17043 stories
·
169 followers

Celebrate Halloween with 20 of our favorite horror comedies

1 Share

Halloween is upon us, which means costumes, candy, and settling in for a nice long night of scary movies. For those who crave a bit of humor with their blood-soaked scares, I've compiled a list of some of my favorite horror comedies for your viewing pleasure.

What constitutes a horror comedy? Is it merging classic creature features with goofy slapstick humor? Is it primarily super scary with a few notes of humor? Is the humor sharply satirical or primarily delivered by wisecracking characters? Is it parody? Or does good horror comedy go full meta, poking fun at the tropes while sneaking in incisive cultural commentary?

Horror comedy is all of those things and more, which is why picking films to include on this list proved so tricky. For instance, The Mummy (1999) features a classic monster, but it fits just as well in the action/comedy category, while Ghostbusters (1984) is pretty much straight-up comedy. Yet I could have included both on this list without too many complaints. In the end, I cut the list down to 20, opting for a sampler that features blockbusters, vintage films, cult classics, and contemporary offerings, each with its own unique mix of horror and comedic elements. Feel free to add your own favorites in the comments.

(Some spoilers below.)

Abbott and Costello Meet Frankenstein (1948)

Frankenstein monster towering over two small men in uniforms holding their fingers to their lips

Famed comedic duo Bud Abbott and Lou Costello were on the verge of splitting up when they signed on to make Abbott and Costello Meet Frankenstein, which made for a rather fraught shoot. Director Charles Barton once described them as "the real monsters" on set. But they still created a horror comedy for the ages that is included in the Library of Congress National Film Registry.

Bela Lugosi's Count Dracula teams up with a mad scientist (Lenore Aubert) to reactivate Frankenstein's monster (Glenn Strange). And who should have the ideal brain for those purposes? A baggage clerk named Wilbur Grey (Costello), whose BFF Chick Young (Abbott) joins him to foil the plot. Lon Chaney Jr.'s Wolf Man also makes an appearance, and Vincent Price briefly voices the Invisible Man, setting up a slew of sequels that never quite matched the giddy heights of the first.

Theater of Blood (1973)

Elderly actor kin formal tails standing on podium for an award show.

Vincent Price built his storied career on making horror movies, House of Wax and several Edgar Allan Poe adaptations among them. But my all-time favorite is Theater of Blood, in which Price plays an aging Shakespearean actor named Edward Lionheart. When his final season is ridiculed by the snobby Theater Critics Guild, Lionheart throws himself into the Thames. He is rescued by vagrants and, having gone mad, proceeds to exact revenge on the members of the Guild by knocking them off, each in a manner inspired by a Shakespeare play.

One is stabbed to death by a mob (Julius Caesar); another is decapitated while sleeping (Cymbeline); yet another is drowned in a "butt of Malmsey" wine, just like the Duke of Clarence in Richard III. A flamboyant gourmand is forced to eat pies made from his beloved toy poodles (Titus Andronicus), while Lionheart lures a female critic to a hair salon, posing as a groovy hairdresser who can't wait to get his hands on her "dishy, dishy hair"—but electrocutes her in the hair dryer instead, a la Joan of Arc in Henry IV, Part I. And let's just say that Lionheart takes the mention of a pound of flesh in The Merchant of Venice quite literally. Theater of Blood revels in its campiness, and Price's over-the-top scene-chewing melodrama makes the movie. It's grimly funny with a hint of pathos and never lapses into outright farce.

Young Frankenstein (1974)

Frankenstein monster and wild-haired mad scientist both in top hats and tails dancing on a stage

Young Frankenstein marks its 50th anniversary this year: five decades of sheer joy rendered by a constant stream of bad puns, double entendres, slapstick visual gags, and a goofy musical number—all to create an affectionate, timeless tribute to the classic Frankenstein movies of the 1930s. It's even shot in black and white, with old-school opening credits and filmmaking techniques, as well as featuring the original lab equipment designed for 1931's Frankenstein.

Gene Wilder stars as Dr. Frederick Frankenstein, a lecturer at a US medical school who is ashamed of his infamous grandfather, Victor, to the point where he deliberately pronounces his last name differently ("It's FRONK-en-steen"). But then he inherits the family's Transylvania estate and takes leave of his fiancée, Elizabeth (Madeline Kahn), to pay a visit. There he meets the hunchback Igor (Marty Feldman); housekeeper Frau Blücher (Chloris Leachman); and comely lab assistant Inga (the late, great Teri Garr). After discovering his grandfather's notebooks, Frederick decides to continue his work, creating The Monster (Peter Boyle), whose impressive physical dimensions include an "enormous Schwanzstucker." With all that comedic talent, small wonder the Oscar-nominated Young Frankenstein also has a place in the Library of Congress National Film Registry.

An American Werewolf in London (1981)

Man halfway transformed into a werewolf

Writer/director John Landis was ahead of his time when he first pitched the script for An American Werewolf in London in 1969. It was deemed not scary enough to be horror and not funny enough to be a comedy, so Landis shelved the idea for over 10 years. Hollywood culture finally caught up and Landis got to make his film, having since risen to fame with such hits as Animal House and The Blues Brothers.

David Naughton stars as David Kessler, a US graduate student who treks across the Yorkshire moors with his best friend Jack (Griffin Dunne), only to be attacked by a mysterious creature. Jack is killed and David is bitten, waking up in a London hospital. As the full moon approaches, David starts experiencing some changes, finally transforming into a werewolf and embarking on a couple of killing sprees. He falls in love with his nurse, Alex (Jenny Agutter), but is also haunted by repeated visions of the mauled (and gradually decomposing) Jack, warning him that until he dies, Jack and all his other victims are doomed to an undead existence in limbo. At one point, Jack appears to David in an adult movie theater and introduces him to the cheery young couple he killed the night before, who helpfully offer suicide tips.

The humor is more clever than funny, and there are some genuine scares. There's also a good amount of gore, although not as much as Landis originally planned; he had to cut certain details to get an R rating, like Jack trying to eat a piece of toast and having it fall out of his decaying neck. It's the famous long transformation scene that made the most waves, using what were then groundbreaking makeup and visual effects. In fact, it won the Oscar for Best Makeup that year.

Little Shop of Horrors (1986)

giant green carnivorous plant with mouth lined with sharp teeth has a young blonde woman in its grasp

This one is an adaptation of a hit off-Broadway musical that was, in turn, an adaptation of the 1960 horror comedy directed by Roger Corman. Little Shop of Horrors stars Rick Moranis as Seymour Krelborn, a floral shop employee in love with his co-worker, Audrey (Ellen Greene), who is also being pursued by a sadistic dentist addicted to nitrous oxide (Steve Martin). The discovery of an exotic sentient plant that Seymour names Audrey II helps boost business, but Seymour discovers it needs human flesh and blood to survive... and the bigger the insatiable Audrey II grows, the more blood she needs ("Feed me, Seymour!").

Director Frank Oz used animatronic puppetry to create Audrey II, eschewing blue screens or other visual effects. He wasn't particularly happy with his final Oscar-nominated film, mostly because the studio forced him to scrap the musical's original ending, in which Seymour and Audrey both die and Audrey II and her alien plant offspring ravage the Earth. Critics and audiences didn't mind the more upbeat ending, however, no doubt won over by the catchy tunes and deft mix of campy humor and horror.

Evil Dead II (1987)

Dark haired man, covered in blood, holding a chainsaw while skeleton hands reach for him
This franchise made Bruce Campbell a horror-comedy icon.

Sam Raimi's blood-soaked trilogy made Bruce Campbell a horror icon, and Evil Dead II is arguably the best of the lot (although I also have a soft spot for Army of Darkness). Whether it's a remake of the original Evil Dead or a sequel is a matter of debate; honestly, it's a bit of both. Campbell stars as Ash Williams, a college student who takes his girlfriend on a romantic getaway to an abandoned cabin in the woods. They discover that the former owner, an archaeologist, left behind a "book of the dead" (Necronomicon Ex-Mortis) and commit the fatal error of reading some of the passages out loud.

This unleashes a Kandarian Demon that kills and possesses his girlfriend, turning her into a "Deadite." Ash is forced to decapitate her and ends up battling multiple Deadite victims of the demon, cutting off his own arm when his right hand becomes possessed. The moment when a blooded Ash straps a modified chainsaw to the stump and mows down a bunch of deadites is a scene for the ages. It's got a rough, low-budget energy, smirking humor, and enough blood and gore to fuel three average horror movies—a bona fide "comedy of terrors."

Tremors (1990)

Still from Tremors
Earl and Val realize the threat is underground.

Tremors is an unabashed love letter to the B-movie creature features of the 1950s that remains as fresh today as it was over three decades ago. The film is sheer perfection and ranks among my personal favorite films of all time. The story takes place in the tiny fictional desert town of Perfection, Nevada—population 15, at least at the start of the film. But something begins killing the residents (and the livestock). Director Ron Underwood set the narrative up like a mystery, introducing us to the main characters and setting as they realize the threat that is coming for them: subterranean monsters dubbed "graboids."

Tremors has a terrific cast of characters, played by gifted actors. But it's the ingenious design of the graboids that really makes the film for me—how the characters figure out the monsters' characteristics. Above all, the graboids are smart and capable of learning about their human prey and adapting accordingly. When humans hide in a car, they dig around the surrounding soil so the whole vehicle sinks underground. They do the same thing to loosen building foundations when the residents take refuge on their roofs. They dig a trap just as the humans are almost safely to the mountains, and so forth. The humans have to keep upping their game to survive, and the ingenious ways they outwit the monsters is a huge part of the film's delight.

Scream (1996)

blonde woman with pageboy haircut holding phone to her ear while screaming in terror

No horror comedy list would be complete without including the oh-so-meta Scream, which introduced the costumed serial killer Ghostface to the world. Scream deftly deconstructs the slasher genre and its surprisingly moralistic "rules," helpfully defined by horror fan Randy (Jamie Kennedy): no drinking, doing drugs, or having sex—the Final Girl, Sidney (Neve Campbell), is naturally a virgin—and also never, ever leave your friend group and tell them you'll "be right back." (You won't.) Naturally, all of these rules are broken by one character or another, with the expected bloody results.

The humor is self-referential without being parody; the performances are strong; and the jump scares and horror tributes are plentiful (Linda Blair of The Exorcist fame makes a cameo). Those elements helped the film tap into the cultural zeitgeist of the mid-1990s, blasting past low box office projections to gross $173 million worldwide. Scream has spawned multiple sequels, an anthology film series, and the Scary Movie horror parody franchise, revitalizing what was at the time a stagnating market for horror. It's now widely viewed as one of the most influential horror movies of all time.

Shaun of the Dead (2004)

group of people running away from zombies

Shaun of the Dead is the first film in Simon Pegg's Three Flavors Cornetto trilogy, in which Pegg's Shaun, a mild-mannered slacker London salesman, finds himself caught up in a zombie apocalypse and must rise to the occasion to save his friends and family. That includes his best friend Ed (Nick Frost), girlfriend Liz (Kate Ashfield), mom Barbara (Penelope Wilton), and stepdad Philip (Bill Nighy), as well as Liz's roommates, David (Dylan Moran) and Diane (Lucy Davis).

Shaun is an unlikely hero; Liz has broken up with him because he's unambitious and spends all his free time playing video games with Ed or hanging out at the Winchester pub. The film is about this everyman finding his inner hero. He and Ed hurl vinyl records at a pair of zombies—pausing to quibble over which ones they should preserve—and take out even more brain-eaters with cricket bats. At one point the crew pretends to be zombies to make their way to the Winchester for a final showdown. But their little group is wildly outnumbered, and while Shaun of the Dead is very funny with its distinctively British humor, it's also sometimes downright heartbreaking. That's a fine line to navigate, and Pegg does so exceptionally well.

Zombieland (2009)

young nerdy man and tough older man in cowboy hat, both holding rifles at the ready in case of zombies

Zombieland is America's answer to Shaun of the Dead: a fresh, fun take on the "zom-com" format. A virulent form of human-adapted mad cow disease sweeps across the United States, transforming most of the nation’s populace into ravenous zombies. The film follows a ragtag group of unlikely survivors—Columbus (Jesse Eisenberg), Tallahassee (Woody Harrelson), and orphaned sisters Wichita (Emma Stone) and Little Rock (Abigail Breslin)—on a road trip in hopes of finding some place yet untouched by the disease, ending with a pitched battle against zombie hordes in an abandoned amusement park.

It's a fun mix of horror and dark screwball comedy, especially the "Zombie Kills of the Week" and Columbus' hilarious survival rules—cardio, limber up, beware of bathrooms, and buckle up, for instance, not to mention the "double tap"—often illustrated by various doomed souls who failed to heed those rules. Bill Murray's star turn playing himself just might rank as one of the best surprise cameos of all time. The 2019 sequel, Zombieland: Double Tap, didn't quite hit the same high marks, but the pair still make for a terrific double feature.

Trollhunter (2010)

giant troll standing on Norwegian plain at dusk

This quirky Norwegian offering is shot in the style of a found footage mockumentary. A group of college students set off into the wilds of the fjord land to make a documentary about a suspected bear poacher named Hans, played by Norwegian comedian Otto Jesperson. They discover that Hans and another hunter named Finn (Hans Morten Hansen) are actually hunting down trolls and decide to document those endeavors instead. They soon realize they are very much out of their depth.

Writer/director André Øvredal infuses Trollhunter with myriad references to Norwegian culture, especially its folklore and fairy tales surrounding trolls. There are woodland trolls and mountain trolls, some with tails, some with multiple heads. They turn to stone when exposed to sunlight—which is why one of the troll hunters carries around a powerful UV lamp—and mostly eat rocks but can develop a taste for human flesh, and they can smell the blood of a Christian. The film is peppered with dry wit rather than laugh-out-loud moments, and non-Norwegians might miss some of the cultural in-jokes. But Øvredal masterfully builds suspense and a creeping sense of dread, plus there's all that gorgeous footage of the Norwegian landscape to delight viewers around the world.

The Cabin in the Woods (2012)

Group of attractive teenagers standing in the clearing in the woods

When will college students learn to avoid weekend getaways to remote wilderness locations? The Cabin in the Woods is in a similar vein to Scream, but Joss Whedon and Drew Goddard definitely put their unique stamp on this satirical ode to the slasher genre. In this case, the five students are lured to the titular cabin by technicians working for a mysterious corporation located in an underground facility. It's not initially clear what the operation is about, but failure is not an option. The technicians manipulate the students via careful staging and mind-altering drugs, among other tricks, until they accidentally summon a zombified family of sadists who start killing off the students.

That is all according to plan. And just when you think that's all the movie has to offer, it takes a sudden, unexpected, and very bold lurch into outright Lovecraftian horror—the less said about that, the better, particularly the jaw-dropping finale featuring a cameo by Sigourney Weaver as The Director. The Cabin in the Woods goes places horror comedies have rarely gone before, and it does so with considerable wit and flair.

What We Do in the Shadows (2014)

three vampires in very dated outfits standing in a hallway

Taika Waititi and Jemaine Clement wrote, directed, and starred in the delightfully offbeat What We Do in the Shadows, playing vampire roommates Vladislav (Clement) and Viago (Waititi) in Wellington, New Zealand. Given their nocturnal nature, they and their vampire friends haven't adapted to modern life particularly well, and their mishaps as they struggle to navigate mundane trivialities in the 21st century are the source of much of the film's deadpan humor.

The rather circuitous plot culminates with our underdogs attending the annual Unholy Masquerade and battling several rival vampires, as well as a pack of werewolves. What We Do in the Shadows garnered a solid cult following after premiering at the Sundance Film Festival, ultimately earning $6.9 million—a decent showing given its modest $1.6 million budget. And it spawned a successful TV spinoff, now in its final season.

Happy Death Day (2017)

Blonde woman looking worried, unaware that a killer wearing a babyface mask is right behind her

Happy Death Day is basically a combination of Scream and Groundhog Day, in which sorority sister Theresa "Tree" Gelbman (Jessica Rothe) is murdered on her birthday by a killer in a Babyface mask and finds herself reliving that day over and over. (Babyface is the fictional Bayfield University's mascot, and they should really rethink that choice.) She takes advantage of the time loop to solve her own murder and maybe get some closure over some personal trauma in her past. Bonus: She also snags a nice guy boyfriend, Carter (Israel Broussard). There's even an overt nod to Groundhog Day at one point, with Tree confessing that she's never seen the film. Pair it with the entertaining sequel, Happy Death Day 2 U, which adds a multiverse twist and pays particular homage to Back to the Future II.

Get Out (2017)

black man closeup with shocked look on face, tears streaming down

At its core, Jordan Peele's Get Out is a subtle exploration of racial tensions that quietly builds to reveal its horrifying premise and inevitable bloody conclusion. But it's also packed with sly, smartly satirical humor, hence its inclusion on this list. Chris (Daniel Kaluuya) is a Black photographer who is meeting his girlfriend Rose's (Alison Williams) stereotypically liberal white family for the first time at their upstate home. At first things are merely awkward, as they clumsily try to bond with Chris by using the word "thang" and reassuring him that they would have totally voted for Obama a third time. Concurrently with Chris' visit, the family is hosting a party in honor of her late grandfather, which involves hordes of clueless old white people. We learn that it is not a coincidence as the film gradually veers from satire into sinister psychological horror.

Kaluuya is terrific at playing Chris' transition from bemusement to terror, and Williams is pitch-perfect as a suburban white girl who just doesn't get why he's so on edge. As Chris is drawn more deeply into the bizarro secret at the heart of Rose's family, we get a series of reveals that are pleasingly unexpected. And Lil Rel Howery steals every scene as Chris' best friend, a TSA agent who is suspicious about the weekend getaway and ends up saving the day—because the TSA "gets s**t done."

One kind of terrible conspiracy gives way to another, and the final truth is far more complicated than what you'd expect from a typical horror movie. The narrative pacing is perfection: You'll see the twists coming right when Peele wants you to see them. As Annalee Newitz wrote in her 2017 review, "Writing good satire is hard, but writing good horror-satire requires exquisite timing. It's been a long time since a movie took me from laughing to abject horror in five minutes flat. Peele and his cast sell us on both the silliness and creepiness, and they make it so intense that the final moments of white-hot action (heh) are genuinely cathartic."

Ready or Not (2019)

Young blonde woman in a bloodied wedding dress holding a rifle with ammo sash across her chest.

An unsuspecting bride (Samara Weaving) finds herself fighting for her life on her wedding night in this wickedly funny, blood-soaked thriller. Weaving plays Grace, who marries Alex Le Domas (Mark O'Brien), a member of a wealthy gaming dynasty, in a picture-perfect wedding on the family estate. Then she learns that at midnight, she must play a game to officially join the family by drawing a card from a mysterious box to choose the game. She gets Hide and Seek. Grace is the prey, and she must evade detection until dawn to avoid being killed in a bizarre ritual sacrifice.

Ready or Not gets the tone just right throughout, perfectly balanced between humor and horror. Relative newcomer Weaving, in particular, delivers a standout performance as Grace—a role that requires her to be, in turn, sweetly submissive, shocked, and terrified, and a tough-as-nails badass in a fight for her life. Moments like brother-in-law Fitch Bradley (Kristian Bruun) watching YouTube videos on "Getting To Know Your Crossbow" provide comic relief and make those genuinely shocking bloody twists all the more effective. The pacing is crisp, the narrative is tight, it's genuinely suspenseful, and the entire cast is clearly having a blast in their respective roles.

Freaky (2020)

Fierce looking blonde woman in red leather jacket wielding a sharp hook as a weapon

In Freakyan homage to Friday the 13th (1980) and slasher films like ScreamVince Vaughn stars as an aging serial killer who switches bodies with a hapless teenage girl named Millie (Kathryn Newton). The success of the body-swapping concept in any given film always rests on the shoulders of its leads, who must nimbly switch between characters. Vaughn and Newton do not disappoint.

Vaughn especially shines at channeling his inner teenage girl, despite his hulking 6-foot, 5-inch frame—and not just in the obvious slapstick moments, like when he performs the Blissfield High mascot dance to convince Millie's best friends that it's really him. He also brings out Millie's sweet vulnerability and aptly conveys her delight at being able to pee standing up. On the flip side, The Butcher in Millie's body shows a surprisingly keen fashion sense and relishes being able to slide under everybody's radar as an "innocent" high school student. The cast is clearly having a blast, and Freaky ultimately succeeds in mixing horror, humor, and pathos in just the right measures.

Vampires vs. The Bronx (2020)

Three young scared black kids holding out wooden crosses

The title of this charming, smart horror-comedy pretty much says it all. Tween-age Miguel Martinez, aka "Lil Mayor" (Jaden Michael), is trying to organize a neighborhood block party in the Bronx to save the local bodega from rising rents in the wake of gentrification. One company in particular, Murnau Properties, is buying up local businesses at an alarming rate, and the former owners keep mysteriously disappearing. It's assumed they cashed in and moved to the suburbs—but the fact that the company's logo is an image of Vlad the Impaler (associated with Dracula in popular culture) is a strong hint that something more sinister is afoot.

When Miguel witnesses a vampire killing firsthand, he recruits his BFFs Bobby (Gerald W. Jones III) and Luis (Gregory Diaz IV) to discover the vampire nest and take out the bloodsuckers. Miguel and his plucky gang prove to be formidable opponents, so vampires in search of easy territorial pickings would do well to heed local livestream sensation Gloria's closing words: "You don't want no smoke with the BX." If the Goonies battled vampires in the Bronx, this would be that movie.

Werewolves Within (2021)

Black man in rangers uniform wielding an axe in each hand

Werewolves Within is a warmly satirical horror comedy loosely based on the Ubisoft multiplayer VR game of the same name. The VR game is essentially a social deduction game, where players take on cartoon avatars, sit in a virtual circle, and try to guess which of them is the werewolf terrorizing a medieval village. Werewolves Within updates the setting to a contemporary mountain town in the Hudson Valley, but it's the same premise: the people of Beaverfield have to figure out which one of their quirky neighbors is a lying, murdering werewolf.

Director Josh Ruben sets the cheekily irreverent tone right off the bat, playing a deep cut from 1959, "The Phantom Strikes Again," as Finn Wheeler (Sam Richardson) arrives in Beaverfield to take up his new post as the local park ranger. The ridiculously talented cast members all possess the skills and onscreen ensemble chemistry to make the script come alive. Granted, the characters aren't especially deep—more akin to what you'd find in the best sketch comedy—but that suits the film's tone. And there is a moral to the tale, courtesy of Finn and his role model, Mister Rogers: that at its heart, the town is a community, despite their differences, and everyone is at their best when they remember their common humanity.

The Menu (2022)

Chef in white coat presiding over a team of assistants preparing fancy dishes

At the highest echelon of fine dining, a multi-course meal can attain a level of theatricality that elevates it to performance art. In the case of horror/comedy The Menu, it's a particularly macabre kind of performance art. Ralph Fiennes stars as Julian Slowik, a disillusioned celebrity chef who presides over a fictional molecular gastronomy restaurant called Hawthorne, located on an exclusive private island. Chef Slowik invites a select group of guests for a very special dinner, but the presence of Margo (Anya Taylor-Joy) as a last-minute substitute throws a wrench into his carefully planned revenge.

This is a subculture that presents an easy target for cheap shots, but The Menu opts for sharp, scalpel precision in its satire. Its barbs often leave the viewer speechless with delight, like the bread course served without anything so pedestrian as actual bread, just the fancy accoutrements—and a pinot noir with "notes of longing and regret." Director Mark Mylod masterfully controls the tone throughout, beginning with odd passive-aggressive comments from Chef Slowik and his staff ("You will eat less than you desire and more than you deserve") before escalating into outright horror. Margo has joined the ranks of the best Final Girls in horror. And despite the horror elements, Mylod never sacrifices the biting comedy that makes this film such a delectable pleasure.

Read full article

Comments



Read the whole story
fxer
18 hours ago
reply
Bend, Oregon
Share this story
Delete

Tech leaders kiss the ring

2 Shares
Photo collage of former President Trump and Vice President Kamala Harris.
Image: Cath Virginia / The Verge; Getty Images

If former President Donald Trump is to be believed, some of the richest and most powerful people in the world have called him to lavish him with compliments. Though most leaders of major tech companies haven’t publicly endorsed him — with one glaring exception — Trump claims they’ve privately told him how cool he is, implied they’d be better off under a Trump presidency, or said they aren’t voting for his opponent.

Among Trump’s claims: Google CEO Sundar Pichai congratulated him on his stint as a McDonald’s employee, calling it “one of the biggest things we’ve seen on Google”; Tim Cook called him to complain about fines the European Union levied on Apple; Mark Zuckerberg called him multiple times to “apologize” and said there’s “no way”...

Continue reading…

Read the whole story
fxer
1 day ago
reply
Bend, Oregon
Share this story
Delete

Why Red 3 is still in your candy

Vox
1 Share

In 1990, the FDA banned the use of Red No. 3 in topical drugs and cosmetics. Its cited reasoning was that the color additive was “not shown to be safe,” because when fed to rats, Red No. 3 was found to slightly increase the risk of thyroid cancer.  Today, that same dye is still found in candy corn, ring pops, Pez, and nearly 3,000 other foods that we eat, which raises the question: If it’s not safe to put on our skin … is it really safe to ingest? Many researchers, advocates, and now state lawmakers say no.

Last year, California passed a bill formally banning Red No. 3 and several other additives from food in the state. The bill gives the food industry until 2027 to remove the additives from its products, and the industry is already responding, with companies like Pediasure quickly removing the dye from its shakes

The question remains, though: Where is the federal ban on Red No. 3 in food if the FDA deemed it unsafe for topical uses over 30 years ago? 

Vox’s podcast Explain It to Me put out an episode about dyes, too. You can check it out here.

Read the whole story
fxer
1 day ago
reply
Bend, Oregon
Share this story
Delete

Arnold Schwarzenegger has endorsed Kamala Harris for president

1 Share
Former California governor and actor Arnold Schwarzenegger arrives for a ceremony to receive a honorary doctorate by the Hertie School, a university of governance, in Berlin, Germany, Tuesday, Sept. 17, 2024.

Schwarzenegger served as the governor of California from 2003 to 2011. He said he is frustrated with both parties, and does not trust either, but felt compelled to speak out.

(Image credit: Markus Schreiber)

Read the whole story
fxer
1 day ago
reply
Bend, Oregon
Share this story
Delete

The sad, bizarre tale of hype fanning fears modern cryptography was slain

1 Comment and 2 Shares

There’s little doubt that some of the most important pillars of modern cryptography will tumble spectacularly once quantum computing, now in its infancy, matures sufficiently. Some experts say that could be in the next couple decades. Others say it could take longer. No one knows.

The uncertainty leaves a giant vacuum that can be filled with alarmist pronouncements that the world is close to seeing the downfall of cryptography as we know it. The false pronouncements can take on a life of their own as they’re repeated by marketers looking to peddle post-quantum cryptography snake oil and journalists tricked into thinking the findings are real. And a new episode of exaggerated research has been playing out for the past few weeks.

All aboard the PQC hype train

The last time the PQC—short for post-quantum cryptography—hype train gained this much traction was in early 2023, when scientists presented findings that claimed, at long last, to put the quantum-enabled cracking of the widely used RSA encryption scheme within reach. The claims were repeated over and over, just as claims about research released in September have for the past three weeks.

A few weeks after the 2023 paper came to light, a more mundane truth emerged that had escaped the notice of all those claiming the research represented the imminent demise of RSA—the research relied on Schnorr’s algorithm (not to be confused with Shor’s algorithm). The algorithm, based on 2021 analysis of cryptographer Peter Schnorr, had been widely debunked two years earlier. Specifically, critics said, there was no evidence supporting the authors’ claims of Schnorr’s algorithm achieving polynomial time, as opposed to the glacial pace of subexponential time achieved with classical algorithms.

Once it became well-known that the validity of the 2023 paper rested solely on Schnorr’s algorithm, that research was also debunked.

Three weeks ago, panic erupted again when the South China Morning post reported that scientists in that country had discovered a “breakthrough” in quantum computing attacks that posed a “real and substantial threat” to “military-grade encryption.” The news outlet quoted paper co-author Wang Chao of Shanghai University as saying, “This is the first time that a real quantum computer has posed a real and substantial threat to multiple full-scale SPN [substitution–permutation networks] structured algorithms in use today.”

Among the many problems with the article was its failure to link to the paper—reportedly published in September in the Chinese-language academic publication Chinese Journal of Computers—at all. Citing Wang, the paper said that the paper wasn’t being published for the time being “due to the sensitivity of the topic.” Since then, the South China Morning Post article has been quietly revised to remove the “military-grade encryption” reference.

With no original paper to reference, many news outlets searched the Chinese Journal of Computers for similar research and came up with this paper. It wasn’t published in September, as the news article reported, but it was written by the same researchers and referenced the “D-Wave Advantage”—a type of quantum computer sold by Canada-based D-Wave Quantum Systems—in the title.

Some of the follow-on articles bought the misinformation hook, line, and sinker, repeating incorrectly that the fall of RSA was upon us. People got that idea because the May paper claimed to have used a D-Wave system to factor a 50-bit RSA integer. Other publications correctly debunked the claims in the South China Morning Post but mistakenly cited the May paper and noted the inconsistencies between what it claimed and what the news outlet reported.

Over the weekend, someone unearthed the correct paper, which, as it turns out, had been available on the Chinese Journal of Computers website the whole time. Most of the paper is written in Chinese. This abstract was fortunately written in English. It reports using a D-Wave-enabled quantum annealer to find “integral distinguishers up to 9-rounds” in the encryption algorithms known as PRESENT, GIFT-64, and RECTANGLE. All three are symmetric encryption algorithms built on a SPN—short for substitution-permutation network structure.

“This marks the first practical attack on multiple full-scale SPN structure symmetric cipher algorithms using a real quantum computer,” the paper states. “Additionally, this is the first instance where quantum computing attacks on multiple SPN structure symmetric cipher algorithms have achieved the performance of the traditional mathematical methods.”

Defining your terms

There’s a lot going on here, but what does it mean? To explain, here's a quick explanation of several important terms.

SPN: Short for substitution-permutation network, an SPN is a series of mathematical operations used in block cipher algorithms to increase their security. These algorithms take a block of plaintext and the encryption key as input and run them through a subprocess that repeats for a set number of rounds before outputting a finished ciphertext.

The best known block cipher is AES, short for Advanced Encryption Standard. Ciphertext produced with 128-bit, 192-bit, and 256-bit AES go through 10 rounds, 12 rounds, and 14 rounds respectively. Page 5 of this animation tutorial provides a useful visualization of this process.

Quantum annealing: This term is borrowed from annealing, a process that uses heat to alter the physical or chemical properties of a metal, glass, or plastic film to increase ductility and reduce hardness. Annealing works by heating materials above their recrystallization temperature, maintaining a certain temperature for a set amount of time, and then allowing them to cool slowly.

The “annealing” in quantum annealing is used metaphorically to describe a method for applying the principles of quantum mechanics to solve complex optimization problems. More on quantum annealing here and here.

In 2011, D-Wave produced the first commercial quantum annealer. Called the D-Wave One, it used a 128-qubit processor chipset. The D-Wave Advantage, the system used in the September research paper, has 5,000 qubits. D-Wave systems can solve only certain types of optimization problems, and the difficulty requires developers and scientists using D-Wave systems to break larger problems into smaller optimization problems before they can be solved with these systems.

PRESENT, GIFT64, and RECTANGLE: All three are lightweight block ciphers designed for use in “constrained” environments, such as those in embedded systems that require more speed and fewer computational resources than is possible using AES. All three are based on an SPN structure and are proposed academic designs. The related GIFT-128 is a component of GIFT-COFB, which was a finalist for the recent NIST lightweight crypto competition but lost out to an algorithm known as Ascon.

PRESENT, meanwhile, can be found in the ISO/IEC 29167-11:2014 and ISO/IEC 29192-2:2019, but it isn't used widely. It's not clear if RECTANGLE is used at all. Because all three algorithms were academic designs, they have been widely analyzed.

Integral distinguishers: In essence, finding integral distinguishers is a type of large-scale optimization problem that, when solved, provides a powerful tool for breaking encryption schemes used in block ciphers. A 2018 paper titled Finding Integral Distinguishers with Ease reported using classical computing to find integral distinguishers for dozens of algorithms. The research included 9-round distinguishers for PRESENT, GIFT64, and RECTANGLE, the algorithms studied in the September paper.

Mixed-integer linear programming: Typically abbreviated as MILP, mixed-integer linear programming is a mathematical modeling technique for solving complex problems. MILP allows some variables to be non-integers, a property that gives it flexibility, efficiency, and optimization over other methods.

The experts weigh in

The main contribution in the September paper is the process the researchers used to find integral distinguishers in up to nine rounds of the three previously mentioned algorithms. According to a roughly translated version of the paper (the correct one, not the one from May), the researchers wrote:

Inspired by traditional cryptanalysis methods, we proposed a novel computational architecture for symmetric cryptanalysis: Quantum Annealing-Classical Mixed Cryptanalysis (QuCMC), which combines the quantum annealing algorithm with traditional mathematical methods. Utilizing this architecture, we initially applied the division property to describe the propagation rules of the linear and nonlinear layers in SPN structure symmetric cipher algorithms.

Subsequently, the SPN structure distinguisher search problems were transformed into Mixed Integer Linear Programming (MILP) problems. These MILP models were further converted into D-Wave Constrained Quadratic Models (CQM), leveraging the quantum tunneling effect induced by quantum fluctuations to escape local minima solutions and achieve an optimal solution corresponding to the integral distinguisher for the cipher algorithms being attacked. Experiments conducted using the D-Wave Advantage quantum computer have successfully executed attacks on three representative SPN structure algorithms: PRESENT, GIFT-64, and RECTANGLE, and successfully searched integral distinguishers up to 9-round. Experimental results demonstrate that the quantum annealing algorithm surpasses traditional heuristic-based global optimization algorithms, such as simulated annealing, in its ability to escape local minima and in solution time. This marks the first practical attack on multiple full-scale SPN structure symmetric cipher algorithms using a real quantum computer.

Additionally, this is the first instance where quantum computing attacks on multiple SPN structure symmetric cipher algorithms have achieved the performance of the traditional mathematical methods.

The paper makes no reference to AES or RSA and never claims to break anything. Instead, it describes a way to use D-Wave-enabled quantum annealing to find the integral distinguisher. Classical attacks have had the optimized capability to find the same integral distinguishers for years. David Jao, a professor specializing in PQC at the University of Waterloo in Canada, likened the research to finding a new lock-picking technique. The end result is the same, but the method is new. He explained:

The paper is written for an audience of researchers, not for the general public. Researchers view "developing a better lockpick" as an actual attack, but if you're writing for the general public, the general public would think that an attack means "using the lockpick to pick the lock" which is not what happened here.

To continue the analogy, it's true that this paper uses quantum computers to develop lockpicks that match previously known lockpicks in efficiency. So it is true that they have "achieved the performance" of traditional methods, although note that they have not gone beyond that. In some cases (such as RECTANGLE), it is known that no better integral distinguishers exist, so matching the existing technology is the best that can be done using this approach.

Nadia Heninger, a professor studying cryptography at the University of California San Diego, agreed.

“I'd say it's more accurate to say that the researchers formulated a cryptanalysis problem as an optimization problem and ran it on simulated annealing and on quantum annealing and claim to have gotten comparable results. But the main result is to have ‘achieved the performance of traditional mathematical methods,’ so it sounds like maybe there are other classical/mathematical approaches that are better.”

Lastly, Xavier Bonnetain, a professor at the National Institute for Research in Digital Science and Technology in France, put it this way:

They claimed they reduced the search for what is called an integral distinguisher to a Mixed-Integer Linear Programming problem (something that's been standard for years in cryptography) and solved the problem for 3 block ciphers using their quantum annealer.

They did not find anything new, which is not especially surprising given that integral distinguishers on these ciphers were already looked for classically and were already proven optimal. They solved a problem for which we already knew the answers, using another approach.

After performing a quick search, Bonnetain found this 2018 paper that found integral distinguishers for all three of the algorithms covered in the September paper.

None of these experts are denigrating the research presented in the September paper. They are, however, noting that the claims presented in the original South China Morning Post article—and repeated in the ensuing media echo chamber afterward—go beyond mere exaggeration or embellishment. Instead, they're more comparable to fabrications. Even many of the articles debunking the claims—while well intentioned—missed the mark because they, too, cited the wrong paper.

This isn’t the first time the South China Morning Post has fueled undue panic about the imminent fall of widely used encryption algorithms. Last year’s hype train, mentioned earlier in this article, was touched off by coverage by the same publication that claimed researchers found a factorization method that could break a 2,048-bit RSA key using a quantum system with just 372 qubits. People who follow PQC should be especially wary when seeking news there.

The coverage of the September paper is especially overblown because symmetric encryption, unlike RSA and other asymmetric siblings, is are widely belived to be safe from quantum computing, as long as bit sizes are sufficient. PQC experts are confident that AES-256 will resist all known quantum attacks.

I emailed two of the co-authors of the September paper: Wang Chao, mentioned earlier, and Pei Zhi, a PhD. candidate at Shanghai University, asking for their help with this story. The only response I got was two auto-replies saying their inboxes were full.

As a reminder, current estimates are that quantum cracking of a single 2048-bit RSA key would require a computer with 20 million qubits running in superposition for about eight hours. For context, quantum computers maxed out at 433 qubits in 2022 and 1,000 qubits last year. (A qubit is a basic unit of quantum computing, analogous to the binary bit in classical computing. Comparisons between qubits in true quantum systems and quantum annealers aren't uniform.) So even when quantum computing matures sufficiently to break vulnerable algorithms, it could take decades or longer before the majority of keys are cracked.

The upshot of this latest episode is that while quantum computing will almost undoubtedly topple many of the most widely used forms of encryption used today, that calamitous event won’t happen anytime soon. It’s important that industries and researchers move swiftly to devise quantum-resistant algorithms and implement them widely. At the same time, people should take steps not to get steamrolled by the PQC hype train.

Read full article

Comments



Read the whole story
fxer
1 day ago
reply
Bend, Oregon
Share this story
Delete
1 public comment
jepler
1 day ago
reply
yay someone tracked down the paper underlying that sensationalistic article a few weeks ago. yes, it was a nothingburger.
Earth, Sol system, Western spiral arm

Google CEO says over 25% of new Google code is generated by AI

1 Share

On Tuesday, Google's CEO revealed that AI systems now generate more than a quarter of new code for its products, with human programmers overseeing the computer-generated contributions. The statement, made during Google's Q3 2024 earnings call, shows how AI tools are already having a sizable impact on software development.

"We're also using AI internally to improve our coding processes, which is boosting productivity and efficiency," Pichai said during the call. "Today, more than a quarter of all new code at Google is generated by AI, then reviewed and accepted by engineers. This helps our engineers do more and move faster."

Google developers aren't the only programmers using AI to assist with coding tasks. It's difficult to get hard numbers, but according to Stack Overflow's 2024 Developer Survey, over 76 percent of all respondents "are using or are planning to use AI tools in their development process this year," with 62 percent actively using them. A 2023 GitHub survey found that 92 percent of US-based software developers are "already using AI coding tools both in and outside of work."

AI-assisted coding first emerged in a big way with GitHub Copilot in 2021, and the feature saw a wide release in June 2022. It used a special coding AI model from OpenAI called Codex, which was trained to both suggest continuations to existing code and create new code from scratch from English instructions. Since then, AI-based coding has expanded in a big way, with ever-improving solutions from Anthropic, Meta, Google, OpenAI, and Replit.

GitHub Copilot has expanded in capability as well. Just yesterday, the Microsoft-owned subsidiary announced that developers will be able to use non-OpenAI models such as Anthropic's Claude 3.5 and Google's Gemini 1.5 Pro to generate code within the application for the first time.

While some tout the benefits of AI use in coding, the practice has also attracted criticism from those who worry that future software generated partially or largely by AI could become riddled with difficult-to-detect bugs and errors.

According to a 2023 study by Stanford University, developers using AI coding assistants tended to include more bugs while paradoxically believing that their code is more secure. This finding was highlighted by Talia Ringer, a professor at the University of Illinois at Urbana-Champaign, who told Wired that "there are probably both benefits and risks involved" with AI-assisted coding, emphasizing that "more code isn't better code."

The only constant is change

While introducing bugs is certainly a risky side-effect of AI coding, the history of software development has included controversial changes in the past, including the transition from assembly language to higher-level languages, which faced resistance from some programmers who worried about loss of control and efficiency. Similarly, the adoption of object-oriented programming in the 1990s sparked criticism about code complexity and performance overhead. The shift to AI augmentation in coding may be the latest transition that meets resistance from the old guard.

"Whether you think coding with AI works today or not doesn’t really matter," posted former Microsoft VP Steven Sinofsky in September. Sinofsky has a personal history of coding going back to the 1970s. "But if you think functional AI helping to code will make humans dumber or isn’t real programming just consider that’s been the argument against every generation of programming tools going back to Fortran."

Strong preferences about "proper" coding practices have circulated widely among developers over the decades, and some of the more extreme positions may seem silly today, especially those concerning quality-of-life improvements that many programmers now take for granted. Daring Fireball's John Gruber replied to Sinofsky's tweet by saying, "I know youngster[s] won’t believe me, but I remember when some programmers argued that syntax coloring in text editors would make people dumber."

Ultimately, all tools augment or enhance human capability. We use tools to build things faster, and we have always used tools to build newer, more complex tools. It's the story of technology itself. Draftsmen laid out the first silicon computer chips on paper, and later engineers designed successive chips on computers that used integrated circuits. Today, electronic design automation (EDA) software assists in the design and simulation of semiconductor chips, and companies like Nvidia are now using AI algorithms to design them.

Does that mean current AI models are capable of generating flawless, high-quality code that developers can just insert and forget? Likely not. For now, skilled humans with experience still need to be in the loop to ensure everything works properly, which seems to be the practice Google's CEO was touting in the earnings call. Like any tool, AI assistance in skilled hands may significantly accelerate a task—and yet a hammer alone cannot build a house.

Read full article

Comments



Read the whole story
fxer
1 day ago
reply
Bend, Oregon
Share this story
Delete
Next Page of Stories