RC RANDOM CHAOS

A model brute-forced Linear A

A Linear A decipherment claim exposes the lesson defenders miss: complexity is not security, and scaled pattern recognition defeats obscurity.

· 7 min read
A model brute-forced Linear A

An AI engineer says a model deciphered Linear A. Treat the claim as unverified. Treat the mechanism as the lesson.

Linear A is a Minoan logosyllabic script. In use roughly 1800 to 1450 BCE. Around 1,400 known inscriptions survive, most of them short administrative tablets. The sign inventory runs to roughly 90 syllabograms plus logograms, and a large fraction of those signs are graphically identical to Linear B, which Michael Ventris decoded in 1952 by building on Alice Kober’s statistical grid of sign inflection. Linear A stayed unread for a specific reason. The corpus is small. The underlying language is unknown. There is no bilingual, no Rosetta Stone equivalent, to anchor sign values to meaning. The barrier was never that the script is complex. The barrier was insufficient data.

That distinction is the entire point.

Linear A is not encryption. There is no key. There is no algorithm holding a secret. It is an encoding of a language nobody speaks, written in a script nobody reads. Deciphering it is pattern recognition against a signal with unknown grammar and a thin sample set. Sign frequency. Positional constraints. Co-occurrence. Inflectional structure inferred from repeated stems. That is the exact problem class machine learning now scales past human limits. A model does not need to understand Minoan. It needs to ingest every inscription at once, hold the full distribution in memory, and surface structure a human analyst working by hand across decades could not.

Security engineers rely on a version of this same barrier constantly. They call it obscurity. Custom binary formats. Proprietary protocols with no public specification. Homegrown crypto. Undocumented wire encodings. The working assumption is that an adversary cannot recover the pattern because the pattern is complex and the samples are few. That assumption has a name and a number. CWE-656, reliance on security through obscurity. It is a documented weakness, not a control.

The mechanism that defeats it is old. Frequency analysis broke monoalphabetic substitution ciphers by hand more than a thousand years ago. Auguste Kerckhoffs codified the principle in 1883. A system must remain secure even when everything about it except the key is public. Machine learning does not invent a new attack against obscurity. It removes the labor ceiling. Statistical cryptanalysis was always bounded by how much structure one analyst could track. Scaled pattern recognition ingests a corpus no human could hold and extracts n-gram distributions, positional rules, and structural regularities at volume. “Too complex to reverse” becomes “not yet reversed.” Those are different claims. Defenders treat them as the same.

The specific shift is in sample complexity. Classical decipherment and classical cryptanalysis both stall on the same wall, the amount of structure a human can hold and compare at once. Unsupervised models do not have that wall. Cluster the signs by context and co-occurrence, embed each into a vector space built from its neighbours, and structure that was invisible in a hand-drawn table separates cleanly. The Minoan corpus that defeated a century of manual scholarship is trivially small measured against modern datasets. The same reduction applies to a proprietary protocol. A few thousand captured sessions, once a laughable sample for manual reverse engineering, is enough for a model to infer field boundaries, length encodings, and state transitions. The corpus threshold for recovering structure dropped. Everything that assumed a high threshold inherited the risk.

The history is consistent. Mifare Classic shipped a proprietary 48-bit stream cipher called Crypto1. The secrecy of the design was the defence. In 2008 Nohl and Plötz reverse-engineered the cipher from the silicon, the algorithm went public, and card cloning followed at scale across transit and access-control systems that trusted it. DVD CSS, the GSM A5/1 cipher, and KeeLoq rolling codes all failed the same way. Secret algorithm, small effective keyspace, broken once someone analysed it. In every case the confidentiality held right up until the pattern was recovered, and then it held for no one. CWE-327, use of a broken or risky cryptographic algorithm, is where those end up in classification.

The pattern repeats in immobilisers and keyless entry. Hitag2 and KeeLoq, both proprietary, both broken by cryptanalysis once the design leaked. In 2016 researchers recovered the shared cryptographic scheme behind a large fraction of Volkswagen Group remote keyless entry from firmware, then cloned the signal from a captured rolling code. Telegram’s MTProto drew sustained criticism for the same posture, a custom protocol standing in for scrutinised, standardised construction. Custom does not mean stronger. Unreviewed means unmeasured.

The same technique runs offensively against defenders’ own concealment. Malware families obfuscate strings with XOR loops, pack binaries, and mangle control flow. MITRE tracks it as T1027, obfuscated files or information, and the reverse step as T1140, deobfuscate or decode files or information. Analysts now point ML deobfuscation and neural decompilation at packed samples and recover structure automatically. The pattern-recognition engine is symmetric. Aimed at a captured binary it strips obfuscation. Aimed at a captured protocol it reconstructs the format. Aimed at a corpus of ancient tablets it proposes sign values. The target changes. The method does not. Deep-learning side-channel analysis makes the point sharpest. Research on the ASCAD dataset recovers AES keys from power traces that classical differential power analysis could not resolve at the same trace count. Same signal, more structure extracted, because the model sees correlations across the full trace that hand-built distinguishers miss.

Here is where defenders go blind. Obscurity is treated as protection, so nothing watches whether it holds. Reverse engineering a proprietary format happens on the attacker’s hardware, against a binary or a packet capture already exfiltrated. It generates no telemetry on the defender’s side. No Sysmon process-creation event. No EDR behavioural alert. No SIEM correlation rule fires on cryptanalysis performed offline in someone else’s lab. The first observable event is the payload that lands after the obscurity has already failed. A cloned credential. A forged token. A decoded config. By then the pattern is public and the window is closed. The defensive signal arrives after the control it depended on is gone.

The cryptanalysis is not detectable. The reliance is. That is the only actionable surface. Detection here is inventory-driven, not signature-driven. What is enumerable is narrow. Strings and entropy scans that flag embedded keys and non-standard cipher constants. Traffic analysis that flags high-entropy custom protocols riding non-standard ports. Code scanning that flags CWE-327 and CWE-798, hardcoded credentials, in first-party source. Those findings do not say an attack is underway. They name which assets have no control behind the obscurity. That is the list that matters before the payload lands, not after.

The Linear A claim itself deserves the scrutiny a vulnerability report gets. Small corpus, unknown substrate language, no bilingual. A model can surface plausible internal structure and still be unverifiable against ground truth, because ground truth does not exist for a language with no living descendant and no anchor text. That is not a reason to dismiss it. It is the reason the security read matters more than the archaeological one. The value is not whether one model read one dead script. The value is the demonstration that a system long assumed unreadable because it was complex was, in fact, only unread because the data had never been processed at scale. Complexity bought time. It did not buy secrecy.

That is the error to strip out. Complexity is not security. A large sign inventory, a bespoke encoding, an undocumented protocol. None of that is a cryptographic guarantee. It is friction, and friction scales down as pattern recognition scales up. Linear A survived 3,500 years unread because the corpus was too thin and the language lost, not because the script resisted analysis. Give a pattern-recognition system enough samples and enough compute and the remaining barrier is data, not difficulty.

The patch boundary here is architectural, not a version bump. A secret that has to stay secret to function is not a control. Move the secret into the key and publish everything else, or accept that the confidentiality has an expiry date set by someone else’s corpus and someone else’s GPUs. Kerckhoffs stated the requirement in 1883. Scaled machine learning is not a new threat to it. It is the enforcement mechanism finally arriving at volume, and it does not care whether the target is a Minoan tablet or a proprietary protocol shipped last quarter.

Share

Keep Reading

Stay in the loop

New writing delivered when it's ready. No schedule, no spam.