Post-Quantum

Why AI Cannot Break Modern Encryption

Photo of Marin Ivezic Marin Ivezic Follow on X Send an email June 26, 2025
37 minutes read
AI Quantum Encryption

I spend my days helping boards and engineering teams get quantum-ready. Lately, a persistent myth keeps popping up: “If quantum can break RSA, then AI must be close – and I’ve heard NSA already has AI+quantum cracking 2048‑bit keys.” Frankly, that’s nonsense. Quantum computing represents a fundamentally new model of computation with a proven algorithmic route to factoring large numbers; AI, by contrast, is a collection of algorithms running on classical, silicon-based digital hardware and excels at pattern recognition. Those are not the same thing. Modern encryption’s resistance to AI attacks is grounded in unchanging mathematical principles and computational limits. Recent research (2023-2025) has reinforced that no matter how advanced machine learning becomes, an AI cannot overcome the fundamental hardness assumptions that secure cryptographic systems. In other words, an AI program, ultimately just bit operations on classical chips, cannot defy the super‑polynomial complexity of problems like integer factorization and finite‑field discrete logarithms (both subexponential classically), nor the exponential complexity of elliptic‑curve discrete logarithms – absent a genuine algorithmic revolution.

Introduction: AI Hype vs. Quantum Reality in Cryptography

It is easy to be impressed by AI’s astounding successes in pattern-matching and speculate about a super-intelligent algorithm “finding a hidden pattern” to crack RSA or AES. Yet this idea reflects a profound category error. AI, for all its power, still runs on classical computers and is bound by the same complexity constraints as any other classical algorithm. It cannot magically outsmart the mathematics underlying encryption without overturning core computational theory. No clever AI trick can bypass these mathematical limits unless our fundamental assumptions (like P ≠ NP) are wrong.

Quantum computing, on the other hand, does threaten current cryptography because it introduces a new computational paradigm rooted in physics. A sufficiently large quantum computer leverages phenomena like superposition and interference to solve problems that are computationally out of reach for classical (non-quantum) computers. In particular, Shor’s quantum algorithm can factor large integers and compute discrete logarithms exponentially faster than any known classical method, meaning it could break RSA and elliptic-curve cryptography (ECC) if we had the requisite hardware. Grover’s algorithm can brute-force search quadratically faster, effectively halving the key length of symmetric ciphers (e.g. turning a 128-bit key into a 64-bit problem). These are genuine threats, which is why the U.S. National Institute of Standards and Technology (NIST) ran a multi-year project to standardize post-quantum cryptography – culminating in 2024 with new algorithms designed to withstand quantum attacks. Notably, there is no equivalent global effort for “post-AI cryptography.” Experts understand that AI does not change the game the way quantum physics does. At most, AI might help attackers exploit implementation flaws (like bugs or side-channels), but it does not break the underlying cryptographic math.

To establish these points rigorously, we will proceed as follows:

  • Section 1 lays out the mathematical bedrock of modern cryptography – the conjectured separation of complexity classes (P ≠ NP) and the construction of one-way functions that form an “invisible fence” against any feasible classical attack. We review why RSA, elliptic-curve cryptography, and even new lattice-based schemes rely on problems believed to be intractable for any classical algorithm (AI or otherwise), and why symmetric ciphers like AES remain secure against brute-force due to astronomical complexity.
  • Section 2 explains why quantum computing overturns those assumptions whereas AI does not. We summarize how Shor’s algorithm uses quantum Fourier techniques to factor integers in polynomial time, and how Grover’s algorithm weakens symmetric keys by a square-root factor. We also highlight the global cryptographic response (e.g. NIST’s PQC standards) as evidence that the community is focused on the quantum threat, not any hypothetical “AI threat.”
  • Section 3 examines why AI fails at cryptanalysis. Modern ciphers are purposefully designed to produce outputs indistinguishable from random noise to any efficient algorithm, nullifying the patterns that machine learning would need. We discuss theoretical reasons (no exploitable structure; a “flat” loss landscape offering no gradient signal) and empirical results: decades of attempts, including a comprehensive 2024 study of hundreds of papers, show that neural networks only succeed on toy or reduced versions of ciphers, with essentially 0% success on real encryption like AES or RSA.
  • Section 4 clarifies what AI can do in security. AI techniques significantly aid side-channel attacks (for example, analyzing power consumption or timing information to recover keys) and help automate tasks like vulnerability discovery or phishing. These are serious concerns, but they target the periphery of cryptosystems – not the core mathematics. We will describe a case study where a 2023 deep-learning side-channel attack on a Kyber implementation was sensationalized as “AI breaks encryption,” when in reality the cryptographic algorithm itself remained sound and only an implementation leakage was exploited.

Understanding the distinction between AI hype and the quantum reality is crucial for allocating security resources wisely. The mathematical foundations of cryptography have proven remarkably resilient, and that resilience holds firm against AI. The real task ahead is fortifying implementations and transitioning to quantum-safe algorithms before a large-scale quantum computer (a cryptographically relevant quantum computer, or CRQC) arrives.

1. Cryptography’s Mathematical Foundations

Modern encryption algorithms are deliberately built on problems that are believed to be insurmountable for any feasible classical computation. This is by design: decades of research in computational complexity theory provide a “rulebook” for what problems are tractable. Any would-be codebreaker, human or AI, must play by these rules. To claim an AI can crack RSA or AES without a key implies a paradigm-shattering algorithmic breakthrough – something as unlikely as proving P = NP, which virtually no expert considers plausible.

1.1 P, NP, and the “Invisible Fence” of Complexity

At the heart of this discussion is the famous P vs NP problem. In simple terms, P is the class of problems solvable in polynomial time (i.e. efficiently) by some algorithm, while NP is the class of problems whose solutions can be verified in polynomial time. We know that P ⊆ NP, but it is widely conjectured that P ≠ NP – meaning there exist problems in NP that no polynomial-time algorithm (in P) can solve. This conjecture has profound implications for cryptography. Many cryptographic schemes are secure because the underlying problem is believed to lie outside P (or at least outside “easy” classes) for classical computers.

A classic example: integer factorization. Multiplying two large prime numbers is easy (polynomial time), but factoring the product back into primes appears to require super-polynomial time on a classical computer. Given an n-bit composite number (such as an RSA modulus), the best known classical algorithms (like the General Number Field Sieve) run in subexponential but not polynomial time. Similarly, the discrete logarithm problem – finding x given $$g^x$$ ≡ h (mod p) – has no known efficient classical solution in the general case. These are NP-type problems with no known polynomial algorithms, and they form the backbone of RSA and Diffie–Hellman/ECC cryptography. In essence, cryptographers deliberately pick problems that they believe are outside P (for classical algorithms) as the basis for encryption and digital signatures

The “invisible fence” metaphor (coined by computer scientist Scott Aaronson) refers to the idea that there is a boundary defined by complexity classes: problems like factoring and discrete log live outside the fence for classical computers. One can wander all around within the domain of P (and maybe slightly beyond with subexponential algorithms), but cannot cross into solving those hard problems efficiently without fundamentally new mathematics. If an AI is running on a classical Turing machine model, it is confined by that invisible fence. No amount of training or “cleverness” lets it step into a realm of computation that breaks those complexity barriers. In other words, as long as AI is implemented on classical hardware, it does not get to bend the rules of problems believed to require super‑polynomial time on classical computers (subexponential for factoring and finite‑field DLP; exponential for elliptic‑curve DLP).

1.2 One-Way Functions

Cryptographers capitalize on the assumed hardness of certain problems by constructing one-way functions – functions that are easy to compute but infeasible to invert without special knowledge (like a secret key). For example, multiplying primes is easy, but factoring the product is hard; this asymmetry underlies RSA encryption. Likewise, exponentiating modulo a prime is easy, but the inverse operation (discrete log) is hard, which underpins Diffie-Hellman key exchange and elliptic-curve cryptography (where the group operations play a similar role).

RSA and Integer Factorization: The RSA cryptosystem (invented in 1977) uses the multiplication of two large primes as its one-way function. Given primes p and q, one can compute N = p·q easily (this is the public key modulus). However, given N alone, finding p and q (factoring N) appears to require super-polynomial time with any known classical algorithm. In fact, the best published method, the General Number Field Sieve (GNFS), has a subexponential runtime of approximately $$exp(1.923*(log N)^{1/3}*(log log N)^{2/3})$$, which for practical key sizes is astronomically large. To illustrate: in 2020 researchers factored RSA-250 (an 829-bit number), but it took roughly 2,700 CPU-years of computation. That is years of work on hundreds of cores for a number far smaller than the 2048-bit keys used routinely today. A 2048-bit RSA modulus is so large that, by extrapolation, factoring it would take longer than the age of the universe using known methods. This gap – easy multiplication vs infeasible factorization – underpins RSA’s security.

Discrete Logarithms (Diffie-Hellman and ECC): Another one-way function is exponentiation in a finite group. Given a generator g and an integer x, computing h = $$g^x$$ mod p (a modular exponentiation) is easy. But given $$g^x$$ mod p and g, finding x – the discrete logarithm problem – is hard. In classical Diffie-Hellman (multiplicative group of integers mod p), discrete log can be attacked with subexponential algorithms (like Index Calculus) for some groups, but for elliptic curve groups used in practice (ECDLP), the best known algorithm is Pollard’s rho, which runs in O(√N) time for a group of size N. That is exponential in the length of the input (half the bit-length of N). For example, a standard 256-bit elliptic curve has a group of size ~$$2^{256}$$, and Pollard’s rho would need on the order of $$2^{128}$$ operations – utterly infeasible. Moreover, it’s proven in the generic group model that no algorithm can do substantially better than √N for discrete log, absent special structure. Well-chosen curves provide no exploitable structure, which is why ECC with 256-bit keys is considered about as secure as 3072-bit RSA. This is why standards bodies equate RSA‑2048 to roughly 112‑bit classical security strength; you need about RSA‑3072 to align with ~128‑bit symmetric strength (e.g., AES‑128). An AI can no more shortcut this discrete log problem than it can factor large numbers – it faces the same super‑polynomial wall of complexity (subexponential in finite fields; exponential on elliptic curves).

Lattice Problems (Post-Quantum Crypto): In anticipation of quantum attacks, new public-key schemes use hard lattice problems. A prominent example is the Learning With Errors (LWE) problem, which asks to solve linear equations hidden by small random noise. Oded Regev proved that solving average-case LWE is as hard as solving certain worst-case lattice problems (like GapSVP) in the same dimension. This worst-case hardness means even quantum algorithms are not known to solve LWE efficiently. Schemes like NIST’s CRYSTALS-Kyber for encryption rely on variants of LWE. They operate in lattice dimensions of around 700-1024, where all known attacks (usually variants of the lattice reduction or sieving) are again exponential in the dimension. Current algorithms can handle maybe dimension ~150 in reasonable time, nowhere near 700+. Thus, lattice-based encryption is believed secure against both classical and quantum attacks. But importantly, it’s still a mathematical assumption of hardness. If LWE is hard, no classical algorithm – including any AI – can solve it efficiently without a breakthrough in algorithmic number theory.

All these are examples of one-way functions – functions that are easy to compute in one direction but infeasible to invert without special knowledge (like a secret key). Thus far, the functions deployed in mainstream cryptography (factoring, discrete log, lattice problems, etc.) have withstood decades of scrutiny. Security proofs often show that breaking the cryptosystem requires solving the underlying hard problem. For instance, given an RSA ciphertext, recovering the plaintext without the private key is as hard as factoring the modulus. Given a Diffie-Hellman exchange, obtaining the shared secret without the participants’ private keys is as hard as solving a discrete log. These reductions mean that an AI would have to somehow do what all other algorithms cannot – find a shortcut for those hard mathematical problems.

It is important to note that the strength of these schemes is a conjecture: we assume these problems are hard because no one has found an efficient solution despite decades of effort. This assumption could be overturned by a mathematical breakthrough. But AI has not changed this equation. If anything, AI is just another tool a researcher might apply in search of an algorithmic breakthrough – but it has not yielded any fundamentally new algorithms in this domain. In the absence of a dramatic discovery, the best an AI can do is apply the same algorithms humans know (perhaps faster or at larger scale), yet it will still face the super‑polynomial wall of complexity. An AI cannot conjure an inverse to a one-way function out of thin air.

1.3 Symmetric Ciphers and Brute Force

Public-key cryptography gets most of the attention in “AI will break encryption” speculation, but one should not forget symmetric cryptography (like AES). Symmetric ciphers use shared secret keys and are designed not on specific number theory problems but on general principles of confusion and diffusion (as defined by Claude Shannon). A well-designed block cipher like AES-128 doesn’t have a known analytical attack significantly faster than brute force. Its security lies in the vastness of its key space: $$2^{128}$$ possible keys.

To break AES by brute force, you’d need to try, on average, $$2^{127}$$ keys. That’s ~$$1.7×10^{38}$$ keys. Even a billion ($$10^9$$) tests per second would require ~$$5×10^{21}$$ years. It’s no use throwing more computing power either; even Grover’s quantum algorithm only provides a quadratic speedup, effectively reducing AES-128 to about $$2^{64}$$ steps – still around $$1.8×10^{19}$$ operations. (For perspective, $$2^{64}$$ operations is on the order of hundreds/thousands of CPU-years. And if that were somehow in reach, we could just move to AES-256, which even under Grover’s algorithm has $$2^{128}$$ complexity.) In short, there is no “smart” way to guess a 128-bit key – you either try them all or you don’t. AI won’t find patterns in the key that reduce the search space; the key was chosen to be uniformly random. Indeed, properly encrypted ciphertext looks like random noise. We will revisit this point in Section 3 – it’s the deliberate randomness of ciphertext that thwarts learning.

Crucially, there is no hidden pattern or structure in a secure cipher for AI to exploit. A random key produces ciphertext that, to an attacker, looks like random noise. If one does not have the key, decrypting even a single block correctly is essentially a 1 in $$2^{128}$$ chance for AES-128. No amount of clever analysis with machine learning will find a “backdoor” pattern in properly encrypted data, because the cipher is specifically designed to eliminate such patterns. Indeed, after more than 20 years of scrutiny, AES has held firm against all kinds of cryptanalytic attacks – including those aided by computers and AI. The last widely used cipher to be fully broken was RC4, and that was due to specific biases in its output (exploitable by classical statistical analysis), not something uniquely discovered by an AI. If human cryptanalysts armed with every analytical tool have not broken AES, it is implausible that an AI will suddenly succeed by “thinking harder” or trying some mysterious new approach. Barring an unforeseen mathematical insight (which an AI might assist in discovering, but the insight itself must exist), brute force remains the baseline for attacking symmetric encryption, and AI cannot do better than brute force. As we will discuss in Section 3, encryption is deliberately constructed to present no learnable patterns for an AI to latch onto.

To summarize Section 1: Properly implemented encryption relies on problems believed to require super‑polynomial time to solve – subexponential for integer factorization and finite‑field discrete logs; exponential for elliptic‑curve discrete logs (and exponential in lattice dimension for LWE‑type problems), and this belief is grounded in deep, well-vetted complexity assumptions. An AI operating within the realm of classical computation does not circumvent these assumptions. Short of a groundbreaking algorithmic innovation, AI can no more break these schemes than any ordinary program could. It is akin to using a brilliant pattern-recognition technique to search for a needle in an astronomically large haystack – no strategy helps if the only way to succeed is to inspect every straw.

2. Why Quantum Computing Overturns Encryption but AI Does Not

If classical complexity forms an invisible fence around what is possible for AI, quantum computing is a potential gate-crasher – a technology that changes the rules of the game entirely. It is critical to understand why quantum computers threaten encryption where AI does not. The reason is that quantum algorithms are not just “faster” or “smarter” in a general sense; they are fundamentally different, with abilities rooted in quantum physics. A quantum computer can attack the mathematical problems underlying cryptography in ways no classical algorithm (AI or otherwise) can. AI, by contrast, remains a collection of algorithms running on classical hardware.

2.1 Shor’s Algorithm: Using Physics to Do the Impossible (for Classical Computers)

In 1994, Peter Shor discovered a polynomial-time quantum algorithm for integer factorization (and a related one for discrete logarithms). Shor’s algorithm is famous because it showed that problems for which no polynomial‑time classical algorithms are known – subexponential at best for factoring and finite‑field discrete logs, and exponential for elliptic‑curve discrete logs—can be solved in polynomial time on a quantum computer. Specifically, Shor’s algorithm factors an n-bit integer in roughly $$O(n^3)$$ time, whereas the best classical algorithms are subexponential (GNFS) or worse. In the language of complexity, factoring appears to be outside P for classical computers but lies in BQP (bounded-error quantum polynomial time) – a class of problems quantum machines can solve efficiently.

How does Shor’s algorithm achieve this? It transforms factoring into a problem of finding the period of a certain periodic function using quantum parallelism and the Quantum Fourier Transform (QFT). In simplified form:

  • To factor N, you pick a random number a < N and consider the function $$f(x)=a^x$$ mod N.
  • This function will be periodic (because $$a^x$$ mod N eventually repeats, by Fermat’s little theorem or properties of modular arithmetic). Say the period is r, meaning $$a^r≡1$$ (mod N). If you can find r, there’s a good chance you can derive a factor of N from it (using the relation $$a^r−1≡0$$ mod N, which factors as $$(a^{r/2}−1)(a^{r/2}+1)=0$$ mod N; with some luck neither factor equals -1 mod N, yielding a nontrivial gcd with N).
  • Quantum step: a quantum computer can create a superposition of all possible exponents x and compute $$a^x \bmod N$$ on all those values simultaneously. Then by applying the QFT, it can essentially detect the periodicity r through interference. Measuring the quantum state yields information about r, and with a few repeats one can obtain r with high probability

The key point is that the quantum computer effectively evaluates the function on exponentially many inputs at once (thanks to superposition) and uses interference to amplify the patterns (periodicity) that reveal the answer. There is no known classical analog for this procedure. It is not a matter of “trying harder” with a classical computer; it leverages quantum physics to perform computations that would take exponential time by any classical means. As a result, a large-scale quantum computer running Shor’s algorithm could factor a 2048-bit RSA key in polynomial time – often estimated in hours or days if enough stable qubits were available – whereas a classical computer would need an astronomically longer time (beyond the age of the universe). Similarly, Shor’s algorithm would break elliptic-curve cryptography by solving the discrete log problem on elliptic curves in polynomial time. Essentially all widely deployed public-key algorithms (RSA, Diffie–Hellman, ECDH, DSA, ECDSA, etc.) would fall if a sufficiently powerful quantum computer existed.

As of 2025, quantum computers are still far from the scale needed for these cryptographic attacks. The largest numbers factored by actual quantum experiments are trivial. Building a cryptographically relevant quantum computer (CRQC) with thousands or millions of low-error qubits is an enormous engineering challenge . Nonetheless, the threat is taken seriously because it rests on firm theoretical ground: if and when we build such a machine, it will break the cryptography we use today . This inevitability (absent a switch to quantum-resistant algorithms) underlies the urgency of the post-quantum transition.

It’s important to note that as of 2025, quantum computers are still far from the scale needed for these attacks. Building a cryptographically relevant quantum computer (often termed a CRQC) is a daunting engineering challenge requiring thousands or millions of low-error qubits. For some more information on how to predict the Q-Day – the day when quantum computers break our current encryption, see Q-Day.org. The threat is taken seriously because it is grounded in firm theoretical result: if we build the machine, it will break the crypto.

2.2 Grover’s Algorithm: Quadratic Speedup and Symmetric Key Implications

Lov Grover’s 1996 quantum algorithm showed that unstructured search can be accelerated quadratically on a quantum computer. If you have N possibilities to check (e.g. N possible keys in a brute force search), Grover’s algorithm can find the correct one in ~√N steps, whereas a classical search takes ~N steps. This is a far more modest gain than Shor’s exponential speedup, but it does impact symmetric key sizes.

For symmetric ciphers like AES, Grover’s algorithm effectively halves the security margin. An exhaustive key search on AES-128, which classically requires $$2^{128}$$ trials, could be done in roughly $$2^{64}$$ quantum steps . In concrete terms, that means an AES-128 key (128 bits) offers only 64-bit security against a quantum adversary. For long-term security in a quantum future, experts recommend AES-256, which would be reduced to 128-bit security under Grover’s algorithm (still considered safe, since $$2^{128}$$ operations – even quantum operations – is an astronomically large number). Similarly, Grover’s algorithm affects hash functions: a 256-bit hash (like SHA-256) would have its collision or preimage resistance effectively reduced to 128-bit security.

The saving grace is that symmetric cryptography can be retrofitted to withstand Grover’s algorithm relatively easily: simply use larger key sizes or hashes. Doubling the key length squares the work required by Grover’s algorithm, nullifying its advantage. This is why symmetric ciphers and hash functions are viewed as “quantum-resistant” with appropriate parameters (AES-256, SHA-384/512, etc.) In contrast to the upheaval needed for public-key cryptography, our symmetric crypto protocols mostly need parameter tweaks to remain secure in a post-quantum world.

The main point is that quantum computing forces a migration of our public-key infrastructure (hence the development of post-quantum algorithms), and it calls for caution in symmetric key lengths. Meanwhile, AI has prompted no analogous change – we do not speak of “AI-resistant ciphers” because the standard schemes are already holding up fine against classical attacks, AI included. Indeed, as noted earlier, no new algorithmic attacks from AI have materialized against AES; it still stands with no significant scratches after years of intensive AI and machine-learning research .

2.3 Global Cryptographic Response Focuses on Quantum, Not AI

Perhaps the clearest evidence of where the real threat lies is in the actions of the world’s cryptographic authorities:

NIST Post-Quantum Standardization: In 2016, NIST opened a public competition to develop quantum-resistant public-key algorithms. After 6 years, in July 2022 NIST announced four primary candidates (three for encryption/KEM and one for signatures), and in 2024 the first standards (FIPS 203, 204, 205) were officially published. The primary choices – algorithms like CRYSTALS-Kyber (a lattice-based KEM) and CRYSTALS-Dilithium (a lattice-based signature) – are now being prepared for widespread deployment. Governments and industry are beginning the arduous process of upgrading protocols (TLS, VPNs, etc.) to use these PQC algorithms. This is a multi-year effort involving extensive testing and integration. The reason for this massive effort is clear: experts agree that a large quantum computer would be catastrophic for RSA/ECC, and they want defenses in place before that happens.

No “Post-AI” Algorithms: In contrast, neither NIST nor any major standards body has initiated a process to replace our cryptography due to AI. There is no “AI-proof encryption” category because everything we have is already (believed) AI-proof. The NSA’s guidance on future standards (the Commercial National Security Algorithm Suite 2.0) similarly focuses on quantum, not AI. When NIST does consider AI in security, it’s about using AI (for example, guidelines on AI in cybersecurity, or mitigating adversarial ML) – not about AI breaking ciphers. This asymmetry in response is very telling.

Expert Consensus in Statements: Leading cryptographers consistently pour cold water on the notion that AI can defeat encryption. For instance, in a January 2025 interview, Bruce Schneier (Harvard Kennedy School) noted that while AI will enhance some attack vectors, it doesn’t alter the fundamental strength of ciphers: encryption security “relies on the mathematics of [the] encryption algorithm” rather than on easily exploitable flaws. Matthew Green (Johns Hopkins University) similarly emphasizes that secure encryption is about math and robust algorithms, not about hoping an adversary won’t find a pattern. In Green’s words, some systems fail because they rely on getting “a bunch of complicated software and hardware security features right, rather than the mathematics of an encryption algorithm” – implying that when you do rely on the math (as with standard crypto), you’re on solid ground. This professional consensus aligns with our analysis: AI might help find bugs in “complicated software and hardware features” (think side-channel leakage or unsafe coding practices), but it does not undermine the mathematical core of cryptography.

In summary, quantum computing changes the fundamental rules by introducing new computational capabilities, whereas AI does not. A quantum computer can break the assumptions that classical cryptography rests on (factoring is hard, etc.) by leveraging physics; an AI cannot. The security community’s actions reflect this reality: enormous effort for quantum defense, business-as-usual for classical cryptography against AI. Any claims to the contrary – that “AI will break encryption” – should be met with heavy skepticism, as they conflict with both theory and expert opinion. We will next explore in detail why AI, as a classical computing process, fails at the specific task of cryptanalysis, reinforcing the points made so far.

3. Why AI Fails at Cryptanalysis

The core of the issue is this: modern cryptographic algorithms are specifically engineered to eliminate patterns and structure in their outputs, whereas AI and machine learning algorithms desperately need patterns and structure to learn effectively. This section will examine three facets of this fundamental mismatch:

  • Design of Ciphers: Encryption schemes aim to produce output that is computationally indistinguishable from random noise to anyone without the key. If a cipher’s output had exploitable patterns, it would be considered broken by cryptographic standards. We’ll formalize this idea and show how ciphers create an almost black-box, random mapping that no learning algorithm can latch onto.
  • Learning Dynamics: Neural networks learn by gradually reducing error – which requires a smooth gradient or some feedback when they are “close” to the right answer. But in cryptanalysis, almost correct decryption is still complete garbage (one wrong bit yields a totally wrong plaintext). We’ll see that the loss landscape for a cryptographic task is essentially flat everywhere except at the correct key, providing no gradient for an AI to follow.
  • Empirical Results: A wealth of research attempts over decades underscores the above two points. We will review what has been achieved (e.g. distinguishing simplified ciphers or a few rounds) and what has not (breaking full AES, recovering RSA keys, etc.). The consistent pattern is failure when confronting the full complexity of real cryptosystems.

3.1 Encryption as an Unlearnable Function

A fundamental goal in cipher design is computational indistinguishability: given some ciphertexts, an attacker without the key should not be able to distinguish them from random bitstrings with any non-negligible advantage. Formally, for a secure encryption scheme, if you take either real encryptions of some messages or just random bits of the same length, any efficient algorithm (distinguisher) has only a negligible chance of guessing which is which. This is often written as {E(k, m)} ≈_{c} {U} – the distribution of encryptions is computationally indistinguishable from uniform noise.

How do cipher designers achieve this? Through multiple rounds of permutation and substitution that diffuse and obscure any statistical structure from the plaintext and any relationship to the key. Claude Shannon’s principles are followed:

  • Diffusion: Ensure that each bit of plaintext influences many bits of ciphertext, spreading the information out. A small change in plaintext (flip one bit) should flip approximately half the ciphertext bits (the “avalanche effect”).
  • Confusion: Make the relationship between the key and the ciphertext as complex as possible. Typically, this is done with non-linear substitution boxes (S-boxes) and mixing operations that intertwine key bits and data bits in complicated ways.

In a cipher like AES, after enough rounds, the output bits are effectively random functions of the input bits (from the attacker’s view). There are no simple patterns like “this ciphertext byte correlates with that plaintext byte” – even the slightest statistical bias would be considered a weakness. Instead, AES’s design (10 rounds for AES-128) was chosen so that no shortcut attack is known better than brute force and so that it passed intense statistical tests for randomness.

For a machine learning model, this scenario is poison. Imagine trying to train a neural network to predict the plaintext from the ciphertext (without the key). We give it many examples: input = ciphertext, output = plaintext. But because the ciphertexts appear random with respect to plaintext, the network cannot find any predictive features. In effect, we are showing it random garbage as input and expecting it to produce meaningful output – an impossible task without the secret key to provide structure. This is like trying to learn to predict coin flips; the best you can do is guess, and you’ll be right 50% of the time for a fair coin – which is exactly the success rate of any attempt to decrypt with the wrong key (random guess). As a formal analogy, a cipher encryption function with a fixed secret key k can be viewed as a pseudorandom permutation on the space of messages. From the perspective of an AI that doesn’t know k, it’s trying to approximate a pseudorandom function – which, by definition, has no compact, learnable description. In theoretical terms, any polynomial-size (efficient) algorithm’s success at distinguishing or inverting the cipher can be related to breaking that pseudorandomness assumption, which is designed to be infeasible.

Another perspective: encrypted data has maximal entropy from the attacker’s viewpoint. High entropy means unpredictability. A machine learning model typically works by exploiting redundancy or patterns (low entropy structure) in data – for example, English text has lots of statistical structure that an AI can model to predict missing words. Encrypted text, if done right, has no such redundancy; it’s as random as if you compressed the data to an optimal extent and then XORed it with a one-time pad. Thus, an AI has nothing to latch onto. A recent 2025 study on LLMs and encryption noted exactly this: most encryption schemes operate at the character/bit level while large language models operate at the word or sub-word level, leading to a fundamental mismatch and limited effectiveness in cryptographic tasks. In essence, ciphers output bits that to the AI look like pure noise – and “learning” noise is a fool’s errand.

3.2 No Gradients, No Learning

Training a neural network requires a feedback mechanism – a way to measure how wrong the model is and how to adjust it to be more right. In tasks like image recognition or language translation, if the model gives a slightly wrong answer, the loss function provides a gradient indicating the direction to move the model’s parameters to improve. This works because those tasks are continuous in a loose sense – getting one part of the output slightly wrong still leaves you somewhat close to the correct answer.

Decryption, however, is an all-or-nothing proposition. If you guess even one bit of the key wrong (out of, say, 128 bits), your entire decrypted plaintext will be completely wrong – it won’t even be “almost correct”; it will be essentially random noise. There’s no notion of being 90% correct in decrypting a message: either you got every bit of the key right and recovered the exact plaintext, or you got it wrong and the result is garbage. This means the loss function for key recovery is extremely unforgiving: it’s flat (no reward) for any wrong key, and suddenly drops to zero (perfect reward) for the one correct key. Visualize a landscape that is flat everywhere, with a single needle-sharp hole where the correct key gives zero loss. Gradient descent can’t find that needle in a haystack – there’s no slope to follow, no hint of “getting warmer” as you approach the right key.

In more concrete terms, suppose we set up a neural network to take a ciphertext as input and output the plaintext (trying to implicitly learn the decryption function). We train it by giving many plaintext-ciphertext pairs (all encrypted under one fixed key, which the network doesn’t directly see). What does the training process look like? Initially, the network’s outputs are essentially random. We compare to the true plaintext and calculate a loss (say mean square error or cross-entropy). The correct key would produce essentially zero loss (since it would decrypt perfectly), but our network is nowhere near that. Any small adjustment to the network’s parameters is exceedingly unlikely to stumble upon the correct key’s decryption behavior, and because of the avalanche effect, a small change does not produce a slightly more correct plaintext – it produces another random-looking wrong plaintext. The loss doesn’t improve in any meaningful way; there’s no gradient pointing toward the correct key. Training becomes equivalent to random guessing of the key, which has a success probability ~$$1/2^{128}$$ for AES – effectively zero.

Researchers in the field of neural cryptanalysis have noted this problem. A 2024 systematization-of-knowledge paper reviewing neural attacks on cryptography observed that scaling up neural networks (more layers, more parameters) did not consistently improve their ability to break ciphers, unlike in fields such as NLP. The fundamental issue is not that the models aren’t big enough or smart enough; it’s that the cryptographic transformation is designed to destroy the very information the model would need to learn. One telling sign appears in experiments: networks might overfit to the training data (essentially memorizing specific ciphertext-plaintext pairs) but fail to generalize to new unseen ciphertexts – because there is no generalizable pattern, just memorized mappings. For example, Mohammed Alani’s much-discussed 2012 papers claimed a neural network could “break” DES and 3DES with relatively few plaintext-ciphertext pairs, but later analysis revealed it was likely just memorizing the training set (which used a fixed key) and had no real ability to decrypt arbitrary new ciphertexts. In other words, it hadn’t learned DES; it had learned a table of a few mappings.

To put it succinctly: cryptographic functions produce a loss landscape that is hostile to learning. There are no easy plateaus or local minima to guide an optimization algorithm – just a vast desert of random error with a single oasis of success hidden somewhere, which might as well be at a random location. Without a secret key, the neural network is trying to model a pseudorandom permutation, which is infeasible.

3.3 Track Record

The theoretical arguments above are compelling, but one should always validate with real-world tests. The verdict of empirical research is overwhelming: AI has not come close to breaking any modern encryption scheme with properly chosen parameters. Here is a brief history and status:

  • 1990s: Some of the earliest work on using neural networks for cryptanalysis dates back to the 1990s. Researchers like Sebastien Dourlens (1995) experimented with training networks to recover parts of a DES key. These early attempts could guess a few key bits better than random, but still far from fully cracking DES (which is 56-bit). They might, for instance, predict 28 bits correctly and leave 28 unknown, which still requires brute-forcing the remainder. In cryptography, that’s not considered a break (it’s an attack that reduces brute force complexity slightly, at best).
  • Alani’s DES/3DES (2012): Mohammed M. Alani published claims of a neural attack on DES and 3DES that sparked interest. He reported being able to recover 48-bit keys of 3DES given 4096 known plaintexts, if the network was trained appropriately. However, others struggled to replicate his results. Alani himself later wrote a retrospective blog acknowledging that many of his initial results were not realistic and were likely overfitting artifacts. For example, he mentioned that he achieved success only in about 10% of experiments and that the best cases were cherry-picked from “hundreds of failures,” indicating the approach was not reliable. In essence, there was no consistent, generalizable attack – certainly nothing that would threaten real-world Triple DES in practice. The consensus emerged that these results did not demonstrate a fundamental weakness in DES, but rather the limitations of training approaches (and possibly misuse of the neural network’s generalization abilities).
  • Gohr’s Breakthrough on Speck (2019): The most well-known success of neural cryptanalysis was by Gohr in 2019, who applied deep learning to the problem of distinguishing reduced-round versions of the Speck cipher. Speck is a lightweight block cipher family (designed by NSA for simplicity). Gohr trained a neural network to perform differential cryptanalysis – essentially to distinguish ciphertext pairs following a certain XOR difference pattern from random pairs. He showed improved performance over classic differential cryptanalysis for Speck-32/64 reduced to 8 rounds. This was a big result because it was the first time deep learning actually outperformed a human-designed attack on any cipher, even if only a reduced one. However, keep in mind: full Speck32 has 22 rounds, and Speck’s design is somewhat simpler than AES. Subsequent works built on Gohr’s idea but the gains were modest. For instance, a 2021 study by Benamira et al. and a 2025 study by Hou et al. improved neural distinguishers by very small margins – on the order of 0.15% to 0.45% higher accuracy than Gohr’s network for Speck32/64. These are tiny improvements (fractions of a percent) and they still concern reduced-round versions. Achieving even 61% accuracy in key recovery for 11-round Speck32 was considered a notable achievement. For full 22-round Speck32 or any standard cipher like AES (which has much more complex S-boxes and diffusion), neural networks have not made a dent. In fact, AES-128 remains unbroken; the best known attacks (differential, linear cryptanalysis, etc.) can maybe attack 7 or 8 rounds out of 10, but require astronomical data and still don’t recover the key – and none of those are AI-based, they’re classic techniques.
  • LLM Challenges (2023-2025): With the rise of powerful large language models (LLMs) like GPT-4 and Anthropic’s Claude, researchers have tested whether these models, with their vast training on text, have any inherent cryptanalytic ability. One 2023 study benchmarked GPT-4 on classical pen-and-paper ciphers and simple encryption puzzles. It found that GPT-4 can solve some classical ciphers (like Caesar shifts or substitution ciphers) because those have patterns akin to language (and likely GPT-4 has seen examples during training). But on modern ciphers (AES, RSA) the model was effectively guessing. In 2025, an academic team created a rigorous benchmark for LLMs on encrypted data. They grouped tasks into “easy” (simple substitution ciphers, etc.), “medium” (Vigenère, transposition), and “hard” (RSA, AES with unknown keys). The results were as expected: all models did well on the easy, decently on the medium (with enough hints or if trained on similar tasks), and failed on the hard. For example, Claude-3.5 (Anthropic’s model) achieved about 32% exact decryption accuracy overall across a mix of challenges, whereas GPT-4 (OpenAI’s model) achieved about 18%. These “overall” numbers are dominated by the partial successes on easier ciphers; on the truly hard cases like RSA and AES, success rates were essentially 0% (no better than chance). In one table, the RSA row for both Claude and GPT models showed Exact Match = 0.00 and only random-quality scores on other metrics. The authors noted that “LLMs… face challenges with tasks that require precise numerical reasoning… since encryption operates at the bit/character level and LLMs are trained on text tokens, this mismatch further limits their effectiveness”. In short, giving an LLM an AES ciphertext is like giving it a string of gibberish – it has no semantic context or training signal to leverage.

To drive home the point: No AI has ever recovered a secret key or plaintext from a properly implemented cipher faster than brute force or known theoretical attacks. All successes are either on weakened versions (fewer rounds, simplified structures) or on classical ciphers that were already known to be insecure by modern standards. Conversely, all properly used modern ciphers remain unbroken. Cryptographers remain confident in this because it aligns with the theory – you’re not going to break a 128-bit secure scheme without doing on the order of $$2^{128}$$ work, no matter how fancy your pattern recognition is.

One might ask: could a future AI somehow invent a new algorithmic attack that humans missed? Perhaps, but any such attack would still have to obey the mathematics. For instance, suppose there was a clever algebraic attack on AES that reduces complexity to $$2^{100}$$ – that’s a huge breakthrough, but $$2^{100}$$ is still ~$$10^{30}$$, completely infeasible. Many smart human cryptanalysts have searched for algebraic structures in AES (it has an 8×8 S-box based on inversion in GF($$2^8$$), a well-understood linear mixing, etc.) and nothing substantial has turned up. Maybe an AI could automate some of this searching, but it’s not likely to magically crack AES when decades of efforts (and now automated tools) haven’t. Moreover, the AI would need an enormous amount of cipher data and computation to discover such an attack on its own – basically replicating cryptographers’ work.

In summary, the empirical evidence reinforces that encryption, when done right, produces outputs that are effectively random to AI systems. Neural networks cannot learn the decryption mapping without the key any better than they could predict lottery numbers. The rare instances where AI does aid cryptanalysis (like distinguishing reduced Speck) are narrow and don’t generalize to breaking real encryption. The next section will explore where AI does find a foothold in attacking cryptographic systems – not by breaking the math, but by exploiting the messy real-world aspects of implementations and human usage.

4. AI’s True Role in Security

While AI cannot break the mathematics of encryption, it would be a mistake to conclude that AI has no impact on cybersecurity. In fact, AI techniques are becoming powerful tools both for attackers and defenders in other aspects of security. The crucial difference is what AI attacks: not the math, but the implementations, side channels, and human factors. This section examines how AI is being leveraged in these domains and why that still does not equate to “breaking encryption” in the sense of undermining its mathematical guarantees.

4.1 AI-Powered Side-Channel Attacks

One of the most significant uses of AI in cryptanalysis is in side-channel attacks. Side-channel attacks do not tackle the cipher head-on. Instead, they exploit information leaked by the physical implementation of the cipher. Examples of side channels include:

  • Timing information: how long an operation takes (which might depend on secret data).
  • Power consumption: how much power a CPU or chip draws during operations (which can correlate with the data being processed or the instructions executed).
  • Electromagnetic emanations: radio waves or other emissions from a device that might carry information about what it’s processing.
  • Acoustic or other physical effects: even sound (like keyboard clicks) or heat can be side channels in some contexts.

Cryptographic devices often unintentionally emit such side-channel signals. Humans can sometimes exploit them (there are famous attacks using an oscilloscope to capture power traces of a chip performing AES and deducing the key). However, side-channel traces are often noisy and complex. Here is where AI shines: machine learning, especially techniques like deep learning, can analyze large amounts of noisy data to find patterns.

Case study: Post-Quantum Kyber side-channel (2023). In early 2023, a research paper by Dubrova, Ngo, and Gärtner (DNG) demonstrated a side-channel attack on a specific implementation of Kyber (a lattice-based KEM that is a finalist in NIST’s PQC standards). They used deep learning to analyze power consumption traces of a device performing decapsulation (the secret key operation in KEM). The media sensationally reported this as “AI breaks post-quantum encryption”. In reality, the attack required collecting 150,000 power traces from the device under multiple conditions to train the neural network. Moreover, the device had a certain masking countermeasure that could be configured with 2 to 6 “shares” (higher shares make it harder to attack). The DNG attack was able to recover the shared secret from a 2-share implementation with a single power trace only 0.12% of the time (essentially random chance), and needed multiple traces to get success rates up. With more shares (harder countermeasure), the success was essentially zero for a single trace. Only by allowing many traces (20 or more) did success approach high percentages.

The key takeaways from this example:

  • The cryptographic algorithm (Kyber) was not broken mathematically at all. The attack needed the device to run many operations and leak info. It’s as if a burglar copied a key by observing scratches on it – they didn’t solve the lock’s design, they exploited physical evidence.
  • AI (deep learning) was instrumental in turning raw analog traces into a key guess. The network learned to correlate subtle power usage patterns with the processing of certain key bits.
  • Cloudflare’s analysis of this work (with input from side-channel experts) was very clear: “Kyber is not broken and AI has been used for more than a decade now to aid side-channel attacks”. Indeed, using neural networks for side-channels isn’t brand new – it’s an evolution of what researchers have been doing with pattern recognition for years. What’s changed is the scale: one can train on tens of thousands of examples and let the network find extremely non-linear correlations that human analysts or simpler statistical methods might miss.

AI will continue to be valuable here. We can expect future side-channel attacks on cryptographic devices (smartcards, HSMs, IoT gadgets) to increasingly use ML techniques to extract keys from subtle signals. But importantly, these are attacks on implementations, not the ciphers themselves. Proper countermeasures (constant-time code, masking, noise injection, secure hardware design) can thwart side-channels, and AI doesn’t magically overcome those countermeasures if done right.

4.2 Beyond Cryptography: AI in Broader Cyber Offense and Defense

Outside of cryptanalysis, AI is a double-edged sword in cybersecurity at large:

Offensive uses:

  • Vulnerability discovery: Machine learning can help find software vulnerabilities by smart fuzzing (automatically generating inputs that cause crashes or aberrant behavior) or by analyzing patterns in code that lead to bugs. For example, an AI might learn what insecure code looks like by training on a large corpus of code and known vulnerabilities, then flag similar patterns.
  • Social engineering: Generative AI (like deepfake technology or advanced chatbots) can produce highly convincing phishing emails, voice calls, or fake videos. Attackers can personalize scams at scale, impersonating trusted individuals or crafting tailor-made lures for targets. This doesn’t break encryption, but it might trick someone into revealing secrets or bypassing it (e.g., convincing a user to install malware or give up a key).
  • Malware automation: AI can help malware adapt to avoid detection. For example, a malware could use reinforcement learning to try different exploitation techniques or evasion tactics in a network until it finds one that works, learning from failures.

Defensive uses:

  • Anomaly detection: AI systems are employed in intrusion detection and SIEM (Security Information and Event Management) to sift through logs and network traffic to spot unusual patterns that might indicate an attack. They can often detect subtle anomalies faster and with fewer false positives than fixed rule systems, by learning what “normal” looks like and flagging deviations.
  • Automated incident response: Some advanced SOC (Security Operations Center) tools use AI to triage alerts, correlate information from multiple sources, and even suggest or take actions (like isolating a machine that is likely compromised). This helps defend systems more quickly than human reaction alone.
  • Vulnerability management: AI can assist in prioritizing patching by predicting which vulnerabilities are likely to be exploited in the wild, based on features of the vulnerability and historical data. This helps focus resources on the most critical issues.

All these uses of AI are important and transformative for security. However, they are “around” the cryptography, not against the cryptography itself. AI changes aspects of security operations, maybe even who has the advantage (attackers with automation vs defenders with automated defenses), but it doesn’t invalidate the cryptographic protections if those are properly implemented. For instance, no matter how advanced an AI hacker is, if you’re using Signal or WhatsApp with strong end-to-end encryption, the AI can’t magically decrypt your messages – it will try a side-channel, or trick you into revealing them, or attack the endpoint device. That last point is crucial: often the weakest link is not the encryption but the user or the system’s edges. AI might help attackers target that weak link (like creating convincing fake messages to get a user’s password).

One must also consider AI’s limitations: These models can be very powerful, but they are not infallible or omniscient. They also introduce new attack surfaces – e.g., adversarial examples where an attacker might trick an AI system into misclassifying something. There’s active research on attacking AI systems themselves. So defenders must be cautious about over-reliance on AI without understanding how it might fail or be evaded.

In conclusion, the realistic assessment is that AI will continue to reshape the cybersecurity landscape, but mostly in terms of automating tasks and exploiting human/implementation weaknesses, not by breaking cryptographic algorithms. The groundwork of cryptography – those mathematical hardness assumptions – remains solid. To compromise an encrypted system, AI will choose the easier path: find an unpatched bug, a leaky side-channel, or a gullible human. It won’t do the impossible by solving a math problem that’s believed super‑polynomially hard (exponentially hard in the elliptic‑curve case).

Conclusion

Our examination has spanned theoretical computer science, cryptographic design, quantum algorithms, machine learning dynamics, and real-world case studies. The evidence from all these angles converges on a clear answer: AI cannot break modern encryption.

The reasons are fundamental:

  • Mathematical Hardness: Encryption algorithms are based on problems that are believed to require super-polynomial time to solve (factoring, discrete log, lattice problems, etc.). These problems form the backbone of the P ≠ NP world. As long as that conjecture holds (and all experience so far supports it), no classical algorithm, no matter how “intelligent”, can solve them efficiently.
    AI doesn’t grant any magical exemption from problems with no known polynomial‑time classical algorithms (including factoring and discrete logs) or from brute‑force key search. It’s bounded by the same Turing machine model as any program.
  • Cryptographic Design: Modern ciphers are deliberately structured to eliminate patterns and biases. Outputs are random-looking and keys have to be guessed exactly. Machine learning thrives on patterns and gradual improvement, both of which encryption deliberately denies to any adversary. The indistinguishability property ensures that, to a polynomial-time algorithm, a cipher is a pseudo-random permutation. In simpler terms, if an AI can tell it’s not random, that AI is breaking the cipher in a distinguishing attack – which for AES, it cannot. The loss landscape for guessing keys is flat; there are no breadcrumbs for gradient descent to follow.
  • Empirical Track Record: Despite some hype, there has been no practical demonstration of AI breaking a real cryptographic system. We’ve seen it fail consistently on tasks like AES decryption or RSA factorization. We’ve also seen that even specialized neural cryptanalysis of simplified ciphers yields only incremental gains (fractions of a percent improvement). Meanwhile, classical cryptanalysis and exhaustive search remain the only ways to attack strong ciphers – and they don’t scale.
  • Quantum Contrast: The only known way to significantly speed up solving those hard problems is to use a quantum computer. Shor’s algorithm shows that factoring and discrete log move into polynomial time with quantum resources, which is why quantum is a real threat and AI is not. The massive global effort on PQC, and zero effort on “AI-proof crypto,” underscores that experts see one as pressing and the other as a non-issue.
  • Expert Consensus: Whether in their research, interviews, or actions, cryptography experts treat AI as augmenting existing attack vectors, not creating new ones. No one suggests rewriting AES or RSA because of AI. Instead, they suggest hardening implementations, using reliable libraries, educating users, and focusing on the genuine threat of future quantum computers. As one Cloudflare blog sharply noted, it’s usually not the cryptography that breaks – “It’s exceedingly rare for modern established cryptography to get broken head-on” – but other parts of the system. AI will likely exploit those other parts.

For the cybersecurity professional or enthusiast, what does this mean? It means you should continue to trust well-vetted encryption algorithms (AES, RSA/ECC for now, and the new PQC algorithms for the future). Your encrypted data is safe from AI-driven codebreakers. However, you should be vigilant about how encryption is implemented and used:

  • Watch out for side-channel leaks in hardware and software; use constant-time implementations and modern libraries that are tested against such attacks.
  • Be aware that AI can supercharge phishing and social engineering – the human element is often the weakest link. Training and awareness are key.
  • Keep systems patched and monitor for intrusions – AI may help attackers find novel exploits or execute attacks faster.
  • When the time comes (which might be within the next decade or two), be ready to transition to post-quantum cryptography, because that is an existential threat to current public-key systems. In fact, adopting hybrid solutions (combining classical and PQC algorithms) in the next few years is a recommended strategy by many experts and organizations, to hedge against the quantum threat early.

In the end, the “AI vs Encryption” story is a reminder not to fall for sensationalism. As we’ve detailed, encryption is grounded in some of the most well-tested principles in computer science and math. Those principles won’t be overturned by a flashy demo or speculative claim. It would take a revolution in our understanding of computation (or a leap to a new model like quantum) to break them. AI, powerful as it is, operates within the lines of that understanding.

Modern encryption will continue to shield data against AI attacks just as effectively as it does against any classical computation. The real worry on the horizon is quantum computing, and that’s where our collective efforts in cryptography are rightly focused. Until then, whenever you hear “AI can now break X encryption,” maintain healthy skepticism and refer back to the fundamentals and facts.

Photo of Marin Ivezic Marin Ivezic Follow on X Send an email June 26, 2025
37 minutes read
Photo of Marin Ivezic

Marin Ivezic

I am the Founder of Applied Quantum (AppliedQuantum.com), a research-driven consulting firm empowering organizations to seize quantum opportunities and proactively defend against quantum threats. A former quantum entrepreneur, I’ve previously served as a Fortune Global 500 CISO, CTO, Big 4 partner, and leader at Accenture and IBM. Throughout my career, I’ve specialized in managing emerging tech risks, building and leading innovation labs focused on quantum security, AI security, and cyber-kinetic risks for global corporations, governments, and defense agencies. I regularly share insights on quantum technologies and emerging-tech cybersecurity at PostQuantum.com.
Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Bluesky
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap