Simple Comm Technique Beats Quantum Crypto

Atario wrote us with a link to a New Scientist article about an innovative new way of encrypting communications. An engineer at Texas A&M may have a way to exploit the thermal properties of a wire to create a secure channel. The result could be an effectively impenetrable way of securing communications, possibly outperforming quantum cryptography keys. "In their device, both the sender Alice and the receiver Bob have an identical pair of resistors, one producing high resistance, the other low resistance. The higher the total resistance on the line, the greater the thermal noise. Both Alice and Bob randomly choose which resistor to use ... Half the time ... they will choose different [resistances], producing an intermediate level of thermal noise, and it is now that a message can be sent. If Bob turns on his high resistor, and records an intermediate level of noise, he instantly knows that Alice has chosen her low resistor, in essence sending a bit of information such as 1 or 0. Kish's cipher does this many times, sending a random series of 1s and 0s that can form the basis of an encryption key, the researchers say."

Security through Lack of Reference?

[vertigoCiel]

From what I can gather from the summary (the New Scientist domain seems to be blocked by the PRC to those in China, so I can't RTFA), the security of this lies in the fact that Eve cannot seperate the message from the inherent thermal noise of the channel. However, wouldn't she be able to decode the message by trial and error by hooking her own resistors? Surely she doesn't have to have identical resistance just around 10 or 100 Ohms of the average.

Could someone correct me if I'm wrong (which I think I am)?

Man in the middle

[anwyn]

This is a secure way to agree to agree on a one-time pad, or other key, but it is subject to man in the middle attacks. How does fred know that it is alice other end of the line switching resistors, or is it darth the man in the middle swiching resistors?

PAIRS of resistors

[Etherwalk]

Identical pairs of resistors.

I read it the same way you did at first; it's poorly worded.

This sounds like it's someone trying to think outside the box, given a basic knowledge of quantum cryptography. "Well, what else sort of works like light polarization? What is there that, if intercepted, doesn't give the interceptor any more information than said polarization does in the case of quantum cryptography?"

Of course, one of the advantages of quantum is that you can Detect eavesdroppers, because if they listen to more than a few bits they flip more of your bits than probability would reasonably allow for. It isn't only about how much information the eavesdropper can obtain--it's about whether or not you'll realize they're there.

Impenetrable == Unsinkable

[MajorBlunder]

The result could be an effectively impenetrable way of securing communications, possibly outperforming quantum cryptography keys.

When I read this, I had a flash back to a Dr. Who episode.(paraphrasing)

Army General: Trust me doctor this place is impenetrable.

Doctor: The problem with impenetrable is that it sounds too much like unsinkable.

Army General: Well whats wrong with that?

Doctor: Ask the passengers of the Titanic.

I always get a little bit itchy whenever people start throwing superlatives around like unbreakable, impenetrable, etc. Nature, Human ingenuity, or Human stupidity all have a nasty habit of proving us wrong.

Re:What would this be good for?

[evilviper]

What would this or quantum cryptography be good for in practical terms?

Two offices, say, across town, that want to communicate very securely.

Somebody could simply cut the wire and thus forcing Alice and Bob to [...] not communicate at all.

When would that possibly be a problem? That would basically require some strange situation with a totalitarian government that wants to disrupt communications between two end points, but apparently doesn't actually want to get access to the unencrypted information itself.

If it's just some rival company trying to disrupt service, a line crew goes out, fixes the line, and they're back up and running before they even want/need to change the encryption key.

And what would be the point, since you could just as easily cut the other communications lines (eg. OC3s), the power lines, etc., etc.

Re:Well, they quote Bruce saying it's good.

[smallfries]

But he didn't mention eavesdropping, he mentioned man in the middle attacks. Just like a quantum link this is vulnerable to man in the middle attacks when used without a separate authenticated channel.

Re:Is Schneier enough of an electrical engineer ?

[jmv]

Furthermore, if Eve1 and Eve2 listen in a distance of only a few meters, they can auto-correlate the signal(s) and find the direction from which it travels.

Not even a need to auto-correlate. If you measure both the current and voltage in one point of the transmission line, you can figure out which way the signals are going. On top of that problem, I can't really see that method scale in the Gbps, while I can easily imagine the single-photon methods scaling that high.

Re:What would this be good for?

[grumbel]

### When would that possibly be a problem? That would basically require some strange situation with a totalitarian government that wants to disrupt communications between two end points, but apparently doesn't actually want to get access to the unencrypted information itself.

The point is: When I disrupt your valuable crypto channel long enough you simply can't use it and have to fall back to other means of less secure means of communication which I then can intercept.

### And what would be the point, since you could just as easily cut the other communications lines (eg. OC3s), the power lines, etc., etc.

Other lines of communication can be easily made redundant, since they don't have to directly go from A to B. They can take as many hops in between as they want and if somebody destroys a segment, the traffic can simply be rerouted around that destroyed segment.

Re:Cool.

[Anonymous Coward]

RTFA. This has absolutely nothing to do with routing or whatever the hell you're talking about. Its simply a method to protect information being sent over wires from eavesdroppers. The noise in this case is analog noise, and the information could be anything depending on the actual use of the wire.

Re:Security through Lack of Reference?

[SLi]

The difference of course being that not being able to crack Diffie-Hellman relies on the difficulty of calculating something, but cracking it is definitely computable, while in a quantum crypto cracking it even given infinite time is physically impossible, if you use the generated key data as a one time pad. To me that difference seems in a sense quite significant, but then I'm a theoretical computer scientist :-)

Re:Old news: Broken, rebutted, broken, rebutted ag

[(negative video)]

As Bruce Schneier pointed out this technique if it works is no worse than quantum cryptography ...

This technique is worse. Quantum cryptography** lets you know the extent to which your shared key has been decloaked, providing a rational basis for reusing chunks of the (expensive) one-time pad.

**A bad name. It really ought to be called quantum exposure detection.