Skip to main content

Currently Skimming:

4 Drivers
Pages 40-80

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 40...
... SCIENTIFIC ADVANCES DRIVERS: DISRUPTIVE VERSUS PREDICTABLE Scientific Advances deals with the emergence of new theoretical breakthroughs or significant technologies that impact cryptography. The creation of a large-scale fault-tolerant quantum computer would be one such advance, but new mathematical attacks on asymmetric encryption, advances that enable efficient computation on encrypted data, and technologies that use quantum properties for encryption also fall into this category.
From page 41...
... The endpoints of the Scientific Advances driver are "predictable" at one extreme, and "disruptive" at the other. "Predictable" scientific advances means that the committee envisions progress to continue at the current pace, with no great surprises to researchers working in the field.
From page 42...
... Lauter, 2017, "Quantum Resource Estimates for Computing Elliptic Curve Discrete Loga rithms," Cryptology ePrint Archive, https://eprint.iacr.org/2017/598.
From page 43...
... Such a commercial application of NISQ computers would likely not be related to cryptography or security at all: machine learning or chemistry simulations are probably more lucrative and of broader interest. However, a virtuous cycle that defines a path to commercially relevant quantum computing at scale would likely bring about improvements speeding cryptographically relevant quantum computers as a side effect.
From page 44...
... An improvement in the algorithms that are the best classical cryptanalysis of elliptic curve discrete logarithm would be similarly impactful: the security of 256-bit curves could be threatened by any algorithm that improves upon the current algorithms for elliptic curves. Such an improvement would be more surprising than an improvement for factoring or finite-field discrete logarithm given the existing lack of progress in this area.
From page 45...
... (See Chapter 2 for more details.) Predictable At a predictable rate of scientific advances, within the decade the committee would expect to see increased confidence in the resistance to classical and quantum cryptanalysis of these schemes, and better optimizations and instruction-level support in major central processing units (CPUs)
From page 46...
... Wang, and C Weng, 2021, "Constant-Overhead Zero-Knowledge for RAM Programs," Cryptology ePrint Archive, https://eprint.iacr.org/2021/979.
From page 47...
... is currently in the process of selecting lightweight cryptographic algorithms for standardization.20 Predictable There are already a number of candidate lightweight cryptographic algorithms proposed to NIST for standardization. Predictable scientific advances in this area would include successful conclusion of the NIST activity and 15  E
From page 48...
... Disruptive A disruptive scientific advance in this area might include a catastrophic break of an algorithm after its standardization and large-scale deployment. Standards for Cryptography A number of different international and national organizations publish standards and recommendations for cryptographic algorithms and protocols.
From page 49...
... An alternative to software-based cryptographic program obfuscation is to use hardware security mechanisms to protect the execution of sensitive programs. Examples of such hardware mechanisms in use today include Apple's Secure Enclave technology and trusted execution environments like Intel's SGX.22,23 The current state of the art is that there is a cat-and-mouse game between security researchers and hardware developers to discover methods to circumvent these mechanisms and patch the flaws.24 The predictable course of development in this area is that secure hardware technology will steadily improve over time through this process, and hardware-enforced security will become even more practical and widely used.
From page 50...
... A fundamental breakthrough or series of breakthroughs would be needed to make a provably secure program obfuscation scheme based on well-accepted hardness assumptions practical; such a fortuitous series of developments happening within 10 to 20 years would be unexpected. Cryptocurrencies Predictable The level of interest and funding around cryptocurrencies has already begun to spur scientific development of related technologies, including consensus protocols, short zero-knowledge proofs, advanced digital signatures, time-lock puzzles, cryptographic protocols, and verifiable computation.
From page 51...
... There are numerous other potential applications of cryptography that could be developed to the point of practicality, including privacy-preserving collection and search methods for law enforcement and intelligence, cryptographically verified supply chains, cryptographically verified voting receipts,25 or using the cryptographic techniques described above to allow privacy-preserving data sharing in business contexts.26 Predictable Other applications of cryptography that were predicted by the "cypherpunks" and other enthusiasts and have since seen real-world use include anonymized web browsing, hidden services and the "dark web," dark markets, prediction markets, steganographic techniques, and ubiquitous end-to-end encrypted messaging.27 A predictable rate of scientific advances would see incremental improvements to the efficiency and usability of these technologies by non-experts that would enable more widespread deployment. These new applications can have powerful effects, often simultaneously for good and bad, with controversy attached.
From page 52...
... Cryptographic tools for computing on encrypted data like homomorphic encryption and multiparty computation can be used to train machine learning models on encrypted data, or to encrypt the models themselves.28 In applied security research, there has been significant recent work on adversarial machine learning, including attacks that fool machine learning models into making incorrect choices, or invert machine learning models to learn sensitive information about training data. Machine learning has been used in applied security applications, such as in anomaly detection for network data.
From page 53...
... Dramatic advances in the ability of AI systems to write or analyze code, or to test systems, could make a mature systems future much more likely, by making it economically feasible to generate new and more reliable systems, or to find the flaws in existing systems. SOCIETY AND GOVERNANCE DRIVER: GLOBALIZATION VERSUS FRAGMENTATION Figure 4.2 defines what is meant by the Society and Governance driver, and how a future would look if it existed at either extreme.
From page 54...
... Given that many of the concepts favoring globalization are straightforward and easily apprehended, the committee's discussion starts with those concepts, and then separately considers fragmenting forces. 30  National Intelligence Council, 2021, Global Trends 2040: A More Contested World, Office of the Director of National Intelligence, March, https://www.dni.gov/index.php/gt2040-home, accessed October 21, 2021.
From page 55...
... Moreover, many countries have not stopped encrypted communications at their borders -- the Internet grew to its current scale without most national governments governing the technical workings of Internet traffic that transits, originates, or terminates in a particular nation. In addition, multiple telecommunication modes such as voice, video, data, and text messaging are highly interconnected, providing users additional channels for cross-border communication.
From page 56...
... In particular, as it relates to encryption, the "Five Eyes" intelligence sharing arrangement of English-speaking nations (i.e., the United States, the United Kingdom, Canada, Australia, and New Zealand) , and their corresponding coordination in law enforcement, are also drivers toward greater emphasis on common approaches to encryption and intelligence collection generally.
From page 57...
... Regulation In their most benign manifestation, these anti-globalization forces take the form of national regulations to promote online competition, enhance cybersecurity, curtail hate speech, and protect citizens' data privacy. The result can be a multiplicity of complex regulatory schemes that vary from nation to nation, which offset the predisposition of the multinational corporations that control the major online platforms (such as marketplaces, search engines, social media, payment systems)
From page 58...
... and a corresponding growth in the use of encrypted communications (both to avoid government surveillance and in response to general privacy and security concerns)
From page 59...
... (See Box 4.3 for a further discussion of exceptional access and metadata.) Economic and Security Concerns Nations worry about not only content control but also perceived invidious economic advantages relative to other nations and their own national security risks arising from technology.
From page 60...
... If there is a low level of government regulation of cryptocurrencies, then many payments will be difficult or impossible to track by intelligence agencies or government agencies generally. Scientific advances might disable a particular cryptocurrency, but as long as cryptography works at all there will be ways to use it for payments that may be difficult or impossible to track.
From page 61...
... Early examples of government limits on cryptocurrencies include China's 2021 ban on Bitcoin and Japan's prohibition on use of anonymous cryptocurrencies. This high level of government regulation could help combat crime but may also be accompanied by expanded government surveillance generally of financial activity.
From page 62...
... substantive communications content requirements enabled by technological distinctions at national levels, including, for example, banning or discouraging end-to-end encryption (so as to permit government surveillance) , or mandating a variety of governmental access to otherwise encrypted communications (perhaps through required turnover of encryption keys to authorities or insisting on the use of specified encryption schemes)
From page 63...
... Widespread adoption of international consensus standards for encryption, as discussed in the context of the Scientific Advances driver above, also facilitates global communications. Encryption standards used in numerous countries are the basis of secure communications across international boundaries.
From page 64...
... BOX 4.3 Going Dark, Exceptional Access, and Communications Metadata Going Dark In response to increasing concerns of law enforcement agencies about the growing use of encryption by end consumers, the U.S. government in the early 1990s advocated the "Clipper" chip, an encryption device to be installed in telephones to support encrypted voice services but with the encryption keys held (escrowed)
From page 65...
... The second situation arises where law enforcement or intelligence agencies seek access to com munications accessible outside of the device. The issues relating to government access vary depending on whether the service has access to plaintext, or whether instead there is end-to-end encryption.
From page 66...
... Whether law enforcement access to metadata is a sufficient substitute for access to the plaintext underlying encrypted information is a topic of ongoing debate that this committee is not charged with resolving. Additionally, there are cryptographic methods that may be employed to minimize the metadata re vealed by network communications.
From page 67...
... Historically, cryptographic algorithms were severely constrained by the limited computational complexity that was practical during encryption and decryption, and as a result were often breakable. In the 1980s, constraints on computation power started to ease, but export control regulations, the 56-bit key size of the Data Encryption Standard (DES)
From page 68...
... This results in an ongoing "tit-for-tat" dynamic, where offensive efforts try to evade defenses, and defensive efforts try to mitigate attacks. While some kinds of defensive responses can occur quickly, others can take many years because new research is needed, hardware has to be replaced, or the vulnerability arises from upstream components in complex supply chains.
From page 69...
... If markets for technology products or government regulations do not place sufficient value on mature systems (or if customers cannot tell the difference or are unable to switch) , vendors who produce them will fail or be relegated to high-priced niche offerings.
From page 70...
... 42  Seethe agenda, summary, and position papers for the NIST workshop in response to the Executive Order at NIST, 2021, "Workshop and Call for Position Papers on Standards and Guidelines to Enhance Software Supply Chain Security," updated June 11, https://www.nist.gov/itl/ executive-order-improving-nations-cybersecurity/workshop-and-call-position-papers.
From page 71...
... Although proven-correct software requires specialized skills to develop, and far more labor than conventionally developed software, some cryptographic algorithm and protocol implementations are relatively well suited to formal verification. If current progress continues, formally verified high-performance open-source libraries fully implementing protocols such as SSL/TLS (including the cryptographic algorithms, protocol handling, certificate processing, etc.)
From page 72...
... Today, many software teams are transitioning to the Rust programming language, which can guarantee memory safety at compile time. Static Analysis and Fuzzing  Static analysis tools identify potentially vulnerable code patterns in software, while fuzzing tools repeatedly execute software with varying inputs to detect memory safety violations or other misbehavior.
From page 73...
... Discrete devices for tasks such as network encryption, key management, user authentication, and security monitoring would fill a large rack and cost thousands of dollars. Implementing the same logic as isolated on-chip logic blocks adds negligible manufacturing cost -- in addition to providing superior power consumption, convenience, and tighter integration.
From page 74...
... Executive Order 14028 mentioned above is a recent example. But supply chains are complicated, and the problem is a difficult one that plays a significant role in driving systems in a chaotic direction.
From page 75...
... While quantum computers or mathematical advances are important research topics, bugs or operational mistakes in this stack are the biggest source of system insecurity. Exploiting these errors is, and likely will remain, the biggest opportunity for offense, and minimizing them the highest priority for defense and risk management.
From page 76...
... In particular, some of the potential Scientific Advances discussed previously have significant Systems-related aspects that can influence the overall maturity of the products and services that are deployed to end users. Post-Quantum Cryptography Post-quantum cryptography refers to cryptographic algorithms believed to be resistant against adversaries possessing both large-scale quantum computers and classical computers.
From page 77...
... Such a breakthrough would require mitigation efforts that would be more complex than fixing typical software bugs, such as the coordinated deployment of major protocol updates across implementations and services. Side Channels Cryptographic algorithms are defined as mathematical operations.
From page 78...
... Although side-channel vulnerabilities and attacks draw academic and media attention, their real-world impact may be less than that of software vulnerabilities that may be easier to discover and exploit. For example, many side channel vulnerabilities are only practical to exploit if adversaries can run software on the target machine, in which case software bugs are probably easier to exploit.
From page 79...
... The continuing move to connected devices means that it will soon be almost impossible to live a "normal" life without being surrounded by devices with sensors, multiple communication channels (WiFi, 5G, Bluetooth) all built to be cheap, which implies little security, and opaque supply chains.
From page 80...
... equipment as an entry point into the company's network in order to install malware on point-of-sale terminals. As a second example, security vulnerabilities in poorly secured networked smart meters could potentially be escalated to destabilize the entire electrical grid through surges or blackouts.


This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.