Karim Eldefrawy

Cryptography, Cybersecurity, Privacy

Co-founder and CTO at Confidencial.io
2017-2021: SRI
2011-2016: HRL Laboratories
2006-2010: PhD@UC Irvine

Scientific curiosity

Nature is note malicious

Cybersecurity and Cryptogrpahy ahs to Consider an Un-natural (Unique) Domain with Malicious Environment

In other/standard engineering or computer science practices, one has to typically over-design against failure and/or natural forces which are not intentional and/or adaptive, and operate at a slow rate and not at sub-second. For example, when one designs and builds a building or a bridge in a seismic area, one designs for failures from seismic activities, but these do not have intentions and do not adapt their strategy that causes damage to defeat the protections built in.

Similarly, in physics, when we are trying to reverse engineer/infer the natural laws, and are having a hard time doing it, it is not because nature is trying to intentionally hide such laws from us. The laws may be randomized, or hard to infer, but the laws do not adapt nor change to evade our inquiry (at least as far as we know now).

I was also referring to a statement supposedly made by Einstein stating that “nature is not malicious”. He meant that nature is not trying to hide things intentionally from us (in the context of uncertainty in quantum theory, and the Copenhagen interpretation thereof). He had a big objection to all of quantum theory.

In cryptography and security on the other hand, we do not have the luxury to only deal with agents or causes that are unintentional and random. Cyber attacks and adversaries have intentions and adapt (could be very fast if automated) to whatever defenses we try to build in, so it is a much harder undertaking and discipline compared to standard engineering. Even in computer networking/engineering one only considers faults in hardware and software that are not attacks. Also, for example in wireless transmission where interference and fading happens due to other EM activity and physical objects and their movements, such errors are random or correlated but not adaptive to error correction and redundancy we add into our protocols and systems. One exception in wireless where adversaries adapt is in wireless Electronic Warfare.

There are two other domains where one has to deal with such adaptive attacks and adversarial behavior:

(1) kinetic/physical warfare: but it is much slower rate if adaptation because things in the physical world are slower than cyberspace, and humans are the decisions makers so the time-constants we deal with there are not sub-seconds.

(2) medicine: viruses and bacteria can adapt to evade medicine and interventions, but it is not intentional and typically also much slower than the rates we can see in cyberspace. image