Slashdot Mirror
Optical Cryptography
chill writes: "In Cryptonomicon, Neil Stephenson wrote about Bell Labs' research into using static, or chaotic signals to mask communications. A message would be generated, then the signal masked in noise. Someone on the other end would subtract out the noise to get the signal. Works great if both ends have the exact same noise. Now, Jia-ming Liu, professor of electrical engineering at UCLA, is giving a presentation on doing essentially the same thing using OC-48 (2.5 Gbps) optical circuits. The presentation will be at the upcoming Optical Fiber Communications Conference and Exhibit. There is an article covering this and some other nice advances in optical over in Wired."
You could also image doing this with regular any noise and random observations. Like solar observations, for instance or other space observations. Could even be based on traffic to specific web sites....
-Sean
If you're interested in how they syncronize the noisy lasers, here is a shortcut to the non-linear faq... a bit of easy evening reading for your enjoyment.
so how is this any different than steg
where a message is hidden in noise (the image) then when the image (noise) is subtracted the message appears.
are we still trying to re-invent the wheel here or am i missing something ?
Maybe I'm completely off here, but if you're using noise interference, wouldn't that be sort of wasting bandwidth? This is a cool technology, I wonder if there would be a way to mask a signal and at the same time run multiple signals, so you could essentially split the information through a long pipe (like the laser) using the chaotic noise, and each would be able to be filtered out (at some sort of router) and sent to various places accordingly. Seems it would be much more efficient to carry information that way.
You could also image doing this with regular any noise and random observations. Like solar observations, for instance or other space observations. Could even be based on traffic to specific web sites....
The trick to all noise-masking techniques is for YOU and YOUR PARTNER to have the same set of noise and NOBODY ELSE to have it.
Use a well-known public noise source and a link to that source becomes the key which decrypts all your traffic.
Oops!
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Is it just me, or can almost any post on ./ be linked eventually to _Cryptonomicon_? Anything, for that matter?
Or is it just that I'm studying World War II?
TANSTAAFI: There Ain't No Such Thing As A Free iPod.
This is essentially a one-time pad cipher where the pad is the length of the message and then (in the digital world) they XOR the pad with the message and send them both. For fiber optics, they probably do a similar transform, but instead of XOR they probably just a straight add, modulo some appropriate number.
--sam
--sam
Any technology distinguishable from magic is insufficiently advanced.
It is a OTP - It is a very fast and convenient way to make very good and non-interceptable OTPs
But that does bring up what I think would be an advantage to a system like this in that the bad guy doesn't have to know when you're getting your message and and is able to intercept it. If you can only recognize the message after dycrypting it than you can make it by having scheduled messages sent and only you and your partner know when and where they are. The bad guy is left with his special decoder ring and about a zillion random letters.
I stole this Sig
Great... now the RIAA/MPAA will be breathing down our necks for bypassing "noise-based-encryption" protection schemes every time we shield an audio or network cable...
This just looks like another way to hide a needle in a haystack. I believe there would be a couple ways to get around this:
The voice module for some of the high end (25+ CD) Pioneer CD changers is able to hear your voice even if the music is blasting. It does this by taking the music that's playing and mixing it into the microphone preamp 180 degrees out of phase, cancelling out most of the music. This isn't perfect, but I've seen it work, and I'm sure it can be adapted to do the same thing here. In fact, any imperfections may even help, due to the fact that you can (probably) tune it and pick up the real signal out of the mess.
Brute force. How random is this random noise? If you can create a similar noise generator, all you have to do is filter out 80% of the crap, and you'll be able to grab the signal. It's like picking out the flashlight from a group of strobes. It's a PITA, but once you cover most of the strobes, you can see the flashlight.
Get a life!
This is called traffic masking, and is a useful, known tool. However, it can also be viewed as security through obscurity, typically a bad thing. (tm)
Right. And as soon as I get an OC-48 connection, I'll implement this.
Isn't this a bit like 2048-bit encryption? Sure it's a good idea, but the technology requirements are a bit excessive.
-raph
The encryption in cryptonomicon was a one time pad. The pad was implemented as a record, but the concept was the same. The fact that the conversation could only last as long as the record and each record was only used once is indicative.
But then, perhaps the lasers could be considered an infinite one-time pad? Of course, if anyone else is listening to the synchronisation codes, couldn't they themselves end up with a synched laser too?
As a form of encryption, this doesn't appear (to me) to be incredibly useful to the average person. It doesn't secure the communication, only the physical connection between the two points. However, it would work for keeping snooping foreign governments from listening in on international traffic on submarine cables. Or nasty pirates from splicing themselves into the cable TV network...
This form of chaotic synchronizing communication works by a dynamical systems property. It seems like magic but it is not really.
It relies on the effect of chaotic synchronization. That sort of amazing fact that even though you can have a dynamical system that is continuously unstable in 'some degrees of freedom' making up the chaotic system the combination system of transmitter and receiver can still be stable in the 'transverse' direciton to the synchronization manifold.
All communication systems work by synchronization whether implicitly or explicitly. Here you will explicitly have chaotic oscillators as both transmitters and receivers. Yes, radio is like this too, you have a linear oscillator in the transmitting tower and an oscillator in your RF circuit in your receiver and their electric fields will synchronize the receiver's oscillator to the transmitter.
The trick is how to add in modulation and demodulation that does not destabilize the system and still permit reconstruction of the transmitted information.
All chaotic systems essentially have some sort of nonlinear feedback. The trick that seems to work very frequently with optical dynamics is to mix in some of the transmitted signal coming over the channel with the self-regenerated system at the receiver. In previous work with fiber optic ring laser it really was literally mixing optical signals, in the thing I did it was mixing in electro-optic electrical feedback signals; more like mixing intensities.
It turns out that a fairly generic form of dynamics often seems to work.
I worked on this project from a theoretical modeling level with Jia-Ming Liu's group at UCLA.
(We're at UCSD not UCLA).
I'm not sure what this new work is about but in the version that I did there was no significant role for the dynamics or properties of the fiber optics in the creation of the chaos or the demodulation.
It will a very significant amount of engineering to make this fully practical and find all the good properties but that's true for every advance.
Well, look at it this way: if your background traffic is random noise, and your "signal" cannot be differentiated from random noise, one must question what kind of signal actually is present.
It's really, really hard to mask a legitimate messages in random noise and hope that the bad guy won't be able to differentiate the two.
Oh yeah...Johnny Mnemonic! Yeah, when he was picking random images for the data to encrypt it. I find it strange that something from such a mediocre movie gets to actually be applied as technology. (Then again, the whole point of the movie was its neat ideas.)
Why didn't somebody think of this before?
Zodiac Survey
QE is based on a handshake protocol in which I send you a message and you send me a confirmation and we use traded information to communicate. It's not THAT different than the current http model - and other models could be used - as I understand it. The different thing about QE is that it cannot be eavesdropped on.
Parties A and B handshake and Wil E. Crackor can listen as the communication stream goes past effectively snorting the information to be hacked at later by whatever means he has access to.
In a quantum event listening to the communication will change them so after we handshake if some one snorts the packets they arrive garbled on the other end. Hence any successful communication is a secure communication. Not easy or cheap to implement but the only method I know of that certifies security in process. If we can talk we are know to be the only one's listening.
Even with extra strong encryption there's not guarantee that some one who's listening doesn't have a copy and a way to break it - eventually.
=tkk
Now it IS open to a "man in the middle attack" I THINK... but only if you have your own quantum generation device. ;)
Bill Gates - Creationist?!?
We had a link with the British in the War that would use a disk of noise to overlay a signal on top of communications that would be un scrambled on the other side by the same wheel running on at the same time. The more things change, the more they stay the same.
Check out the NSA's explanation
Previous Slashdot Story
How does one hide messages in reandom noise, though? Would it work to LZ-compress them, to make them appear random?
LZ+Huffman (i.e. deflate, the core of gzip and pkzip) works, but you get more compression in a Burrows-Wheeler based scheme such as bzip2. More compression => more entropy per coded symbol => more resistance to known plaintext attacks.
Will I retire or break 10K?
Taco will be in a very difficult situation at his work if they remove unrestricted internet access...
Computer Science is no more about computers than astronomy is about telescopes. --E. W. Dijkstra
This technique is actually very old, though it wasn't used bit by bit. You're inserting null terms into the cypher stream. Prior to modern cryptological methods nulls were fairly popular, but the technique has fallen into disuse because of its increasing the message size, and because 1:1 stream cyphers are SO much more convenient. Besides, the new cryptosystems are unbreakable, right? Right?
Even having a small multiple of nulls to significant elements increases the complexity of calculation exponentially. For example, a 1:1 proportion of null bits in 512-bit blocks. The result is a 1024-bit blocked key stream. You can't do any sort of intelligent analysis of the stream unless you can figure out which bits are significant, and there are 2^512 possible permutations of significant and garbage bits for each block.
Yes, the actual encryption being performed is similar to a OTP. That's not the news here, though. The problem with OTPs has always been how to generate and distribute the pads. Typically, this requires transmission via some separate secure link (for instance, a courier), and leaves you with a limited amount of pad-- once you run out, you need to go through the whole rigamarole again.
This is a technique by which a key can be generated and distributed without that messy step. In the end, the data's basically being put through the same encryption process as one would use with a OTP, but it's being done with a random signal that's being generated on the fly over a wire between two geographically separated points, but is (ideally) still secure even if somebody eavesdrops.
Quantum cryptography is another example of a nifty concept that (in the end) relies on the old OTP technique. A random signal is generated and measured in two different places by measuring quantum characteristics of entangled particles. This is the cool part. Then that signal, which is truly random, can't be intercepted, and doesn't require a courier to deliver, is used as a OTP, which is the bread-and-butter part.
You might as well criticize a story on the development of fusion powered cars because the car still rests on old-fashioned wheels... which've been around for sooo many years.
That's close enough for slashdot!
For communication it is one-way synchronization with unidirectional coupling, not the mutual coupling which is more well known in math and physics.
The important point is that the chaos and the 'keys' and the message can all be combined nonlinearly.
Eavesdropper C would need the same chaotic system with the same settings up to some tolerance. Notice that robustness to attack is thus inversely proportional to tolerance to mismatch.
The issue of security is not directly addressed by chaotic communication.
Chaos may be an opportunity to do things other than classical encipherment. It may be like CDMA spreading a signal over a wider frequency band. It may allow you to use cheaper devices or those running past their "normal" tolerance bounds if the requirement for linearity is no longer a factor. It may mean lots of different things; the general point is a greatly increased flexibility and the potential to try widely different kinds of transmission methods. Linear signal transmission is kind of boring, there's AM, FM and minor variations upon those.
However, it may be that some digital ciphers have properties similar to chaotic systems and people are starting to investigate this connection at a different level. that is more mathematics now than communications engineering.
One of the classic mistakes is creating your own cryptographic algorithm when perfectly good ones will suffice.
AES/Rijndael is FAST in hardware, a $10 FPGA can do counter mode encryption, fully key agile, at 1.3 Gbps. Why create an algorithm dependant on chaotic laser behavior when you know that you can get cheap encryption which is secure in available hardware.
Test your net with Netalyzr
There's a couple things to be aware of in this system. First, it does not increase the amount of information sent. Here's an example:
Here's the message: 0 1 1 0 1 0 0 1
Here's the noise : 1 0 1 1 0 1 0 0
Then XOR them : 1 1 0 1 1 1 0 1
Notice that the message does not get any longer by encrypting it. As long as you know the noise, then you can take the XORed result and find the original message.
Another problem is that a lot of noise isn't really random. If the noise isn't random, then the message can be decrypted. For example, if there is a tendency for the noise to have a pattern or there are long series of 0's, the original message can be decripted without the "noise key". Very few physical processes are actually random (not hits on a website, not sunspots). One of them that is random is radioactive decay.
It stands to reason that if some data needs to be transfered from point A to point B to get the synchronization started, then that data needs to be secured. How do you secure that without a SECOND set of codes, which also need to be secured, ad infinitum. Of course, you could just physically deliver the codes, but if you are doing that, you could just physically deliver the secret messages you wanted to send in the first place, right? As cool as I think this is, it still doesn't seem to be enough.
"Your superior intellect is no match for our puny weapons!"
Just change the ModeLines line in your XF86Config to a series of random numbers...
rr
Quidquid latine dictum sit, altum videtur.
The main similarity is that you need to have a dedicated fiber just to talk encrypted to somebody, which makes both methods impractical for real applications. But quantum crypto gives you a guarantee about whether somebody's able to read your bits or not, and this method doesn't.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
By contrast, a theoretical one-time pad is theoretically provably uncrackable - if you really do have uncorrelated random bits for your pad, and you really only use them once, it's perfectly secure, and even knowing N-1 bits of a message tells you nothing about the other bit. In practice, source of random numbers aren't always perfect, and sometimes people cheat and reuse pads - the NSA's "Venona" crack of Soviet crypto primarily succeeded due to rampant reuse of pads by sloppy crypto users, though I think they also found some non-randomness in the pads that they could exploit a bit. But this optical system guarantees that if you know the initial conditions, you can use the first N-1 bits of a message to predict the next one, and sometimes you may be able to deduce those initial conditions closely enough to crack the system.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
mbkennel's posting has some good discussion on it. Chaotic crypto has usually been cracked any time anybody's seriously attacked an implementation of it, and this approach sounds like it's designed to be *easier* to crack than the average chaotic system, but it's still interesting stuff.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
This sounds like Direct Sequence Spread Spectrum over a wire. Essentially you XOR a pseudo-random sequence with the signal. In DSSS the signal rate is much lower than the PRS. The PRS can be as random seeming as you like, even cryptographically generated i would imagine, but it cannot be truly random unless you have an out of band way to communicate the randomness. Usually the spreading is accomplished with a linear feedback shift register sequence that will repeat at regular intervals.
One useful side effect is that you can use two or more different sequences on the same band (or wire) the two underlying signals do not interfere with each other (or not to a great extent).
Anyway it looks like this professor has managed to create the optical equivalent of a linear feedback shift register with two matching lasers.
Prof Alan Shore has done some work simmilar to this at Bangor university
Anyone quoted by a reporter knows how little they understand
Don't believe what you read is the truth.
This sounds a lot like the method that GPS satellites use to be able to all transmit on the same frequency. As I understand it, each uses pseudo-random noise as a carrier. The GPS unit knows the algoritms and parameters behind each of the satellites' noise, and is thus able to filter out the signals, which all share the same frequency range.
-me
Love many, trust a few, do harm to none.
This technique is very simmilar to the one know as "spectrum widening", only that this new technique saves a lot of bandwith. Of course, there's a big problem: how do both sides get the same noise signal?
Spectrum widening consists on "dissoluting" the original signal (i.e. a 1 MHz signal) into a larger one (i.e. a 100 MHz signal). This way, information is distributed thru the whole 100 MHz spectrum and you get shielding against noise and big resistance to spyers.
OK here's the deal.
Roughly, Rissanen proved how well any estimator for probabilities that has a total of "k" free parameters that you can use as a coding thing (Kraft inequality and all that).... the extra coding redundancy, i.e. number of bits about N*H where H is the entroypy rate is k/2 log N.
So if you have a source with k free parameters and your receiver is in the same model class and can adapt those 'k' parameters, you will get a redundancy of k/2 log N.
That assumes you know the class.
If you don't know anything about the class it's also been proven that there is no single unviversal appraoch to the limit, i.e. the thing you're asking for in the first part is impossible to get.
For certain classes of input like Markov models, yes the CTW and other methods achieve the Rissanen limit and Lempel-Ziv does not, it has a clearly slower rate of convergence.
You might wonder whether or not LZ does achieve that limit on some other class of sources and CTW does not, but the class of sources that is LZ's is defined very implicitly and it's not very obvious.
There's been nothing found theoretically and in imost practical tests the modeling algorithms (CTW and prediction by partial matching---PPM) seem to be better on compression performance both finite length and asymptotically.
Interestingly the BWT and the subsequent coding of the transformed signal (BWT is only half of the bzip2 algorithm!) turns out to be sort of like a rough approximation to a context-tree kind of method (PPM or CTW) but with some extra glitches.
The advantage is that it's computationally fast.
"Noise is a type of signal, at least if you talk to any signal processing geek."
Remind me not to talk to any signal processing geeks. If some idiot starts babbling meaningless gibberish, I suppose that this is a signal that he is an idiot who spouts gibberish. Beyond that, it doesn't tell me anything. It certainly doesn't tell me anything usefull. It's like a purple light at an intersection
"Noise generally refers to "Any signal other than the desired signal.""
That's exactly what I just said. If it is a signal you want/need to decrypt something it is not an undesired signal (noise), it is the very signal a would be cracker desires
A reasonable analogy would be the way some idiot modded my post as off-topic. At first glance it looks like noise, but it really tells me something. It tells me the cluless buffoon who modded my post is an idiot. Looks like noise, but it's not. Get it? 8^}
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun