The quantum meltdown of encryption

The world stands at the cusp of one of the greatest breakthroughs in information technology. Huge leaps forward in all fields of computer science, from data analysis to machine learning, will result from this breakthrough. But like all of man’s technological achievements, from the combustion engine to nuclear power, harnessing quantum comes with potential dangers as well. Quantum computers have created a slew of unforeseen vulnerabilities in the very infrastructure that keeps the digital sphere safe.

The underlying assumption behind nearly all encryption ciphers used today is that their complexity precludes any attempt by hackers to break them, as it would take years for even our most advanced conventional computers to do so. But quantum computing will change all of that.

Quantum computers promise to bring computational power leaps and bounds ahead of our most advanced machines. Recently, scientists at Google began testing their cutting edge 72 qubit quantum computer. The researchers expect to demonstrate with this machine quantum supremacy, or the ability to perform a calculation impossible with traditional computers.

Chink in the Armor

Today’s standard encryption techniques are based on what’s called Public Key Infrastructure or PKI, a set of protocols brought to the world of information technology in the 1970’s. PKI works by generating a complex cipher through random numbers that only the intended recipient of a given message, the one in possession of the private key, can decode.

As a system of encoding data, PKI was sound and reliable. But in order to implement it as a method to be used in the real world, there was still one question that needed to be answered: how could individuals confirm the identity of a party reaching out and making a request to communicate? This vulnerability left the door open for cybercriminals to impersonate legitimate servers, or worse, insert themselves into a conversation between users and intercept communications between them, in what’s known as a Man-in-the-Middle (MITM) attack.

The industry produced a solution to this authentication problem in the form of digital certificates, electronic documents the contents of which can prove senders are actually who they claim to be. The submission of certificates at the initiation of a session allows the parties to know who it is they are about to communicate with. Today, trusted third party companies called Certificate Authorities, or CAs, create and provide these documents that are relied upon by everyone from private users to the biggest names in tech.

The problem is that certificates themselves rely on public-key cryptographic functions for their reliability, which, in the not too distant future, will be vulnerable to attack by quantum machines. Altered certificates could then be used by cyber criminals to fake their identities, completely undermining certificates as a method of authentication.

Intel’s 17-qubit superconducting test chip for quantum computing has unique features for improved connectivity and better electrical and thermo-mechanical performance. (Credit: Intel Corporation)

 

Decentralizing the Threat

This isn’t the first time we’ve had to get creative when it comes to encryption.

When Bitcoin creator Satoshi Nakamoto, whose true identity is still unknown, revealed his revolutionary idea in a 2008 white paper, he also introduced the beginnings of a unique peer-to-peer authentication system that today we call blockchain. The brilliantly innovative blockchain system at its core is an open ledger that records transactions between two parties in a permanent way without needing third-party authentication. Blockchain provided the global record-keeping network that has kept Nakamoto’s digital currency safe from fraudsters. Blockchain is based on the concept of decentralization, spreading the authentication process across a large body of users. No single piece of data can be altered without the alteration of all other blocks, which would require the collusion of the majority of the entire network.

For years, blockchain and Bitcoin remained one and the same. About five years ago, innovators in the industry began to realize that blockchain could be used for more than just securing cryptocurrency. Altering the original system designed for Bitcoin could produce programs to be applied in a wide range of industries, from healthcare, to insurance, to political elections. Gradually, new decentralized systems began to emerge such as those of Ripple and Litecoin. In 2015, one of the original contributors to the Bitcoin codebase Vitalik Buterin released his Ethereum project also based on blockchain. What these new platforms added to the picture was the ability to record new types of data in addition to currency exchanges, such as loans and contractual agreements.

The advantages of the blockchain concept quickly became apparent. By 2017, nearly fifteen percent of all financial institutions in the world were using blockchain to secure aspects of their operations. The number of industries incorporating decentralized systems continues to grow.

Digital security key concept background with binary data code

Saving PKI

The best solution for protecting encryption from our ever-growing processing power is integrating decentralization into Public Key Infrastructure.

What this means essentially, is that instead of keeping digital certificates in one centralized location, which makes them vulnerable to being hacked and tampered with, they would be spread out in a world-wide ledger, one fundamentally impervious to alteration. A hacker attempting to modify certificates would be unable to pull off such a fraud, as it would mean changing data stored on enumerable diversified blocks spread out across the cyber sphere.

Decentralization has already been proven as a highly effective way of protecting recorded data from tampering. Similarly, using a blockchain-type system to replace the single entity Certificate Authority, can keep our digital certificates much safer. It is in fact one of the only foreseeable solutions to keep the quantum revolution from undermining the foundation of PKI.

 

Machine learning boosts Swiss startup’s shot at human-powered land speed record

The current world speed record for riding a bike down a straight, flat road was set in 2012 by a Dutch team, but the Swiss have a plan to topple their rivals — with a little help from machine learning. An algorithm trained on aerodynamics could streamline their bike, perhaps cutting air resistance by enough to set a new record.

Currently the record is held by Sebastiaan Bowier, who in 2012 set a record of 133.78 km/h, or just over 83 mph. It’s hard to imagine how his bike, which looked more like a tiny landbound rocket than any kind of bicycle, could be significantly improved on.

But every little bit counts when records are measured down a hundredth of a unit, and anyway, who knows but that some strange new shape might totally change the game?

To pursue this, researchers at the École Polytechnique Fédérale de Lausanne’s Computer Vision Laboratory developed a machine learning algorithm that, trained on 3D shapes and their aerodynamic qualities, “learns to develop an intuition about the laws of physics,” as the university’s Pierre Baqué said.

“The standard machine learning algorithms we use to work with in our lab take images as input,” he explained in an EPFL video. “An image is a very well-structured signal that is very easy to handle by a machine-learning algorithm. However, for engineers working in this domain, they use what we call a mesh. A mesh is a very large graph with a lot of nodes that is not very convenient to handle.”

Nevertheless, the team managed to design a convolutional neural network that can sort through countless shapes and automatically determine which should (in theory) provide the very best aerodynamic profile.

“Our program results in designs that are sometimes 5-20 percent more aerodynamic than conventional methods,” Baqué said. “But even more importantly, it can be used in certain situations that conventional methods can’t. The shapes used in training the program can be very different from the standard shapes for a given object. That gives it a great deal of flexibility.”

That means that the algorithm isn’t just limited to slight variations on established designs, but it also is flexible enough to take on other fluid dynamics problems like wing shapes, windmill blades or cars.

The tech has been spun out into a separate company, Neural Concept, of which Baqué is the CEO. It was presented today at the International Conference on Machine Learning in Stockholm.

A team from the Annecy University Institute of Technology will attempt to apply the computer-honed model in person at the World Human Powered Speed Challenge in Nevada this September — after all, no matter how much computer assistance there is, as the name says, it’s still powered by a human.

Apple Updates Leadership Page to Include New AI Chief John Giannandrea

Apple today updated its Apple Leadership page to include John Giannandrea, who now serves as Apple’s Chief of Machine Learning and AI Strategy.

Apple hired Giannandrea back in April, stealing him away from Google where he ran the search and artificial intelligence unit.



Giannandrea is leading Apple’s AI and machine learning teams, reporting directly to Apple CEO Tim Cook. He has taken over leadership of Siri, which was previously overseen by software engineering chief Craig Federighi.

Apple told TechCrunch that it is combining its Core ML and Siri teams under Giannandrea. The structure of the two teams will remain intact, but both will now answer to Giannandrea.

Under his leadership, Apple will continue to build its AI/ML teams, says TechCrunch, focusing on general computation in the cloud alongside data-sensitive on-device computations.

Giannandrea spent eight years at Google before joining Apple, and before that, he founded Tellme Networks and Metaweb Technologies.

Apple’s hiring of Giannandrea in April came amid ongoing criticism of Siri, which many have claimed has serious shortcomings in comparison to AI offerings from companies like Microsoft, Amazon, and Google due to Apple’s focus on privacy.

Subscribe to the MacRumors YouTube channel for more videos.


In 2018, Apple is improving Siri through a new Siri Shortcuts feature that’s coming in iOS 12, which is designed to let users create multi-step tasks using both first and third-party apps that can be activated through Siri.

Discuss this article in our forums

Your next summer DIY project is an AI-powered doodle camera

With long summer evenings comes the perfect opportunity to dust off your old boxes of circuits and wires and start to build something. If you’re short on inspiration, you might be interested in artist and engineer Dan Macnish’s how-to guide on building an AI-powered doodle camera using a thermal printer, Raspberry pi, a dash of Python and Google’s Quick Draw data set.

“Playing with neural networks for object recognition one day, I wondered if I could take the concept of a Polaroid one step further, and ask the camera to re-interpret the image, printing out a cartoon instead of a faithful photograph.” Macnish wrote on his blog about the project, called Draw This.

To make this work, Macnish drew on Google’s object recognition neural network and the data set created for the game Google Quick, Draw! Tying the two systems together with some python code, Macnish was able to have his creation recognize real images and print out the best corresponding doodle in the Quick, Draw! data set

But since output doodles are limited to the data set, there can be some discrepancy between what the camera “sees” and what it generates for the photo.

“You point and shoot – and out pops a cartoon; the camera’s best interpretation of what it saw,” Macnish writes. “The result is always a surprise. A food selfie of a healthy salad might turn into an enormous hot dog.”

If you want to give this a go for yourself, Macnish has uploaded the instructions and code needed to build this project on GitHub.

Booksy, the worldwide booking system, raises $13.2 million

Booksy, a Poland-based booking application for the beauty business, has raised $13.2 million in a series B effort to drive global growth. The company, founded in 2014 by Stefan Batory and Konrad Howard, is currently seeing 2.5 million bookings per month.

The company raised from Piton Capital, OpenOcean, Kulczyk Investments, and Zach Coelius.

Batory, an ultramarathoner, also co-founded iTaxi, Poland’s popular taxi hailing app. Booksy came about when he was trying to schedule physiotherapy appointments after long runs. He would come home sore and plan on calling his physiotherapist but it was always too late.

“I didn’t want to bother him after I was done with my workout late night, and it was virtually impossible to contact him during day time as his hands were busy massaging people and he did not answer my calls,” he said.

Booksy launched in the US in 2017 and “rapidly become the number one booking app in the world,” said Batory.

“We will use the funding to drive global growth, recruit high profile talent and develop proprietary technologies that will further support beauty businesses,” he said. “That includes the implementation of one-click booking, a feature that uses machine learning and AI technologies, to determine each user’s buying pattern and offer them the best dates with their favorite stylists, thus simplifying user experience for both merchants and their customers.”

MeetFrank nets $1.1M for its passive job matching chatbot

MeetFrank, aka a ‘secret’ recruitment app that uses machine learning plus a chatbot wrapper to take the strain out of passive job hunting and talent-to-vacancy matching, has closed a €1 million (~$1.1M) seed funding round to fuel market expansion in Europe.

Hummingbird VC, Karma VC, and Change Ventures are the investors.

The Estonian startup was only founded last September but says it has ~125,000 active users in its first markets: Estonia, Finland, Sweden, Latvia, Lithuania, plus its most recent market addition, Germany, an expansion this seed has financed.

Around 2,000 companies are using the app to try to attract talent. In Germany employers on board with MeetFrank include Daimler, Eon, Delivery Hero, SumUp, Blinkist, High Mobility and MyTaxi.

“The average company profile we have at the moment is a start-up/scale-up company that develops their product in-house,” says co-founder Kaarel Holm.

“At the moment we are mainly focused on technology related companies — so positions you can find from average start-up or a scale-up,” he tells TechCrunch. “Around 50% of the position are engineering and other 50% is marketing, sales, customer support, legal, data science, product/project management etc.”

He names TransferWise, Taxify, Testlio, Smartly and High-Mobility as other early customers.

Here’s how MeetFrank works on the talent side: The person downloads the app and goes through a relatively quick onboarding chat with ‘Frank’ (the emoji-loving chatbot) where they are asked to specify their skills and experience — choosing from pre-set lists, rather than needing to type — plus to state their current job title and salary.

So while MeetFrank’s target is passive job seekers, these people do still need to actively download the app and input some data.

Hence the chatbot having a strong emoji + GIF game to convince talent that a little upfront effort will go a long way…

The bot also asks what would convince them to switch jobs — offering options to choose from such as a higher salary, more flexible or remote working working, relocation, a startup culture and so on.

The anonymous aspect comes in because there’s no requirement for users to provide their real name or any other identifying personal information in order to get matches with potential positions.

Talent is therefore assessed on its merits, at least at this stage of the job hunt.

And while people are asked up front to specify their current salary, which you might think puts them at a potential disadvantage during any pay negotiations, Holm says the aim of MeetFrank’s platform is also to encourage greater openness from employers and steer away from traditional pay negotiation situations.

“We use salary as one datapoint for matching and we try to make sure that offers we make to the user are match their preferences. In lot of cases the salary is the main deal breaker and we would like to present the information as early as possible,” he explains. “Companies on the other side of the marketplace disclose their salary for the users as well — in that case we can avoid the negotiating disadvantage.”

“The policy of MeetFrank platform is that companies have to be extremely open about the position they are trying to fill — this also includes the salary information,” he adds.

Employers are not at all anonymous on the platform. On the contrary, they have to write detailed job advertisements — including levels of pay for advertised roles.

And a pay range will be disclosed to applicants that the app deems potentially suitable — i.e. after its matching process — by displaying a percentage of how much more they could earn above their current salary.

So employers need to be comfortable showing their hand to people who may just be curious what’s out there.

For employers, MeetFrank takes over the ad placement process — using its machine learning to algorithmically match potential candidates to positions. So its proposition is automatic pre-selection across “thousands” of potential job applicants.

And also the possibility of reaching talent which might otherwise not realize that company is hiring. Or think about working for a certain brand.

The app is mainly focused on a “passive talent pool” — aka “currently or recently employed talent that is open for offers”, as Holm puts it. So it’s certainly cherrypicking easier types of jobs to match and fill.

“Entry level jobs is bit out of reach for us at the moment but we will launch a beta project with couple of universities in the autumn this year,” he adds when we ask if the app is open to matching people who don’t currently have a job or are looking for a first job.

Holm says MeetFrank is currently showing 50% MRR growth. It’s already out of the pre-revenue phase — so is charging employers to advertise (the service remains free for the talent side).

The main monetization model is a daily subscription, with employers being charged on a pay-as-you-go basis. Holm says the price per day for employers is €9, and MeetFrank lets them cancel at any time — with no minimum time commitment required to sign up.

“We believe that the new-aged classifieds will only monetize on that kind of on-demand model and should only pay when they find us useful. This also lowers the barrier of entry to most of the start-ups and allows them to vet the market and get visibility with low budgets,” he adds.

Facebook is using machine learning to self-tune its myriad of services

Regardless of what you may think of Facebook as a platform, they run a massive operation and when you reach their level of scale you have to get more creative in how you handle every aspect of your computing environment.

Engineers quickly reach the limits of human ability to track information to the point that checking logs and analytics becomes impractical and unwieldy on a system running thousands of services. This is a perfect scenario to implement machine learning and that is precisely what Facebook has done.

The company published a blog post today about a self-tuning system they have dubbed Sprial. This is pretty nifty and what it does is essentially flip the idea of system tuning on its head. Instead of looking at some data and coding what you want the system to do, you teach the system the right way to do it and it does it for you, using the massive stream of data to continually teach the machine learning models how to push the systems to be ever better.

In the blog post, the Spiral team described it this way: “Instead of looking at charts and logs produced by the system to verify correct and efficient operation, engineers now express what it means for a system to operate correctly and efficiently in code. Today, rather than specify how to compute correct responses to requests, our engineers encode the means of providing feedback to a self-tuning system.”

They say that coding in this way is akin to declarative code, like using SQL statements to tell the database what you want it to do with the data, but the act of applying that concept to systems is not a simple matter.

“Spiral uses machine learning to create data-driven and reactive heuristics for resource-constrained real-time services. The system allows for much faster development and hands-free maintenance of those services, compared with the hand-coded alternative,” the Spiral team wrote in the blog post.

If you consider the sheer number of services running on Facebook, and the number of users trying to interact with those services at any given time, it required sophisticated automation, and that is what Spiral is providing.

The system takes the log data, processes it through Spiral, which is connected with just a few lines of code. It then sends commands back to the server based on the declarative coding statements written by the team. To ensure those commands are always being fine tuned, at the same time, the data gets sent from the server to a model  for further adjustment in a lovely virtuous cycle. This process can applied locally or globally.

The tool was developed by the team operating in Boston, and is only available internally inside Facebook. It took lots of engineering to make it happen, the kind of scope that only Facebook could apply to a problem like this (mostly because Facebook is one of the few companies that would actually have a problem like this).

Social SafeGuard scores $11M to sell alerts for brand-damaging fakes

Social SafeGuard, a 2014-founded U.S. startup which sells security services to enterprises aimed at mitigating a range of digital risks that lie outside the corporate firewall, has closed an $11 million Series B funding round, from AllegisCyber and NightDragon Security.

It’s hoping to ride the surge in awareness around social media fakery — putting the new funding towards sales and marketing, plus some product dev.

“As one of the few dedicated cybersecurity venture firms, we know how big this challenge has become for today’s security executives,” said Spencer Tall, MD of AllegisCyber, in a supporting statement. Tall is joining the Social SafeGuard board.

“This is no longer a fringe need that can be ignored or deferred. Digital risk protection should be on the shortlist of corporate security priorities for the next decade,” he adds.

Social SafeGuard’s SaaS platform is designed to alert customers to risks that might cause damage to a business or brand’s reputation — such as brand impersonation, compliance issues or even the spread of fake news — as well as more pure-play security threats, such as social phishing, malware, spam and fake accounts.

Its platform uses machine learning and a customized policy engine to offer real-time monitoring of 50 digital and social channels (integrating via an API hub) — including social media platforms, mobile messaging apps, IM tools like Slack, unified comms platforms (Skype for business etc), clouds apps like Office365, blogs and news sites, and the dark web.

The types of threats the platform is trained to look out for include malicious message content, inappropriate images, malicious links, account takeover attempts and brand impersonation.

“Digital risks to any enterprise are twofold: internal or external — from employees communicating in non-compliant ways that expose a business to regulatory danger to more typical cyber threats like phishing, malware, account hacks or brand impersonation. Social SafeGuard helps mitigate all of these new digital risks by giving companies the tools to detect threats and defend against them, so they can adopt new technologies without fear,” says founder and CEO Jim Zuffoletti.

As well as threat detection and real-time notification, the platform includes built in take-down requests and follow-through — “to make threat management as responsive as possible”, as he puts it.

Social SafeGuard’s software also does risk scoring to aid the rapid triage of potential threats, and uses AI to try to anticipate “potential attacks and identify known bad actors” — so it’s responding to a wider security industry shift from purely defensive, reactive actions towards pro-active detection and response.

On the compliance front, the platform includes a governance and customizable policy engine that enterprises can use to monitor employee and partner communications for regulatory violations.

“For compliance-focused clients, messages are archived with automated audit trails that provide transparency and clarity,” notes Zuffoletti.

The platform has around 50 customers at this stage. Zuffoletti says its biggest customers are in the financial services and life sciences sectors — but says high tech is its fastest-growing sector.

Examples of the kinds of attacks its tools have been used to prevent include account takeovers, malware attacks, financial regulations violations, and FCPA and HIPAA violations.

“In one recent example, we were able to perform a forensic analysis of an online securities fraud scheme, which also posed brand reputation issues for one of our clients,” he adds. “Our platform is adaptable to evolving hybrid threats, too.”

On the competitive front, Zuffoletti namechecks the likes of Proofpoint and RiskIQ.