Only four years into the decade, the world has experienced a few unprecedented events, some are good like the ChatGPT and advancement of AI, and some are not so like the first ever pandemic that killed millions of people and threw the world into chaos from which we are still recovering. For the rest of the decade, what could be the next black swan that could throw the world again into chaos?
The Next Black Swan
After the previously unthinkable events like pandemic and California swing from severe drought to widespread flooding within two years, we think breaking of AES-256 encryption not only qualifies but is worth paying close attention to.
The advancement of quantum computing technology is on the verge of a breakthrough: Google had made progress in the error-correction front and IBM came out with an 1121 Qubit processor, inch closer to the threshold that would be powerful enough to break the public key encryption. Federal government has felt the urgency and started the search for a post-quantum asymmetric encryption algorithm. This year, Apple has implemented one of the candidate algorithms into its iPhone in the latest release.
For those who may not know, quantum computing was inspired largely by the promises of Shor’s algorithm to break the RSA, a public key cryptographic algorithm widely used for digital signature and encryption and has played the role of the guardian of data privacy for the Internet.
Peter Shor published his name sake algorithm three decades ago that is designed to run on quantum computers that didn’t exist at the time. The potential utility of the algorithm has since spiked the development of quantum computers. To this day, Shor’s algorithm remains one of the few known quantum algorithms with compelling potential applications using a quantum computer. It is fair to say that breaking cryptographic algorithms, RSA in particular, remains to be the target and inspiration (ironically) of the quantum technology.
It is not disputed that AES using a 256-bit key is safe from quantum computers, based on the assessment using Grove’s algorithm. However, the almost three decades old quantum searching algorithm is an adaptation of the classic algorithm with improved parallelism. Some researchers have tried to improve Grove’s with other known attacks. Although the safety margin remains comfortable even with the latest research.
But that will not prevent someone from developing a completely new way to attack AES with a powerful quantum computer in the next few years. After all, we have hardly harvested the power of quantum computing. This would be a black swan if it happens
The Worst Part? We Are Not Prepared!
Successful attacks on cryptographic algorithms don’t necessarily become consequential events, if the society is given sufficient lead time to prepare. The DES and triple-DES were broken a few years ago and were replaced with AES. The break of RSA is anticipated to happen before the end of this decade, if not sooner. What makes a successful attack on AES a black swan are the facts that AES-256 is becoming the foundation of cyber security and we are not prepared for it to be broken at all.
The federal government started the search for a RSA replacement algorithm a few years ago as quantum computers advance fast. Companies have started migrating towards post RSA algorithms, even though it may take another four to five years before the emergence of quantum computers powerful enough for a successful attack on RSA.
What makes the attack on AES difficult to predict is the fact that research today is done on simulators, but it is changing fast as more quantum computers, although weak with few Qubits, become available commercially. That set up for a potentially explosive growth of knowledge to take full advantage of quantum computers, following a familiar path that we have witnessed in the development of AI that leads to the ChatGPT: breakthroughs happen within ten years after sufficient hardware support.
It would surprise no one if research on vulnerabilities of AES becomes popular and one may eventually succeed, as quantum computers become more available and powerful.
Why Successful Attacks on AES Can Bring Devastating Consequences
ChatGPT surprised almost everyone after a decade long of accelerated development by many technology power houses and caused a small panic to some who worried the machine may soon take over.
A successful attack on AES-256, even if it could be so expansive that only a handful of nation states can afford, will certainly send everyone into panic mode.
Because every file that is worth protecting today is encrypted with AES-256, the governments and businesses will have to protect their data with extreme measures but still have to make the files available to keep the doors open. Coupled with the inability to stop data breaches, it would be very difficult to balance the need for data security and access.
Making things worse is the fact that one AES key is often used to protect a large number of files, which makes such attacks economical and financially feasible even if the attack may require enormous resources to do.
On the other hand, it would be very tricky to migrate data in such a large volume into a new algorithm, a process that has not been done before and normally would take years.
Let Talk About It Now and Be Prepared
There is no denial this is a small probability event. But given its unparalleled consequences, it may well be worth it for the leaders to start talking about it and seeking possible solutions that could reduce the impact if not eliminate it.
The absolute worst thing is to pretend it will never happen and kick the can down the road.