Totally Secure Non-Quantum Communications?

An anonymous reader writes "TEES is reporting that Dr Laszlo Kish, an associate professor at Texas A&M, has proposed a 'classical, not quantum, encryption scheme that relies on classical physical properties -- current and voltage. He said his scheme is absolutely secure, fast, robust, inexpensive and maintenance-free and relies on simultaneous encrypting of information by both the sender and the receiver.' The scheme uses properties similar to Johnson noise along with Kirchoff's Law to provide what he hopes to be an easier method of secure communications. Arxiv also has the full text [PDF Warning] of the paper."

Re:A lesson for venture capital

[ettlz]

As I understand it, quantum cryptography is only used as a method of key distribution, which then put into a "normal" cryptosystem like AES. The supposed advantage over asymmetric public-key distribution is that it can't be broken by a quantum computer. However, it is still vulnerable to man-in-the-middle attacks, and encryption is worthless without authentication — so why consider quantum cryptography in the first place?

Re:A lesson for venture capital

[Dster76]

From http://en.wikipedia.org/wiki/Quantum_cryptography [wikipedia.org]

In Quantum Cryptography, traditional man-in-the-middle attacks are impossible due to Heisenberg's uncertainty principle. If Mallory attempts to intercept the stream of photons, he will inevitably alter them if he uses an incorrect detector. He cannot re-emit the photons to Bob correctly, which will introduce unacceptable levels of error into the communication.

If Alice and Bob are using an entangled photon system, then it is virtually impossible to hijack these, because creating three entangled photons would decrease the strength of each photon to such a degree that it would be easily detected. Mallory cannot use a man-in-the-middle attack, since he would have to measure an entangled photon and disrupt the other photon, then he would have to re-emit both photons. This is impossible to do, by the laws of quantum physics.

Other attacks are possible. Because a dedicated fiber optic line is required between the two points linked by quantum cryptography, a denial of service attack can be mounted by simply cutting the line or, perhaps more surreptitiously, by attempting to tap it. If the equipment used in quantum cryptography can be tampered with, it could be made to generate keys that were not secure using a random number generator attack.

Sounds like Snake Oil...

[nweaver]

Sounds like snake oil, similar to http://www.schneier.com/blog/archives/2005/12/snak eoil_resear.html [schneier.com]

Very interesting but what about tolerance?

[Anonymous Coward]

What happens if a thermal fluctuation in the wire causes the loss? How can we tell this from an eavesdropper? To make this work surely the tolerances of all components need to be 0%. Nobody has ever made a 0% tolerance resistor, its a purely theoretical component. Which makes me wonder if this has actually been tested in the lab. Perhaps I'm missing something?

Re:In related news, perpetual motion device perfec

[ScentCone]

There is no such thing as a perpetual motion machine, an honest politician, or perfect encryption. All three exist in theory, but never in reality.

Well, let's see. The perpetual motion machine doesn't exist, in theory, because the laws of thermodynamics and whatnot essentially rule it out. Of course, it may exist in somebody's theory, but their theory would be at odds with actual, working theories that correspond with reality.

You're closer to the mark when it comes to the honest politicians. I think the measure there should be "honest enough," or at least "honest about his/her opinions/policies when it comes to what we're actually talking about." No one, ever, is 100% honest. Civilization couldn't exist without a certain amount of fluff, white lies ("really, honey, you look great in that dress," or "some day, New Orleans will be just like it was before the storm"), and safety-minded subterfuge.

Perfect encryption? Don't know enough about it. But I know we can do better in talking about it than to use slightly off-balance analogies from other disciplines. It's probably far more useful, anyway, to talk in terms of how imperfectly normal human users use even the "perfect" tools we have for other purposes. That's where stuff always breaks down: GIGO.

Re:Voltage drop?

[johnny cashed]

as an owner of 2 butt sets (lineman's phones) I can say that this isn't always true. My old western electric rotary one is batteryless. It is still handy for just that reason (and yes, I can still dial out with it on POTS service). My newer Chesilvale needs a 9v battery to work, but it also has a speakerphone in it and more features. I don't believe the battery is there to prevent detection (eliminating voltage drops).

The is more to a butt set than it being a corded phone with alligator clips. It has an audio transformer in it which permits one to hear what is on the line without going "off hook". It allows one to monitor the line without being audibly noticed (there might still be a voltage drop).

Re:A lesson for venture capital

[gweihir]

Quantum Encryption is p2p.

Yes, but without overlay network. Quantum cryptography works only for directly connected hosts, so it is basically useless except in some very special scenarios. I think the only reason quantum crypto (and that should be properly 'quantum modulation' or the like) as well as quantum computation is so popular today is because it captivates peoples imagination. Since quantum crypto is really just key excahnge, you could allways replace it with pre-comottated random keys in the neighbouring hosts with a tiny fraction of the cost. And you can also use permanent links and do key-refresh often, making the existing solution again as secure with a tiny fraction of the cost. Personally I feel that even its value as a curiosity has worn off. And the underlying physical principles are not validated enough to support even half the claime people make about quantum technology.

something to wonder about

[geoff lane]

The thermal noise in the circuit will limit both the rate of data exchange and the confidence that a tap will be detected (or a false positive.) Over a long distance, the quality of the connection will be an important factor.

There is also the slight problem of the common clock which must be available at each end. Somehow both sides need to be synchronised which implies either quite expensive atomic clocks or a side channel containing the information. Either limits the practibility of the idea.

Problems

[Jerry Coffin]

For years, there has been one encryption scheme that has been known to be 100% secure (at least against a simple cipertext-only attack): the one-time pad. This is most often (but not necessarily) implemented as a simple XOR between bits in a key stream and bits in the text to be encrypted. The receiver decrypts the message by re-XORing the received bits with the same key stream to retrieve the original data.

As I mentioned, this is 100% secure, and any reasonably well-written book on cryptography will confirm that. To be 100% secure, however, the keystream must be as large as the data being encrypted, and must be absolutely random -- any degree of predictability can lead to breakage (e.g. search for "Venona").

The biggest shortcoming of a one-time pad is the key: first you have to generate an absolutely random key, and then you have to distribute that key to the people at both ends of the communication securely. The usual problem is that if you can communicate that key reliably, then you could normally communicate the data reliably just as easily. As such, a one-time pad is typically only useful in fairly limited situations like a spy receiving a DVD-ROM full of key material during a f2f visit, then using the key out in the field. For more typical scenarios it's rarely useful though.

This scheme seems to cure one, but definitely not both of those problems. It's basically a way of using two one-time pads simultaneously, so that the receiver can deduce the sender's key at any point, but what is transmitted over the wire basically depends on both his own key and his partner's key (not exactly an XOR, but a bit like it). If all the attacker does is collect the voltages on the line, I wouldn't be too surprised if this really is secure.

That doesn't mean there aren't any shortcomings though. One obvious problem is that both ends still have to generate absolutely, 100% random keys. Another problem is a man in the middle attack. If the pattern of resistor changes can be predicted, then the attacker only has to find the value once at one end to break all subsequent communications over the channel. Since the scheme doesn't (at least by itself) provide any kind of confirmation of who's on the other end of a line, a man in the middle has a pretty easy time with things.

Another approach would be to tap into the line at two points, preferably widely separated. Since the current only travels over the wire at (about) 2/3rds the speed of light, when one end changes a resistor, the change in voltage/current will be detectable first closer to that end, and some time later at the other end. Two widely separated measurments would allow an attacker to figure out which end changed resistors at any given time. Ultimately, the degree of separation does't even have to be particularly huge -- larger separation just reduces the precision of timing necessary, but even one foot apart gives about a nanosecond.

Re:A lesson for venture capital

[Minna Kirai]

Quantum Encryption is p2p.

People no longer understand p2p as "point to point", but rather "peer to peer". Point2Point cannot use significant IP addresses, but Peer2Peer must use them (or something similar).

Which means when Bob and Alice trade IP addresses,

I hope you meant "IP address" in some metaphorical way. There is no way QC can be applied to operate over an internet with real IP address. IP requires routing, and routing means packet-forwarding, but QC depends on an photonic signals that are irreproducible, and thus unroutable.

you ought to be able to have each other's IPs

Do you know the IPs of every mail-order vendor from which you might wish to order?

What you're doing is repeating the usual QC-request to have the initial exchange of recognition data left off of the vulnerability analysis, because it is in fact susceptible to every kind of man-in-the-middle assault.

Absolutely secure communication already exists

[Jaime2]

Just send someone an OTP [wikipedia.org] DVD generated by hotbits [fourmilab.ch] and keep a copy for yourself. Use the DVD only for key exchange and use AES for the data stream. No one can crack a one-time pad unless you make a mistake. This won't work for e-commerce, but it works wonderfully for terrorist and spies. For the extra paranoid, use the OTP data for encryption, but you'll eventually need a new one (re-using OTP data renders it crackable).

Re:Why must non-cryptographers be so dumb?

[njyoder]

Actually, Schneier specifically said in that interview that it makes public key cryptography insecure. He was referring to symmetric, private key cryptography when he stated that it doesn't make all cryptography insecure.