Informed: Keep abreast of developments in quantum computing and its implications for encryption. Awareness is key to making informed choices.
  • Quantum-Safe Encryption: Consider adopting encryption methods that are resilient to quantum attacks. New cryptographic standards, often referred to as Post-Quantum Cryptography (PQC), are being developed to address this specific concern.
  • Advancements in Technology: Support and invest in technologies that stay ahead of the curve (especially open-source projects), continually updating encryption methods to withstand emerging threats.

Sources

https://csrc.nist.gov/projects/post-quantum-cryptography/
https://statweb.stanford.edu/~cgates/PERSI/papers/MCMCRev.pdf
https://purl.utwente.nl/essays/77239/
https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/security/encryption/what-types-of-encryption-are-there/#:~:text=There%20are%20two%20types%20of,used%20for%20encryption%20and%20decryption.
https://signal.org/docs/specifications/pqxdh/

500Hz Monitors: Who’s buying them?

When it comes to monitor refresh rates, higher is undoubtedly better. But, complementing this idea is a trend of diminishing return, where the benefits of higher refresh rates start to become less impactful.

“Frametime” refers to amount of time it takes for a screen to refresh its display once. There’s an inverse relationship between frametime and refresh rate; as the refresh rate increases, the frametime decreases. More precisely, we can use the function f = 1000 ms / x Hz to model the frametime (in milliseconds) based off the refresh rate (in Hertz).

Notice that while upgrading from a 60Hz to 144Hz results in a frametime improvement of 9.73ms, a further leap from 144Hz to 240Hz offers a lesser impact of only 2.77ms. This is the reasoning behind why humans perceive the transition from 144Hz to 240Hz as less noticeable than that of 60Hz to 144Hz. And as we continue to increase the refresh rate, this trend of diminishing return only becomes more significant; the difference that consumers will perceive decreases as they upgrade their display further.

Standing at the highest end of today’s monitor market are 500Hz displays. So the question raises: with a benefit so seemingly insignificant, who exactly is the target audience for these monitors?

Well, while diminishing return is unavoidable, the degree to which consumers will notice improvement can vary. Picture two very different activities: typing on a document and playing a first-person shooter. When a user is typing, only a small portion of their monitor screen will update at a time. On the other hand, while playing a first-person shooter, nearly the entire screen is in constant motion and updates rapidly, effectively causing more disparity between separate frames. For this very reason, users who perform activities that demand a significantly and dynamically updating screen will benefit the most from a 500Hz monitor. 

(Most frames do not significantly change) (source: TrevorTrac)

(Most frames do significantly change) (Source: MP1st)

Additionally, fully utilizing a 500Hz monitor requires a video game to consistently run at or above 500fps(frames per second). And running these applications at such high framerates requires a higher-end system.

Furthermore, even the most powerful hardware can only run a handful of games above the 500fps threshold. Most titles that consumers play are recent releases; developers intended these games to run at 60fps on upper-middle level consumer hardware. Despite this, there are a few exceptions that can run at 500fps with reasonable settings. Video games such as Valorant, Minecraft, and older first-person shooters are among the select few which can fully utilize a 500Hz monitor.

The improvement from 360Hz to 500Hz is not nearly as significant as past generational leaps. But there still exists a niche userbase for whom 500Hz monitors tangibly benefit: users whose games 1) frequently and significantly update most of their screen and 2) can consistently run at or above 500fps on their system.

Is Your Phone Really Listening, or is it just Smart Advertising?

Have you ever had that eerie feeling that your phone is listening to your conversations? Has it ever happened that you’re making ice skating plans with your friends, and the moment you open Instagram, your eyes lay upon an ice skating ad? It has happened to me, and I’m sure I’m not alone. But amidst the bewilderment, the question lingers: Is our phone genuinely listening to us, or is it all just a series of bizarre coincidences?

Although Apple claims that it doesn’t listen to users, voice assistants such as Siri and Alexa listen for wake-up words such as “Hey Siri” and “Alexa” and record the user’s speech, contributing to the creation of a user’s profile for targeted advertisements. A user’s profile includes their demographics, browsing history, online purchases, social media interactions, app usage, and much more. Additionally, Ad networks buy data from many sources and track a user’s online activity. They seem to know everything about us – our age, gender, likes, dislikes, location, hobbies, and even the time we spend on different websites. Through the data from the profile and algorithms, advertisers effectively target specific audiences for their ads. Now sometimes the ad isn’t completely in line with the user’s preferences, but there is a process that involves customization to make the ad as precise as possible with the user’s interests. 

I mentioned that Apple claims that it doesn’t listen to users; however, that statement is contradicted by a report that revealed how Siri can “sometimes be mistakenly activated and record private matters,” raising privacy concerns. For the most part, the data gathered by advertisers is used anonymously to respect privacy, but it’s essential to read the terms and conditions before agreeing to them. 

Because of these specific ads, one gets the impression that their phone is actively listening to them 24/7, but it’s mostly due to the role of data collection and network algorithms. Sometimes confirmation bias – the tendency of individuals to support information that aligns with their opinions and ignore information that does not – plays a role here. For example, if you’re talking about chocolate ice cream and receive an ad about it, you’ll instantly think you’re phone has been listening to you all this time, but other times when you get an ad unrelated to your conversation, you disregard it or don’t notice it.

In conclusion, while your phone does listen to you, it does through voice assistants and mostly in harmless ways. So the next time you experience the ice skating situation, you’ll know the reasons behind it.

Kevin Ku Unsplash

The AI Paradox: Enhancing Cybersecurity while Raising Concerns

In today’s interconnected and digitized world, numerous cybersecurity attacks such as malware attacks, phishing attacks, and data breaches occur, increasing the demand for cybersecurity professionals and advanced technologies such as Artificial Intelligence. However, AI acts as a defender and as a challenger to cybersecurity. 

Cybersecurity involves analyzing patterns from massive amounts of data to protect systems and networks from digital attacks and identify threats. The traditional approach relied heavily on signature-based detection systems, which were effective against known threats but incapable of detecting new or unknown threats, resulting in frequent cybersecurity attacks. However, AI-based solutions use machine learning algorithms that are trained using vast amounts of historical and current data to detect and respond to unknown and new threats. According to Jon Olstik’s Artificial Intelligence and Cybersecurity, approximately “27 percent” of security professionals in 2018 wanted to use AI for “improving operations, prioritizing the right incidents, and even automating remediation tasks,” implying that the reasons for AI in cybersecurity continue to increase over time.

However, there’s another side to AI’s role in cybersecurity, and it’s more dangerous than beneficial. While it may appear that AI systems are unlikely to be hacked, this is not the case because hackers can manipulate these systems. As previously said, AI solutions employ machine learning algorithms to detect threats; nevertheless, a fundamental flaw is that vulnerability is that these models are fully dependent on the dataset. A poisoning attack occurs when an attacker modifies the dataset to fulfill their malicious goals, forcing the model to learn from the modified data and leading to more attacks. 

As these rising concerns and vulnerabilities, AI-based solutions will need to be not only fast, but also safe and risk-free. AI and Cybersecurity share a complex relationship and it’s safe to conclude that Artificial Intelligence will continue to play a paradoxical yet essential role in the growing field of cybersecurity.

  • Comiter, Marcus, et al. “Attacking Artificial Intelligence: AI’s Security Vulnerability and What Policymakers Can Do About It.” Belfer Center, August 2019, https://www.belfercenter.org/publication/AttackingAI#toc-3-0-0. Accessed 7 July 2023.
  • Moisset, Sonya. “How Security Analysts Can Use AI in Cybersecurity.” freeCodeCamp, 24 May 2023, https://www.freecodecamp.org/news/how-to-use-artificial-intelligence-in -cybersecurity/. Accessed 7 July 2023.
  • Oltsik, Jon. “Artificial intelligence and cybersecurity: The real deal.” CSO Online, 25 January 2018, https://www.csoonline.com/article/564385/artificial-intelligence-and -cybersecurity-the-re al-deal.html. Accessed 7 July 2023.