## Move Over, Quantum Cryptography: Classical Physics Can Be Unbreakable Too 126

Posted
by
Soulskill

from the in-this-house-we-obey-the-laws-of-thermodynamics dept.

from the in-this-house-we-obey-the-laws-of-thermodynamics dept.

MrSeb writes

*"Researchers from Texas A&M University claim to have pioneered unbreakable cryptography based on the laws of thermodynamics; classical physics, rather than quantum. In theory, quantum crypto (based on the laws of quantum mechanics) can guarantee the complete secrecy of transmitted messages: To spy upon a quantum-encrypted message would irrevocably change the content of the message, thus making the messages unbreakable. In practice, though, while the communication of the quantum-encrypted messages is secure, the machines on either end of the link can never be guaranteed to be flawless. According to Laszlo Kish and his team from Texas A&M, however, there is a way to build a completely secure end-to-end system — but instead of using quantum mechanics, you have to use classical physics: the second law of thermodynamics, to be exact. Kish's system is made up of a wire (the communication channel), and two resistors on each end (one representing binary 0, the other binary 1). Attached to the wire is a power source that has been treated with Johnson-Nyquist noise (thermal noise). Johnson noise is often the basis for creating random numbers with computer hardware."*
## Kish again? (Score:5, Informative)

## unbreakable been around for a while (Score:3, Informative)

Claude Shannon proved in the 1940's that the Vernam cipher with a key the same size as the message, aka one time pad, has perfect security. The USA built the world first digital audio system [wikipedia.org] during WWII in order to give such perfect security to voice communications between Roosevelt and Churchill, among others.

## The fundamental idea (Score:5, Informative)

## Re:Still breakable (Score:5, Informative)

## Re:Still breakable (Score:5, Informative)

## Re:Still breakable (Score:5, Informative)

No, you can't. There is nothing to "brute force": the current and voltage is essentially random. You can't brute-force that for the same reason you can't brute-force a one-time pad: there is nothing to brute-force. Also, while I'm not sure, I don't think Alice needs to know the current and voltage: it looks to me like only Bob does (Alice attaches a resistor with the resistance she wants, Bob does so randomly, Bob compares the current he sees with what it was originally minus the resistor he attached: only Bob needs to know the original current). The only way to decrypt the data stream is if you know what resistor either side attached, and you can't do that without adding energy to the system, which Bob will notice (Alice too if she knows what the current was originally, but that would mean Alice and Bob already have a shared randomness, which means they don't need any tricks to encode a message: they can just use that randomness as a one-time pad).

## Re:Still breakable (Score:4, Informative)

Knowing V and I don't help you because you don't know how much of the R that resulted in I given V was from Alice's end and how much from Bob's. Only they know that.

## Re:unbreakable been around for a while (Score:5, Informative)

Funnily enough, "quantum key distribution" is what it's actually generally referred to in the field.

## Re:Still breakable (Score:5, Informative)

If you can decrypt something that means there is a method to do so. You pass the message and one-time pad into this "function" and receive output.

Yes, but how do you know when the output is correct?

This is why an OTP provides perfect secrecy, if the key is secret. For a given ciphertext, there is some key that transforms it into

every possible plaintextof the right length. This means that the result of brute force searching the keyspace for an n-bit ciphertext is every possible n-bit message. Thus, the only information you can get out of an OTP-encrypted message is the message length -- assuming it wasn't padded. With padding, the only information you can get is the maximum length.The same problem actually occurs with "normal" ciphers and short messages. If I use AES to encrypt a one-bit message (perhaps padding the rest of the block with random bits), every possible AES key will result in an apparently-valid decryption -- the first bit will be either 0 or 1. But I have no way to tell which is right, even though I know that 2^128-1 of them are wrong. Claude Shannon defined the concept of the "unicity distance" to describe this, "unicity distance" being, basically, the length of the smallest amount of ciphertext which an attacker with infinite resources needs in order to determine the correct key, by examining resulting plaintexts. With an OTP, the unicity distance is infinite because as the message grows so dos the key, without bound.

Assuming the key is secret... which is the hard part with one-time pad protocols.

## Re:Still breakable (Score:5, Informative)

IMHO, the fallacy in the claim of unbreakable one-time pad encryption is the reliance that all computed plain-texts for the key space are

equallypossible to be the correct plain-text for the cipher text.Imagine you are being that exists beyond time and space and can experience all possibilities at the same time. I would think that all possible computed plain-texts would mostly look a huge pile of crap, but an exceedingly few amount are going to look like something you recognize, and then one of them will look like an Apple.

Once again, that does not mean one-time pads are not very secure. They are very secure, just not truly unbreakable.

No, a one time pad with a true random key is truly unbreakable.

What you've overlooked is that when your hypothetical Godlike being sees all possible computed plain texts, that consists of

every possible messageof the length of the cipher text.Note that what the Godlike being sees when he tries all possible decryptions does not depend on what the message is (other than the length). Thus, he gets absolutely no information from the cipher text (other than the length).

Try thinking about it with a small example and that should help you see it. For instance, do a 3 bit message. We've got 8 possible messages: 000, 001, 010, 011, 100, 101, 110, and 111. Let's say you know that only 001, 010, and 100 make any sense. Alice sends to Bob the encrypted message 110.

When your Godlike being considers all possible decryptions, he gets 000, 001, 010, 011, 100, 101, 110, and 111, depending on whether the key was 110, 111, 100, 101, 010, 011, 000, or 001.

So he looks at these, and picks out 001, 010, and 100 as the only meaningful messages. Now what? He has no idea which is the right message.

Now perhaps he knows that some of the meaningful messages are more likely than others. Maybe he knows that 99% of the time, Alice sends 010. So he will probably be right if he guesses that this message was 010.

However, he'd have had exactly the same chance of being right if he had guessed 010 without even looking at Alice's message!