The Future of Blockchains and Quantum Decryption Transcript

Alice: In this episode, we sit down with Joe Cox, who is a lecturer at Gloucestershire University. He specialises in cybersecurity, and in this episode, we break down encryption algorithms and the looming threat of quantum decryption. This is a slightly more technical episode, buckle in, but this is a good example of how we can make something really technical, hopefully accessible. So do let us know how we get on. Let’s get started.

Alice: So Joe, welcome to Cyber Made Human.

Joe: Thank you very much for having me

Alice: You have got a wealth of experience in cyber and interestingly, you actually educate the next generation of cyber specialists.

Joe: Yes, so, my specialty is primarily in cybersecurity for data privacy, uh, centered around, uh, cryptography networks, um, and then analysis of networks and analysis of MARA on top of that.

Alice: So you’re a lecturer here at Gloucester University, Thank you for the space we’re using it today. Um. What age group do you teach?

Joe: I teach undergrads. That’s usually 18 to 21 year olds.

Alice: Okay. But you are doing a PhD cyber yourself

Joe: Correct Yes.

Alice: And is that through the uni as well?

Joe: Through the university as well. So part of my role on top of lecturing is to research in an area of my choosing that will eventually resolve me, conducting my PhD, which I’m currently doing. And then on top of that, I’ll then, um, go through the whole process of making it and then defending it and then getting my results at the end.

Alice: What, um, topic did you choose?

Joe: So my topic is on, um, financial privacy within processes such as the know your customer process. Using technology such as blockchain for easy verification, and then keeping that whole process private with zero and always proof and strong advanced cryptographic methods while scaling that all up to high end scalable security solutions.

Alice: And what was your motivation for that?

Joe: Motivation was finding that a lot of our data revolves around. Actual financial data and we care most about that besides medical data, so for that I wanted to see what process there are there to verify us and make sure that there’s no money laundering and so any cyber terrorism going on.

So on top of that, I want to see what’s available. And notice we have these good processes, but they are very time-consuming, and the data privacy is just not there. And compliance around that is very scarce as well emerging technologies like AI, blockchain, and so forth are very good, but we need a more practical solution and something at the forefront of it. So I decided to go with my knowledge of blockchain beforehand to go down that path.

Alice: And I suppose the thing with that is that compliance is scarce, but it’s very time-consuming to implement. So you are doing all this research, you are very technical and you enjoy that level of detail, whereas the end user corporations that are gonna be implementing it. Don’t necessarily have a specialist team to manage all of that. So do you think it all needs to be simplified before it’s pushed out to consumers?

Joe: A hundred percent with all these technologies, you first off got to go to people. What is a blockchain? And trying to exactly explain it in layman’s terms can be very difficult.

The point is for the user side of things, why they should care is. Your data is gonna be handled correctly, that you are gonna have a lot of transparency through security, I say, which is what everyone realistically really wants. Yeah. And on top of that, um, if you can get this new process without even feeling it on your, on your side of things as a client, then that’s okay.

You shouldn’t care. Need to be caring about the encryption note, not care about technology. If we can do it, if it’s good enough and it’s masked enough. Then you will still be happy on either side.

Alice: So in an episode that we’ve done with Duck who was on series one talking about the quantum apocalypse, we’ve dove into encryption with him. So that’s a great episode for anyone who does wanna know more about encryption and what that means. Um, but just for the benefit of this episode, can you explain what you mean by a blockchain in, in simple sentences?

Joe: Yeah. A blockchain is a new form of technology that’s supposed to be disruptive and revolutionary. The main concept behind it is imagine you’ve got a piece of, you’ve got some storage going on, you store something away and you retrieve it when you need it. Say you’ve got a closet. The difference is that the closet does not have a door. With that, you can clearly see what’s inside it, but you do not need to worry about it as it’s there.

Why that’s important for users is because we can see everyone will be able to see this closet, so to speak. It’s very public with that. If we wanted to see data, let’s say we’ve got an attacker that’s working over it, all their data’s being recorded for everyone to see, and they may be trying to do something to one user, they may be effective.

Unfortunately, however, we can please see them from a security point of view. Clearly manage it and actually, uh, track people better in terms of tracking and processing criminals and attackers to ensure that people’s data or closets in this case don’t get affected or compromised.

Alice: So even if you are anonymous as a hacker, you can still see that the anonymous user went into the closet, took that bit of data. And then you can see how they accessed it. Yeah. And everything’s tracked.

Joe: Yes. Everything’s also timestamped as well, so you can clearly see to everyone at this timeframe they did this. And you can now, the stringing together may take some time ’cause you’ve got to look through this and the closet is massive.It’s been growing ever since it came out in 2009.

Alice: So there’s only one blockchain.

Joe: There is one blockchain per. There’s different types of blockchains and different methods. There’s one called Bitcoin. There’s one called Ethereum. They are all their own separate chains and they grow every time. So if I was to create one today, we start from block one or block. And then we grow from there. But yeah, there are different types and that, but the main principle of transactions and seeing stuff is all, uh, common across every single one of them.

Alice: So you are a lecturer, so you are educating the next generation. And these are technical specialists, but I know you also have guest lecturers who come and give talks to your students. But I would love to know what you think, not just with your own students, but with the education of the next generation. How do we do that? In cybersecurity?

Joe: What’s important is breaking it down into layman’s terms, into simple terms. Yeah. Imagining they have no knowledge to start with. Yeah. Now that’s sometimes very much like.

People want, we need you to have this skill, this skill, and this skill. But these skills can be learned. They can be taught in various different ways. Not necessarily maybe by me, but for instance, setting activity and then just wandering around. What’s important to understand is. You may never, let’s say, program ever again after your degree, after you’ve done something.

However, the concepts of how programming works, the backbone for websites, software we use, it’s really important in case you are under attack and you say, right, I need to look at code to see what the issue is. So it’s important about starting from the bottom and moving and a gradual progression and clearly seeing those.

Or streamlining processes to make sure we clearly see you’re starting here, but you’re going to get here. Yeah. Because those basic things for some people can be like, it’s too basic for me. I wanted more of a challenge. But you everyone needs to be on the same page. Yeah. ’cause unfortunately we have, people can jump straight into cybersecurity and go.

How do I hack? How do I start? And you need some of those basics of the programming, how a network operates, and how you monitor a network to eventually go off and do that.

Alice: And also, Cyber was a bit creative in the way that a lot of people are self-taught. And so I guess in your setting, if lots of people have come in with completely different methods of a Foundation, you need to get everyone at a base level. That’s the same understanding before you can build on that.

Joe: Absolutely, it’s really important. So everyone, thankfully, even computer science has the same baseline of everything. Once we move into that, even when we move into second year, we’re still covering some of the main backbone stuff like cryptography. However, the whole idea is if you understand the basics, you can then adapt to any situation you want to. And all these different, um, job roles that cyber has to offer.

Alice: The National Institute of Standards and Technology has a kinds of a standardisation that they use for algorithms and I know that you’ve talked a little bit about the different types of algorithms before we started recording, but just talk through the different algorithms, what they’re used for and what those standards are.

Joe: Those standards. So NIST, primarily standard around cryptography. So the art of concealing information and making sure that we can’t break that information and get that original plain text that it was back, they are around making sure that if they standardise something.

We should listen. It means that they have different processes, different testing capabilities to show that these algorithms cannot be broken by brute force methods, or we can’t break them by just simply looking at them.

Alice: So that’s interesting in terms of if there are companies. So if you were somebody who’d self-taught yourself cybersecurity or now in a senior role at a company, ’cause you do know a lot enough about it to be able to operate pretty effectively, but you’re not up to date with the latest standards, for example. is your company then at risk, ’cause you don’t know about all of this sort of stuff?

Joe: Partially, yes, but thankfully something that NIST operates on and stuff like cryptography, once they set a standard, they don’t necessarily update it, so to speak.. Once AES, (advanced encryption standard) is set.

We go off and use it as we do, most stuff already, such as the internet and using stuff like, uh, websites will operate with this already built in. So people don’t need to worry. But there are ways in which it’s also a guideline for people not so saying we should, you need to follow this, but if you do follow this, this is what will happen with your data and this is why it will be privatised and be more secure.

Alice: So with that, I was gonna say the current political landscape, but realistically we’ve always had. Things going on in the world now, critical infrastructure is being targeted by the states of different countries that we don’t agree with, or even hackers or activists, whatever it happens to be. Do you feel like, you know, what’s the risk there and how do people protect themselves from a sort of digital warfare that isn’t as explicit as Russia bombing a country? It’s kind of very hidden and secret and this is a very different style of warfare that we’re seeing now.

Joe: I think it all will come down to unfortunately, how users perceive cybersecurity. For instance, you do get bombarded with a lot of information that is very fear mongering and very technical that no one can really understand.

But on top of that we have this whole thing of updating your passwords. Don’t click this link. We’ve been saying these messages for decades. They’re still not effective because we are seeing more and more attacks through this type of means. I think it will be down to how, uh, users interact with cybersecurity, what they mean by it, and it’ll come down to us as professionals to educate not only this, my, the next generation like I’m doing, but also those who don’t use cybersecurity day in day out.

So worrying about how do we include them in this to say you are a part of this. How you can be a part of it without going too deep into it.

Alice: Absolutely. And I think for me, I think it comes down to convenience. Because if you have to use an app to log into your account, you can’t be bothered to do that. You’re not gonna use it. And when you add in all these different layers and terminology that people don’t understand, I think it’s a barrier to use.

People are lazy, ultimately. And if they don’t understand the implications, or sometimes they don’t care. That’s what the issue is. So how do you make something as complex and nuanced as the work that you do in encryption and blockchains and cryptography to make it seamless with the end user?

Joe: For end users, what we almost need to do from a technical perspective is to mask it. What I mean by that is. I’m going to implement it. Let’s say I’m going to make it on my side. On your side, you are not gonna need to worry about it. All you need to know is how it’s going to be handled. There may be policies in place, there may be legislation in place to say how everything’s going to operate and why you should be aware of it, and why you are going to be secure.

And from that it will all come down to, a matter of trust. You have to trust when you go, for instance, to a website, you are going to buy something. That your information, your finances are going to be handled in the way that, as it’s. Transitioned over the website, over the internet, that it’s not gonna be intercepted or taken by an attacker.

So ultimately it will always come down to trust. How do we get trust to work? It’ll come from a collaboration between technical and non-technical people to come to an agreement on how we best fit human nature.

Alice: And how do you think we do?

Joe: I think it will be down to essentially making it an activity or workshops that are almost fun and inclusive.

Yeah. With that, are you team oriented?. How do you, if I’m doing it, certain scenarios, if you were to do this, what would you think would be the outcome? With that, if you are more team oriented, ’cause it is a team game at the end of the day. Yeah. How do we, how do you include people that may not be inclusive otherwise, if we can get on that, that barrier, which is a very large barrier, we’ll be on our way to a much more successful cyber ecosystem.

Alice: I went to some cybersecurity training a couple of years ago. Where it was all about open source intelligence and social engineering. And they had like an escape room in a way where you had someone’s social media profiles, job descriptions, location, anything that was available publicly about them on the internet, and you had to guess their passwords.

And it was very simple. It was things like. Um, they posted what their star sign was, or you know, their mum’s maiden name as like their porn star name, which was the street they grew up on and their gran’s name, which gave you their passwords ultimately. And I thought that was a good way of doing it because it made you think about what you are sharing publicly.

Is there an example of something like that that you could do with users to make them think about encryption that they’re not necessarily in control of, but like you say, when you’re using a website to buy a dress or something, trusting the. Integrity of that website. Yeah.

Joe: Almost in many ways we need to go on the more creative side, which is sometimes like myself, technical people lack. We like to look at a black and white box and go, this works for me is fantastic. Right. However, eliminating the mathematical formulas. Because they are horrible to look out for anyone involved, including myself. If we can eliminate those and show how the jumble and up process, so to speak, encryption operates, works, then that’s what we need to do.

And then show them, this is where it’s, this is where you’ve got it from, this is where it’s going and how it’s handled on that end. I think that’ll be the best way forward for something like cryptography.

Advert: The Cyber Made Human Podcast is produced by Alice Violet Creative, my content marketing agency based in Cheltenham. We specialise in complex brands, which primarily means those in emerging technologies, cybersecurity and intelligence, we’re able to take abstract, clinical, and difficult topics and make beautiful, compelling and results driven content. So get in touch with us for digital marketing and all your content needs

Alice: So the next big buzz word in cybersecurity is quantum, and we did dive into that in our episode about the quantum apocalypse. But I’m interested if you can kind of just for the purpose of this episode, give us in a nutshell what do we mean by quantum and what are the risks with existing encryption?

Joe: Quantum, we refer to computers, is computers that do, as we would’ve any other computer, but at an extremely fast pace. Faster than we’ve ever seen any humanly possible. With that, those mean actual great opportunities as well. We can do simulations better. We can understand, for instance.

Anatomy of the body better. However, current infrastructure relies on being so strong that you need something really large to break it through Computational means. That’s where we’re gonna struggle, especially in all cryptography at the moment that we, an encryption is under massive threat because of this.

Alice: So do you think it actually is under threat? ’cause something like a quantum computer with the amount of advanced power that it requires actually would be incredibly expensive. It’s not gonna be something like hackers in their bedrooms with phishing scams and stuff like. Maybe it might be in a few years, but is that the risk that it’s gonna advance so that it does require less computational power to be able to run at that speed?

Joe: At this point, we don’t have to worry too much. Yeah. It’s because they do need a perfect environment because of the nature of quantum mechanics. Any form of disruption, let’s say noise, a speck of dust, anything like that can go from up here with the power down to here. So that sensitivity is a major issue.

Also, scaling it up, if you have one chip, I want to grow that chip to do more calculations, more power. Unfortunately, they scale somewhat up until a point where they don’t. Then the computer itself doesn’t understand quantum mechanics. And afterwards it will revert back to a standard computer, so to speak, just with a bit more power than usual.

Alice: And I suppose with the advancements in AI. That’s when you could put AI with a quantum computer. So that it’s doing like a decryption and it can just see that it didn’t work and do it again and again and again without the human having to,

Joe: It can, it can work in that way very well. However, at the moment, algorithms in any regard, regardless of AI, don’t work well with quantum computers because the accuracy that these computers can output is very, very low. Why mention the scalability aspect of it is the more we scale it. The decrease in predictability goes. So for instance, currently a lot of quantum chips can operate at around 10% accuracy. Well, when we have AI that’s expecting 90% nearing, a 100%, they’re not going to mesh well with one another.

Alice: So why is quantum such a buzzword at the moment if we’re so far off and the accuracy levels are so low, even when they are in these perfect environments? Why is it main, well, not mainstream, but mainstream cyber conversation.

Joe: Because of the opportunities it brings, because of that quantum aspect? It, we’ve. In history, we’ve seen a sort of gradual increase in comp computers, computational power, and going on from there. This has been onto an exponential rate way further than we ever thought would be humanly possible.

Alice: So it’s like limitless of what this could do once it’s perfected? And how long do you anticipate it would be until it’s perfected? There’s a huge amount of investment going into this right now.

Joe: Um, I don’t see it personally for another maybe 20 to 30 years.

Alice: Really? Yeah. Wow

Joe: Because quantum mechanics is already a very difficult subject. And, um, some physicists out there who are experts in this, say they don’t even understand it themselves fully. It’s a, it’s compared to physics of old, it is so new and so very much. Quantum works on the basis of this. Your one thing could be one thing, and it can also be the other thing at the exact same time. The problem is we like predictability. We want to know it’s going to be this. Quantum is not based on that. So it goes against our human nature.

Alice: It’s almost like a separate entity to the human using it. Absolutely. Yes. Interesting.

Alice: The National Institute of Standards and Technology. NIST, is it? How does this quantum advancement impact their standardisation of algorithms then?

Joe: So what they would’ve done is, and it’s just happened last year, is make standards for new encryption algorithms that we know quantum computers can’t break.

Alice: But how can you know that if it’s not gonna be finesse for another 5, 10, 15 years, how can you be planning for it? Emerging technology advancement that you don’t even understand?

Joe: With the standards and how they would work is essentially future proofing ourselves, right? Understanding that we know about certain methods such as lattice grids, which is what all the algorithms are primarily based on, that they can because of how they operate and how they work with the algorithms that are computers.

Of a quantum size cannot break them even if they were to scale it up. If you look around NIST and their documentation, they have some very useful information on how they’ve tested it and how it all works around using the quantum computer, but also how you could use it on a user side of things. The issue that we have with these algorithms is the size of them.

They’re deliberately made. The bigger, the harder it is to crack with that, though they are so large that it will take a very long time to encrypt your data and then decrypt your data to get it back. So at the moment, people and like myself are skeptical, if we want to use it, we’re gonna have to change the entire infrastructure to what we know.

Yeah. And the way they say to use it, it feels almost wasteful at this moment in time. The standard itself is used as a sort of just in case and getting ahead of the game. Thankfully, attackers will not have this information, but the moment quantum chips become widespread available, then it’s time to worry. So it’s more taking a proactive approach rather than reactive.

Alice: So what you are saying is that imagine if you’ve got your data here. Yep. Nice picture of your cat here. It’s encrypted to go into the cloud, which is here, it has to be decrypted for you to be able to get that picture of your cat back at either end, however you want it.

And at the moment, the algorithm in the middle that encrypts your data to keep it safe so no one else can see other than you and your cloud. We’re now putting in quantum proof encryption, which is unnecessary ’cause you can’t even use quantum yet. And so you are just having to use all this additional. Computational power. And it’s not necessary at the moment. But you need to be ready for when Quantum does take off.

Joe: Yes. And I think people will be ready at the moment these standards come out, which is fantastic. And they’ve taken an undergoing of eight years before they said we officially have standardised it.

But on, not on top of that, our next questions are how do we implement this? How do we migrate users? On your end as a website user, your data gets encrypted and sent over to a server or a cloud of some type. We’ve got to see, can we make that process the exact same, but know that a quantum computer is not going to break said process.

That will be our next big step is how do we implement it. There is some small scale stuff at the moment on certain projects, like on GitHub to actually show you the code and the mechanisms behind it. But at the same time, actually, how do we implement that into infrastructure is still a massive question mark at the moment.

Alice: So two questions there. And the first one is, would you not just create a completely different type of encryption, like we call it encryption based on encryption of old, but actually if quantum could then decrypt that, could you not just do something different that isn’t scrambling words and mixing it up until we can get it back.

Could we just do something totally different? That’s not anything to do with Quantum.

Joe: We could try it. The difference is when you mix algorithms alongside other mechanisms in cryptography such as hashing and signatures and all this stuff, they kind of need that traditional method of encrypting data. However, because we are trying to build on what we already know, we are trying to essentially get it to a point where we can get this out in a good manner of time. If we are looking at doing encryption from a new stage, we’re gonna have to go back centuries of research and go essentially from scratch.

Alice: Yeah. That sounds like a business opportunity though. Absolutely. I was technical enough, but I’m not. So my other question was about sustainability. Because we know that things like ChatGPT, large language models, use a huge amount of data to come up with simple query results. And the cloud are huge data centers that are storing your data physically somewhere. With Quantum, that sounds like all of that times a million. So is the sustainability impact huge? And what’s the future of that?

Joe: Yeah, so at the moment it’s a massive, massive issue. These machines output an incredible amount of power, and the cooling systems alone are very expensive for them. And like I said, about being in a particular environment, the cooling mechanisms need to be in a particular environment.

And they are almost the size of data centers and they cost billions to implement and in billions to maintain. and on top of that, as we’re moving, we’re trying to move to a greener world. The legislation and the actual standards behind that aspect, how does that implement with Quantum and how do you get them to be less computationally?

Powerful. However, we are currently looking at almost like what computers start with humongous computers. And then moving them back down. It’s the same adage again. We are a long way off of getting them. Whilst a quantum computer chip of quantum is about that size, the mechanisms behind it, the environment is humongous.

Getting that down. Uh, me, Personally, I’m not sure how I would work for that, but I’m not a quantum physicist. That’s their job to worry about, but that will be a huge talking point in the future.

Alice: Interesting. Well, thank you. That was very insightful and I’d just like to end my episode with the Cyber Made human bookshelf.

So your opportunity to share either your favorite book, a book you’ve recently read, or just one you recommend. Doesn’t have to be Quantum, Cryptography, cyber, but it can be up to you.

Joe: So my book is called, uh, Take Your Eye Off the Ball by Pat Kirwan. It’s around American football, which is a big love of mine because it’s a very complex sport.

It’s also amazing if you ever want to know about communication, because I believe it’s the most team oriented sport you could ever play, and everyone works in very different ways, but have to work in unison. So it breaks down for people who are getting started, how that would all operate and how if you were to watch it, what to watch out for and how, what they’re doing to get an understanding.

Alice: Amazing. Really interesting. My recommendation for this episode is Daddy’s Gone Hunting by Penelope Mortimer. So Persephone Books is my favorite publisher. They’re based in Bath, a beautiful bookshop. If you’re ever in Bath. And they make, they basically look at literature written primarily by women, but also male authors as well, that was kind of forgotten with time, and they’re amazing books.

This one particularly, is about a woman in, I think it’s about the 1950s who’s a housewife, and it’s basically the sheer mundanity of not being able to work and the daddy’s gone a hunting thing is like the men are off hunting and working and doing whatever while she’s sat at home going insane. It’s a really timely book.

I think based on the kind of movement that we’re currently having in, lots of people suggest that we’ve gone too far with the kind of women working and things, which obviously I disagree with, but it’s a really interesting book. Shows this isn’t a new conversation. Women always felt that way. They just didn’t have an outlet, essentially.

It is a very interesting book and I love Persephone books, the publisher as well. Thank you. Thanks for joining us.