Fooling around with encrypted reasoning blobs
- AI
- Security
- Infrastructure
- Developer Tools
The post reverse engineers the encrypted reasoning payloads some frontier models return alongside answers and shows they are not just a privacy wrapper over chain-of-thought. They function as a signed or encrypted blob of hidden model state that the client can hand back on later requests. That lets providers keep the serving layer closer to stateless while preserving continuity across turns. The post also shows a side channel: changes in reasoning length or wall-clock time can leak signal about what is inside the hidden trace even if the blob itself stays unreadable.
If you build on reasoning models, assume provider APIs may be shipping opaque state back to clients and that this state can create replay, jailbreak, and side-channel risks you cannot inspect. Treat “stateless” LLM APIs skeptically, and pay attention to cache design, token billing, and trust boundaries around hidden context.
-
blog.cryptographyengineering.com
- Discuss on HN