Model finds a bug in cryptography, while the cryptographer learns new mathematics from it

In February 2026, Google published a preprint on arXiv consisting of 151 pages. Fifty authors from Carnegie Mellon, Harvard, MIT, EPFL, and a dozen other institutions. The document is modestly titled: “Accelerating Scientific Research with Gemini: Case Studies and Common Techniques”. A modest title, but really very cool content.

Preprints about the capabilities of AI are released every day. Most are benchmarks: the model scored 94.7% instead of last year's 93.2%, let’s applaud. Here, quite specific researchers tell how they struggled with an open problem for months, and then uploaded it to Gemini Deep Think — and magically got a solution. Or a counterexample. Or a reference to a theorem from a completely different area of mathematics that they had never heard of.

Some stories from there deserve a separate conversation.

In cryptography, there is a kind of holy grail: to construct a SNARG based on standard assumptions.

SNARG is a Succinct Non-interactive ARGument. A thing that allows you to prove that a computation was performed correctly, while the size of the proof and the time to verify it are exponentially smaller than the time of the computation itself. You send a transaction, and the blockchain receives a tiny certificate of the operation's validity. Without SNARGs (more precisely, without their close relatives zk-SNARKs), there would be neither Zero-Knowledge rollups nor proper scaling of Ethereum. This is an important infrastructural technology.

The problem is that all working constructions either rely on idealized models like random oracle, or on assumptions that cryptographers call “unfalsifiable”. It is unpleasant to build your house on sand; one wants reliability.

In the autumn of 2025, a preprint appeared on Cryptology ePrint Guan & Yogev: SNARG for all NP, built solely on LWE. LWE stands for Learning With Errors, a standard assumption from lattice cryptography, on which all post-quantum security relies. If the construction worked, it would be like finding the philosopher's stone.

Researchers from Google decided to set Gemini on the article.

But not just "check the proof" — such prompts yield superficial results, as the model tends to praise its owner, commend the structure of their glorious scientific work, and find typos with varying success. To counter these effects, they used a five-step protocol of adversarial self-correction: the model generates a review, then critiques its own findings for hallucinations, clarifies arguments, critiques again, and produces a final version.

This algorithm somewhat resembles my Discovery Prompt, new versions of which I post on my Telegram 1red2black. The main difference is that they did not try to cram everything into a single message and use thinking mode effects, but honestly executed the phases as separate prompts.

The model found a hole.

In definition 4.1 (I mention section numbers in case you want to read the research itself!) - the authors required perfect consistency: if two proofs match in some "local sense," then their "shadows" (compressed representations) must be identical for all values of the randomness parameter. In the construction from section 4.3, they achieved only statistical consistency: shadows match with sufficiently high probability, but there exist "bad" values for which this is not the case.

The difference seems like a technical detail, as everything already works for most practical applications. But the entire security proof relied on a strong version of the statement. The weak version allows an attacker to enumerate randomness values, find a specific "bad" one — and break the entire construction.

The find was sent to independent experts — Aayush Jain and Zhengzhong Jin. They confirmed: the model is correct. The authors of the original preprint acknowledged the error and updated the article on ePrint with a red banner at the beginning: “A gap has been found in the proof of the main theorem.”

The neural network found a fatal bug in the cryptographic work that was not noticed by live human experts during the review.

Karthik (Karthik C.S.) from Rutgers University New Brunswick is engaged in computational geometry. He was interested in the hypothesis about Steiner trees.

Steiner tree — the minimum tree connecting specified points in space. Unlike the minimum spanning tree, it is allowed to add intermediate points (Steiner points), which can reduce the total length. The problem is NP-hard, but there are approximate algorithms for it.

The hypothesis that interested Karthik: among all graphs with m edges arranged in a certain way in Euclidean space, the minimum cost of a Steiner tree is given by a star graph. Proving this hypothesis is a step towards understanding the complexity of high-dimensional problems. Years of attempts yielded no results.

Karthik asked a colleague to formulate a prompt and upload the article to Gemini. The model suggested two approaches.

The first and most obvious — local transformations of the graph, gradually bringing it closer to a star, without increasing the cost of the Steiner tree. Researchers have already tried this. A dead end.

The second approach was based on Kirschbraun's theorem.

Kirszbraun's Theorem is an achievement of functional analysis from 1934. It states that if you have a Lipschitz function between subsets of Hilbert spaces, it can be extended to the entire space while preserving the Lipschitz constant.

It sounds abstract, but the meaning is simple: a "compressing" mapping between parts of spaces can be extended to a "compressing" mapping between the whole spaces.

Kartik was aware of various theorems about extensions—he worked with fixed point theorems in communication complexity theory—an area of theoretical computer science that studies the amount of information. But he did not see the connection between Kirszbraun and Steiner trees. And, as far as he knew, no one else had either.

Next comes the typical fork in these stories. At first, the model rejected its own approach as too esoteric. In its training, there seemed to be something about preferring simple proofs over heavy machinery. A reasonable heuristic and a way to save computational resources for the data center, but in this case—it was a false path.

Kartik clarified: "I do not need an elementary proof."

The model turned the proof in another direction and went on to formalize the existing arguments. It constructed a mapping from any graph to a star graph. It showed that it was 1-Lipschitz (does not increase distances). It applied Kirszbraun's theorem to extend it to the Steiner points. It concluded that the cost of the tree for the star cannot exceed the cost for the original graph.

The hypothesis is proven.

Let me quote the mathematician himself without translation to avoid misunderstanding:

“Through this process, I have learned about the power of the Kirszbraun Extension Theorem for Steiner tree computation and analysis... To the best of my knowledge, this is a new connection.”

An expert in computational geometry learned new mathematics from a language model.

Physicists from Michael Brenner's group (Michael Brenner, Harvard) worked on an integral related to the spectrum of cosmic strings.

Cosmic strings are hypothetical one-dimensional topological defects that could have formed during phase transitions in the early universe. Interest in them grew after research using Pulsar Timing Arrays discovered a stochastic gravitational-wave background. Its source may indeed be cosmic strings.

To predict gravitational radiation, one needs to compute an integral over a sphere. The integral has sharp features at the poles. For large N (the harmonic number), the integrand becomes so oscillatory that it resembles a sea urchin — and standard numerical grids fail.

The researchers built a hybrid system: Gemini Deep Think + Tree Search.

At each node of the tree, the model proposes a mathematical expression in LaTeX and autonomously writes Python code for its numerical verification. If the code fails, returns NaN, or diverges — the Python traceback (execution log) is fed back into the context of the conversation with the AI model. The model sees what went wrong and tries a different path.

The system explored about 600 branches. Eighty percent were pruned automatically — without human intervention.

But what's more interesting is this. When the model found the first working solution, the researchers applied "reverse prompting": they explicitly prohibited using the found method and demanded searching for alternatives.

The model discovered six different analytical approaches to the same integral.

Methods 1–3 were based on a Taylor series expansion. Despite mathematical correctness, the Python verifier showed catastrophic loss of accuracy: for large N, alternating sums of huge numbers collapse with exponential error. The model detected this itself and switched to spectral methods.

Methods 4–5 used expansion in Legendre polynomials. Stable, O(N) in complexity.

Method 6 — decomposition by Gegenbauer polynomials. The model noted that their weight function exactly compensates for the peculiarity in the denominator of the original integral. The infinite series telescoped into a finite closed form.

The final formula: C₀ = ½ Cin(2Nπ), where Cin — generalized cosine integral.

Complexity: O(1). Closed analytical form instead of numerical integration.

Lance Fortnow — a professor from Illinois Tech, a classic in theoretical computer science. He worked on a problem that he didn't even plan to officially format into a paper: the connection between search and decision versions of problems for the complexity class S²P.

The result was straightforward but not trivial. Among those that have been sitting in the drawer for years because formatting takes effort, and publication would bring neither fame nor tenure points on epaulettes.

Fortnow decided to try to vibe-code the entire paper, using an AI assistant embedded in Google Antigravity, with Gemini 3 Pro as the model.

Eight prompts, not counting requests for LaTeX compilation.

The first prompt: “Let's plan a paper showing that finding an S²P witness is equivalent to TFNP^NP.”

The model generated a plan. It suggested a proof structure.

The second prompt: “Don't forget to cite Cai's paper that S²P is in ZPP^NP. Add as a corollary that reducing search to decision for S²P would put ΣP₂ in P^NP.”

Well, the model added it! And made a mistake in the conclusion: it assumed containment, which is actually an open problem, and it's not worth reducing the problem there at all.

Fortnow pointed out the mistake. The model corrected the proof, replacing containment with reduction.

The rest is a matter of technique: expand the plan into a full article, check the references, find journal versions instead of preprints.

The last prompt: “Add an acknowledgment section: 'While the results are fully due to the author, this paper was generated using the large language model Gemini 3 Pro with prompting from the author. The author takes full responsibility for its contents.'”

And here it is, on arXiv lies a fresh, new article. A result that would have sat in the drawer for twenty years has been successfully published.

Fortnow writes:

I openly state that the text was written using AI. Nevertheless, there remains a lingering feeling as if I cheated somewhere. I had the same feeling in the distant 1980s when I first wrote an article in LaTeX, and it looked much more beautiful than its content deserved.

A separate genre is when the model does not prove but disproves.

In Online Submodular Welfare Maximization, there is a greedy algorithm with a competitive ratio of 0.5.

In 2015, a group of researchers Korula, Mirrokni, and Zadimoghaddam formulated a hypothesis: if one proves a certain inequality about "copying" an element to the end of a sequence vs "moving" it there, the ratio will be 0.567.

This hypothesis hung unproven for about nine years.

Then, the researchers uploaded the paper to Gemini with the prompt: "Please try to improve the paper by identifying and solving an open question from it."

And then, a true zero-shot occurred. One prompt. No dialogue.

The model chose this particular hypothesis (not the most obvious one in the paper!). It built a counterexample: 3 elements, 2 agents, specific submodular functions (a table of values for all subsets). It checked all 3! = 6 permutations. It calculated the left and right sides of the inequality: 122.6/6 > 121.8/6.

The hypothesis was disproven.

The human researchers independently took on the verification of this arithmetic. Everything matched up.

The authors of the document formulate something like a set of techniques for working with AI in theoretical research. I will rephrase them in my own words.

Iterative refinement. The model rarely solves a task on the first try. Success comes through dialogue: clarification of the problem statement, pointing out errors, providing "scaffolding" or "crutches" — a high-level structure that the model fills in with details.

Cross-pollination. Models have digested and absorbed literature from all fields of knowledge. They find connections that experts miss because each expert is trapped in their own narrow expertise. Weierstrass-Stone theorem for Max-Cut (functional analysis → approximation algorithms). Kirschbraun for Steiner (topology → computational geometry). Bethe approximation for permanents (statistical physics → graph theory).

Context de-identification. Sometimes a model refuses to tackle a problem if it recognizes it as an "open problem." The counterintuitive solution: remove all information and articles from the context that describe this very open problem. Leave only the formulation and definitions. Less context — better result.

Neuro-symbolic loops. The model proposes a formula, the code checks it, errors are returned to the context. Automatic pruning of dead branches without human involvement.

Adversarial self-correction. For review: generation → critique of one's own findings for hallucinations → clarification → re-critique → final version.

The authors are honest about limitations.

Confirmation bias. If a false hypothesis is formulated as true and asked to prove it, the model will try to close all logical gaps with confident but unproven and "hand-waving" arguments. A neutral prompt ("prove or disprove") helps, but guarantees nothing.

Confident hallucinations. Models cope with high-level structure but may forget limitations, confuse signs in inequalities, and misapply theorems. In the Courtade-Kumar case (information theory), the model confused boundaries in hypercontractivity bounds several times. Verification by a human is essential.

Alignment friction. Constraints imposed to increase model safety often hinder research. The model refuses to solve a task it recognizes as an "open problem" or "too ambitious." It is necessary to remove context or rephrase.

There is an observation that the authors make closer to the end, and which deserves separate attention.

If AI radically reduces the negative experiences that scientists face when creating technically complex and dense articles, and if there will now be many such articles — the bottleneck of science shifts from creating these articles to verifying the results.

Peer review is already overloaded. Reviewers work for free. Deadlines are tight. The influx of literature written with the help of AI will further strain an already struggling process.

But our example with cryptography shows: AI with properly configured prompts, processes, protocols — can identify barely noticeable problems even in the proofs of prominent experts. This means that the same tools can be used for reviewing works from other fields.

But who verifies the verifiers?

And the next question: if a model writes an article, and another model reviews it, where in this cycle is the place for a human? Do we even need a human at all?

Let's pay attention to the elephant in the room. The document is written by Google employees, about the capabilities of the Google model. The conflict of interest is obvious.

A special non-public, advanced version of Gemini Deep Think is used in the research, which is not available outside of Google. Reproducibility with ordinary tools is highly questionable.

The article describes successes. But how many failures were there? What is the success rate? Out of a hundred prompts — one breakthrough or ten? Unknown.

Where does "writing an article with the help of AI" end and "writing an article by a human" begin? In Kartik's case, the human reformulated the prompt so that the model could perform better than before. Whether their good result is his contribution or the model's contribution is ambiguous. The boundary is blurred.

One of the researchers describes the model as "an indefatigable, educated, creative, and gifted junior colleague." This may be more accurate than grand claims about "reasoning ability" and "discoveries."

A junior colleague who never sleeps, has read all the literature, and finds non-obvious connections between fields. Who sometimes hallucinates, but sometimes guesses brilliantly. Who, unfortunately, needs to be checked at every step. Who cannot be trusted, but with whom one can work.

Yes, Fortnow was afraid that he had cheated. But perhaps the difference is that Fortnow understands and realizes what he is doing. The model does not. Not yet.

Maybe this is the boundary. Here lies the line between the "outstanding joon" and something greater. Between a tool that finds the Kirshbraun theorem at the right moment, and a being that understands why it is needed there.

Or maybe in ten years we will laugh at this distinction, just as we laugh at the fears of the 80s that computers would take jobs from programmers.

Undoubtedly, the girls working with perforations have lost their jobs to compilers. But the number of programmers has only increased because of this.