Move Over, Quantum Cryptography: Classical Physics Can Be Unbreakable Too

← Back to Stories (view on slashdot.org)

Move Over, Quantum Cryptography: Classical Physics Can Be Unbreakable Too

Posted by Soulskill on Friday June 15, 2012 @05:12AM from the in-this-house-we-obey-the-laws-of-thermodynamics dept.

MrSeb writes "Researchers from Texas A&M University claim to have pioneered unbreakable cryptography based on the laws of thermodynamics; classical physics, rather than quantum. In theory, quantum crypto (based on the laws of quantum mechanics) can guarantee the complete secrecy of transmitted messages: To spy upon a quantum-encrypted message would irrevocably change the content of the message, thus making the messages unbreakable. In practice, though, while the communication of the quantum-encrypted messages is secure, the machines on either end of the link can never be guaranteed to be flawless. According to Laszlo Kish and his team from Texas A&M, however, there is a way to build a completely secure end-to-end system — but instead of using quantum mechanics, you have to use classical physics: the second law of thermodynamics, to be exact. Kish's system is made up of a wire (the communication channel), and two resistors on each end (one representing binary 0, the other binary 1). Attached to the wire is a power source that has been treated with Johnson-Nyquist noise (thermal noise). Johnson noise is often the basis for creating random numbers with computer hardware."

126 comments

Min score:

Reason:

Sort:

Hehehe by Hatta · 2012-06-15 05:16 · Score: 5, Funny

Johnson noise.

--
Give me Classic Slashdot or give me death!
1. Re:Hehehe by Anonymous Coward · 2012-06-15 05:29 · Score: 1
  
  Wish I had mod points ... or an account.
2. Re:Hehehe by Anonymous Coward · 2012-06-15 05:32 · Score: 0
  
  Listen! Do you hear that?? Is sounds like a huge ....
3. Re:Hehehe by Anonymous Coward · 2012-06-15 06:23 · Score: 2, Funny
  
  Or vagina.
4. Re:Hehehe by Anonymous Coward · 2012-06-15 06:45 · Score: 1
  
  Johnson noise.
  Mine is very silent :P
5. Re:Hehehe by jkiller · 2012-06-15 07:17 · Score: 1
  
  Put it in motion.
6. Re:Hehehe by Brawlking · 2012-06-15 19:39 · Score: 1
  
  Mine just goes *fap fap fap* :'(
7. Re:Hehehe by Anonymous Coward · 2012-06-16 02:09 · Score: 0
  
  Err ... The guy is Masters. Johnson was a woman. ... i think I missed the joke.
Real Geniuses by Overzeetop · 2012-06-15 05:22 · Score: 4, Funny

I want to know if the Laszlo in this story also has an underground room where he prepares and sends in entries to the publishers clearing house sweepstakes. And who's dorm room closet does he come out of?

--
Is it just my observation, or are there way too many stupid people in the world?
1. Re:Real Geniuses by Anonymous Coward · 2012-06-15 06:27 · Score: 0
  
  "How's it feel to be frozen!? ICE is NICE!! Laslo, BUDDY!!"
Unbreakable encryption is easy! by Kenja · 2012-06-15 05:24 · Score: 5, Insightful

Unbreakable encryption that can be decrypted is much harder.

--

"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
1. Re:Unbreakable encryption is easy! by Bigby · 2012-06-15 05:45 · Score: 1
  
  I was thinking...I can encrypt a hard drive, but smashing it and then throwing all of it hot liquid magma.
2. Re:Unbreakable encryption is easy! by Anonymous Coward · 2012-06-15 05:49 · Score: 0
  
  cat "secret message" >> /dev/null
  Where is my grant money?
3. Re:Unbreakable encryption is easy! by philip.paradis · 2012-06-15 09:02 · Score: 1
  
  The check is in the mail to your address in the alternate universe where /dev/null can be read to reproduce the input message using wanktty(1). Also, since /dev/null is a character-based pseudo-device, >> (append) is redundant for the stated purpose, and you simply need > (output).
  
  --
  Write failed: Broken pipe
4. Re:Unbreakable encryption is easy! by davester666 · 2012-06-15 17:52 · Score: 1
  
  It sounds like you may be interested in our 'Store an Infinite Amount of Encrypted Data' device...
  
  --
  Sleep your way to a whiter smile...date a dentist!
5. Re:Unbreakable encryption is easy! by Zeroko · 2012-06-16 08:39 · Score: 1
  
  If you take the holographic principle into account, it will eventually fill up if it is of finite size. Or do you have a pocket universe?
6. Re:Unbreakable encryption is easy! by DarwinSurvivor · 2012-06-18 11:03 · Score: 1
  
  1) I think you meant "echo", unless of course your message is already in plaintext!
  2) grep ">> /dev/null" ~/.bash_history
7. Re:Unbreakable encryption is easy! by DarwinSurvivor · 2012-06-18 11:06 · Score: 1
  
  3) 'ps aux | grep ">> /dev/null"' by any user where process pid's and names are not protected (FreeBSD protects, Linux does not).
Not a law by Anonymous Coward · 2012-06-15 05:25 · Score: 1, Funny

The problem with using the second law of thermodynamics for this is that it is a statistical observation, not a natural law.
1. Re:Not a law by blue+trane · 2012-06-15 13:12 · Score: 1
  
  "The problem with using the second law of thermodynamics for this is that it is a statistical observation, not a natural law."
  Why was this modded down?
  http://en.wikipedia.org/wiki/Fluctuation_theorem:
  
  While the second law of thermodynamics predicts that the entropy of an isolated system should tend to increase until it reaches equilibrium, it became apparent after the discovery of statistical mechanics that the second law is only a statistical one, suggesting that there should always be some nonzero probability that the entropy of an isolated system might spontaneously decrease; the fluctuation theorem precisely quantifies this probability.
  (I suspect some emotional physicist-wannabe got an attack of cognitive dissonance when he saw this post and responded reflexively by down-rating it.)
Kish again? by Dwonis · 2012-06-15 05:27 · Score: 5, Informative

I remember when this was posted on Slashdot 7 years ago.
1. Re:Kish again? by reebmmm · 2012-06-15 05:40 · Score: 4, Funny
  
  It's not a dupe, that one was based on Kichoffs's Law. This one is based on Johnson-Nyquist noise.
  It's totally different. // Doesn't actually know if it's different /// Is really, really impressed with Dwonis' memory. //// Is general Slashdot commentter with know knowledge of the things upon which he comments.
2. Re:Kish again? by Dwonis · 2012-06-15 12:02 · Score: 1
  
  It's not a dupe, that one was based on Kichoffs's Law. This one is based on Johnson-Nyquist noise.
  It's totally different. // Doesn't actually know if it's different
  Heh. It's the same thing, as far as I can tell. The title of the 2005 paper linked by the old Slashdot article was: "Totally Secure Classical Communication Utilizing Johnson (-like) Noise and Kirchoff's Law".
  I think all of these physical "crypto"systems are snake oil. They claim to be unbreakable, but in reality, they're physical systems subject to the same engineering challenges (such as manufacturing tolerances) as any other system. I would never use one of these systems instead of, say, a point-to-point SSH tunnel, and I'm not sure that the added security (if any) justifies the cost, when a simple, authenticated Diffie-Hellman key exchange would do quite nicely.
3. Re:Kish again? by Anonymous Coward · 2012-06-15 12:49 · Score: 0
  
  Heh. It's the same thing, as far as I can tell. The title of the 2005 paper linked by the old Slashdot article was: "Totally Secure Classical Communication Utilizing Johnson (-like) Noise and Kirchoff's Law".
  I think all of these physical "crypto"systems are snake oil. They claim to be unbreakable, but in reality, they're physical systems subject to the same engineering challenges (such as manufacturing tolerances) as any other system. I would never use one of these systems instead of, say, a point-to-point SSH tunnel, and I'm not sure that the added security (if any) justifies the cost, when a simple, authenticated Diffie-Hellman key exchange would do quite nicely.
  I think you miss the point that these systems are really focused on trying to solve the looming problem with asymmetric encryption. Computational power can simply brute any public key into the private, given enough time. Quantum computing (in theory) threatens it to the point where asymmetric keys become worthless. And key exchange mechanisms right now rely on asymmetric keys to remain secure. While on paper, quantum key exchange looks perfect, you are right that limitations do introduce avenues of attack. However, the question is: in a world where I can crunch a public key in hours instead of decades/centuries, does quantum key exchange and its ilk hold up better/longer than asymmetric key systems?
  And this of course ignores the fact that current mechanisms leave figuring out how to exchange keys on a second channel to the end-user. Without that, man in the middle is still a possibility with a third key. These mechanisms are also aimed at higher detection rates of a man in the middle on the second channel.
4. Re:Kish again? by cryptizard · 2012-06-17 06:34 · Score: 1
  
  Only some asymmetric ciphers (those based on factoring or discrete logs) are broken by quantum computers. Lattice-based cryptosystems are believed to be resistant to quantum algorithms. If we pick the key size to be large enough, and there is not some unforeseen explosion in classical computing speeds, then existing cryptographic techniques should suffice for many years.
5. Re:Kish again? by DarwinSurvivor · 2012-06-18 11:10 · Score: 1
  
  Computational power can simply brute any public key into the private, given enough time.
  How much do you really care that your great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great, great (repeat about 10 million times) grandchildren may stumble accross a computer that's been breaking your key for the last couple million years?
A coincidence? by Anonymous Coward · 2012-06-15 05:27 · Score: 4, Funny

Is it a coincidence that Johnson-Nyquist noise sounds exactly like an accordion and bagpipe duo playing La Marseillaise?
1. Re:A coincidence? by Anonymous Coward · 2012-06-15 07:44 · Score: 1
  
  That's the thing about truly random things: you can never be sure they aren't.
2. Re:A coincidence? by DMUTPeregrine · 2012-06-15 10:00 · Score: 3, Funny
  
  As a bagpipe player, I am highly offended! Thermal noise would be a step up for the accordion.
  
  --
  Not a sentence!
3. Re:A coincidence? by Organic+Brain+Damage · 2012-06-16 00:10 · Score: 1
  
  The biggest difference between Bagpipe and Accordion is how much more money passersby willingly pay Bagpiping buskers to STOP PLAYING THE FREAKING BAGPIPES ALREADY!
unbreakable been around for a while by Anonymous Coward · 2012-06-15 05:30 · Score: 3, Informative

Claude Shannon proved in the 1940's that the Vernam cipher with a key the same size as the message, aka one time pad, has perfect security. The USA built the world first digital audio system during WWII in order to give such perfect security to voice communications between Roosevelt and Churchill, among others.
1. Re:unbreakable been around for a while by JoshuaZ · 2012-06-15 05:36 · Score: 4, Insightful
  
  Yes, that's true in a trivial sense. What that essentially amounts to is that one has unbreakable encryption if one has a shared source of randomness that the eavesdropper lacks. So if you can do things like have physical couriers carry bits back and forth between set locations you can do that sort of thing. The problem is that such situations aren't very common. Most encryption contexts that would be much too inefficient or outright impossible (you don't want to be in a situation where in order to securely give your credit card number to Amazon they have to send someone over with a flash drive full of random bits). The key is making practical and close to unbreakable or outright unbreakable crypto that doesn't rely on such ridiculously strong assumptions.
2. Re:unbreakable been around for a while by PatDev · 2012-06-15 05:43 · Score: 4, Interesting
  
  The important point that people seem to be missing is that quantum encryption *is* one-time pad. The system of quantum encryption consists of using entangled particles to be the shared source of randomness. Because both parties would be aware if anyone besides the two of them were observing the shared randomness, they can't exactly communicate via entanglement, but they can reach an arbitrary (ie. not decided by either of them) consensus on the values in a random stream. This random stream is then used as the key of a one-time-pad where the ciphertext is transported over a traditional channel of communication.
  For this reason, I consider the term "quantum encryption" to be a bit of a misnomer - nothing about the actual en/de cryption is quantum. A better name would be "quantum key distribution" or "quantum consensus generation"
3. Re:unbreakable been around for a while by Anonymous Coward · 2012-06-15 07:36 · Score: 0
  
  Except one-time pads don't have keys.
4. Re:unbreakable been around for a while by bh_doc · 2012-06-15 07:53 · Score: 4, Informative
  
  Funnily enough, "quantum key distribution" is what it's actually generally referred to in the field.
5. Re:unbreakable been around for a while by jmorris42 · 2012-06-15 08:14 · Score: 3, Interesting
  
  > send someone over with a flash drive full of random bits
  No, they would just have to send a mailman over every few years with a new credit card which they already do. I just did some back of the envelope math and if you assume a transaction could be sent in 64 bytes and you store only 1Gib of random pad in the card you could almost make a transaction per minute with it and even with a 5year expiration date you wouldn't have to reuse the pad and break the security. The problem is Visa would need to retain that gigabit of data until the card expires and it might cost a bit to keep that much key material secure but it would be a very secure system. Apparently they believe the fraud losses are cheaper.
  Something to keep in mind next time you hear em whining. Or hear a Lifelock ad. It is only cheaper for them because they offload so much of the expense for their being cheap bastards onto us.
  
  --
  Democrat delenda est
6. Re:unbreakable been around for a while by f3rret · 2012-06-15 09:45 · Score: 1
  
  Except one-time pads don't have keys.
  Yes, yes they do.
  
  --
  Admit nothing. Deny Everything. Make Counter-accusations.
7. Re:unbreakable been around for a while by Anonymous Coward · 2012-06-15 10:44 · Score: 0
  
  The problem is that the weak link is often the user and not the crypto. So you can send the user 1GB of data to use for one time pads, but you have trust that they keep it secure, but if they get a bit of malware on their system it could copy all that data and thus the user's account is compromised. In other words, it doesn't fix the real problem and just adds cost and complexity for little to no benefit.
8. Re:unbreakable been around for a while by fa2k · 2012-06-15 10:54 · Score: 1
  
  One-time-pads couldn't provide any practical improvement in security over what could be achieved with two-factor authentication and custom software (for example not accepting any CA certificate). The weak point is not the crypto.
9. Re:unbreakable been around for a while by jmorris42 · 2012-06-15 12:02 · Score: 1
  
  > So you can send the user 1GB of data to use for one time pads, but you have trust
  > that they keep it secure, but if they get a bit of malware on their system it could copy
  > all that data and thus the user's account is compromised.
  If you are stupid enough to give the user the data, what you say is true. So don't be stupid.
  The card itself has an epaper screen and a touchscreen. When you stick it on the front of the merchant's terminal it is powered from there and receives a request for a transaction. It displays upon it's face the amount being requested and a randomly placed pinpad (no wear patterns to spot this way) for the owner to punch in. It encrypts the PIN entered and the transaction details from the next block of OTP data and sends it out with a plaintext header containing a transaction ID identifying the card and the area of the OTP which was used. That is so brain damaged simple that no signal analysis of the card is going to leak key information. The card itself doesn't even know if the PIN is correct. New password/PIN methods can be rolled out on a per card issuer / customer basis since the merchant network need know nothing about the implementation details. You get the best practices in security, a combination of something you possess plus something you know. Still a little early to add a fingerprint reader to one, and there are some nasty attacks against most of those anyway so the additional security is debatable.
  An interesting spin might be to put a solar cell on the rear and power it by shining a bright light onto the back from the merchant terminal and communicate via IR LEDs. Just to make it harder to try shocking it to evoke erratic behavior.
  No method to update the software or key material need be provided, you mail out a new one. Use one time programmable roms. Since it doesn't know the PIN you can still change that if you suspect it to have been compromised. The interfacing terminal is simple enough you could give them away as USB gadgets until every keyboard and smartphone grew support for them. Smartphones might argue against the bright light idea above unless you could arrange to lay them atop the display and have the IR send/receive port in a standard spot right at the edge or something.
  
  --
  Democrat delenda est
10. Re:unbreakable been around for a while by gustep12 · 2012-06-15 20:33 · Score: 1
  
  Thank you, this is a really eye-opening and succinct explanation.
11. Re:unbreakable been around for a while by Anarchduke · 2012-06-16 03:26 · Score: 1
  
  That sounds very secure. Unfortunately, there is a way around it.
  
  http://xkcd.com/538/
  
  --
  who prays for Satan? Who in 18 centuries has had the humanity to pray for the 1 sinner that needed it most? ~Mark Twain
12. Re:unbreakable been around for a while by Anonymous Coward · 2012-06-16 15:41 · Score: 0
  
  The way around that is to store the actual key in a microcontroller with fuse bits set such that it cannot be reprogrammed or operated in a debug mode but the key itself is kept in a area where it can be deleted and also only accessed by the microcontroller. If they try to use the rubber mallet method simply supply them with the duress password and the microcontroller wipes its memory and the key is forever lost.
13. Re:unbreakable been around for a while by DarwinSurvivor · 2012-06-18 11:12 · Score: 1
  
  Except one-time pads don't have keys.
  Yes, yes they do.
  Actually they don't, they ARE keys.
Still breakable by Metabolife · 2012-06-15 05:30 · Score: 2

This approach assumes that only Alice and Bob know the current and voltage of the power source. This can be brute forced until a tangible message is found. Next...
1. Re:Still breakable by Anonymous Coward · 2012-06-15 05:33 · Score: 0
  
  Furthermore, who's to say this scheme isn't subject to differential analysis? I.e., try voltage V, too high so V/2, too low so 3V/4, etc.
2. Re:Still breakable by AdrianKemp · 2012-06-15 05:35 · Score: 1
  
  Moreover, as I understand it, all that this gains you is knowledge that someone has tapped into the system. That doesn't actively prevent them from gleaning the message it simply alerts you that they are.
  Not to mention needing special setups between very distant locations (not feasible)
3. Re:Still breakable by Anonymous Coward · 2012-06-15 05:37 · Score: 0
  
  Agreed, this seems based on the assumption that you can't discern which possible message is the correct one; at which point you might as well use a caesar cipher.
4. Re:Still breakable by PatDev · 2012-06-15 05:47 · Score: 4, Informative
  
  Tampering detection is all that is required for perfect security. The trick is that you do not transmit the message itself over this channel, you instead transmit a random stream of bits. Once both sides share a random stream of bits that they know has not been overheard, they can use that random stream as the key to a one-time-pad that can be transmitted over any traditional eavesdrop-able channel. You could just email the ciphertext over the public internet, since you know that you have an (unknown to any attacker) shared secret key, you have perfect secrecy.
5. Re:Still breakable by MozeeToby · 2012-06-15 05:50 · Score: 3, Interesting
  
  Maybe I'm just being silly, but if you also encrypt the message using standard means it will look identical to random noise, making it impossible to tell if you stumbled upon the correct current and voltage in the first place. Alternatively, Alice and Bob are able to detect your trying to intercept their communications, which means they can alter their behavior long before you stumble upon the correct settings.
6. Re:Still breakable by Anonymous Coward · 2012-06-15 05:51 · Score: 0
  
  Really? OTP?
  OTP is already possible, so why not skip all the resistor stuff and use one of the basic and 100% secure schemes standalone.
7. Re:Still breakable by MattSausage · 2012-06-15 05:53 · Score: 1
  
  I would upvote if I could. I've had to explain this to several friends over the years.
8. Re:Still breakable by PatDev · 2012-06-15 05:55 · Score: 5, Informative
  
  The resistor stuff solves an orthogonal problem to OTP. OTP gives you perfect secrecy when you share an unknown secret key with the other party you are communicating with. This "resistor stuff" is how you get an unknown shared secret key with the other party. OTP still requires key distribution, which is what this does. The two are complementary, neither replaces the other.
9. Re:Still breakable by Baloroth · 2012-06-15 06:26 · Score: 4, Informative
  
  No, you can't. There is nothing to "brute force": the current and voltage is essentially random. You can't brute-force that for the same reason you can't brute-force a one-time pad: there is nothing to brute-force. Also, while I'm not sure, I don't think Alice needs to know the current and voltage: it looks to me like only Bob does (Alice attaches a resistor with the resistance she wants, Bob does so randomly, Bob compares the current he sees with what it was originally minus the resistor he attached: only Bob needs to know the original current). The only way to decrypt the data stream is if you know what resistor either side attached, and you can't do that without adding energy to the system, which Bob will notice (Alice too if she knows what the current was originally, but that would mean Alice and Bob already have a shared randomness, which means they don't need any tricks to encode a message: they can just use that randomness as a one-time pad).
  
  --
  "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
10. Re:Still breakable by Anonymous Coward · 2012-06-15 06:27 · Score: 0
  
  You are missing the point. You can only use OTP if you tell the other person the secret key. It's only perfectly secure if you are sure no one else has the key.
11. Re:Still breakable by sjames · 2012-06-15 06:34 · Score: 1
  
  No, the power source can be standard. What must be kept secret is which resistors Alice and Bob switch into the circuit at what time.
12. Re:Still breakable by sjames · 2012-06-15 06:36 · Score: 3, Informative
  
  Knowing V and I don't help you because you don't know how much of the R that resulted in I given V was from Alice's end and how much from Bob's. Only they know that.
13. Re:Still breakable by EdIII · 2012-06-15 06:58 · Score: 1
  
  Really?
  It would seem you still can. If you can decrypt something that means there is a method to do so. You pass the message and one-time pad into this "function" and receive output.
  I know that whole million monkeys can make Shakespeare deal, but do you really think that there are going to be a large number of outputs that are intelligible communication? Or even match a dataset that can be decoded by various encoders representing audio/video formats?
  Of course, doing so may not be currently possible in a viable time period (less than your lifetime), but to say it is truly unbreakable is a very bold statement.
  It seems to me that all cryptanalysis basically boils down to:
  (i) Vulnerabilities in implementation and algorithms. Kind of like how you can get the summation of a number with a simple equation instead of doing all the work
  (ii) Brute Force - Testing the outputs for all possible inputs.
  IMHO, the fallacy in the claim of unbreakable one-time pad encryption is the reliance that all computed plain-texts for the key space are equally possible to be the correct plain-text for the cipher text.
  Imagine you are being that exists beyond time and space and can experience all possibilities at the same time. I would think that all possible computed plain-texts would mostly look a huge pile of crap, but an exceedingly few amount are going to look like something you recognize, and then one of them will look like an Apple.
  Once again, that does not mean one-time pads are not very secure. They are very secure, just not truly unbreakable.
14. Re:Still breakable by Anonymous Coward · 2012-06-15 07:10 · Score: 0
  
  IMHO, the fallacy in the claim of unbreakable one-time pad encryption is the reliance that all computed plain-texts for the key space are equally possible to be the correct plain-text for the cipher text.
  There might have been something to this, in the era of classical cryptography. Although being able to eliminate unintelligible ciphertexts doesn't seem so very important. If the same ciphertext is equally likely to be "WILL ATTACK TOKYO AT 0600" and "WILL ATTACK PARIS AT 1800"--as well as every other possible message of the same length--you still don't have the actual information.
  Of course, nowadays encrypted messages get compressed and otherwise encoded before encryption, and for all practical purposes all plaintexts really are equally likely a priori.
15. Re:Still breakable by Baloroth · 2012-06-15 08:08 · Score: 1
  
  Brute-forcing is only practical when you have some known system to compare it against. For example, you can attempt to brute-force a key by using that key to decrypt the data: if you produce an intelligible result, you have the correct key (depending on the encrypting technique, there shouldn't be two keys that can be used to decrypt the date, which means if you produce an intelligible result for a sufficiently large file [i.e. more than a few words] you have the correct key). Same for brute-forcing a hash: since you know the hashing function, you can compare the hashed results from your proposed original to the hash you already know.
  But brute-forcing requires you to have some known pattern to test against. If you are simply guessing at the date encoded in a message, without some known pattern or method to compare your proposed brute-forced result against, you cannot arrive at any result. For example, if all I know is that you said a 4 letter word, but have no actual pattern to compare a brute-force attempt against, I cannot brute-force it. Sure, I can go through every possible 4-letter word... but I have no means of verifying that any of them were what you actually said.
  That is why one-time pads are unbreakable. There doesn't even need to be an infinite number of possible plain-texts, although for each bit you add that number grows exponentially (such that a message of a few thousand words becomes impossible to brute-force all possible combinations in the remaining life of the universe), but since you have no means whatsoever of verifying that any of the possible combinations are what was actually said, you cannot meaningfully break the encryption by brute-forcing it. For any large data-sets, there is a near-infinite number of plaintext interpretations that will fit, and unless you have some pattern to compare against, you will never be able to determine which was actually said.
  To illustrate this example, someone could encode a Shakespeare play with a one-time pad, and an attempt to "brute-force" that is equally likely to return the first few chapters of Twilight as it is Shakespeare (more, actually, since Twilight uses a smaller and more common vocabulary [I assume, not having read Twilight]). Unless you know the one-time pad that was used, though, you cannot compare the plain-text to the encrypted text, which means you will never be able to know what was actually said. This assumes the one-time pad was actually random: if there is any pattern at all, there will be some means, theoretically, to determine what it is. That is why true random one-time pads were proven unbreakable: because they cannot even be brute-forced.
  
  --
  "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
16. Re:Still breakable by Metabolife · 2012-06-15 08:10 · Score: 1
  
  Unless I've misunderstood your point, I think you've misunderstand why a one-time pad is "unbreakable".
  If you have a 10 character message, even with infinite processing power, your message could be any combination of letters in that 10 character array. There is no defined pattern to breaking the message. Given any secret key, you could make any message possible out of the characters; each being a correct solution. It is only with the secret key that you get the intended message. There is no way to extract the secret key from the message besides some mind-blowing math to reverse the mod operation.
17. Re:Still breakable by Anonymous Coward · 2012-06-15 08:12 · Score: 0
  
  IMHO, the fallacy in the claim of unbreakable one-time pad encryption is the reliance that all computed plain-texts for the key space are equally possible to be the correct plain-text for the cipher text.
  If you can deduce the correct plaintext from the encrypted message, then you can do the same thing by knowing just the length of the message. And your hypothetical being that's beyond time and space can easily brute force that.
  What you are saying is essentially equivalent to saying that one-time pad is breakable because someone who is not bound by computational resources can crack it without even seeing the message. I would reconsider that position if I were you.
18. Re:Still breakable by swillden · 2012-06-15 09:48 · Score: 4, Informative
  
  If you can decrypt something that means there is a method to do so. You pass the message and one-time pad into this "function" and receive output.
  Yes, but how do you know when the output is correct?
  This is why an OTP provides perfect secrecy, if the key is secret. For a given ciphertext, there is some key that transforms it into every possible plaintext of the right length. This means that the result of brute force searching the keyspace for an n-bit ciphertext is every possible n-bit message. Thus, the only information you can get out of an OTP-encrypted message is the message length -- assuming it wasn't padded. With padding, the only information you can get is the maximum length.
  The same problem actually occurs with "normal" ciphers and short messages. If I use AES to encrypt a one-bit message (perhaps padding the rest of the block with random bits), every possible AES key will result in an apparently-valid decryption -- the first bit will be either 0 or 1. But I have no way to tell which is right, even though I know that 2^128-1 of them are wrong. Claude Shannon defined the concept of the "unicity distance" to describe this, "unicity distance" being, basically, the length of the smallest amount of ciphertext which an attacker with infinite resources needs in order to determine the correct key, by examining resulting plaintexts. With an OTP, the unicity distance is infinite because as the message grows so dos the key, without bound.
  Assuming the key is secret... which is the hard part with one-time pad protocols.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
19. Re:Still breakable by harlows_monkeys · 2012-06-15 09:52 · Score: 4, Informative
  
  IMHO, the fallacy in the claim of unbreakable one-time pad encryption is the reliance that all computed plain-texts for the key space are equally possible to be the correct plain-text for the cipher text.
  Imagine you are being that exists beyond time and space and can experience all possibilities at the same time. I would think that all possible computed plain-texts would mostly look a huge pile of crap, but an exceedingly few amount are going to look like something you recognize, and then one of them will look like an Apple.
  Once again, that does not mean one-time pads are not very secure. They are very secure, just not truly unbreakable.
  No, a one time pad with a true random key is truly unbreakable.
  What you've overlooked is that when your hypothetical Godlike being sees all possible computed plain texts, that consists of every possible message of the length of the cipher text.
  Note that what the Godlike being sees when he tries all possible decryptions does not depend on what the message is (other than the length). Thus, he gets absolutely no information from the cipher text (other than the length).
  Try thinking about it with a small example and that should help you see it. For instance, do a 3 bit message. We've got 8 possible messages: 000, 001, 010, 011, 100, 101, 110, and 111. Let's say you know that only 001, 010, and 100 make any sense. Alice sends to Bob the encrypted message 110.
  When your Godlike being considers all possible decryptions, he gets 000, 001, 010, 011, 100, 101, 110, and 111, depending on whether the key was 110, 111, 100, 101, 010, 011, 000, or 001.
  So he looks at these, and picks out 001, 010, and 100 as the only meaningful messages. Now what? He has no idea which is the right message.
  Now perhaps he knows that some of the meaningful messages are more likely than others. Maybe he knows that 99% of the time, Alice sends 010. So he will probably be right if he guesses that this message was 010.
  However, he'd have had exactly the same chance of being right if he had guessed 010 without even looking at Alice's message!
20. Re:Still breakable by fluffy99 · 2012-06-15 13:06 · Score: 1
  
  Maybe I'm just being silly, but if you also encrypt the message using standard means it will look identical to random noise, making it impossible to tell if you stumbled upon the correct current and voltage in the first place. Alternatively, Alice and Bob are able to detect your trying to intercept their communications, which means they can alter their behavior long before you stumble upon the correct settings.
  What is stopping the observe from measuring the voltage at two points along the wire? The wire has some non-zero resistance so the difference in voltage between the points should yield the current flow. Basically you'd use the wire itself as the shunt resistor which would not be noticed.
21. Re:Still breakable by Anonymous Coward · 2012-06-16 05:12 · Score: 0
  
  Given a reasonable distance where this would be useful, there are ways of determining the resistance.
22. Re:Still breakable by sjames · 2012-06-16 05:36 · Score: 1
  
  Fer instance?
23. Re:Still breakable by Anonymous Coward · 2012-06-16 15:47 · Score: 0
  
  You can solve this simply by introducing another variable that they can't detect. A high frequency voltage source perhaps which would be undetectable unless they were looking specifically for such a thing since they would have a low pass filter on either end.
24. Re:Still breakable by sjames · 2012-06-16 18:37 · Score: 1
  
  So your attack depends on Alice and Bob deliberately blindfolding themselves to the effects of Eves attack?
25. Re:Still breakable by Anonymous Coward · 2012-06-17 09:13 · Score: 0
  
  They could use a constant-current source and measure the voltage required
  to produce that current to determine the total resistance.
26. Re:Still breakable by AdrianKemp · 2012-06-18 02:50 · Score: 1
  
  Sure, so you're going to run (thousands of) miles of dedicated cable so that you can grab a key for a OTP to communicate over standard channels?
  This solves nothing.
27. Re:Still breakable by DarwinSurvivor · 2012-06-18 12:07 · Score: 1
  
  This is meant as an alternative to requiring quantumly entangled bits to be distributed to everyone in pairs. I don't think this is meant as a way for random people on the internet to communicate, but for creating secure connections between 2 parties that consistently communicate (bank back-ends, government offices, university campuses, etc).
28. Re:Still breakable by AdrianKemp · 2012-06-19 00:19 · Score: 1
  
  You do that using bits of paper. Here's the situation:
  Party A wants to create a OTP for communication with Party B.
  1) Generate some randomness, however you like
  2) feed that randomness into transport method
  3) communicate using a key based on that randomness
  Now, here's a very simple way to get randomness from party A to party B:
  1) write it down
  2) book a flight
  3) deliver it in person, knowing that not another sole has seen it.
  That costs a few thousand dollars at the upper end.
  Here's another way to do it:
  1) run miles of cable at extreme costs (especially if it's trans-atlantic!)
  2) hope like hell no body taps into the system, because if they do you have to repeat step 1.
  3) transmit randomness
  You're probably looking at numbers in the 7 figure plus range for that option.
  Again, this solves nothing.
29. Re:Still breakable by DarwinSurvivor · 2012-06-21 21:06 · Score: 1
  
  I fail to see what that has to do with my comment.
30. Re:Still breakable by AdrianKemp · 2012-06-21 23:02 · Score: 1
  
  You aren't terribly bright are you? You replied to my statement about running thousands of miles of cable with "this replaces quantum entangled bits".
  That's wrong.
  This "replaces" the current methods of OTP, which is to say it doesn't.
  It also doesn't replace QEB because those are actually potentially practical.
  I'm sure I'm wasting my time here... you clearly don't understand that this entire paper is garbage wrapped in stupidity. It isn't even original, FFS.
31. Re:Still breakable by DarwinSurvivor · 2012-06-24 16:28 · Score: 1
  
  Did you even RTFS. They specifically stated that this was a non-quantum based alternative to quantumly entangled bits.
  
  In fact, YOUR statement was wrong. Then entire POINT of the dual-resistor with unknown voltage/current system is to create a system where you don't have to "hope" nobody intercepted it, you KNOW if someone did. Now instead of insulting people that are trying to explain something to you, why don't you actually READ the summary of the article you claim to understand and leave the real work to us "not terribly bright" folks.
The fundamental idea by JoshuaZ · 2012-06-15 05:32 · Score: 5, Informative

The basic idea of the key exchange is a variant of an older key exchange idea. The very basic idea involves Alice and Bob having a wire that goes between them. Each of the two has two resistors one with very low resistance and one with high resistance. To gain a series of random bits, Alice and Bob both randomly choose a resistor and connect it to the wire and then measure the resistance through the whole system. If they both used the high or both used the low resistance resistors they throw out those exchanges. Whenever they have one medium and one high, they will both know which one had a low and which one had a high because they'll know their own. But Eve the evil eavesdropper even if she has a connection into the line won't be able to get this just from knowing the total resistance. In some weak respects this resembles a physical analog of the Diffie-Hellman http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange. The process being proposed here though, a Kish key exchange http://en.wikipedia.org/wiki/Kish_cypher does some clever stuff with the thermodynamics end to deal with man-in-the-middle and other related attacks.
1. Re:The fundamental idea by History's+Coming+To · 2012-06-15 06:15 · Score: 3, Insightful
  
  But given that the noise is fundamentally based on quantum mechanical events, can this really claim to be classical rather than a clever way to generate a quantum key?
  
  --
  Please consider this account deleted, I just can't be bothered with the spam anymore.
2. Re:The fundamental idea by poemofatic · 2012-06-15 08:20 · Score: 1
  
  So I want to send a 0 (low bit). I put in my low bit resister. The recipient also (happens) to put in a low bit resistor (50% chance). Now, the attacker knows I wanted to send 0.
  So how does this not leak half the bits of the message? You cannot say "disregard" the message after you've already sent it.
  
  --
  When in doubt, have a man come through a door with a gun in his hand.
3. Re:The fundamental idea by bradleyjg · 2012-06-15 08:48 · Score: 1
  
  You aren't sending a message. You are negotiating keys for a symmetric cipher over which you will send a message. So Alice and Bob can (and should) each select a resister at random until they collect enough undetected and non-colliding bits.
4. Re:The fundamental idea by Anonymous Coward · 2012-06-15 08:54 · Score: 1
  
  It's a two step process:
  Step 1: generate a key by switching the resistors arbitrarily, and discarding the "double 1s" and "double 0s". This leaves you each with a list of 1's and 0's such that if Alice has a 1, Bob has a 0, meanwhile Eve just knows that Alice and Bob generated a bunch of bits. You can disregard the doubles because you aren't sending information yet, you're just generating coordinated noise. Eve will not be able to know who got a 1 and who go a 0 for the bits you intend to use.
  Step 2: XOR your messages with the big pile o' bits you generated in step 1 and send the result. Now Alice has sent a message Eve can't tell from a random pile o' bits, but which Bob has the nesesary information to decode.
5. Re:The fundamental idea by Anonymous Coward · 2012-06-15 10:30 · Score: 0
  
  The measurement of the resistance, however, requires current to be present through the wire. The asymmetric current through the wire (more net current to lower resistance) will be an indication of the resistance values. This could easily be determined through inductive coupling.
6. Re:The fundamental idea by poemofatic · 2012-06-15 12:13 · Score: 1
  
  D'oh! Thanks, that makes sense.
  
  --
  When in doubt, have a man come through a door with a gun in his hand.
7. Re:The fundamental idea by Kim0 · 2012-06-15 18:58 · Score: 1
  
  You seem to understand it.
  A defect of this method is electromagnetic radiation, which means that undetectable eavesdropping can be done, and the speed of light and relativity, which means there is no simultaneity of changing of resistors.
  In other words, Eve can eavesdrop by passively listen at two different locations on the wire, thus seeing differences in Alice and Bobs signaling.
8. Re:The fundamental idea by Anonymous Coward · 2012-06-15 23:51 · Score: 0
  
  It depends on the level of sensing, in this case.
  This tecnique uses what may be called the aggregate quantum \state, or more generally "classic physics".
  It's like you can claim that billiard ball reactions are *really* fundamentally based on quantum mechanical events, but that is a classic definition of classic physics.
Huhhuhuh by Anonymous Coward · 2012-06-15 05:34 · Score: 0

He said "Johnson".. and then he said "thermal".. that was cool..
Security ... by ackthpt · 2012-06-15 05:36 · Score: 0

Through obscurity
Throw in a buch of gobble-de-gook and only know which bit is meaningful, that's the answer.

--

A feeling of having made the same mistake before: Deja Foobar
Welp by tanujt · 2012-06-15 05:36 · Score: 5, Funny

I don't know about y'all, but I like my cats dead when I open the box.
1. Re:Welp by newcastlejon · 2012-06-15 06:17 · Score: 2
  
  I don't know about y'all, but I like my cats dead when I open the box.
  Agreed. Considering the default state of a cat, which is a cold hatred for all human life, dead is infinitely preferable to the third alternative: bloody furious.
  
  --
  If God forks the Universe every time you roll a die, he'd better have a damned good memory.
Classical physics? by Anonymous Coward · 2012-06-15 05:44 · Score: 0

It's a far stretch to call thermodynamics "classical physics": it was the first physics to include probabilities (which is not classical), and as such it is a precursor of quantum physics.
It's been proposed, and it won't work. by Animats · 2012-06-15 05:54 · Score: 5, Insightful

As someone pointed out, this was on Slashdot 7 years ago. Here's the referenced paper.
The idea is simple. At both ends of the wire, random data modulated with content is being emitted. At any point on the wire, you see the sum of two random sources. But each end knows their own random data, and can subtract it out.
To break the system, you need two taps on the wire, some distance apart. Now you get to see the sums of the signals from each end, but with different time shifts between them due to propagation delay. With that data, you can separate out what's coming from each end. This allows recovering the original signals.
"No new encryption system is worth looking at unless it comes from someone who has already broken a very hard one." - Friedman.
1. Re:It's been proposed, and it won't work. by JesseMcDonald · 2012-06-15 07:02 · Score: 2
  
  The idea is simple. At both ends of the wire, random data modulated with content is being emitted. At any point on the wire, you see the sum of two random sources. But each end knows their own random data, and can subtract it out.
  Actually, the proposal (which you linked to) does not involve transmitting the content on the wire at all. The circuit consists of a loop with resistors in two places, and no power source. The random signal consists of induced current from thermal noise or an external noise source; the power distribution of the noise is affected by the resistors. Supposedly there is no way to know from measuring the noise where each resistor is in the circuit.
  I'm not prepared to claim that the system is as secure as the paper suggests, but I think you need to look more closely before saying it's flawed.
  
  --
  "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
2. Re:It's been proposed, and it won't work. by bazmonkey · 2012-06-15 07:15 · Score: 2
  
  To break the system, you need two taps on the wire, some distance apart. Now you get to see the sums of the signals from each end, but with different time shifts between them due to propagation delay. With that data, you can separate out what's coming from each end. This allows recovering the original signals. From Wikipedia on the Kish cypher, just cut the signal during resistor switches. Or, more practically, note that recording noise accurately takes more time than switching the resistors would.
3. Re:It's been proposed, and it won't work. by naasking · 2012-06-15 07:46 · Score: 1
  
  Except that any such taps are instantly detectable, at which point communication stops. Thus, at most 1 bit of information leaks out to an eavesdropper.
  This paper is a follow-up to the previous work you cited.
  
  --
  Higher Logics: where programming meets science.
4. Re:It's been proposed, and it won't work. by dentin · 2012-06-15 08:18 · Score: 1
  
  I'd upvote this if I could. This is exactly correct, and part of the reason the system as described is infeasible - for any reasonable length of wire, multiple passive taps can extract the direction of propagation for changes in noise level.
  It should be noted that the article explicitly addresses this issue, however they only do so by declaring that the frequency response of the noise sources be substantially lower than the wire transit times - so if you're talking about a a wire with 10 us of delay (2 km with ~2e8 m/s electrical wire speed), your data rate will be necessarily less than 100 kbps. In fact, it will be substantially lower - half of the transferred bits must be discarded off the top as insecure (LL or HH combinations), and the noise spectra must be sufficiently below the wire transit time to fall below the shannon limit for real passive detectors.
  While an interesting idea, I would personally rank it as less useful than quantum cryptography, even given QC's obvious problems - if only because QC seems more implementable over long distances and has no data rate constraint due to distance. The performance of this method is necessarily sub-light-speed limited to prevent eavesdropping, guaranteeing that no more than 0.5 bits can be sent per light speed propagation delay of the wire.
  -dentin
  
  --
  Alter Aeon Multiclass MUD - http://www.alteraeon.com
5. Re:It's been proposed, and it won't work. by Animats · 2012-06-15 11:01 · Score: 1
  
  Except that any such taps are instantly detectable, at which point communication stops. Thus, at most 1 bit of information leaks out to an eavesdropper.
  That's a property of quantum communication, where observation affects the result. Not this.
If you have to go that far.. by EvilBudMan · 2012-06-15 05:59 · Score: 0

Use messengers. I think this is an old idea. As far as quantum security, I will wait for quantum computers. Unbreakable come on. Anything can be hacked eventually.
1. Re:If you have to go that far.. by betterunixthanunix · 2012-06-15 06:25 · Score: 1
  
  As far as quantum security
  We can make quantum-secure cryptosystems without any special electronic systems or quantum computers. Plenty of work on this has been done; McEliece is a famous one, but there are others based on lattice problems. If quantum computers were tomorrow's headline, the only real problem would be that popular crypto standards do not include quantum-secure algorithms.
  
  --
  Palm trees and 8
2. Re:If you have to go that far.. by Anonymous Coward · 2012-06-15 08:25 · Score: 0
  
  GP doesn't know what quantum means; you just don't know what quantum security means.
Re:Fake and gay by Anonymous Coward · 2012-06-15 06:02 · Score: 0

This isn't b3ta, you know.
Won't work In An Operational Environment by Anonymous Coward · 2012-06-15 06:03 · Score: 1

Given the variety of additional factors, such as path loss, crosstalk, temperature differences, difference in cable materials, etc., etc., the system is limited to only particular environments. It would never work on a standard telephone line to a house for example.
Back to the drawing board.
1. Re:Won't work In An Operational Environment by Anonymous Coward · 2012-06-15 07:18 · Score: 0
  
  Actually, his website has a paper on how to implement this on a phone line. I haven't had the chance to read it yet, and I'm fairly certain you can't use it through a phone exchange (where the analog signal is converted to digital nowadays), but you may be a little to quick to dismiss the flexibility of this technique.
  
  It should also be noted that quantum key exchange doesn't work in any of the environments you mention either, and apparently is fairly maintenance heavy.
  Anyway, http://www.ece.tamu.edu/~noise/research_files/research_secure.html for your perusal.
Obey the Law! by Anonymous Coward · 2012-06-15 06:04 · Score: 0, Offtopic

In the household we obey the laws of thermodynamics! -Homer Simpson
I don't get this basic definition of quantum... by gatesstillborg · 2012-06-15 06:14 · Score: 1

...encryption. If "spying" on the contents would permanently alter the contents, thus it "unbreakable", wouldn't also reading the contents do so, (making them unreadable)?
1. Re:I don't get this basic definition of quantum... by Anonymous Coward · 2012-06-15 06:45 · Score: 0
  
  because calling it "encryption" is wrong.
  It's a key agreement method.
2. Re:I don't get this basic definition of quantum... by PaddyM · 2012-06-15 06:46 · Score: 1
  
  Not sure if you later read the other comments, but you use quantum cryptography to transmit a one-time pad and you can then detect eavesdropping. Yes, after reading that one-time pad, it would be impossible to read it again. If you couldn't read the pad, you know someone is eavesdropping, so you don't send your pad until you resolve that problem (which could be difficult).
  Once you have exchanged a one-time pad, that has not been eavesdropped, you can begin to exchange messages encrypted by the one-time pad. If someone later figures out what your one-time pad was, they can decrypt the message. But since you only used it once, and since it would require brute forcing to guess the one-time pad, you generally would be dead and gone decades before that was useful to anyone else.
complete security... by Anonymous Coward · 2012-06-15 06:22 · Score: 0

... does not exist. Anyone promising complete security is either a naive idiot or a lier.
I can break it remotely by Anonymous Coward · 2012-06-15 06:23 · Score: 0

From the article:
"The idea is straightforward. Alice wants to send Bob a message via an ordinary wire. At each end of the wire, there are two different resistors that correspond to a 0 or 1. Alice encodes her message by connecting these two resistors to the wire in the required sequence. Bob, on the other hand, connects his resistors to the wire at random. The crucial part of this set up is that the actual current and voltage through the wire is random, ideally Johnson noise. The essential features of this noise are determined by the combination of resistors at each end. This noise is public--anybody can see or measure it. Now here's the clever bit. Bob knows which resistor he connected to the wire and so can work out which resistor Alice must have connected."
This can be broken through long term monitoring by a radio receiver. In cryptography terms, it is akin to a one-time pad. Because there is a finite number of resistors at both ends, checking all combinations is feasible.
1. Re:I can break it remotely by Anonymous Coward · 2012-06-15 06:41 · Score: 0
  
  Absolutely correct. You simply lay out the entire stream and various combination, then scan through seeking a protocol. Subsequent decoding uses the same technique, only applying the protocol as a method of quick identification.
  You could do it on a laptop.
2. Re:I can break it remotely by Anonymous Coward · 2012-06-15 06:48 · Score: 0
  
  I see what you are getting, but you could build any packet that way. I think what you are getting at is a weakness in the formula for selecting resistors. So, in the end, it is no better than a one time pad over conventional communications.
  The process is a waste of resources.
3. Re:I can break it remotely by Anonymous Coward · 2012-06-15 07:06 · Score: 0
  
  Another way to do this is to pass an active signal through the device. In a solid state device, the only thing changing with be the electrons. This is effectively a plasma. It means that depending on the current state, the return signal will have its phased altered in a way that reflect a summation of a the entire plasma density in a given time period. With a reference device, we could work out which return signals mean which resistors are active. Then we simply guess value for Alice until we have revealed a protocol.
Ridiculous, quantitatively. by Ancient_Hacker · 2012-06-15 07:07 · Score: 3, Interesting

A ridiculouos idea, if you're an electrical engineer, for many reasons:
(1) The noise on the wire, for reasonable values of resistors and bandwidth, is down in the low microvolts. If the cable is unshielded, it's going to pick up several microvolts of radio signals per foot. Even if it's really well shielded, we're still talking microvolts per kilometer.
(2) Eve can put a probe signal on the wire, it just has to be random noise. Alice and Bob have no way of proving that a small spike of random noise, only half a standard deviation above the average, isn't perfectly fine Johnson noise coming from the other end. Eve knows the amplitude of the noise she is putting on the wire, so she can subtract that amount, and the difference reveals the values of the resistors.
(3) For any moderately long wire, in the kilometer range, there is a time delay, allowing Eve to inject short bursts of noise and get the resistor info from each end coming back, spread out in time.
(4) Bell Labs proposed this idea, the part about injecting noise inn from both ends, back around 1955.
1. Re:Ridiculous, quantitatively. by johndoe42 · 2012-06-15 08:02 · Score: 1
  
  I think it's a bit ridiculous, but not for these reasons.
  (1) They suggest using very high temperatures, presumably to avoid exactly this issue.
  (2) Not sure what you mean. She subtracts what from what? But see below.
  (3) The authors propose adding low-pass filters for exactly this reason. They'll filter out high-frequency signals, leaving low-frequency components that have no effective time delay.
  My attack would be for Eve to add a small probe signal -- she would insert a voltage source in the line, with a time-dependent (or even constant) voltage of her choice. She would then measure the correlation between the voltage she injects and the current in the wire. Alice and Bob are supposed to check for this by comparing the conditions on their ends of the wire with their expectation, but this assumes that they have measuring devices as good as Eve's.
  The idea that the security is based on the second law of thermodynamics is, IMO, absurd. The second law says that a bunch of things that would decrease entropy are impossible. But Eve can do whatever she wants as long as she sinks enough entropy somewhere else -- Alice + Bob + the wire is not a closed system.
2. Re:Ridiculous, quantitatively. by Anonymous Coward · 2012-06-15 08:29 · Score: 0
  
  Isn't ridiculous for the simplest of reasons: it won't work with statistical packet switching since the proposal only works on an analog system. So IF this worked, you could have completely secure communications between two computers in your basement if you managed to connect them via a copper wire, with the appropriate adapters and binaryanalog transformations. Yay.
3. Re:Ridiculous, quantitatively. by IBitOBear · 2012-06-15 19:51 · Score: 1
  
  Let's see: Eve takes two sets of two, then faces them in opposite directions -->|--S1-->|-- and --|--S2--|-- and then inserts these two into the wire in parallel such that S1 and S2 isolate the electrical flow in each dirction respectively. S1 and S2 are each separately coupled to ground using a very small cap --)|-- . A voltage comparator is used to determine whether S1 or S2 has the higher voltage to ground at any given time. At any given time the arrows on the schematic diodes point to the lower resistence when the segment S1/2 is at the higher voltage.
  That presumes DC. With AC I think you use inductive voltage deviders..
  -- or --
  First Eve magnetically induces profound disruptions in the wire with inductive coupling. Either Bob and Alice call technical support or they "adapt" to the noise of the bouncing magnetic/inductive disruption. Said disruption becomes so commonplace that the system learns to ignore it. At this point Eve can just tap in at will.
  Alice and Bob call technical support and during the power cycle:
  Eve cuts the wire and establishes the classic man in the middle.
  Eve adds capacitance to inhibit communications at will.
  Eve uses voltage drop to determine the high and low resistences and then uses parallel resistences to to insert "low" events when highs are sent from one end, giving Eve the correct key and either Bob or Alice incorrect keys such that Alice or Bob no longer know that they are accepting transcribed messages from Eve instead of their peer.
  The same things go for Quantum Key Exchanges. Since the sender(s) don't ever compare notes, a dedicated attacker just cuts into the conversation and becomes man in the middle. The fact that Alice and Bob are no longer using the same key is invisible if 100% of the cypher text data is also flowing through Eve.
  
  --
  Innocent people shouldn't be forced to pay for inferior software development.
  --"Code Complete" Microsoft Press
4. Re:Ridiculous, quantitatively. by IBitOBear · 2012-06-15 19:57 · Score: 1
  
  Word "diode" disapeared in a few places. Basically serial resistence isn't that hard to figure out in AC based purely on voltage drop in the two directions as the AC waveform reverses. In DC you just measure voltage. The noise is just noise and it provides a little back-charging for the cmparators.
  I'm not a double-E but given how hard it is to make -smoth- electricity, detecting good signal in -lumpy- electricty is kid of a gimmie.
  
  --
  Innocent people shouldn't be forced to pay for inferior software development.
  --"Code Complete" Microsoft Press
5. Re:Ridiculous, quantitatively. by Anonymous Coward · 2012-06-18 09:43 · Score: 0
  
  Well, it is new, if your an aggie.
  Capcha: idiots
Not so fast... by bobbied · 2012-06-15 07:42 · Score: 1

First and foremost is that there has to be TWO conductors unless we are dealing with static voltages. You can use one wire and the ground as the second conductor, but there is going to be significant resistance in any kind of useable length. This means that there are at least two places for someone to be making measurements to figure out the necessary information.
Second, this method has a limited number of logical states (LL, LH, HL, HH) that encode two bits of data which will be clearly observable on the wire. Of the four states you will see three unique wire states (Low, med, high) with only one not disclosing the state of both ends. Once you established these states by observing the wire, you can easily determine two of the four states. Thus by simple voltage measurements you have already decoded half of the information you need. What's left is to simply observe the direction of the current and that will tell you what end of the wire has low or high resistance.
I don't think thermal noise really matters here because for this to be a practical system you will have to pick voltage sources that have enough signal to noise so you can detect them at the both ends of the wire. They may look like random noise, and even be random noise, but in order for there to be a delectable result at either end of the wire means there is a measurable value. Further, in order to detect highs and lows, each end of the system will have to KNOW what voltage is being applied, or how could they know the voltage/current to look for?
I suppose you could improve your security by increasing the number of resisters, but if this worked for two, it is sure to work for more than two values, just with more emphasis on the current measurements being required.

--
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Funny comments by Anonymous Coward · 2012-06-15 08:18 · Score: 0

Every time something involving quantum mechanics come up, the comments are along the lines of "wow, amazing, too bad I will never understand." Since this system uses classical thermodynamics, all the comments are more like "classical mechanics? oh yeah I learnt that in high school. Nah, this system can't work, its obvious". It's pretty obvious that whatever the merits of this system, it rests on some pretty subtle and advanced physics, not the sort of thing an average person or even an undergrad physics major, could debunk.
1. Re:Funny comments by rubycodez · 2012-06-16 04:41 · Score: 1
  
  eh, some of us took thermogodamnics in school. we hated it, but we understand it
Interesting stuff by etnoy · 2012-06-15 09:08 · Score: 1

Starting my PhD in quantum cryptography in August and this is of course a very interesting idea.

--
Quantum hacker.
im gonna be a totally non scientific dick by Anonymous Coward · 2012-06-15 13:24 · Score: 0

and say that if you get to the messenger, all encryption becomes futile anyway, i'm a bad person, right
Qbit communication not secure in practice by gworley3 · 2012-06-15 16:58 · Score: 1

"In practice, though, while the communication of the quantum-encrypted messages is secure, the machines on either end of the link can never be guaranteed to be flawless." Actually, in practice, this isn't true. The communication of qbits currently requires the sending of multiple particles that have been operated on in the same way to overcome the problem of particles interacting with the universe and getting into a "dirty" state. Because of this, certain kinds of man-in-the-middle attacks are possible against quantum cryptographic methods, at least as currently practiced. The quote from the summary makes much more sense if we s/practice/theory/.
In the original experiment by IBitOBear · 2012-06-15 19:21 · Score: 1

They discovered, upon opening th box, that Dr Schrodinger had killed the cat with a hammer.

--
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
misconception of what "law" means in science by rubycodez · 2012-06-16 04:46 · Score: 1

Many "laws" in physics and chemistry are merely useful approximations or things that are usually but not always true. Take Ohm's Law, in a real world material current is not perfectly linearly dependant on potential, you get interesting curves instead, and some materials even have inverse relationship. Besides, the "laws" of physics are man-made attempts to model the behaviour of reality, and might be refined or replaced at a future date with something more useful or more accurate. Good scientists are more than happy to point this out, it is after all a big incentive to improve man's knowledge and abilities.