Cryptography Risks & Issues, Mitigating Actions and Consequences of getting it wrong

Cryptography is used everywhere, in fact its estimated that there are over a quintillion cryptographic events a day.  That’s 1,000,000,000,000,000,000 encryption & decryption events, secret key exchanges, authentication & identity checks, signature generations & verifications, file & message integrity checks and password creation & validation events (amongst others) that happen continuously and pervasively.  This happens across all kinds of devices, websites, platforms & applications to deliver a myriad of use cases to enable our modern way of living & working, so we can protect our data & assets and manage our privacy.

To put that in perspective, that’s 11,574,074,074,074 cryptography events every second, every minute of every day, and this number is growing exponentially as our thirst for data increases. 

Some would say that Cryptography is the most pervasive and important foundational technology in use today…supporting all digital events we take for granted.

With the rise of Quantum & AI compute, the likelihood that current and proposed cryptography will be compromised is increasing, so in this blog we discuss efforts in the industry to mitigate these risks.  We also discuss the impact that any cryptographic compromise would have on our way of living.  

We explore that given the consequences of future cryptographic compromises, why and how we should raise the bar of what we expect cryptographic standards to deliver – to a gold standard.  We explore why Practical secrecy is “not good enough” when mitigating these risks and we propose an alternative that mitigates current and future cryptographic risks to achieve both “perfect & ideal secrecy” as defined by Claude Shannon.  

The rationale for this is clear – we must not “Compromise on Cryptography”.   

To start, let’s explore the difference between a risk and an issue, and why this should be approached differently for Cryptography. 

What’s the difference between a risk and an Issue? 

A risk is a potential event that could cause harm or loss if it materializes, whereas an issue is an event that has already occurred and needs immediate attention to resolve its impact. In the context of cryptography, identifying and managing risks is crucial to prevent them from turning into issues that could compromise data security and integrity. 

What Cryptographic Risks do we face? 

Cryptographic risks include the potential for existing standards to be broken or new vulnerabilities to be discovered. We argue that these risks are currently not being mitigated, rather the industry is purely assessing these risks through ongoing research, development, failing to implement a robust set of measures to protect against potential threats and reduce / eliminate the risks. 

Risks are typically categorised based on their likelihood of occurrence versus the impact of occurrence, something we shall explore further in this blog post, alongside how current issues are mitigated to provide the illusion of security. 

When does a Cryptographic Risk become an issue? 

A cryptographic risk become an issue when the risk moves from being a theoretical possibility to an actual vulnerability that can be exploited. This shift can occur due to advancements in computational power, the discovery of new algorithms or attack methods, or the implementation of flawed cryptographic systems. 

The dichotomy we have is that given we are unable to completely verify the integrity of existing cryptographic standards based on Practical Secrecy (this is true of current classical cryptography i.e., RSA, ECC etc., alongside new NIST PQC proposed standards i.e., Kyber, Dilithium etc), then should we treat all risks as issues?   

Some would say that if the probability of an occurrence is sufficiently low that this is sufficient mitigation and measures such as increasing mathematical complexity of a problem are a sufficient response.  

We don’t!   

Claude Shannon specifically warned that when using practical systems, it is not enough that a fast solution to the problem is not known – one must be sure that a fast solution does not exist. 

This is driven by the truism that if a standard was broken, it’s unlikely to become an issue immediately, as any adversary would likely keep it quiet to leverage any resultant benefit. Therefore, we should assume that all Cryptography based on Practical Secrecy is compromised and marked as an issue, not just marked as a risk.  

So, what Cryptographic Issues do we have? 

Cryptographic issues are of paramount concern in today’s digital landscape, where the integrity and security of data are constantly under threat. Among the known cryptographic issues, several stand out due to their significant implications: 

1. Weak Encryption Algorithms: Some cryptographic algorithms, once considered secure, have become vulnerable due to advances in computational power and cryptanalysis techniques. Examples include older versions of RSA with small key sizes, DES, and MD5.  Use of cryptographic primitives based on Practical Secrecy (RSA, ECC, Kyber, Dilithium etc) in general suffer from the flaw of being secure until proven insecure i.e., assume that there is no known fast solution.  This is at odds with security systems that provide Information Theoretic Security that don’t suffer from this issue. 
2. Implementation Flaws: Even robust cryptographic algorithms can be compromised if not implemented correctly. Issues such as side-channel attacks, where an attacker exploits information gained from the physical implementation of the algorithm, fall into this category. 
3. Quantum Computing Threats: The advent of quantum computing poses a significant risk to classical cryptographic algorithms. Quantum computers have the potential to break widely used algorithms like RSA and ECC, necessitating the development of post-quantum cryptography. 
4. AI Compute Threats: AI has been employed by military cryptanalysts for over 30 years and is now becoming more prevalent in day-to-day life and as artificial intelligence continues to advance, it brings with it a host of new security challenges. AI systems can analyse vast amounts of data at unprecedented speeds, which can be both a benefit and a potential risk. Malicious actors can exploit AI to enhance their cyber-attacks, creating more sophisticated and harder-to-detect intrusions. Additionally, AI algorithms themselves can be vulnerable to adversarial attacks, where input data is intentionally manipulated to deceive the system, leading to incorrect outputs or decisions. These threats necessitate the development of robust AI security measures to safeguard against potential misuse and vulnerabilities.
5. Random Number Generation: Cryptographic systems rely heavily on random numbers for key generation and other processes. Poorly implemented random number generators can lead to predictable outcomes, making systems vulnerable to attacks.
6. Backdoors: Intentionally or unintentionally inserted backdoors in cryptographic systems can provide attackers with hidden access. These backdoors can be extremely difficult to detect and can undermine the security of the entire system.
7. Protocol Vulnerabilities: Cryptographic protocols, which define how algorithms are used to secure communications, can have vulnerabilities. Examples include the POODLE attack on SSL 3.0 and the BEAST attack on TLS 1.0. 

So What?  What happens when a Cryptography primitive is compromised – Impact of Occurrence? 

Cryptography is a vital and foundational enabling technology that ensures the security and functionality of many applications and services in our modern digital world.  Without cryptography, the world would be a very different and dangerous place, where communication, commerce, and security would be severely compromised and threatened.  

Cryptography is not only a scientific and technical challenge, but also a social and ethical responsibility, that requires constant research, development, and innovation to protect the information and interests of individuals, organizations, and nations. 

Some possible consequences if cryptography failed are as follows: 

• E-commerce and online shopping would all fail – as they depend on cryptography to secure the transactions, payments and delivery of goods and services. Consumers and merchants would lose their confidence, convenience, and choice, and face the risk of fraud, scams & disputes. 

• Biometric and facial recognition would be unreliable – they use cryptography to verify and authenticate the identity and access of individuals based on their physical and behavioural traits. Users and providers of biometric and facial recognition would lose their security, privacy & convenience, and face the risk of impersonation, spoofing, and abuse.   

• Digital signatures and certificates would be invalid – they use cryptography to ensure the authenticity, integrity, and non-repudiation of electronic documents and messages. Users and providers of digital signatures and certificates would lose their legal, professional, and personal validity, and face the risk of forgery, tampering, and denial. 

• Passwords and PINs would be useless – as they use cryptography to protect the access and authorization of users and devices to various systems and accounts. Users and providers of passwords and PINs would lose their security, privacy, and ease of use, and face the risk of hacking, phishing, and brute force attacks. 

• Internet and communication would collapse – the internet relies on cryptography to ensure the integrity, confidentiality, and availability of data and services. Websites, email, social media, cloud computing, and online platforms would be compromised, and users would lose access to information, entertainment, and education and all apps / applications used daily, including communications & social media. 

• Banks and financial institutions would fail – they rely on cryptography to secure transactions, accounts, and communication. Fraud, theft & corruption would be rampant, and trust in the financial system would collapse, leading to a “run” on banks with people losing all savings. 

• Cryptocurrencies and blockchain would become obsolete – they are based on cryptography to create and verify transactions and records. Bitcoin, Ethereum, and other digital currencies and platforms would lose their value, functionality, and security, and investors and users would lose their assets, investment and opportunities. 

• Privacy and human rights would be violated – the absence of cryptography would enable mass surveillance, censorship, and oppression. Individuals would have no control over their personal data, online activity, and communication, and authoritarian regimes could exploit this to suppress dissent, activism, and freedom. 

• Healthcare & public health would not be able to function – the failure of cryptography would endanger the security and reliability of medical records, devices, and research. Patients would face the risk of identity theft, medical errors, and cyberattacks, and diseases and pandemics would be harder to prevent, diagnose, and treat. 

• Critical infrastructure and public services would be disrupted – as the breakdown of cryptography would affect the functioning and safety of safety systems, power grids, water systems, transportation networks, and emergency response.  

• Education and research would decline – the lack of cryptography would hamper the development and dissemination of knowledge and innovation. Academic institutions, libraries, and laboratories would lose their credibility, resources, and collaboration, and students and researchers would face the challenges of plagiarism, espionage & sabotage. 

• Cloud computing and storage would be compromised – they rely on cryptography to protect the data and services hosted on remote servers and networks. Users and providers of cloud computing and storage would face the risk of data loss, theft, and manipulation, and lose the benefits of scalability, efficiency, and cost-effectiveness.  All applications, SaaS, PaaS services as we know them would cease to exist. 

• Passports and travel would be jeopardized – passports use cryptography to store the personal and biometric information of travellers and to prevent counterfeiting and duplication. Travelers & authorities would lose their trust, safety, and efficiency, and face the risk of identity theft, illegal immigration & terrorism. Free movement across borders would be restricted or impossible, as countries would have no reliable way to verify the identity & eligibility of visitors. International trade, tourism & diplomacy would all suffer. 

• Artificial intelligence and machine learning would be hindered – they use cryptography to enhance the performance, privacy, and robustness of data & models. Algorithms, applications, and systems that employ artificial intelligence & machine learning would be exposed to adversarial attacks, bias & errors, and lose their accuracy, reliability, and utility. 

• Smart contracts and decentralized applications would be defunct – they use cryptography to execute and enforce the terms & conditions of agreements and programs on blockchain networks. Users and providers of smart contracts and decentralized applications would lose functionality, and face the risk of bugs, breaches, and disputes. 

• Widespread crime and cyberattacks would occur – criminals and hackers could exploit the lack of encryption and authentication to access sensitive data, systems, and networks. Identity theft, blackmail, extortion, and sabotage would be common threats. 

• Governments would not be able to function – they depend on cryptography to protect classified information, diplomatic communication, and national security. State secrets, political scandals, and military strategies would be exposed, and foreign adversaries could interfere with elections, policies, and operations. 

• Countries & democracies would collapse – the loss of cryptography would undermine the legitimacy, stability, and accountability of political systems and institutions. Elections, laws, and policies would be vulnerable to manipulation, corruption, and interference, and citizens would lose their rights, representation, and participation. 

• Economies would fail – the disruption of cryptography would affect global trade, commerce, and innovation. Businesses would lose their competitive edge, intellectual property, and customer base, and markets would crash due to uncertainty and instability. 

• Social unrest and chaos would ensue – the consequences of cryptography failure would erode the trust, order, and cohesion of society. People would lose their faith in institutions, authorities, and each other, and resort to violence, anarchy, and extremism. 

• Wars would start and countries would be unable to communicate in a trusted way – the breakdown of cryptography would escalate geopolitical tensions and conflicts. Nuclear codes, missile defence systems, and military satellites would be vulnerable to attack, and cyber-warfare would become a major weapon of mass destruction. 

In summary, Cryptography is of vital importance to the safe functioning of our world, therefore it is of vital importance that we utilise and select the correct cryptography primitives in a Post Quantum Compute and AI Compute world. Primitives that attain to the highest cryptographic principles – Perfect & Ideal Secrecy.  

Likelihood of Cryptography being compromised 

If we now understand that the Impacts of a Cryptographic Issue occurring (a cryptographic primitive is compromised) could affect humanity as we know it, it’s useful to understand the Likelihood of that “event” Occurring across the cryptographic threats as we currently understand them. 

This is good risk management.  

The following table explores the Likelihood of Occurrence for existing cryptographic primitives across the areas discussed previously are high for classical cryptography, as well as newly introduced NIST PQC Cryptography.   

So, let’s recap and get this straight. 

After 50 years of Cryptographic effort, and a further 8 to 10 years on PQC NIST standardisation, we see the following:  

Impact of Occurrence = VERY HIGH 

Likelihood of Occurrence = VERY HIGH 

If you were a CISO, CIO or CTO or a Risk Manager, Programme or Project Manager, every single dashboard or RAG status you were managing would be flashing red.   

So, what’s happening in the industry to try and mitigate these issues?   

How is the industry attempting to mitigate current Cryptographic issues? 

The industry has several strategies to attempt to mitigate current cryptographic issues as outlined in the bullets below and explored in the next sections in more detail: 

• NIST PQC for Asymmetric primitives – to mitigate issue related to Shor’s Quantum algorithm 

• Extending key length for Classical Symmetric primitives i.e. AES-256 – to mitigate issue related to Grovers Quantum algorithm 

• Crypto agility to support switching easily between primitives – to mitigate no proof that any current or future primitives based on Practical Secrecy are not already compromised 

• Evaluating additional cryptographic primitives – to mitigate all the above issues that are all still in play leaving the likelihood occurrence high to very high.   

The fallacy of this approach is that it does not actually mitigate any of the risks to an acceptable level, it only provides alternatives i.e., Kyber removes the issue surrounding Shor’s Quantum algorithm, but does provide any scientific evidence that a fast Quantum solution does not exist i.e., Kyber assumes security until proven otherwise.   

Any real mitigating action would see the likelihood of occurrence drop from High, to Medium or Low, given the challenge previously discussed around any cryptographic compromise remaining hidden for an extensive period.  These actions do not achieve this. 

NIST PQC Standards 

The rapid advancement of quantum computing presents a significant threat to the current cryptographic systems that protect our digital communications. Classical cryptographic algorithms, such as RSA and ECC, rely on the computational difficulty of tasks like integer factorization and discrete logarithms, which quantum computers can solve exponentially faster using Shor’s algorithm. This potential capability of quantum computers could render current encryption schemes obsolete, exposing sensitive data to unprecedented risks. 

In response to this looming threat, the National Institute of Standards and Technology (NIST) initiated the development of post-quantum cryptography (PQC) standards. These standards aim to create cryptographic methods that are resistant to quantum attacks and provide Practical Secrecy.  

NIST have focused on identifying a solution for Post Quantum encryption since 2016, initiating a competition, more details of which can be found here – https://csrc.nist.gov/projects/post-quantum-cryptography.  In summary, we see the following: 

• NIST Took submissions for new post quantum cryptography schemes, but they are only required to provide Practical Secrecy, not Perfect or Ideal Secrecy, lowering the cryptographic bar. 

• 3 of the 4 finalists are Lattice based, BUT these are vulnerable to Quantum & AI adversaries, to the extent that in 2022, more submissions were requested by NIST for PQC consideration by June 2023 – in case of compromise of Lattice schemes.  All other submissions to PQC have so far been compromised over the 8-year submission period. 

• NIST submitted schemes are owned by the US Government. 

• NIST are only focused on Quantum Compute and have not considered the impact that AI + Compute will have on cryptography schemes that are adopted, and adversaries that is an AI. 

Calls for additional algorithms are still ongoing. 

Extending key length for Classical Symmetric primitives i.e. AES-256  

To mitigate issue related to Grovers Quantum algorithm.  There is no other viable mitigating action that is being explored by the industry.   

Cryptographic agility to support switching easily between primitives 

To mitigate no proof that any current or future primitives based on practical secrecy are not already compromised, the industry has created the term Cryptographic agility. 

Cryptographic agility refers to the capability of a cryptographic system to switch between different cryptographic primitives without significant impact on the system’s overall functionality. This concept is crucial in maintaining the security and integrity of data, particularly as advancements in computational power and cryptographic analysis continue to evolve. 

The Necessity of Cryptographic Agility 

Cryptographic primitives, including those standardized by the National Institute of Standards and Technology (NIST) for post-quantum cryptography (PQC) and classical cryptography, are based on Practical Secrecy or mathematical complexity. However, it is widely accepted that these algorithms will be broken due to advancements in computational capabilities or the discovery of new cryptographic attacks. Therefore, designing systems with cryptographic agility allows for the timely replacement or upgrading of algorithms to maintain security standards. 

Quantum computing represents a significant threat to current cryptographic methods, particularly those relying on factorization or discrete logarithm problems. Cryptographic agility ensures that systems can transition to quantum-resistant algorithms as they become available, thereby safeguarding data against future quantum attacks. 

Different ways of providing cryptographic agility are explored below 

• Message Signature – are pivotal in ensuring the authenticity and integrity of a message. Cryptographic agility allows systems to adapt to newer and more secure signature algorithms as older ones become vulnerable. For instance, transitioning from RSA to elliptic curve signatures can provide enhanced security with lower computational overhead. 

• Variations in Key Length Size – Key length size is a critical parameter in the security of cryptographic algorithms. Longer keys generally offer more security but at the cost of increased computational resources. Cryptographic agility enables systems to adjust key lengths dynamically in response to emerging threats or computational advancements. For example, moving from a 2048-bit RSA key to a 4096-bit key can significantly enhance security without redesigning the entire cryptographic framework. 

• Algorithmic Flexibility – the ability to support multiple cryptographic algorithms, such as symmetric and asymmetric encryption, ensures that a system can adapt to various security needs and attack vectors. This flexibility is essential for maintaining robust security across diverse applications and environments. 

• Compatibility and Interoperability – Cryptographic agility also involves ensuring compatibility with existing systems and protocols. This factor is crucial for seamless integration and transition between different cryptographic methods without disrupting service or compromising security. 

Evaluating additional cryptographic primitives 

To mitigate all the above issues that are all still “active”, there are additional calls by NIST to review additional cryptographic primitives.  Unfortunately, the standard requested is Practical Secrecy, which means that the Likelihood of Occurrence remains high to very high.   

Are there any Cryptographic issues not being addressed? 

The following Cryptographic Issues are still not being adequately addressed by the wider industry in general: 

• Cryptographic Bar is too low – we should only accept Perfect or Ideal Secrecy to raise the Cryptographic bar to adequately mitigate issues.   

• Quantum Compute Threat – 3 of the 4 methods approved by NIST are based on Lattice schemes, that are vulnerable to Quantum compute threats 

• AI Compute Threat – there is no industry wide understanding or mitigating actions to target the AI Computing threat (or indeed the Quantum + AI compute threat)  

• No Objective way of measuring Cryptographic strength – current cryptographic strength is measured using a pre-war measure of relative number of bits in key.  This does not consider any of Shannon’s laws defined in his papers to consider entropy depletion. 

 Given this, the next section of the blog considers an alternative the industry should consider which is a new field of Cryptography based on equivocation augmentation from Incrypteon. 

Is there an alternative the industry should adopt? 

Our previous blog post here discussed the differences between Practical, Perfect and Ideal Secrecy.  We discussed 3 cryptographic primitives that provide Perfect Secrecy (and Ideal Secrecy in some cases) and these are the One Time Pad, Quantum Key Distribution and Equivocation Augmentation (from Incrypteon).   

In this section, we cover how the benefits of the Incrypteon truly mitigate all current Cryptographic risks to lower the Likelihood of Occurrence to LOW. 

The real underlying issue here is that we are NOT adopting the highest Cryptographic standards with a no Compromise Cryptographic vision for the future, this is something that we at Incrypteon feel very strongly about. 

Rather than temporarily mitigating these risks, why not mitigate them permanently with Incrypteon that achieves Perfect & Ideal Secrecy using Information Theoretically secure cryptography.   

The table below shows how the issues are mitigated with Incrypteon using Perpetual Equivocation and Entropy Augmentation to provide a true solution in the market!

With Incrypteon, we see the following: 

Impact of Occurrence = VERY HIGH 

Likelihood of Occurrence = LOW 

If you were a Programme or Project Manager right now, every single RAG status you were managing would be Green.  Everyone is happy, even the CISO.    

Conclusion 

At Incrypteon, we strongly believe that the industry should adopt the highest cryptographic principles, delivering no Compromise Cryptography. 

At Incrypteon, we intend to democratise the gold standard of Encryption, based on Information Theoretic secure cryptography. 

Only by doing this can you truly mitigate the Cryptographic issues we have, setting the Likelihood of Occurrence back to LOW.  We need to have an Objective way of measuring cryptographic strength to truly understand how secure a cryptographic primitive is – even when as assailant has unlimited compute and time as defined by Shannon. 

The Impact of Occurrence is too high – humanity as we know it.  We need to act NOW! 

Please check out our Incrypteon White papers to find out more.