If former President Donald Trump is to be believed, some of the richest and most powerful people in the world have called him to lavish him with compliments. Though most leaders of major tech companies haven’t publicly endorsed him — with one glaring exception — Trump claims they’ve privately told him how cool he is, implied they’d be better off under a Trump presidency, or said they aren’t voting for his opponent.

Among Trump’s claims: Google CEO Sundar Pichai congratulated him on his stint as a McDonald’s employee, calling it “one of the biggest things we’ve seen on Google”; Tim Cook called him to complain about fines the European Union levied on Apple; Mark Zuckerberg called him multiple times to “apologize” and said there’s “no way”...

Continue reading…

In 1990, the FDA banned the use of Red No. 3 in topical drugs and cosmetics. Its cited reasoning was that the color additive was “not shown to be safe,” because when fed to rats, Red No. 3 was found to slightly increase the risk of thyroid cancer.  Today, that same dye is still found in candy corn, ring pops, Pez, and nearly 3,000 other foods that we eat, which raises the question: If it’s not safe to put on our skin … is it really safe to ingest? Many researchers, advocates, and now state lawmakers say no.

Last year, California passed a bill formally banning Red No. 3 and several other additives from food in the state. The bill gives the food industry until 2027 to remove the additives from its products, and the industry is already responding, with companies like Pediasure quickly removing the dye from its shakes. 

The question remains, though: Where is the federal ban on Red No. 3 in food if the FDA deemed it unsafe for topical uses over 30 years ago? 

Vox’s podcast Explain It to Me put out an episode about dyes, too. You can check it out here.

Schwarzenegger served as the governor of California from 2003 to 2011. He said he is frustrated with both parties, and does not trust either, but felt compelled to speak out.

(Image credit: Markus Schreiber)

There’s little doubt that some of the most important pillars of modern cryptography will tumble spectacularly once quantum computing, now in its infancy, matures sufficiently. Some experts say that could be in the next couple decades. Others say it could take longer. No one knows.

The uncertainty leaves a giant vacuum that can be filled with alarmist pronouncements that the world is close to seeing the downfall of cryptography as we know it. The false pronouncements can take on a life of their own as they’re repeated by marketers looking to peddle post-quantum cryptography snake oil and journalists tricked into thinking the findings are real. And a new episode of exaggerated research has been playing out for the past few weeks.

All aboard the PQC hype train

The last time the PQC—short for post-quantum cryptography—hype train gained this much traction was in early 2023, when scientists presented findings that claimed, at long last, to put the quantum-enabled cracking of the widely used RSA encryption scheme within reach. The claims were repeated over and over, just as claims about research released in September have for the past three weeks.

A few weeks after the 2023 paper came to light, a more mundane truth emerged that had escaped the notice of all those claiming the research represented the imminent demise of RSA—the research relied on Schnorr’s algorithm (not to be confused with Shor’s algorithm). The algorithm, based on 2021 analysis of cryptographer Peter Schnorr, had been widely debunked two years earlier. Specifically, critics said, there was no evidence supporting the authors’ claims of Schnorr’s algorithm achieving polynomial time, as opposed to the glacial pace of subexponential time achieved with classical algorithms.

Once it became well-known that the validity of the 2023 paper rested solely on Schnorr’s algorithm, that research was also debunked.

Three weeks ago, panic erupted again when the South China Morning post reported that scientists in that country had discovered a “breakthrough” in quantum computing attacks that posed a “real and substantial threat” to “military-grade encryption.” The news outlet quoted paper co-author Wang Chao of Shanghai University as saying, “This is the first time that a real quantum computer has posed a real and substantial threat to multiple full-scale SPN [substitution–permutation networks] structured algorithms in use today.”

Among the many problems with the article was its failure to link to the paper—reportedly published in September in the Chinese-language academic publication Chinese Journal of Computers—at all. Citing Wang, the paper said that the paper wasn’t being published for the time being “due to the sensitivity of the topic.” Since then, the South China Morning Post article has been quietly revised to remove the “military-grade encryption” reference.

With no original paper to reference, many news outlets searched the Chinese Journal of Computers for similar research and came up with this paper. It wasn’t published in September, as the news article reported, but it was written by the same researchers and referenced the “D-Wave Advantage”—a type of quantum computer sold by Canada-based D-Wave Quantum Systems—in the title.

Some of the follow-on articles bought the misinformation hook, line, and sinker, repeating incorrectly that the fall of RSA was upon us. People got that idea because the May paper claimed to have used a D-Wave system to factor a 50-bit RSA integer. Other publications correctly debunked the claims in the South China Morning Post but mistakenly cited the May paper and noted the inconsistencies between what it claimed and what the news outlet reported.

Over the weekend, someone unearthed the correct paper, which, as it turns out, had been available on the Chinese Journal of Computers website the whole time. Most of the paper is written in Chinese. This abstract was fortunately written in English. It reports using a D-Wave-enabled quantum annealer to find “integral distinguishers up to 9-rounds” in the encryption algorithms known as PRESENT, GIFT-64, and RECTANGLE. All three are symmetric encryption algorithms built on a SPN—short for substitution-permutation network structure.

“This marks the first practical attack on multiple full-scale SPN structure symmetric cipher algorithms using a real quantum computer,” the paper states. “Additionally, this is the first instance where quantum computing attacks on multiple SPN structure symmetric cipher algorithms have achieved the performance of the traditional mathematical methods.”

Defining your terms

There’s a lot going on here, but what does it mean? To explain, here's a quick explanation of several important terms.

SPN: Short for substitution-permutation network, an SPN is a series of mathematical operations used in block cipher algorithms to increase their security. These algorithms take a block of plaintext and the encryption key as input and run them through a subprocess that repeats for a set number of rounds before outputting a finished ciphertext.

The best known block cipher is AES, short for Advanced Encryption Standard. Ciphertext produced with 128-bit, 192-bit, and 256-bit AES go through 10 rounds, 12 rounds, and 14 rounds respectively. Page 5 of this animation tutorial provides a useful visualization of this process.

Quantum annealing: This term is borrowed from annealing, a process that uses heat to alter the physical or chemical properties of a metal, glass, or plastic film to increase ductility and reduce hardness. Annealing works by heating materials above their recrystallization temperature, maintaining a certain temperature for a set amount of time, and then allowing them to cool slowly.

The “annealing” in quantum annealing is used metaphorically to describe a method for applying the principles of quantum mechanics to solve complex optimization problems. More on quantum annealing here and here.

In 2011, D-Wave produced the first commercial quantum annealer. Called the D-Wave One, it used a 128-qubit processor chipset. The D-Wave Advantage, the system used in the September research paper, has 5,000 qubits. D-Wave systems can solve only certain types of optimization problems, and the difficulty requires developers and scientists using D-Wave systems to break larger problems into smaller optimization problems before they can be solved with these systems.

PRESENT, GIFT64, and RECTANGLE: All three are lightweight block ciphers designed for use in “constrained” environments, such as those in embedded systems that require more speed and fewer computational resources than is possible using AES. All three are based on an SPN structure and are proposed academic designs. The related GIFT-128 is a component of GIFT-COFB, which was a finalist for the recent NIST lightweight crypto competition but lost out to an algorithm known as Ascon.

PRESENT, meanwhile, can be found in the ISO/IEC 29167-11:2014 and ISO/IEC 29192-2:2019, but it isn't used widely. It's not clear if RECTANGLE is used at all. Because all three algorithms were academic designs, they have been widely analyzed.

Integral distinguishers: In essence, finding integral distinguishers is a type of large-scale optimization problem that, when solved, provides a powerful tool for breaking encryption schemes used in block ciphers. A 2018 paper titled Finding Integral Distinguishers with Ease reported using classical computing to find integral distinguishers for dozens of algorithms. The research included 9-round distinguishers for PRESENT, GIFT64, and RECTANGLE, the algorithms studied in the September paper.

Mixed-integer linear programming: Typically abbreviated as MILP, mixed-integer linear programming is a mathematical modeling technique for solving complex problems. MILP allows some variables to be non-integers, a property that gives it flexibility, efficiency, and optimization over other methods.

The experts weigh in

The main contribution in the September paper is the process the researchers used to find integral distinguishers in up to nine rounds of the three previously mentioned algorithms. According to a roughly translated version of the paper (the correct one, not the one from May), the researchers wrote:

Inspired by traditional cryptanalysis methods, we proposed a novel computational architecture for symmetric cryptanalysis: Quantum Annealing-Classical Mixed Cryptanalysis (QuCMC), which combines the quantum annealing algorithm with traditional mathematical methods. Utilizing this architecture, we initially applied the division property to describe the propagation rules of the linear and nonlinear layers in SPN structure symmetric cipher algorithms.

Subsequently, the SPN structure distinguisher search problems were transformed into Mixed Integer Linear Programming (MILP) problems. These MILP models were further converted into D-Wave Constrained Quadratic Models (CQM), leveraging the quantum tunneling effect induced by quantum fluctuations to escape local minima solutions and achieve an optimal solution corresponding to the integral distinguisher for the cipher algorithms being attacked. Experiments conducted using the D-Wave Advantage quantum computer have successfully executed attacks on three representative SPN structure algorithms: PRESENT, GIFT-64, and RECTANGLE, and successfully searched integral distinguishers up to 9-round. Experimental results demonstrate that the quantum annealing algorithm surpasses traditional heuristic-based global optimization algorithms, such as simulated annealing, in its ability to escape local minima and in solution time. This marks the first practical attack on multiple full-scale SPN structure symmetric cipher algorithms using a real quantum computer.

Additionally, this is the first instance where quantum computing attacks on multiple SPN structure symmetric cipher algorithms have achieved the performance of the traditional mathematical methods.

The paper makes no reference to AES or RSA and never claims to break anything. Instead, it describes a way to use D-Wave-enabled quantum annealing to find the integral distinguisher. Classical attacks have had the optimized capability to find the same integral distinguishers for years. David Jao, a professor specializing in PQC at the University of Waterloo in Canada, likened the research to finding a new lock-picking technique. The end result is the same, but the method is new. He explained:

The paper is written for an audience of researchers, not for the general public. Researchers view "developing a better lockpick" as an actual attack, but if you're writing for the general public, the general public would think that an attack means "using the lockpick to pick the lock" which is not what happened here.

To continue the analogy, it's true that this paper uses quantum computers to develop lockpicks that match previously known lockpicks in efficiency. So it is true that they have "achieved the performance" of traditional methods, although note that they have not gone beyond that. In some cases (such as RECTANGLE), it is known that no better integral distinguishers exist, so matching the existing technology is the best that can be done using this approach.

Nadia Heninger, a professor studying cryptography at the University of California San Diego, agreed.

“I'd say it's more accurate to say that the researchers formulated a cryptanalysis problem as an optimization problem and ran it on simulated annealing and on quantum annealing and claim to have gotten comparable results. But the main result is to have ‘achieved the performance of traditional mathematical methods,’ so it sounds like maybe there are other classical/mathematical approaches that are better.”

Lastly, Xavier Bonnetain, a professor at the National Institute for Research in Digital Science and Technology in France, put it this way:

They claimed they reduced the search for what is called an integral distinguisher to a Mixed-Integer Linear Programming problem (something that's been standard for years in cryptography) and solved the problem for 3 block ciphers using their quantum annealer.

They did not find anything new, which is not especially surprising given that integral distinguishers on these ciphers were already looked for classically and were already proven optimal. They solved a problem for which we already knew the answers, using another approach.

After performing a quick search, Bonnetain found this 2018 paper that found integral distinguishers for all three of the algorithms covered in the September paper.

None of these experts are denigrating the research presented in the September paper. They are, however, noting that the claims presented in the original South China Morning Post article—and repeated in the ensuing media echo chamber afterward—go beyond mere exaggeration or embellishment. Instead, they're more comparable to fabrications. Even many of the articles debunking the claims—while well intentioned—missed the mark because they, too, cited the wrong paper.

This isn’t the first time the South China Morning Post has fueled undue panic about the imminent fall of widely used encryption algorithms. Last year’s hype train, mentioned earlier in this article, was touched off by coverage by the same publication that claimed researchers found a factorization method that could break a 2,048-bit RSA key using a quantum system with just 372 qubits. People who follow PQC should be especially wary when seeking news there.

The coverage of the September paper is especially overblown because symmetric encryption, unlike RSA and other asymmetric siblings, is are widely belived to be safe from quantum computing, as long as bit sizes are sufficient. PQC experts are confident that AES-256 will resist all known quantum attacks.

I emailed two of the co-authors of the September paper: Wang Chao, mentioned earlier, and Pei Zhi, a PhD. candidate at Shanghai University, asking for their help with this story. The only response I got was two auto-replies saying their inboxes were full.

As a reminder, current estimates are that quantum cracking of a single 2048-bit RSA key would require a computer with 20 million qubits running in superposition for about eight hours. For context, quantum computers maxed out at 433 qubits in 2022 and 1,000 qubits last year. (A qubit is a basic unit of quantum computing, analogous to the binary bit in classical computing. Comparisons between qubits in true quantum systems and quantum annealers aren't uniform.) So even when quantum computing matures sufficiently to break vulnerable algorithms, it could take decades or longer before the majority of keys are cracked.

The upshot of this latest episode is that while quantum computing will almost undoubtedly topple many of the most widely used forms of encryption used today, that calamitous event won’t happen anytime soon. It’s important that industries and researchers move swiftly to devise quantum-resistant algorithms and implement them widely. At the same time, people should take steps not to get steamrolled by the PQC hype train.

Read full article

Comments

On Tuesday, Google's CEO revealed that AI systems now generate more than a quarter of new code for its products, with human programmers overseeing the computer-generated contributions. The statement, made during Google's Q3 2024 earnings call, shows how AI tools are already having a sizable impact on software development.

"We're also using AI internally to improve our coding processes, which is boosting productivity and efficiency," Pichai said during the call. "Today, more than a quarter of all new code at Google is generated by AI, then reviewed and accepted by engineers. This helps our engineers do more and move faster."

Google developers aren't the only programmers using AI to assist with coding tasks. It's difficult to get hard numbers, but according to Stack Overflow's 2024 Developer Survey, over 76 percent of all respondents "are using or are planning to use AI tools in their development process this year," with 62 percent actively using them. A 2023 GitHub survey found that 92 percent of US-based software developers are "already using AI coding tools both in and outside of work."

AI-assisted coding first emerged in a big way with GitHub Copilot in 2021, and the feature saw a wide release in June 2022. It used a special coding AI model from OpenAI called Codex, which was trained to both suggest continuations to existing code and create new code from scratch from English instructions. Since then, AI-based coding has expanded in a big way, with ever-improving solutions from Anthropic, Meta, Google, OpenAI, and Replit.

GitHub Copilot has expanded in capability as well. Just yesterday, the Microsoft-owned subsidiary announced that developers will be able to use non-OpenAI models such as Anthropic's Claude 3.5 and Google's Gemini 1.5 Pro to generate code within the application for the first time.

While some tout the benefits of AI use in coding, the practice has also attracted criticism from those who worry that future software generated partially or largely by AI could become riddled with difficult-to-detect bugs and errors.

According to a 2023 study by Stanford University, developers using AI coding assistants tended to include more bugs while paradoxically believing that their code is more secure. This finding was highlighted by Talia Ringer, a professor at the University of Illinois at Urbana-Champaign, who told Wired that "there are probably both benefits and risks involved" with AI-assisted coding, emphasizing that "more code isn't better code."

The only constant is change

While introducing bugs is certainly a risky side-effect of AI coding, the history of software development has included controversial changes in the past, including the transition from assembly language to higher-level languages, which faced resistance from some programmers who worried about loss of control and efficiency. Similarly, the adoption of object-oriented programming in the 1990s sparked criticism about code complexity and performance overhead. The shift to AI augmentation in coding may be the latest transition that meets resistance from the old guard.

"Whether you think coding with AI works today or not doesn’t really matter," posted former Microsoft VP Steven Sinofsky in September. Sinofsky has a personal history of coding going back to the 1970s. "But if you think functional AI helping to code will make humans dumber or isn’t real programming just consider that’s been the argument against every generation of programming tools going back to Fortran."

Strong preferences about "proper" coding practices have circulated widely among developers over the decades, and some of the more extreme positions may seem silly today, especially those concerning quality-of-life improvements that many programmers now take for granted. Daring Fireball's John Gruber replied to Sinofsky's tweet by saying, "I know youngster[s] won’t believe me, but I remember when some programmers argued that syntax coloring in text editors would make people dumber."

Credit: Karen Moskowitz via Getty Images

Ultimately, all tools augment or enhance human capability. We use tools to build things faster, and we have always used tools to build newer, more complex tools. It's the story of technology itself. Draftsmen laid out the first silicon computer chips on paper, and later engineers designed successive chips on computers that used integrated circuits. Today, electronic design automation (EDA) software assists in the design and simulation of semiconductor chips, and companies like Nvidia are now using AI algorithms to design them.

Does that mean current AI models are capable of generating flawless, high-quality code that developers can just insert and forget? Likely not. For now, skilled humans with experience still need to be in the loop to ensure everything works properly, which seems to be the practice Google's CEO was touting in the earnings call. Like any tool, AI assistance in skilled hands may significantly accelerate a task—and yet a hammer alone cannot build a house.

Read full article

Comments

In May 2023, Reddit announced that its API would no longer be free, signaling the demise of most third-party Reddit apps and the start of a new Reddit era. Reddit was always interested in making money, but the social media platform’s drive to reach profitability intensified with its API rule changes, which was followed by it going public and other big moves. With Reddit reporting this week that it has finally turned its first profit, we can expect further evolution from Reddit, whether old-time Redditors like it or not.

In its fiscal Q4 2024 results announced on Tuesday [PDF], Reddit said that in the quarter ending on September 30, it made a profit of $29.9 million. This is significant growth from fiscal Q3 2024, when Reddit lost $7.4 million. Revenue, meanwhile, was up 68 percent year over year, going from $207.5 million to $384.4 million. Reddit is expecting $385 to $400 million in revenue for fiscal Q4.

More Redditors

During the Reddit app-ocalypse, many Reddit users and moderators said they would quit the platform because they were disgusted with how Reddit treated third-party developers and moderators, particularly during user protests against the API rule changes.

Still, Reddit’s results show it averaging 47 percent more daily active unique users in Q3 2024 (97.2 million) than it did in Q3 2023 (66 million).

Reddit CEO Steve Huffman told shareholders [PDF] that “machine translation drove 4x incremental" daily active unique users in Q3 compared to Q2. Huffman's letter says that Reddit plans to launch machine translation in more countries in Q4 and in 2025.

“Large-language model ... driven machine translation is showing early traction in breaking the language barrier and driving millions of incremental users to the platform,” Huffman said.

Successful ad push

Of course, more users give ads sold on Reddit the chance to gain more eyeballs, something that can help drive ad sales. Reddit’s ad revenue has grown alongside its daily user base. In Q3 2024, Reddit made $315.1 million in ad revenue, a 56 percent year-over-year increase.

Reddit has historically made the majority of its revenue from ad sales. Huffman has long claimed that Reddit started charging for its API in order to prevent big companies, like Google, from using Reddit content for free AI training. However, the high pricing killing third-party apps also fed Reddit’s goals of getting users onto its native website and apps—where Reddit sells ads.

Reddit is expected to continue its aggressive ads push, including by exploring new ways to incorporate ads into the user experience. For example, Reddit has previously discussed exploring the addition of ads in Reddit search and in comments. It also added ads to conversation pages and made personalized ads mandatory this year.

Big AI deals

With Reddit now charging for API access, though, data licensing has become a significant part of its business. Reddit has AI training deals with Google and OpenAI that are expected to be worth tens of millions of dollars annually. Reddit lumps data licensing revenue into the “other revenue” category (without specifying what else the “other” category includes). Reddit’s “other revenue” grew 547 percent year over year to $33.2 million.

Huffman also pointed to Google's appreciation for the traffic that comes to it by way of Reddit, particularly people clicking through to Google to find shopping recommendations. Demonstrating that Reddit views this as a business opportunity, an April Reddit blog post described Reddit communities as “naturally commercial” and as a place “where people come to make shopping decisions." In his letter this week, Huffman also pointed to commerce opportunities driven through Reddit:

Looking ahead, improving the search experience on Reddit is a key part of our strategy. … This includes users coming to Reddit from external search and those searching directly on Reddit looking for recommendations on what to buy, what to watch, or which products or services are the best.

Huffman also claimed that Reddit is the “sixth most Googled word in the US,” underscoring the two companies’ mutually dependent relationship.

Money talks

Reddit may have lost some users during last year's protests and Reddit's subsequent evolution. But financially, Reddit appears to be right where it wants to be. This means that we can expect more efforts from Reddit centered on driving its user base and ability to grow revenue.

While its approaches may perturb some users, the 19-year-old company has a financial incentive to continue with what can sometimes be controversial business strategies. That points to a high likelihood for things like more ads, more effort to make Reddit part of consumer purchasing decisions, and more deals with companies like Google and OpenAI. More disruptive ideas, like paywalled Reddit content, may come to fruition in the future, too.

With Reddit finally making money, anyone who doesn’t like this side of Reddit will either learn to accept it or leave.

Advance Publications, which owns Ars Technica parent Condé Nast, is the largest shareholder in Reddit.

Read full article

Comments