Machine and Man in Cyberpunk

[Vebyast]

No, there are huge practical issues with OTP beyond the size of the keys and the need to exchange them securely. Not to underestimate that, as it's a problem that scales at N squared. Things like maintaining sync, error correction, spoofing and anti-spoofing. For example, if I can get you to use a OTP thinking you are talking to someone else, you'll have a really hard time talking to them when they send you a message using the OTP you burned.

Enterprise-level tech support already scales with N^2, as does finance and legal paperwork.

Perfect hashing and parity bits solve error correction. With probability one minus epsilon, sure, but that was already the case.

Spoofing is handled with public-key cryptography. You just negotiate how you're going to use the OTP in the same way that you'd negotiate how to use some symmetric-key algorithm. I guess that we're already assuming that public-key stuff doesn't exist, though, so you've got me there.

Eh, whatever. I think they've already decided to go with a symmetric-key algorithm with physical key exchange and a feasible attack in predictable linear time. From a game mechanical perspective, they're right to do so; as Frank laid out in the OP, realistic crypto is extremely un-fun because it actually works. Our best bet at this point is to bullshit up something to explain that, same as it was when this topic came up for FTCPFHB.

[Pulsewidth]

Can you name a piece of cyberpunk where hackers cannot decrypt an encrypted file given time and resources? Just fucking one would do. Until you do that, you don't even have an argument and there is nothing to discuss.

Snow Crash, and every other work where there's a modern style network working normally. Snow Crash never mentions encryption directly, and implies its existence only to call out insecure encryption as something unusual.

Default status of encryption is that it works like real life. And there's a wide enough variety of encryption techniques that it's highly implausible that all of them will be breakable. Far more implausible than brain hacking.

Also worth mentioning "Mr. Johnson said that his employers lost valuable data to a rival team of runners. They estimate that the data will be decrypted in another 36 hours and they MUST have that data back or destroyed before it is decrypted."

We're postulating arbitrarily large storage, and you think data will be destroyed? That's hard enough on the modern Internet where storage space is only occasionally a problem. This is a world where everybody saves multiple high quality copies of every channel of data their contact lenses and earbuds capture. The only reason you can even get away with crime is because nobody is willing to cooperate with mining evidence in all the separately controlled mountains of data.[/i]

[jadagul]

As usual, quantum computers are the answer. They exist, and they can break any crypto that isn't a one-time pad. However, quantum computers are probabilistic; instead of outputting "the key is this", they output "this is the best key I found and it has probability .01 of being a better key than no key at all", and you run it again and again and again until one key in particular has popped out enough times that you're reasonably sure that it's actually the right key. You can use your best guess before then, but sometimes it won't work. The issue is, quantum computers are slow, because each run requires a pile of incredibly clean relativistic particles and making those takes a surprisingly long time.

No, that isn't how they work.

For example, a quantum computer can, in theory and if composed of enough qbits, can simply directly factor huge prime numbers in fairly trivial amounts of time. The difficulty of factoring huge prime numbers is what makes RSA work. You can then verify that it works directly.

However the effect of a quantum computer on symmetric crypto is very different. It reduce the keyspace by half. So AES 128 becomes AES 64. And AES 64 is trivially solved by dedicated systems. This is really, really cool. Except that AES 256 becomes AES 128, which requires a very, very large amount of computation power and also releases 10^17 joules of waste heat to brute-force solve due to Shannon Entropy. So no, they are still pretty darn secure.

So the main threat of quantum computers is said to be against public key systems, like RSA, that depend on problems that can be effectively attacked by quantum computers. However it's said by mathematicians that there are various other public key systems that are not particularly vulnerable to a quantum computer attack. For example, it seems reasonable to assume the NSA's move to have Federal public keys based on Elliptic Curve systems instead of RSA for the semi-public (suite B) and the classified (suite A) data use has that sort of reasoning, but I certainly don't understand the math for this.

To nitpick, they're just not known to be vulnerable to a quantum attack. But then, none of them are known to be strong against a classical attack either; we're pretty sure that factoring primes isn't doable in polynomial time classically, but we don't know that (and in particular, no public-key encryption can work if P = NP).

Now, this is all basically irrelevant to designing a game, where you want to do the thing that makes the best game as long as it's not incredibly versimilitude-breaking. But with the current state of the math, you can declare quantum computers to break or not break EC cryptography, based on what you feel like, because no one actually knows.

[Lokathor]

If we were to just say that P = NP, how much besides crypto would totally flip around compared to what we assume in the modern world?

In other words, if we just say P = NP, how much collateral damage do we inflict on the game reality?

[Nath]

If we were to just say that P = NP, how much besides crypto would totally flip around compared to what we assume in the modern world?

In other words, if we just say P = NP, how much collateral damage do we inflict on the game reality?

As far as I know, P = NP would result into huge advance into operations research, so you'd have enhanced multiprocessing, faster databases, near-real-time optimization for communications and logistics networks... Looking at Wikipedia, it seems "protein structure prediction" is also a NP problem, paving the way for advanced biotechnology. And the proof or refutation that all Frecell and Minesweeper games can be solved.

Basically, P=NP would be taking the fast track to Singularity.

[Pulsewidth]

It's possible to imagine a world where P != NP, but public key crypto is breakable anyway. This is Russell Impagliazzo's "minicrypt" world (see http://www.cs.ucsd.edu/users/russell/average.ps ).

This has complicated consequences and does very little to promote time limited code breaking stories, so I don't recommend it.

[Whatever]

Snow Crash, and every other work where there's a modern style network working normally. Snow Crash never mentions encryption directly, and implies its existence only to call out insecure encryption as something unusual.

Spoilered because the book is only 21 years old:

After breaking into the giant data fortress with his digital sword (because he wrote the code for digital swords), Hiro Protagonist has full access to all their data. He gives up because it's a bunch of polygons connected by lines, and he'd have to read the source code for each polygon to figure out whether it's the specs for their info-bomb, or the toilet-flushing subroutine for their corporate HQ.

Then he gets into a digital motorcycle race and hacks the info-bomb in real time to defuse it.

If there's unbeatable encryption in Snow Crash, I'm pretty sure he could not have done those things.

[Username17]

Can you name a piece of cyberpunk where hackers cannot decrypt an encrypted file given time and resources? Just fucking one would do. Until you do that, you don't even have an argument and there is nothing to discuss.

Snow Crash, and every other work where there's a modern style network working normally. Snow Crash never mentions encryption directly, and implies its existence only to call out insecure encryption as something unusual.

There is zero support for your worldview. Computer ntworks existed when DES was still a military secret, and they continued to exist (and to use DES) after DES was publicly broken. You cannot simply claim that encryption is unbreakable in a particular story because it does not get broken in a particular story. That would be like saying that there are transvestite Viking vampires in a particular because the stories do not mention their specific absence. It is a category error of thought.

The absolute ground floor ticket for even having a conversation about strong or even medium encryption being included in the game, you would have to show at least one cyberpunk story where it is narratively important that keys other than one time pads cannot be broken in less than a year. I am not categorically saying nothing of that sort exists, but I cannot think of one and so far the cypherpunk proponents have not been able to name a single one. And I am absolutely finished taking their cause seriously until they can.

Now, P = NP is a different kettle altogether. It would have basically no effect in the immediate term, despite the amount of nerds who would spooge about the singularity. It wouldn't even break any codes or sort any sock drawers, it would simply mathematically prove that such problems were solvable by a computer that could be built. It does not follow that any particular real world problem has been successfully abstracted into terms that can be input into those equations, nor does it follow that any computer you happen to have is capable of solving those equations, nor does it follow that the computer can solve any particular problem faster than human intuition is capable of presenting a solution.

It actually may well turn out that we need P = NP in order to make human like intelligence. Humans solve NP problems in their heads all the time. Intuition does not brute force every possible solution, but it does work pretty well and pretty fast.

-Username17

[Pulsewidth]

Humans solve NP problems in their heads all the time.

We're not talking about solving Sudoku here. For the size of problem we're talking about, humans do not solve them, they approximate them. A well designed encryption algorithm scrambles the data if even a single bit of the key is wrong.

[Ancient History]

Sudoku is not an NP problem.

The thing about encryption is that we live in a period of arbitrarily difficult encryption - one-time pads are a thing, and have been a thing forever, and everything else is just a matter of time and effort to solve. Contemporary non-one-time pads encryption methods can be exceedingly fast to implement but take an exceedingly long period to break. That's pretty much why science fiction doesn't muck about with crypto much, and when it does (as with the Cryptononomicon) a major plot point is generally finding the key to a given cryptographic system. Any other method of dealing with crypto is generally phlebetonium to decrypt something in less than forty minutes plus commercials.

[sabs]

And One time pads are not a viable option for encrypting your home network. It's also just not much fun. Your average joe corporate citizen isn't going to be using one time pads for anything, except maybe their banking, and what it is is that they'll have a Bank issued banking module that gets plugged into their commlink that's linked to their bank account, and losing it is going to be both annoying and expensive to replace.

But you're not going to be using one time pads to communicate with the Evo Home Shopping Network(tm), and buy that cool new gizmo. Because that's just crazy talk.

The average Upper Management guy is also going to have the least intrusive security measures, because noone wants to get fired because President Ilikeblowjobs couldn't get to his favorite telenovela during the day. Or had to actually put a couple of passwords in to get to the reports he likes to see. Then again, all of the plausible deniability is going to mean that anything really juicy/worth money isn't something he has access to. He has people who have access to it, who give him old fashioned verbal updates so he knows what's going on, with out you know.. knowing what's going on.

[Nath]

Sudoku is not an NP problem.

Sudoku are a subset of latin squares, which are NP-complete. It's just that a given grid is very easily brute-forced when N=9. But, for instance, brute-force has so far been unable to prove what was the minimum number of starting clues for a grid to be solved.

During the Sudoku hype, I considered developing a Phlebotinum plot for my SR game where a student accidentally created a brute-force algorithm to solve sudoku grids whose processing output happened to generate highly addictive "function waves" when processed by a simsense module. As the algorithm spread out, hacker gangs made a profitable business of dealing fresh complex mathematical problems (nicknamed "grids") for junkies to experience new high.

[Ancient History]

I admit to not having studied the problem (or even googling it), so I made an assumption - and made an ass out of myself! - go me!

[name_here]

There's this one semi-cyberpunk MMO I've played where an encryption was theoretically crackable given sufficient time, but in story terms it was indistinguishable from a one-time pad. The only way to decrypt the info in gameplay was to get admin access to something with the key.

[Username17]

There's this one semi-cyberpunk MMO I've played where an encryption was theoretically crackable given sufficient time, but in story terms it was indistinguishable from a one-time pad. The only way to decrypt the info in gameplay was to get admin access to something with the key.

Well see, that would be a place to start the conversation. Or it semi-would, if it had a name.

Regardless, now let's look at this from a narrative perspective. The story this creates is "we need to crack into that computer over there so that we can find out what this message means". That's a fine and well-used cyberpunk plot, so it'll stand. Now, we have to ask ourselves whether this macguffin is necessary to tell this story, and whether it improves this story.

Firstly, the answer to whether hard crypto is necessary for that story is "obviously not". There will always be one time pads, so the story "you need to get X and Y together to read the secret message" can always be told, no matter what the state of cryptography is at the moment. But more importantly, a message's "true meaning" is always context dependent, so even if you acquired a plain text of the message "Launch project Omegatron", you would still need to get a look at this project Omegatron to know what it meant. And if the plans were on a secure server somewhere, you'd want to hack into it to get that information.

Which brings us to the question of whether the story is improved. Again, the answer is a resounding NO! Because while the mission "Go hack this thing because we arbitrarily want to know what the true meaning of message #13548 is" is fine enough for a procedurally generated MMO, for a story in any other medium (especially cooperative storytelling) you want to know why we are interested in message #12548 instead of message #13549 or #13547. And if the message in question is decrypted (or partially decrypted), that gives us an instant plot hook as to why we care about it. Because the message itself can say something interesting. Something which implies that there is a context stored on a computer somewhere that you would then need to go hack in order to acquire.

-Username17

[Surgo]

This thread has been absolutely amazing at making Frank's point for him, to the degree where he needn't argue at all if he didn't want to. Mostly it's that I can imagine, back in the '80s, the original designers of Shadowrun having pretty much the exact same conversation, but instead with the technologies and mathematical knowledge of the day. And we all know how that turned out -- while it can be charmingly quaint to charge essence for an implanted cellular phone, that sort of thing really just appears more retarded than anything else when looked at nowadays.

Not only do you not gain anything with the storytelling with "realistic" encryption, you just know it's probably going to look pretty retarded in twenty years time. Make yourself look less retarded and abstract that shit out. If I never hear about RSA or the specifics of some key exchange protocol in a thread like this again, it will be for the best.

Ends of the Matrix had a great system where there was EuE but distributing keys was a real problem so you could have a whole "go here, stab person" mission out of the thing. But at the same time it also didn't make "this file is unreadable" happen because there were plenty of ways around that problem, not limited to "go break into the corp" but even talking about the asymmetric thing right in the source.

[Thymos]

Frank, allowing people to decrypt things that are considered secure raises too many verisimilitude issues to be worth it. Now if the company is a moron, tries to create their own encryption technique, and that is insecure, that's a different issue *cough* cd's and dvd's *cough*.

If you allow them to decrypt things, then the entire security of... everything becomes a joke. So yah, while there is an interesting plot hook in what you describe, gaining that one small advantage is not worth the logic of the world collapsing horrifically.

[Surgo]

Frank, allowing people to decrypt things that are considered secure raises too many verisimilitude issues to be worth it. Now if the company is a moron, tries to create their own encryption technique, and that is insecure, that's a different issue *cough* cd's and dvd's *cough*.

If you allow them to decrypt things, then the entire security of... everything becomes a joke. So yah, while there is an interesting plot hook in what you describe, gaining that one small advantage is not worth the logic of the world collapsing horrifically.

What problems? It's basically how things work right now, and reality is somewhat realistic.

[Thymos]

What are you talking about Surgo?

Currently used symmetric and public key encryption algorithms aren't even remotely breakable.

[Surgo]

What are you talking about Surgo?

Currently used symmetric and public key encryption algorithms aren't even remotely breakable.

And yet, people are reading things that were supposed to be securely encrypted with AES256 all the fucking time. For all the masturbating some people do to theoretically strong algorithms vs known mathematical properties, they sure seem to forget the entire rest of the fucking chain of trust.

[Thymos]

That's implementation. The algorithm is fine.

The problem is when people implement things poorly. This mostly leads to sidechannel attacks, which is why I have no issue with people hacking websites and such. Letting characters simply decrypt AES 256 with no other advantage (aka sidechannel)... yah, no.

I don't forget the chain of trust. If you've been watching, I've mentioned sidechannel attacks all the fucking time. That doesn't mean that AES 256 isn't ridiculously secure.

[Surgo]

...and with that, things get decrypted. They get decrypted all the damn time. People "decrypt things that are considered secure" (your words) all the time. There are zero realism problems here.

It's like you're trying to throw out some weird kind of No True Scotsman over what it means to decrypt something, completely losing sight of the fact that it matters absolutely nil. It matters even less than nil because the game is designed to abstract that kind of shit away. Nobody cares if you broke the cipher through a mathematical property or some obscure side channel attack.

[Thymos]

Ok, I should specify.

To decrypt AES by means of brute force is simply not going to happen. No method other than brute force has been found to attack AES with any efficiency. So to decrypt AES without already known the key is a joke that will not happen.

So the only way to decrypt AES is to know the key ahead of time. To do this, you need to find the key by some other means. This may happen.

The problem is that in some systems the encryption is implemented securely, and in others it is implemented poorly. Allowing players to blanket decrypt secure algorithms has one of two possibilities. The first is that they have found a method to break the encryption, which makes the entire web fall apart. The second is that they have managed to find a weakness in every single system the encounter, no exceptions, and when those weaknesses are temporary they were on at the time to watch.

Both of these are... stupid. If you need to deliver a plothook via some 'encrypted' message, find another way please, it will be easier than making everyone who knows about cryptography slam their heads into the table.

I'm not saying we shouldn't ignore how the real world works sometimes, we should. The thing is we should have a reason behind it, and weigh some of the costs. If ignoring it to deliver a plothook has the implication that the internet ceases functioning... then it's not worth it. Maintaining verisimilitude is a balancing act.

[Seerow]

...and with that, things get decrypted. They get decrypted all the damn time. People "decrypt things that are considered secure" (your words) all the time. There are zero realism problems here.

It's like you're trying to throw out some weird kind of No True Scotsman over what it means to decrypt something, completely losing sight of the fact that it matters absolutely nil. It matters even less than nil because the game is designed to abstract that kind of shit away. Nobody cares if you broke the cipher through a mathematical property or some obscure side channel attack.

Indeed, abstracting this sort of thing so it literally doesn't matter which one the character is doing, was literally the whole point of this thread. All the player needs to know is "I can decrypt this file, and it will take X time"; whether that time is in actually decrypting the file or in finding a side channel, or what the fuck ever else, doesn't matter at all.


Seriously read through the thread again and look at how many times frank has said people are thinking too hard about something, or looking too closely at it, and the whole point is to zoom out and abstract more to make it easy to figure out. Sperging out over whether or not something can be brute forced while acknowledging there are other ways around it is basically ignoring the entire premise of what Frank is trying to talk about, and is accomplishing nothing but being a pedantic asshole.

[Thymos]

Ok, hacking into something I can tolerate, but decryption is... no.

Yes, we are going to abstract things, however if you allow my character given time to break any decryption I'm never going to leave my basement. I'm instead going to have a field day making the entire internet my bitch.

We were talking about hacking into servers the entire thread before this, via side channel and otherwise. Only now has breaking encryption been brought up. And while being able to tentatively hack into almost everything is fine (banks should be uncrackable from the outside, after all we want parties to make their way inside physically for a reason), breaking all decryption has far, far more and worse implications.

It's also easy to securely encrypt something. Grab a random IV, a random key, use CBC AES mode, done. Maintaining a secure website is very hard on the other hand.

Also, if I hand you a securely encrypted file just about the only luck you might have with side channel is using dictionary attacks. That's the sum total of your options before you break down and cry.