Simple Comm Technique Beats Quantum Crypto 164
Atario wrote us with a link to a New Scientist article about an innovative new way of encrypting communications. An engineer at Texas A&M may have a way to exploit the thermal properties of a wire to create a secure channel. The result could be an effectively impenetrable way of securing communications, possibly outperforming quantum cryptography keys. "In their device, both the sender Alice and the receiver Bob have an identical pair of resistors, one producing high resistance, the other low resistance. The higher the total resistance on the line, the greater the thermal noise. Both Alice and Bob randomly choose which resistor to use ... Half the time ... they will choose different [resistances], producing an intermediate level of thermal noise, and it is now that a message can be sent. If Bob turns on his high resistor, and records an intermediate level of noise, he instantly knows that Alice has chosen her low resistor, in essence sending a bit of information such as 1 or 0. Kish's cipher does this many times, sending a random series of 1s and 0s that can form the basis of an encryption key, the researchers say."
Cool. (Score:5, Interesting)
It only works on a direct connection (Score:2, Interesting)
Under the conditions stated above, cryptography isn't very important. The most important thing is to ensure the physical integrity of the wire.
The cryptography isn't as unassailable as they think. Given two taps on the line, I can tell who switched which resistor when. For instance, if station A switches in a low resistance, the tap nearer to station A will detect the effect (low noise) of the switch first.
Maybe I'm missing something important but this idea doesn't seem as smart as they think it is.
Is Schneier enough of an electrical engineer ? (Score:5, Interesting)
To me, this whole matter with his formulae of the noise of a resistor is just hocus pocus; as much as the math is correct. But any reasonable electrical engineer knows these
What Kish rather seems to propose, is the injection of noise into a link; noise at two levels, nevermind if they are derived from a resistor, short-circuited or not, or any other noise generator.
Over. What he then says is the following:
If Alice sends high noise level ('H'), Bob will send low ('L') noise level; and vice versa.
The man-in-the-middle will have tri-state noise: LL,LH/HL,HH. LL and HH are out. The assumption in that paper, hidden behind a lot of barrage, is: LH and HL will appear identical to the eaves-dropper. Alice. however, when sending L, can pass an information quantum (since Bob will switch to H, knowing Alice sends L); while Alice sending H, Bob will switch to L, knowing Alice sends H).
The theory of Kish is, that Eve will have no clue if she intercepts HL or LH. Which only works in theory.
Because any electrical engineer deserving his title will tell you that those sources won't produce noise of identical spectrum in the first place. Therefore, the spectra will change, giving you a sequence of jumps. The maximum you have to do is toggling
Much ado about nothing, me thinks
What would this be good for? (Score:3, Interesting)
Are there ways to use these secure channels to build a real redundant network where traffic could be rerouted when lines fail? Or would the routers end up being the weak spot? Making it just as insecure as every other network?
Are there any other types of uses where those connections might be useful or are they no more theoretical toys?
Not worth 2c of consideration (Score:2, Interesting)
[a] it takes an "educated eavesdropper" to even realise information is being sent when there seems to be just low-level noise on the line.
[b] If they do try to eavesdrop, they can only tell a message is being sent, not what it is, because it's impossible to tell whether Alice has a high or low resistor turned on, and whether the bit of information is a 1 or a 0.
[c] What's more, eavesdropping on the line will naturally alter the level of thermal noise, so Alice and Bob will know that someone is listening in."
a.) is security-by-obscurity, so is b.); and we all know what to say about that little assertion.
c.) is simply rubbish, I can place a tap on the line with a high impedence buffer that will be indetectable to both Bob and Alice but which allows me to measure the noise and recover the signal.
Quantum encryption is quite different, the tap actually disrupts the signal so that both Bob and Alice know immediately they're being listened to even if though don't know how. This scheme seems to be arguing that Bob and Alice will hear the equivalent of clicks-on-the-line aka mid 20thC techniques and be able to deduce tapping. I don't think that's been possible since the digitization of the phone system during the 80's and 90's.
In fact, let's get serious. This guy is talking about "level of noise" aka amplitude modulation as used in AM radios, but using the background noise as the carrier signal. This as got more in common with steganography than quantum encryption.
Re:Sure they can. (Score:3, Interesting)
But how do they put in those resistors? With switches. Switches that inject charge onto the output wire when their state changes. Switches with their own resistance and temperature coefficient of resistance. And that is detectable.
Alas, real resistors cannot be perfectly matched; the real wire state table has 16 rows. I estimate that if you pull out all the stops, you might be able to match them to one part in 10e-7 (0.1 parts per million), which is not sufficient for security work.