In early 2023, news broke that the Kyber key encapsulation method and encryption mechanism had been compromised. This came as a shock since just the year prior, the National Institute of Standards and Technology (NIST) chose Kyber as a candidate for standardised post-quantum cryptography.

Then came news of how the break happened – AI, amid widespread amazement and hysteria over generative AI like ChatGPT. Naturally, the story was sensationalised and turns out, it wasn’t as dire as it may have sounded, we have the full story below.

Why Encryption and Cryptography Matter

For entry-level tech enthusiasts, you’ll need to know what encryption does and why we need it. Put simply, it’s when data is scrambled and can only be read by designated recipients. Modern methods use public and private keys to get this done.

These cryptographic methods are used everywhere, from SSL handshakes to your password manager. They’re also used by any websites that offer a member’s account or handle money via payment processing, where there’s a lot of sensitive data that needs protecting. Think finance or iGaming, where the largest providers need to take care of a lot of customers. When a user connects to the Paddy Power live casino games section and plays their live blackjack or roulette games, their account and any interactions with the site are protected. Their account is password protected while the data exchanged between the site is safeguarded by its SSL/TLS protocols. That’s just the beginning, without even getting into the proprietary security solutions that they and other large sites use.

Encryption is the cornerstone of online security and is important for creating unpredictability in computer science. That unpredictability is important for repelling bad actors, or more specifically the algorithms they are using, which is harder than fooling a human being. It’s machine versus machine and with quantum computing, brute-forcing becomes a lot easier, as reported by Forbes. That’s why there’s a rush to find a standardised encryption method that can stand up to its scrutiny – enter Kyber.

The Kyber Algorithm Wasn’t Broken

First, Kyber wasn’t hacked, cracked or otherwise broken in any way that those words would call to mind. Cryptography is a lot different from, say, when we solved the Enigma code. The modern cyphers just don’t break as they used to – AES is still going strong after nearly 30 years.

The key here is that AI was used in combination with side-channel attacks. These are leaks that help those trying to get into it. If you listen to someone type, you can hear how many characters their password is. Does that help you guess it? Not you, maybe, but for an algorithm it narrows down the potential answer by a lot. That’s the idea behind side-channel attacks.

Bad actors then apply machine learning to parse through data given off by time or power side channels, like detecting minute changes in power supply that indicate what figures are being computed. The AI is used to pick up crumbs that make guesswork easier. AI has been used in this capacity for a decade, at least, so it isn’t the generative AI that has dominated news cycles. There’s also a big difference between an AI bulldozing through a cryptography system versus a machine-learning-assisted side-channel approach. It was a known risk for Kyber and has happened in the past in other systems.

Now, does that mean Kyber is the post-quantum messiah and we can stop the search? No, quantum computing can and likely will have a drastic effect on the field of cybersecurity. So might AI if it continues developing at a rapid pace, detailed here by CSO Online. As for this event, there’s no cause for concern.