Weapons of Math Destruction

How solving some of the Millennium Prize Problems may threaten traditional cryptography and information security

The original work behind the Riemann Hypothesis

The Millennium Prize Problems are a series of mathematical questions that represent hard boundaries in our understanding of mathematics. Answering these questions would rapidly advance our understanding of math — and empower fields like physics, biology, and chemistry accordingly with new tools to describe reality and our universe.

But sometimes knowledge can be a double edged sword. The discoveries that would come from solutions to some of the outstanding Millennium Prize problems could have significant consequences for cybersecurity and cryptography, and require us to reframe how we think about security communication and data in a post-Millennial Problem world:

This is the most significant Millennium Prize problem for security. To radically oversimplify this problem, P vs. NP questions whether all problems that can be quickly verified can also be solved quickly.

Most cryptographic systems require that there be mathematically difficult to solve (i.e.: “computationally intractable”) problems making it hard to deduce the key to encrypted text. If one showed the P = NP, it means that there could exist faster solutions that avoid the computationally intractable mathematics like those protecting cryptography like RSA and AES.

Having an efficient solution for Traveling Salesman-style problems could fundamentally upend how we think about protecting secrets with math — and math as a whole.

The Riemann Hypothesis conjectures that there is a structure to the roots of the Riemann zeta function. Because there seems to exist exist a relationship between the distribution of prime numbers and the Riemann zeta function, if the Riemann Hypothesis can be proven true there is a significant impact to our understanding of how prime numbers work — and number theory as a whole.

The consequences of proving the Riemann Hypothesis could mean that we can reduce the Omega complexity of searching for prime numbers. This has dramatic ramifications for any kind of cryptography that relies on the computational intractability of searching for primes — including RSA, ECDSA, and the Diffie-Hellman Key Exchange used in protocols like SSH/TLS.

The Navier Stokes Existence problem joins the Yang Mills Existence problem in being a mathematical problem based on observations made in physics and our limited understanding of the fundamental math best used to describe those observations.

Navier Stokes Equations are a set of differential equations that describe the motion of a viscous fluid as it interacts with another substance. Examples of this interaction can be seen in how oil diffuses in water or how air diffuses over a plane’s wings in flight. Navier Stokes Equations used in chemistry, physics, and engineering to model real world fluid dynamics and are critical for modern technology.

Unfortunately we actually don’t understand a decent amount about how Navier Stokes Equations work. In particular, we don’t know if there are always provably smooth solutions that exist for Navier Stokes equations or understand functionally how kinetic energy is structurally transmitted in these equations.

Proving these properties about Navier Stokes Equations has significant ramifications for engineering, science, and our understanding of fluid dynamics as a whole. Improving our mathematical understanding of these physical properties could also yield number theory implications on cryptography that relies on pseudorandom numbers generated by observations of physical fluid dynamics.

For example, Cloudflare has a wall of lava lamps at its headquarters that are used as the seed for software random number generators used to generate encryption keys. Digital cameras dutifully observe the movement of liquids in the lava lamps, and use those observations to create random numbers.

Other than being groovy, this wall is valuable for generating random numbers because the movement of viscous fluid in a lava lamp is highly entropic: the number of interactions possible from a single observation is very high, thus making it ideal for generating a very cryptographically-secure random seed.

Solving the Navier Stokes Existence problem could have ramifications on random seed generators that rely on observations of fluid physical phenomena. It’s not unlikely that math could be generated to better approximate or model the output of Navier Stokes models due to advances from proving/disproving the Existence problem, thereby ensuring that it may be easier to recreate the observation used to generate random seeds.

This could ultimately result in better cryptanalytical (mathematic codebreaking) attacks on encryption like AES and cryptographic hash functions such as SHA-256, as supercomputers could be tailored to recreate data like random seeds and cryptographic nonces by modeling the observed state of the observed phenomena. Results of these attacks could enable better state sponsored attacks and codebreaking of encrypted data on hard drives, in the cloud, and enable state sponsored hackers to create fraudulent SSL/TLS certificates.

Principal PM for Cryptography and Security Products @HashiCorp. Formerly Defense/NatSec & Crypto @NetApp, VC @GGVCapital + @AmplifyPartners