Forgot your password?
typodupeerror
Encryption Security Science

Optical Cryptography 158

Posted by timothy
from the this-little-light-of-mine dept.
chill writes: "In Cryptonomicon, Neil Stephenson wrote about Bell Labs' research into using static, or chaotic signals to mask communications. A message would be generated, then the signal masked in noise. Someone on the other end would subtract out the noise to get the signal. Works great if both ends have the exact same noise. Now, Jia-ming Liu, professor of electrical engineering at UCLA, is giving a presentation on doing essentially the same thing using OC-48 (2.5 Gbps) optical circuits. The presentation will be at the upcoming Optical Fiber Communications Conference and Exhibit. There is an article covering this and some other nice advances in optical over in Wired."
This discussion has been archived. No new comments can be posted.

Optical Cryptography

Comments Filter:
  • by smoondog (85133)
    You could also image doing this with regular any noise and random observations. Like solar observations, for instance or other space observations. Could even be based on traffic to specific web sites....

    -Sean
    • You could also image doing this with regular any noise and random observations. Like solar observations, for instance or other space observations. Could even be based on traffic to specific web sites....

      The trick to all noise-masking techniques is for YOU and YOUR PARTNER to have the same set of noise and NOBODY ELSE to have it.

      Use a well-known public noise source and a link to that source becomes the key which decrypts all your traffic.

      Oops!
      • But that does bring up what I think would be an advantage to a system like this in that the bad guy doesn't have to know when you're getting your message and and is able to intercept it. If you can only recognize the message after dycrypting it than you can make it by having scheduled messages sent and only you and your partner know when and where they are. The bad guy is left with his special decoder ring and about a zillion random letters.
        • This is called traffic masking, and is a useful, known tool. However, it can also be viewed as security through obscurity, typically a bad thing. (tm)
    • We had a link with the British in the War that would use a disk of noise to overlay a signal on top of communications that would be un scrambled on the other side by the same wheel running on at the same time. The more things change, the more they stay the same.

      Check out the NSA's explanation [nsa.gov]
      Previous Slashdot Story [slashdot.org]
  • A Shortcut... (Score:5, Informative)

    by ksw2 (520093) <obeyeater&gmail,com> on Tuesday March 19, 2002 @12:28AM (#3185221) Homepage
    If you're interested in how they syncronize the noisy lasers, here is a shortcut [faqs.org] to the non-linear faq... a bit of easy evening reading for your enjoyment.
  • steganography ? (Score:3, Insightful)

    by sh0rtie (455432) on Tuesday March 19, 2002 @12:30AM (#3185231)
    so how is this any different than steg
    where a message is hidden in noise (the image) then when the image (noise) is subtracted the message appears.

    are we still trying to re-invent the wheel here or am i missing something ?
    • Re:steganography ? (Score:3, Informative)

      by Account 10 (565119)
      An image isn't noise. It is very organised data and can be recognised as such. (A) if you suspect steganography, then images, music, etc. are obvious targets to look for. (B) the non-randomness of the encrypted data is, allegedly [slashdot.org], detectable behind the non-random image data.
    • Re:steganography ? (Score:2, Insightful)

      by metacell (523607)
      Well, if you use encryption or steganography on a computer, you have to utilize digital techniques, which is timeconsuming. Performance drops.

      If you merely have to superimpose two lightwaves to steganize (sp?) a message, it all goes in realtime no matter how much bandwidth the lightwave carries.
      It's not a digital technique. It uses analog lightwaves.

      So that technique can be used in e.g. optical fibres, so nobody can intercept messages by physically eavesdropping on the fibre.
      I don't think it's intended for home computers. It sounds more like a simple way for telephone companies to protect all the data in optic fibres without going in and encrypting the individual IP packages and such.
    • It's more like encryption with a one time pad. You aren't hiding the data, you're obfuscating it. That's what encryption is.
    • The easiest way to describe the difference between steganography as it is used digitally and what is described by the article is that in stegenography the data you are hiding is distributed across the image or audio file you are hiding the data in. Using the method described in the article, every bit that is sent across the connection contains the value of the original message and the value of the noise. When you subtract the noise, you end up with the original message.

      If you have 10 kilobytes of data to send, using stegenography, you may have to distribute that 10 kbytes across 1 or more megabytes of documents. Using noise encryption, you are only sending 10 kbytes of data.

      Of course there is noting saying that you can not combine methods.

      I do seem seem to recall Tom Clancy using a variation on this idea in several of his novels, where the CIA burns two CDs giving an agent one, and keeping one at the agency. The agent encrypts his message using a tool that destructively reads the CD as it is encoding the message. The CIA gets the encoded message and destructively reads their own CD to decode the message. The source for the two CDs is a cosmic ray counter, or something like that.

      Then again, I could be wrong.

      -Rusty

    • I dunno. Whenever i hear Neall Stephensons name mentioned i get nervous. What did he invent again? Any new ideas? This one certainly sounds like both steganography and a one time pad. He didnt invent either, did he?
      What next? `They flew to Mars...just like that guy out of that movie with Arnie in it`?
  • by b0r0din (304712) on Tuesday March 19, 2002 @12:30AM (#3185232)
    Maybe I'm completely off here, but if you're using noise interference, wouldn't that be sort of wasting bandwidth? This is a cool technology, I wonder if there would be a way to mask a signal and at the same time run multiple signals, so you could essentially split the information through a long pipe (like the laser) using the chaotic noise, and each would be able to be filtered out (at some sort of router) and sent to various places accordingly. Seems it would be much more efficient to carry information that way.
    • You are completely off. They are just using different numbers to represent the data. The magnitude of the numbers is unchanged. Typically, they do the addition modulo some conveniant number to keep the signal in a preset range.

      --sam
    • Using noise interference doesn't necessarily need any extra bandwidth.

      Light consists of waves, and when two waves are placed on top of each other, they form a new wave that takes no more space or bandwidth than the first one.
      • This is true only if the two waves being added have the same frequency spectra, or if one of the waves is contained in the other in the frequency domain. If you add a 10 nanometer-wide signal centered at 700 nm to a 10 nanometer-wide signal centered at 710 nm, the resultant wave has a bandwidth of 20 nm.

        This wave would take up more bandwidth than either of the other two.
        • Yes, I assume the two waves occupy the same portion of the spectrum, otherwise the whole idea of hiding the signal behind noise is wasted. The noise has to overlap the signal. The signal doesn't necessarily have to overlap the noise, though.
      • Light consists of waves, and when two waves are placed on top of each other, they form a new wave that takes no more space or bandwidth than the first one.

        Just like when I XOR two streams of data together they take no more space than one stream? Kind of tough to pick that apart again. /dev/null doesn't get any bigger when I throw a stream of data in it either.

        Assuming the waves are assembled constructively, receiving them in the same bandwidth requires double the signal/noise ratio that receiving one wave would require, because your equipment needs to be just as sensitive but handle twice the signal amplitude. See Shannon's Law [bldrdoc.gov].

  • by andfarm (534655)
    Is it just me, or can almost any post on ./ be linked eventually to _Cryptonomicon_? Anything, for that matter?

    Or is it just that I'm studying World War II?
  • Cryptonomicon was an amazing book, on par with Neuromancer. Hopefully though, testing will migrate from OC48 to something a wee bit cheaper, as most of us don't have $100 an hour to spend on that sort of connection. Cryptography is cool. IT has always been at the forefront of both theoretical mathematics and computer science.
    • I can't believe you just compared cryptonomicon to neuromancer. Cryptonomicon was insidiously boring.

      I can't wait to hear from slashdot that mathematics was invented in this book.
  • by Anonymous Coward
    a One Time Pad?

    OTP: person a adds agreed upon random noise to the plaintext. person b subtracts the same random noise from the cyphertext.

    This: person a adds agreed upon random noise to the singal. person b subtracts the same random noise from the encrypted signal.

    Seems the only difference is what level of the stack you apply the OTP.
    • It is a OTP - It is a very fast and convenient way to make very good and non-interceptable OTPs
      • Only it is not a OTP, because it is not truly random.
        I.E. it is a psuedo-random stream that is reproducable at the other end.

        So it violates one of the rules of a true OTP system

        The "noise" generation is a function of the laser setup and can be replicated by another source.

        With a known plaintext attack you could easily compute the desired "noise" and then find the appropriate laser configuration to create that noise and read the messages.

        Other than being analog rather than a program and really fast, I don't see it as being all that secure.
  • by petrov (7314) on Tuesday March 19, 2002 @12:37AM (#3185271) Homepage
    This is essentially a one-time pad cipher where the pad is the length of the message and then (in the digital world) they XOR the pad with the message and send them both. For fiber optics, they probably do a similar transform, but instead of XOR they probably just a straight add, modulo some appropriate number.

    --sam
    • by mbkennel (97636) on Tuesday March 19, 2002 @12:58AM (#3185346)
      This form of chaotic synchronizing communication works by a dynamical systems property. It seems like magic but it is not really.

      It relies on the effect of chaotic synchronization. That sort of amazing fact that even though you can have a dynamical system that is continuously unstable in 'some degrees of freedom' making up the chaotic system the combination system of transmitter and receiver can still be stable in the 'transverse' direciton to the synchronization manifold.

      All communication systems work by synchronization whether implicitly or explicitly. Here you will explicitly have chaotic oscillators as both transmitters and receivers. Yes, radio is like this too, you have a linear oscillator in the transmitting tower and an oscillator in your RF circuit in your receiver and their electric fields will synchronize the receiver's oscillator to the transmitter.

      The trick is how to add in modulation and demodulation that does not destabilize the system and still permit reconstruction of the transmitted information.

      All chaotic systems essentially have some sort of nonlinear feedback. The trick that seems to work very frequently with optical dynamics is to mix in some of the transmitted signal coming over the channel with the self-regenerated system at the receiver. In previous work with fiber optic ring laser it really was literally mixing optical signals, in the thing I did it was mixing in electro-optic electrical feedback signals; more like mixing intensities.

      It turns out that a fairly generic form of dynamics often seems to work.

      I worked on this project from a theoretical modeling level with Jia-Ming Liu's group at UCLA.
      (We're at UCSD not UCLA).

      I'm not sure what this new work is about but in the version that I did there was no significant role for the dynamics or properties of the fiber optics in the creation of the chaos or the demodulation.

      It will a very significant amount of engineering to make this fully practical and find all the good properties but that's true for every advance.
      • That is very interesting, mbkennel.

        So you mean there is a chaotic system A at the sender's end, and another chaotic system B at the receiver's end, of the same type?

        And that they would diverge if left to themselves, but are continously synchronized with each other, so both A and B generate approximately the same signal (the same "sequence of encryption keys", if this had been digital encryption).

        And that an eavesdropper, with his own chaotic system C, cannot synchronize it with A and B?
        • That's close enough for slashdot!

          For communication it is one-way synchronization with unidirectional coupling, not the mutual coupling which is more well known in math and physics.

          The important point is that the chaos and the 'keys' and the message can all be combined nonlinearly.

          Eavesdropper C would need the same chaotic system with the same settings up to some tolerance. Notice that robustness to attack is thus inversely proportional to tolerance to mismatch.

          The issue of security is not directly addressed by chaotic communication.

          Chaos may be an opportunity to do things other than classical encipherment. It may be like CDMA spreading a signal over a wider frequency band. It may allow you to use cheaper devices or those running past their "normal" tolerance bounds if the requirement for linearity is no longer a factor. It may mean lots of different things; the general point is a greatly increased flexibility and the potential to try widely different kinds of transmission methods. Linear signal transmission is kind of boring, there's AM, FM and minor variations upon those.

          However, it may be that some digital ciphers have properties similar to chaotic systems and people are starting to investigate this connection at a different level. that is more mathematics now than communications engineering.
      • If I understand what you are saying, there wouldn't be a key at all with this form of encryption but instead the noise generated by the hardware would mask the communications, unless the reciever had the same hardware. However, isn't this essentially security by obscurity? If an attacker was able to figure out how your hardware worked, either by some sort of sophisticated analysis or by stealing the information, he would be able to decrypt all of your communications.

        It would seem to me that this encryption is less useful then schemes which use one-way algorithms, such as public key cryptography. While these can be attacked by brute force, it is easy to make the encryption strong enough that brute-force is impractical even for a government. This leaves them vulnerable only to key-stealing which can be guarded against by regularly generating new keys.

        So all in all, I am not sure I see the use in this. It might be useful for ubiquitous encryption because it adds no lag to the process do to it's unique relience on hardware, but I am not sure why ubiquitous encryption on the network level is useful, anyway. It might be useful for governments, but I doubt it for the reasons I gave above. I can't see any way it would be useful to cypherpunks and the like...

        Anybody care to explain to me in more detail what this is useful for?
        • If they can figure out how your hardware worked, this wouldn't necessarily let them decrypt your communications. If they can figure out the settings, well, you are screwed as much as if you left your keys somewhere insecure. However, it seems the only time they are vulnerable to that getting nicked is during the brief synch phase and it is not possible after that.

          This isn't quite my bag, but it seems this is essentially a OTP of possibly infinite length which doesn't require you to send the entire pad to the other guy. The only way to break a OTP(if it is truly random) is to have the OTP and the only way to get the OTP is steal it from one of the parties or if they reuse it. If the pad is infinite and random, all you can do is hope they have to resynch sometime and be waiting for it.
    • Most of the chaotic cryptosystems people have tried to design have been crackable, and cracked. Perhaps there's something about this one that's different, but just because something's relatively hard to predict doesn't make it impossible for people who are far better at math than I am.

      By contrast, a theoretical one-time pad is theoretically provably uncrackable - if you really do have uncorrelated random bits for your pad, and you really only use them once, it's perfectly secure, and even knowing N-1 bits of a message tells you nothing about the other bit. In practice, source of random numbers aren't always perfect, and sometimes people cheat and reuse pads - the NSA's "Venona" crack of Soviet crypto primarily succeeded due to rampant reuse of pads by sloppy crypto users, though I think they also found some non-randomness in the pads that they could exploit a bit. But this optical system guarantees that if you know the initial conditions, you can use the first N-1 bits of a message to predict the next one, and sometimes you may be able to deduce those initial conditions closely enough to crack the system.

  • Isn't this an analouge to the way quantum encryption works? i.e. the forces that be in between source and destination interfere with the stream.

    Is this quantum encryption's working model?

    • No, this is essentially a one time pad in which the "pad" is drawn from a random source both have access to. A neat idea if you can make it work.

      QE is based on a handshake protocol in which I send you a message and you send me a confirmation and we use traded information to communicate. It's not THAT different than the current http model - and other models could be used - as I understand it. The different thing about QE is that it cannot be eavesdropped on.

      Parties A and B handshake and Wil E. Crackor can listen as the communication stream goes past effectively snorting the information to be hacked at later by whatever means he has access to.

      In a quantum event listening to the communication will change them so after we handshake if some one snorts the packets they arrive garbled on the other end. Hence any successful communication is a secure communication. Not easy or cheap to implement but the only method I know of that certifies security in process. If we can talk we are know to be the only one's listening.
      Even with extra strong encryption there's not guarantee that some one who's listening doesn't have a copy and a way to break it - eventually.

      =tkk

      Now it IS open to a "man in the middle attack" I THINK... but only if you have your own quantum generation device. ;)

    • The main similarity is that you need to have a dedicated fiber just to talk encrypted to somebody, which makes both methods impractical for real applications. But quantum crypto gives you a guarantee about whether somebody's able to read your bits or not, and this method doesn't.
    • Quantum encryption requires a quantum entanglement between the sender and receiver. With this you can determine whether or not there has been any interference or interception. This entanglement provides the key, which because of the complexity if theoretically un-decipherable.
  • DMCA (Score:4, Funny)

    by IsaacW (543020) <isaac.waldron@gma3.14il.com minus pi> on Tuesday March 19, 2002 @12:44AM (#3185294) Homepage
    Great... now the RIAA/MPAA will be breathing down our necks for bypassing "noise-based-encryption" protection schemes every time we shield an audio or network cable...
  • This just looks like another way to hide a needle in a haystack. I believe there would be a couple ways to get around this:

    The voice module for some of the high end (25+ CD) Pioneer CD changers is able to hear your voice even if the music is blasting. It does this by taking the music that's playing and mixing it into the microphone preamp 180 degrees out of phase, cancelling out most of the music. This isn't perfect, but I've seen it work, and I'm sure it can be adapted to do the same thing here. In fact, any imperfections may even help, due to the fact that you can (probably) tune it and pick up the real signal out of the mess.

    Brute force. How random is this random noise? If you can create a similar noise generator, all you have to do is filter out 80% of the crap, and you'll be able to grab the signal. It's like picking out the flashlight from a group of strobes. It's a PITA, but once you cover most of the strobes, you can see the flashlight.
    • the randomness of the noise is what the method relies on. The more random the noise the hard er it is to remove. With the CD player, it KNOWS whats playing before you even hear it. If you are are sending light down some fiber the attacker only sees what looks like random noise going down the pipe. the need to know what was added to the stream to get back the real data. assuming the people developing this aren't idiots the noise should be quite random and there for hard to pick out. and it isn't like a flash light among stobes, its more like picking out random 0's and 1's from random 0's and 1's. If you know how a simple XOR cipher works, thats its.
      • Ok, I have a third way now.

        Person 1 uses noise A to "encrypt" a message and send it to person 2. Person 3 intercepts this message, noise and all. Now if either person sends a message with this same noise through, person 3 would be at least get a fair idea what they were talking about in both messages. This is of course assuming that person 3 knows exactly when this specific communication is going to take place, and there isn't 5 billion different noises to chose from and actually used.

        Knowing when the communication takes place shouldn't be that hard if person 3 is watching all the traffic and sees this unintelligble blob all of the sudden.

        Another problem is being able to securely make sure only person 2 has all the different noise files.
        • Now if either person sends a message with this same noise through

          But the whole point of this method is that that's not going to happen. There's a limitless supply of noise, so no need to reuse it.

    • It does this by taking the music that's playing and mixing it into the microphone preamp 180 degrees out of phase

      Actually it does it by *inverting* one of the signals, and then applying some delay to the other signal to account for the propagation time of the sound. You can only make a signal 180 degrees out of phase at a particular frequency.
    • Brute force. How random is this random noise? If you can create a similar noise generator, all you have to do is filter out 80% of the crap, and you'll be able to grab the signal. It's like picking out the flashlight from a group of strobes. It's a PITA, but once you cover most of the strobes, you can see the flashlight.

      Ah, so you propose LOCATION-based encryption. The real signal is spread across key "real" locations and random noise generators fill in the blanks with simliar level noise. This can work on cellphone bandwidths and other "live" signals. A more sophisticated method would shift key spots around the signal to keep things dynamic.

      This could be used for static messages as well as the keypad would be the locations of the actual signal intermixed into noise.
  • OC-48 (Score:2, Funny)

    by ralian (127441)
    Right. And as soon as I get an OC-48 connection, I'll implement this.

    Isn't this a bit like 2048-bit encryption? Sure it's a good idea, but the technology requirements are a bit excessive.
    • by Soko (17987)
      I can think of one instance where this would be very useful.

      There are instances where a DRM plan calls for mirrored FibreChannel RAID sets at very remote locations via Dark Fibre. With the advent of the IP based FibreChannel spec 2048 bit encryption (or better) would be de-rigeure, I'd suspect. IP based FC is supposed to be cheaper and more cross platform since it uses a known, standard protocol that is the basis for the Internet. So, companies may want to send entire machine images through thier OC3 Internet pipe. Now, if you sent that essentially raw data through such hostile territory poorly protected, well, the rest is obvious.

      For the masses - no. For the massive, yes.

      Soko
    • 2048-bit public-key encryption really isn't that expensive - it takes about 4 times as long as 1024, but you were willing to run 1024-bit crypto 3 years ago and your CPU speeds have quadrupled since then. You're probably safe enough using 1024-bit crypto, but 768-bit is only a little past the current edge of the envelope, and you might as well switch to 1536 or 2048 for anything you want kept private over the long term. Encrypting your credit card numbers doesn't need over 1024, since anybody who can afford anything that strong before your credit card expires doesn't need your puny bank account :-)

      But OC48s are still kinda expensive, even though their cheaper cousin, Gigabit Ethernet, has come down to $150 for a PCI board.

  • by Jason Pollock (45537) on Tuesday March 19, 2002 @12:52AM (#3185325) Homepage

    The encryption in cryptonomicon was a one time pad. The pad was implemented as a record, but the concept was the same. The fact that the conversation could only last as long as the record and each record was only used once is indicative.

    But then, perhaps the lasers could be considered an infinite one-time pad? Of course, if anyone else is listening to the synchronisation codes, couldn't they themselves end up with a synched laser too?

    As a form of encryption, this doesn't appear (to me) to be incredibly useful to the average person. It doesn't secure the communication, only the physical connection between the two points. However, it would work for keeping snooping foreign governments from listening in on international traffic on submarine cables. Or nasty pirates from splicing themselves into the cable TV network...

    • No, it is not an infinite one-time pad.

      There is a finite number of setups for syncing the laser - that is your key - the noise output is simply an function of that syncing and setup.

      I would expect that this is by no means secure.

      A plaintext attack - sending through a message that you already know the contents of would give you the "noise" and that information could help you determine what kind of syncing setup they are using. - narrowing down your keyspace.

      The point here is that OTP rely on truly random key pads where this one is an analog function of the laser syncing setup and so is not really random.
    • Agreed, this is not a one-time pad.

      Initially sounds like the syncronized Dynamical Systems of the lasers are acting like optical syncronized feedback-shift-registers, and thus are pseudo-random number generators (PRNG's), which are classically not quite as secure as true one-time-pads.

      But by using a quantized variant of state variable of a continuous dynamical system as the key, they can, reyling on the Lorenz effect, avoid allowing a surreptious third party syncronizing a non-matched generator. Thus avoiding the deduce-the-PRNG-settings problem.

      However, there's still a key exchange problem. You have to have distrbuted matched pairs of these precision feedback lasers with anyone you want to communicate with this way. Hardly public key! In order to get the cost down, I'd hope these are semi-lasers. But if they're mass-produceable, how can I trust the manufacturer to not create more than 2 identical at a time? If they can make them cheap enough and softkeyable, what's to stop NSA from building a Huge Parallel Array of them? (Decades ago, we had a camper-trailer whose key was interchangeable with the Chevy's.)

  • Oh yeah...Johnny Mnemonic! Yeah, when he was picking random images for the data to encrypt it. I find it strange that something from such a mediocre movie gets to actually be applied as technology. (Then again, the whole point of the movie was its neat ideas.)

    Why didn't somebody think of this before?
  • Really, all encryption is open to decryption. What one thing is unique to any object? Its location. Say you incorporate a unique location key, and specify your destination's unique location key, a message key, and a confirmation key. You send your message... recipient is validated by GPS and given access to message key to generate request for confirmation key via satellite. Sure, nothing is 100%, but this type of system would likely be way, way less hackable than typical internet trasnmission.
    Just a thought.
    • Wouldn't this system be easily spoofable? GPS doesn't assign unique keys to each physical location, it just broadcasts streams of data from several sources, using which the GPS device determines its location by triangulation. So there is no way to send a message that would only be readable from a certain physical location, because there is no information that a device would _need_ to be in that location to have.
  • Churchill and Roosevelt did this to communicate during WWII. They each had a phone setup [iwm.org.uk] where 2 identical records containing random noise was played along with their conversations, and the analog circuitry subracted the noise on each end.

    You can still see Churchill's phone at the Cabinet War Rooms in London. I don't know if Roosevelt's phone is in a museum or not.

    Was this the thing mentioned in Cryptonomicon? I can't remember.

  • Hmmm, how bout instead of using optical cryptography how bout using the photons for quantum cryptography?
  • How would this compare to quantum crypto? It seems like if you know the circuits, you could build another and then try to sync it, so it probably isn't near as strong the quantum stuff.
  • Slashdot (Score:2, Funny)

    by Sivar (316343)
    Taco will be in a very difficult situation at his work if they remove unrestricted internet access...
  • Nulls. (Score:3, Interesting)

    by TheSHAD0W (258774) on Tuesday March 19, 2002 @02:00AM (#3185543) Homepage
    This technique is actually very old, though it wasn't used bit by bit. You're inserting null terms into the cypher stream. Prior to modern cryptological methods nulls were fairly popular, but the technique has fallen into disuse because of its increasing the message size, and because 1:1 stream cyphers are SO much more convenient. Besides, the new cryptosystems are unbreakable, right? Right?

    Even having a small multiple of nulls to significant elements increases the complexity of calculation exponentially. For example, a 1:1 proportion of null bits in 512-bit blocks. The result is a 1024-bit blocked key stream. You can't do any sort of intelligent analysis of the stream unless you can figure out which bits are significant, and there are 2^512 possible permutations of significant and garbage bits for each block.
  • by nweaver (113078)
    One of the classic mistakes is creating your own cryptographic algorithm when perfectly good ones will suffice.

    AES/Rijndael is FAST in hardware, a $10 FPGA can do counter mode encryption, fully key agile, at 1.3 Gbps. Why create an algorithm dependant on chaotic laser behavior when you know that you can get cheap encryption which is secure in available hardware.

    • Why create an algorithm dependant on chaotic laser behavior when you know that you can get cheap encryption which is secure in available hardware.

      For fuck's sake, just to fucking do it.

      Why do you bother wasting your time posting to slashdot when you're just going to die someday and it's not going to matter?

      Besides, your FPGA doesn't exactly fit well into an all-optical switch or router with MEMS or bubble gates that bounce light around, does it? But it's easy enough to add or subtract the optical noise optically without having to waste a bunch of fucking time demodulating the signal, feeding it through a (comparitavely) ass-slow FPGA, modulating it again then sending it down the pipe. Latency is the issue, not whether or not your toaster has more crypto in it for the buck. Besides that, it would likely scale more cheaply than something like an FPGA solution. Bump the speed 10x - suddenly you need thousands of dollars worth of FPGA's, yet you probably only need a slightly faster oscillator of some sort in your chaotic noise generator - maybe a $5 difference or similar. And did you consider that you can probably use the SAME noise generators to cover your entire optical network - one pair in each device - while you'd need a pair of encrypting/decrypting FPGA's at either end of a link? Think of a 48 port switch and you've just saved an enormous amount of money.

      ~GoRK
    • OK, so the crypto's not provably any good, and probably actually not very good, and the price of buying a spare OC48 to everybody you want to talk to makes it a bit impractical even if DWDM makes it potentially less outrageously expensive, and a couple of cheap chips can outrun the thing. But it *is* still cool :-)


      mbkennel's posting [slashdot.org] has some good discussion on it. Chaotic crypto has usually been cracked any time anybody's seriously attacked an implementation of it, and this approach sounds like it's designed to be *easier* to crack than the average chaotic system, but it's still interesting stuff.

  • random noise (Score:2, Informative)

    by Anonymous Coward

    There's a couple things to be aware of in this system. First, it does not increase the amount of information sent. Here's an example:

    Here's the message: 0 1 1 0 1 0 0 1
    Here's the noise : 1 0 1 1 0 1 0 0
    Then XOR them : 1 1 0 1 1 1 0 1

    Notice that the message does not get any longer by encrypting it. As long as you know the noise, then you can take the XORed result and find the original message.

    Another problem is that a lot of noise isn't really random. If the noise isn't random, then the message can be decrypted. For example, if there is a tendency for the noise to have a pattern or there are long series of 0's, the original message can be decripted without the "noise key". Very few physical processes are actually random (not hits on a website, not sunspots). One of them that is random is radioactive decay.
  • It stands to reason that if some data needs to be transfered from point A to point B to get the synchronization started, then that data needs to be secured. How do you secure that without a SECOND set of codes, which also need to be secured, ad infinitum. Of course, you could just physically deliver the codes, but if you are doing that, you could just physically deliver the secret messages you wanted to send in the first place, right? As cool as I think this is, it still doesn't seem to be enough.
    • This is exactly the problem that Diffey and Hellman solved by creating the public key/private key pair encryption/decryption scheme.

      The general idea is that you encrypt a message, or a key to a message using a process that can not be reversed using the publicly available key that you use. You send the encrypted message to the recipient who holds the private key which is the only key that can decrypt the original message.

      The problem then becomes verifying that the public key you are using is actually the public key of the recipient. There are two methods to do that. One is a digital fingerprint, effectively a has of the public key that you can validate over the phone or in some other method. (This is a one way method where the fingerprint can not be used to regenerate the public or private key) The other is peer validation. peer validation relly's upon you trusting a third party to act as an authority on the person you are sending data to. So if you trust your cousin to know his cousin, and your cousin has signed his cousin's public key, you may trust his cousin's public key.

      Diffey and Helmen published this, the fine triplet known as RSA subsequently pattented an implementation of the procedure, and that pattent has since expired. In other words this is old news.

      -Rusty
    • Thats the classic problem with symetric key systems, especially the unbreakable OTP where the key size and the message are equal.

      It does give you a logistical advantage that you can transfer the secret information at a time, place and method of your choosing and then send communication over an unsecure channel safely later.

      I.e. load it on to the aircraft computer at the military base, or on your laptop inside the firewall at HQ, ect - assuming those networks are secure or at least more secure.

      And then communicate it instantly over the insecure internet or radio when the time is right.
  • Really, it's just a One-time-pad. If you want to create one time pad security without all the hassle, you use a high-order Linear Feedback Shift Registers.
  • Just change the ModeLines line in your XF86Config to a series of random numbers...

    rr
  • Yes, you can read all about it right here [bruinwalk.com].
  • This sounds like Direct Sequence Spread Spectrum over a wire. Essentially you XOR a pseudo-random sequence with the signal. In DSSS the signal rate is much lower than the PRS. The PRS can be as random seeming as you like, even cryptographically generated i would imagine, but it cannot be truly random unless you have an out of band way to communicate the randomness. Usually the spreading is accomplished with a linear feedback shift register sequence that will repeat at regular intervals.

    One useful side effect is that you can use two or more different sequences on the same band (or wire) the two underlying signals do not interfere with each other (or not to a great extent).

    Anyway it looks like this professor has managed to create the optical equivalent of a linear feedback shift register with two matching lasers.
  • by SomethingOrOther (521702) on Tuesday March 19, 2002 @07:07AM (#3186085) Homepage

    Prof Alan Shore [bangor.ac.uk] has done some work simmilar to this [bangor.ac.uk] at Bangor university

  • This sounds a lot like the method that GPS satellites use to be able to all transmit on the same frequency. As I understand it, each uses pseudo-random noise as a carrier. The GPS unit knows the algoritms and parameters behind each of the satellites' noise, and is thus able to filter out the signals, which all share the same frequency range.

    -me
  • Spectrum widening (Score:2, Informative)

    by paugq (443696)
    This technique is very simmilar to the one know as "spectrum widening", only that this new technique saves a lot of bandwith. Of course, there's a big problem: how do both sides get the same noise signal?

    Spectrum widening consists on "dissoluting" the original signal (i.e. a 1 MHz signal) into a larger one (i.e. a 100 MHz signal). This way, information is distributed thru the whole 100 MHz spectrum and you get shielding against noise and big resistance to spyers.
  • I suggest a new poll:

    The first name of the cyberpunk writer Stephenson is

    • Neil
    • Neal
    • CowboyNeil
    • CowboyNeal

  • "Someone on the other end would subtract out the noise to get the signal. Works great if both ends have the exact same noise."

    I know some older folks who think that two people with "Metallica - Injustice for All" have the same noise. Is this what they are referring to here? &^}

    But seriously, if two people have 'the same noise' and use it to decrypt, it can't possibly be considered noise. It become a signal. No two ways about it. Think people ... think!
    • Noise is a type of signal, at least if you talk to any signal processing geek.

      Noise generally refers to "Any signal other than the desired signal."

      • "Noise is a type of signal, at least if you talk to any signal processing geek."

        Remind me not to talk to any signal processing geeks. If some idiot starts babbling meaningless gibberish, I suppose that this is a signal that he is an idiot who spouts gibberish. Beyond that, it doesn't tell me anything. It certainly doesn't tell me anything usefull. It's like a purple light at an intersection ... it creates confusion and signifies nothing. Perhaps the signal processing geeks you are talking to should study the etymology of the word signal.

        "Noise generally refers to "Any signal other than the desired signal.""

        That's exactly what I just said. If it is a signal you want/need to decrypt something it is not an undesired signal (noise), it is the very signal a would be cracker desires ... i.e. it is NOT noise.

        A reasonable analogy would be the way some idiot modded my post as off-topic. At first glance it looks like noise, but it really tells me something. It tells me the cluless buffoon who modded my post is an idiot. Looks like noise, but it's not. Get it? 8^}
  • If anyone's interested, there's a pretty good sci-fi novel called Signal to Noise [amazon.com] by Eric S. Nylund that deals, in part, with this same subject. I'd recommend it. It's a bit dense, much like Neuromancer, but worth the read.

  • Any of you use a cellular phone? A CDMA one? Your phone uses the same technology. It's called Direct Sequence Spread Spectrum.

  • The problem with cryptography 40 years ago, as I understand it, is that when you wanted to talk to someone else you had to send them your key. This key had to be kept absolutely secure because anyone who had access to it could read your messages.

    The wonder of asymmetric encryption meant that (public) keys could be sent by normal mail, email, or even posted on a big billboard on your house just so long as it got distributed.

    "Noise" encryption means that both sender and receiver have to have the same type of noise, otherwise they can't subtract it. So this noise (the key) has to be given by the sender to the receiver. Bang! Asymmetric encryption. And once you've used it once, you may as well carry on using it because if it's weak, you've broken the security, and if it's strong, it's.... strong.

    There's the additional problem that the noise has to be as long as the cypher (lengthy keys) or repeated (insecure).

    But anyway. IANASE.

Scientists will study your brain to learn more about your distant cousin, Man.

Working...