Yes, My Tin Foil Hat is On

Were the recent Salt Typhoon attacks a hack-now, decrypt-later strategy?

The Chinese-backed group gained persistent access to telecom networks in the United States, seemingly with access to large amounts of encrypted data. Though they appear to have targeted federal wiretap systems, news reports suggest they had access to miscellaneous Internet traffic as well.

Stolen encrypted traffic could be attacked using a powerful quantum computer in as little as 10-15 years. And by examining metadata related to the connections (such as source/destination info), the masses of data could be prioritised for decryption.

This is wild speculation, of course. Hypocritical even, since I’ve recently denounced inflated media claims about Chinese activities. However, I’m flagging this because it’s a reminder of the need to accelerate the deployment of post-quantum cryptography.

We must assume nation-states are in our global networks, sniffing for interesting traffic. The sooner we can protect that with quantum-resistant technology, the better.

Even if Salt Typhoon isn’t gathering encrypted transmissions, it is a worrying reminder that powerful nations don’t struggle to infiltrate our systems.

Let me know in a reply if you think I’m being paranoid! And a hat-tip to Roy Stephan for planting this question in my head.

P.S. I messed up my LinkedIn scheduling, so this post has already been published. You can join the conversation in the replies.

Is Multi-Party Computation on the Radar?

This interesting paper shows how multi-party computation (MPC) could solve a real-world problem: military radar fingerprinting among allies.

Radar fingerprinting identifies vessels based on the unique characteristics of the radar signal they emit. Tiny imperfections in the radar systems – like oscillator drift, power amplifier characteristics, or antenna configurations – create subtle variations in the transmitted signal.

Each country has a secret fingerprint database based on the vessels they’ve encountered. Allowing full access to this database, even to allied countries, would be challenging due to national security regulations. However, MPC can offer a neat solution to help allies identify vessels without sharing the crown jewels.

Read the paper for a deeper dive into the trade-offs made in such a solution and to learn more about MPC. However, the takeaway is that the authors demonstrate this solution would work in practice. Using an example scenario of a ship approaching an offshore installation at speed, they conclude that the ship can be identified within 400 seconds, with an unoptimized implementation.

Link to the paper: https://eprint.iacr.org/2024/1590.

Why Encryption Is a Bit Like Ordering Pizza

I can’t decide if this is deranged or brilliant. I think I’m leaning towards brilliant.

It’s a paper full of analogies to help you discuss cryptography and the quantum threat. I often find the right analogy is critical when telling stories about technology. For instance, talking about padlocks and keys has helped me explain the difference between cryptography algorithms and randomness to a wide range of audiences.

This paper provides analogies for a wide range of subjects, from the basics of cryptography to network security. The analogies are amusingly varied, including pizza delivery systems, trains, and aircraft flight dynamics.

Read the paper here: https://eprint.iacr.org/2024/1487.