Comment by lawrenceyan
3 years ago
Here's an interesting question. Even if post-quantum cryptography is securely implemented, doesn't the advent of neurotechnology (BCIs, etc.) make that method of security obsolete?
With read and write capability to the brain, assuming this comes to fruition at some point, encryption as we know it won't work anymore. But I don't know, maybe this isn't something we have to worry about just quite yet.
The thing you're missing is that BCIs and friends are, themselves, computers, and thus securable with post-quantum cryptography, or any cryptography for that matter, or any means of securing a computer. And thus, for somebody to read-write to your computers, they need to read-write to your brain(s), but to read-write to your brain(s), they need to read-write to the computers implanted in your brain(s). It's a security cycle whose overall power is determined by the least-secure element in the chain.
Any sane person will also not touch BCIs and similar technology with a 100 lightyear pole unless the designing company reveals every single fucking silicon atom in the hardware design and every single fucking bit in the software stack at every level of abstraction, and ships the device with several redundant watchdogs and deadmen timers around it that can safely kill or faraday-cage the implant on user-defined events or manually.
Alas, humans are very rarely sane, and I come to the era of bio hacking (in all senses of the word) with low expectations.
Cryptographic secrets stored in human brains are already vulnerable to an attack mechanism that requires $5 worth of interface hardware that can be procured and operated with very little training. Physical security controls do a decent job of preventing malicious actors from connecting said hardware to vulnerable brains. I assume the same would be true with the invention of BCIs more sophisticated than a crescent wrench.
The encryption is fine, that's just a way to avoid it. Much like how tire-iron attacks don't break passwords so much as bypass them.
Ok that's actually a great point. To make the comparison:
Tire-irons require physical proximity. And torture generally doesn't work, at least in the case of getting a private key.
Reading/writing to the brain, on the other hand, requires no physical proximity if wireless. And the person(s) won't even know it's happening.
These seem like totally different paradigms to me.
I think we are a long way away from being able to wirelessly read a few specific bytes of data from the brain of an unknowing person. Far enough away that I'm not sure it's productive to begin thinking of how to design encryption systems around it.
5 replies →
> And torture generally doesn't work, at least in the case of getting a private key.
This seems incorrect.
> torture generally doesn't work, at least in the case of getting a private key.
Why not?
2 replies →
Yeah I’ve even had very personal dreams where my Linux root password was spoken in the dream. I’m glad I don’t talk in my sleep. There’s also truth serums that can be weaponized in war scenarios to extract secrets from the enemy without resorting to torture.