One-Time Pad From Caltech Offers Uncrackable Cryptography 192
zrbyte writes "One-time pads are the holy grail of cryptography — they are impossible to crack, even in principle. However, the ability to copy electronic code makes one-time pads vulnerable to hackers. Now engineers at the California Institute of Technology in Pasadena, have found a way around this to create a system of cryptography that is invulnerable to electronic attack. Their solution is based on a special kind of one-time pad that generates a random key through the complexity of its physical structure, namely shining a light through a diffusive glass plate."
Re:Impossible? (Score:5, Informative)
Re:Impossible? (Score:5, Informative)
Re:Impossible? (Score:5, Informative)
Who would have thought that the f... article addresses this devilishly ingenious workaround?
"And even if Eve steals the glass, they estimate that it would take her at least 24 hours to extract any relevant information about its structure.
This extraction can only be done by passing light through the glass at a rate that is limited by the amount of heat this creates (since any heating changes the microstructure of the material). And the time this takes should give the owners enough time to realise what has happened and take the necessary mitigating actions."
Re:Not too long until an iceberg attack is reveale (Score:5, Informative)
That's not the case with a properly used one-time pad. Normally you break a cipher by finding correlations due to the repeated use of a finite encryption key on different parts of a comprehensible plaintext. If either the message is random, or the encryption key is random and nonrepeating, then the message cannot be deciphered.
Unless you steal the pad, or force the user to repeat it.
Re:Impossible? (Score:5, Informative)
Eve is better off using $5 cryptography to get at the message.
Rubber Hose Cryptanalysis [wikipedia.org] Just FYI.
Re:Got it backwards (Score:3, Informative)
On a photon-by-photon basis, refraction, diffraction, and anything less than total reflection are all quantum mechanical processes. It doesn't get more random than that. Sending photons through a partially transparent mirror has been a standard trick for generating random bits quantum mechanically for at least a decade that I know of. It sounds like this is the same principle.
Re:Nothing is impossible to crack... (Score:4, Informative)
No, against a one-time pad, bruteforce won't work, because the key is never re-used so you've no basis to know that any output from your decryption is more valid than any other.
The first 1024 bytes of Hamlet, XOR'd with 1024 truly random bytes, is indistinguishable from random bytes.
XOR that with the same bytes again, and you get 1024 bytes of Hamlet back. ... and as an attacker, you've no way of knowing which one of those, if any, was the original plaintext.
XOR it with most random streams of bytes, and you'll get something that looks equally random.
XOR it with a particular different list of bytes, and you get 1024 bytes of Moby Dick.
XOR it with another list of bytes, and you get a version of Hamlet in which "Bernardo" is replaced with "Slashdot".
Re:Impossible? (Score:5, Informative)
No, the two devices don't match. Each device contains a different several GB of random numbers (or I suppose, random transformations), encapsulated in the structure of the glass.
The two owners meet, and using both their devices, produce a "combined key". The combined key can be stored in a public repository. The shared OTP can be extracted from the combined key using either device.
The two parties exchange confidential data encrypted with bytes from the OTP until the OTP is all consumed. Then they must meet up again to create a new OTP.
There's nothing novel about the cryptography. What might be novel is the physical properties of the device used to allow someone to carry their personal list of random numbers around.
Re:Is it new? (Score:4, Informative)