Slashdot Mirror
One-Time Pad From Caltech Offers Uncrackable Cryptography
zrbyte writes "One-time pads are the holy grail of cryptography — they are impossible to crack, even in principle. However, the ability to copy electronic code makes one-time pads vulnerable to hackers. Now engineers at the California Institute of Technology in Pasadena, have found a way around this to create a system of cryptography that is invulnerable to electronic attack. Their solution is based on a special kind of one-time pad that generates a random key through the complexity of its physical structure, namely shining a light through a diffusive glass plate."
Couldn't you just steal the plate?
No kidding!!! What do you say at this point?
So, the message can only be read by the light of a moon the same shape and season that the message was written on?
And over there we have the labyrinth guards. One always lies, one always tells the truth, and one stabs people who ask t
You try explaining to my computer illiterate relatives that they need to buy these special glass plates for their computer to communicate with the bank.
http://xkcd.com/538/
If you know the clear text and the cypher text, you know the key and can reuse it. No system where the machine handling the clear text and the cypher text can be compromised is guaranteed to be secure, no matter how fancy your one time pad construction is.
Uncrackable glass plates? Forget cryptography, you should get into the windshield business!
That's not the case with a properly used one-time pad. Normally you break a cipher by finding correlations due to the repeated use of a finite encryption key on different parts of a comprehensible plaintext. If either the message is random, or the encryption key is random and nonrepeating, then the message cannot be deciphered.
Unless you steal the pad, or force the user to repeat it.
No kidding!!! What do you say at this point?
SIR! TURN YOUR KEY!
SGI had something along these lines http://www.google.com/patents?vid=5732138 https://en.wikipedia.org/wiki/Lavarand but links http://lavarand.sgi.com/ don't work too well now.
Nope. The OTP is truly unbreakable.
The only problem with it is that you need to secretly transmit the pad to the recipient. How do you do that? With a one-time-pad...?
No sig today...
A one time pad is impossible to crack in theory, but may be crackable if the method for generating the pad is flawed. Creating true randomness is a tricky proposition, and I don't see why its safe to believe that "shining a light through a diffusive glass plate" will generate true randomness.
Paper pads had the same problems that computers do today, that aren't so trivially dispensed with using the premise "when used correctly."
It's nearly impossible to "use correctly" a one-time pad on any computer or other electronic device. The moment you put the key into RAM, or worse, FLASH, you are leaving remnants that can allow the key to be recovered. It's a relatively complex process to recover old, erased data from memory, but it is done, every day.
You would need to create your ciphered data, then completely destroy the PC or electronic device used to create it, in order to have a perfectly unbreakable message.
So just how round are these one time pads? Way round.
Schrödinger's cat is not amused—maybe.
Was it really used? Or am I hazily recalling some spy novel stuff from Irwin Wallace or Alistair MacLean and mistaking it for real history?
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Hope they keep this glass plate at a constant temperature, lest it shrink/grow changing your OTP key.
The key here is that the OTP is a physical object (actually, TWO physical objects) that is not easily replicated (since it's surface imperfections that give rise to the randomness in the pad). So Eve would have to be in possession of Bob's pad at the time Alice was transmitting the message in order to decipher the message. If I'm understanding this correctly.
One time pads are uncrackable only if the pad is truly random and perfectly secretive. Everyone has known this for years. All they have done here was to create a new way to generate random numbers. Any new way of generating random numbers would/could be equally applied to OTP crypto.
... bruteforce still works (but, of course it could take a lot of time...)
If you can meet up to exchange a piece of glass you can also exchange USB drives (or whatever) full of random numbers. It's just as secure as this method.
The innovation here is that that nobody can make a copy of the piece of glass.
Or is it...? If Bob can create a OTP using the glass then so can Eve. All she does is sneak into his hotel room when he's asleep, generate his pad using his crystal and make a copy of it.
I fail to see how this is more secure than simply exchanging USB keys.
No sig today...
The real key here is that there is no advantage to the device at all.
In the cryptographic protocol that the authors (all physicists) believe to be novel, but which every cryptographer is aware of:
1. The authors have a perfectly secure channel (separate from the one established in the protocol).
2. They exchange as much information over that channel as the device stores.
3. The later established channel can only use that number of bits.
For real excitement they xor together their OTPs. Sorry guys but this is called a pre-shared key and the crypto world is quite aware of it. Good luck with the window dressing getting you past the PC of a physics venue.
Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
why they wouldn't use existing technologies (light-sensitive polymer inks, for instance) to make pairs of OTPs which both:
a) Have to be registered at a central authority to "recognize" the other station, and,
b) Destroy themselves as they're read, prohibiting copying.
Alice and Bob both grab a disk at CIA headquarters, Bob is sent to the American Embassy in Elbonia, and registers his OTP from that location with the State Department. Then, it's locked to that terminal, with his credentials, and the OTP wipes itself out as he goes...
Mallory would have to copy the OTP pad before first use, break into the VPN, and use Bob's credentials to send a forged message. Other than an over-the-shoulder camera or TEMPEST interception, I'm not sure how she could get snoop copies, other than HUMINT.
The question is: how soon this diffusive glass will become a forbidden substance ?
I can't remember which book it was, maybe Cryptonomicon, but more likely The Ultra Secret, but it had some interesting stories about both the allies and axis having a hard time at this.
They used various ideas to try and "make" randomness into their one time pads. However all of these things had to be done by a person, as this was more less before the advent of computers (well just before anyway). One such method had to do with using a deck of cards. However crackers were able to even find patterns among the people using (aka their tendencies in drawing cards or other such devices), so occasionally personnel would have to be "shuffled" themselves to different areas.
If you think about it, a computer is generating it from an algorithm, which may be complex, but is essentially a set of rules that can be determined. I have heard of some that try to utilize some sort of seemingly random event that is naturally occurring. However even these can be modeled over time.
The key really is to make it difficult enough so that the code breaker cannot really use the information obtained effectively. Unfortunately usually this involves additional overhead on the part of the cryptography as well, which of course reduces its usefulness as well.
Which is exactly why the allies took such great pains to prevent the axis from finding out that their unbeatable code had been broken. As it was they got complacent and lazy, and had they known, they would have changed their codes, and the allies would have to start all over again.
The breakthrough is the KIND of OTP that they're using: glass plates that, they believe, cannot be (easily?) duplicated, unlike a digital OTP would be.
Random physical structures have been used for this purpose for decades.
All she does is sneak into his hotel room when he's asleep, generate his pad using his crystal and make a copy of it.
Sounds like a metaphor for something kinky...
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
A secure one-time pad with classical means is easy to do. You just need to secure the system where the pad is applied adequately. You need to do the same thing with this hype-device. Hence it has zero advantages over other implementations of the one-time pad, but a lot of drawbacks.
I would suggest that these people are not stupid and know of the severe drawbacks. I would also suggest they are just completely unethical lying scum and grant or investment money is the only thing counts for them.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The problem here is the OTP is not one-time.
Oh thats easy just make sure the person you want to talk secretly to is called Eve!
Problem solved :)
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
See Wikipedia for the generic concept behind this "breakthrough": PUF.
If the OTPs are in fact uncopyable, the authors don't need a perfectly secure channel. Alice sends plates to Bob. Eve intercepts the crate, and then what? If she can't copy the plates, she can either divert them or break them (in which case all we need is an authenticated, not secure, channel for Bob to report nondelivery), or let them proceed to Bob. If Bob doesn't report that he has the plates, then Alice sends another batch of plates until Bob reports that he has them. If Alice and Bob need to talk more than the shipped plates allow, Alice can ship more at any time. Eve can, if sufficiently diligent and successful, remove Alice and Bob's ability to communicate, but cannot intercept any message.
Of course, if it's possible to make a copy of a plate, it's no better than trying to securely send thumb drives.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
All top secret information should flow through one time pad systems.
Look at it this way. What does disk space cost these days? Imagine getting a 30 gigabyte one time pad file on its own little SSD drive. How much data could be passed back and forth as theoretically unbreakable encryption? At the very least 30 gigabytes of data. In practice, probably at least a magnitude beyond that.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Not really - a USB drive is laughably easy to duplicate - that's kind of it's purpose. Exactly duplicating (or even just characterizing) microscopic surface imperfections on a piece of glass on the other hand likely requires specialized hardware that a spy can't easily carry in a suitcase. At least assuming that a smooth protective layer is bonded over it to prevent mold creation (say glass with a much different refractive index).
So basically you're adding physical-key security to your OTP, which drastically strengthens the only major weaknesses of the technique.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
Three things are required for a one time pad - that the key be shared, random and non-repeated. A one time pad is very much breakable if the key is not both random and non-repeated, and the biggest problem with its use can be the sharing of the keys.
The Soviet "Verona" traffic was decoded because they reused pads (keys), rendering the message decryption straightforward, and also revealing the keys. The revealed keys were found to have some further weaknesses, as they were made manually (apparently by secretaries told to type randomly on their typewriters). These weaknesses included an avoidance of repeated characters, a tendency to alternate hands (a character on the left side of the keyboard would be likely to be followed by one on the right), and (IIRC) a preference for character pairs and triplets that didn't require too much stretching of the hands. (On the top line of a QWERTY keyboard, this means that, say, an initial "q" would be unlikely to be followed by another "q", that it would be likely to be followed by a letter in the "u - p" range, and that the third character would be more likely to be a q, w or e than an r, t or y.)
Now, officially, that amount of manual non-randomness wasn't enough to break further Soviet one time pad encryptions, but I suspect that they were. I have also heard rumors that later use of random keys generated by electronic circuits had problems as the physical limitations of the electronic circuitry imposed a low-pass filtering that made these keys, again, not totally random. Note that true randomness is what is needed here - common digital pseudorandom techniques, such hashing with SHA-1, may help to obscure weaknesses, but they will not make a non-random key random.
In this case, I would worry very much about
- whether the physical technique produces a truly random key and
- how to satisfy myself that today's random key is totally independent of every previous key. If this is, say, dependent on where the laser is pointing to in the glass, how far apart does each pointing need to be to make sure that the results are independent, and can I securely verify that today's direction is sufficiently different from every previous time and
- as the technique is passing an initial sequence of bits through the randomizer glass, how random does the initial sequence need to be ? What weaknesses are imposed by non-randomness in that initial sequence.
I could easily see this technique being secure in theory but massively broken in practice by some weakness in how the glass is made or handled or in the initial keys.
Note, by the way, that the two parties must physically get together to generate the key, so in a sense this is really a secure key storage device. Once they use up their stored keys, they have to meet again to be able to send more messages, which of course is the real problem with one time keys (and why, for example, the Soviets reused some of the Verona keys).
And, finally, this technique might make a cool way of doing truly secure hashing.
When you get loaded.
What about a MITM attack? Doesn't need Bob verify that the plates are actually the ones that Alice manufactured? You don't need to copy the plates to barge into the channel.
Ezekiel 23:20
Of course, if it's possible to make a copy of a plate, it's no better than trying to securely send thumb drives.
The simple fact that there are two serves as an existence proof of the possibility of making a copy.
I don't think they are identical plates. The encryption would simply take the configuration of both into account.
That's the point, you need physical access to the glass to break the code. With a USB key, at some point the USB key must be plugged in and can be copied remotely.
Achille Talon
Hop!
The main problem I see is that the pads must be distributed in some secure way. With public key cryptography, the public key is available for anyone to use and distribution of this key does not have to be secure.
Well, there's spam egg sausage and spam, that's not got much spam in it.
I always assumed you exchanged pads in person (or over a secure connection), then used the pads to later transmit information when a secure connection isn't available. You could fill two harddrives with random data, then meet rather infrequently to re-randomize and exchange them.
>
The innovation here is that that nobody can make a copy of the piece of glass.
Or is it...? If Bob can create a OTP using the glass then so can Eve. All she does is sneak into his hotel room when he's asleep, generate his pad using his crystal and make a copy of it.
The point is that its a READ ONCE device -- Eve can't make a copy of the data in Bob's key without destroying the physical device containing the key...
I always thought a high quality recording from a windy outdoors location with no man-made sound sources would make a fine source of random values.
This is actually an excellent question. I know HMAC exchanges need a distinct MITM protection for the same reason, maybe the same techniques can be applied in this situation? (I did not read the oroginal paper yet, maybe they already do that)
That relies on Eve always being able to intercept the encrypted messages so that she can translate the message from set of plates Alice-Eve to the Eve-Bob plates.
As soon as you miss one message the game is up as Bob's plate doesn't work with Alice's.
This is why you want to copy, not replace the plates.
But, yes, you're right, as long as you're happy to always be the MITM and you dno't mind if you're discovered after you're done.
It must be at least read-twice. Once to jointly encrypt the "common key", which contains the pad, and once retrieve the pad from the common key.
"I fail to see how this is more secure than simply exchanging USB keys."
This is more secure than exchanging USB keys because such keys exist all the time between the moment of generation and the moment of decryption. An attacker that gains access to the storage media at some point in between can copy the pad very quickly without anyone noticing.
This method lets Alice and Bob store only the sequence S and the combination W = (A xor B), which may be published, as Eve cannot use them to decode intercepted messages. The actual codes A and B are not stored, they are recreated when needed from S and the corresponding piece of glass.
The two pieces of glass are safer because it is hard to copy them. That is, the idea is that each piece of glass is like a 100-petabyte one-time pad, which would be both time consuming to read and hard to store.
The sequence S is used to extract a manageable portion A (or B) of this 100-petabyte pad.
But here is perhaps the weakness of the system: If the sequence S is known to Eve, and she briefly gets access to one of the pieces of glass, she will only need to repeat the process by which A or B was generated from S and the glass. This is precisely the same process that Alice and Bob must repeat to actually use the system. Such brief access is largely equivalent to a similarly brief access to the USB key or the stored data on a hard disk. Once Eve has one of A or B, she computes the other one using A = B xor W or B = A xor W.
So the security benefit boils down to the glass not being continuously connected to the optical device. This is similar to a USB key not being continuously connected.
But it may still be easier to protect a single piece of glass that is reused with different values of S, than to keep track of multiple USB keys for the different sessions. (And not confuse these keys with other keys used for other purposes.)
There is no substitute for common sense. Especially, no body of rules will do.
http://www.imdb.com/title/tt0070948/synopsis?ref_=tt_stry_pl
Infinite data being stored in a single crystal; all depending on how the light refracts.
As far as I can tell, the glass is the OTP.
Copying it is possible, but you need 24 hours (using current techniques).
So Eve has to (a) get it for a day, and copy it, or (b) get physical access to it after obtaining the message, before the message becomes irrelevant.
Whatever you do, don't tell Alice - she's the jealous type, or so I've heard
At some point the glass needs to be "plugged in" in order to read the code off it again to decipher the message.
If the OTPs are in fact uncopyable, the authors don't need a perfectly secure channel. Alice sends plates to Bob. Eve intercepts the crate, and then what?
Eve intercepts the crate and places a one time pad that she made (different from original) and sends the crate on. When Alice later sends the message, Eve reads it, re-encrypts it using the code Bob is expecting and forwards that on. Neither Alice nor Bob detects anything odd, while Eve knows the message before Bob.
http://slashdot.org/submission/1062723/Cheap-mobile-data-plan?art_pos=2
Perhaps the esteemed expert author didn't know, but this has been done for many years with various physical noise sources. They've just used yet another sensor, otherwise this is old hat.
Back around 2000--2001 I used POTP email client from, an Israeli company to satisfy a client's perceived need for encrypted communications.
It solved the exchange problem on an initial or any sync message, and after that passed new pads each time.
Pretty much unbreakable. I still have a copy, but I doubt it would run, and I need a partner to test it, sort of.
deleting the extra space after periods so i can stay relevant, yeah.
Really clever. Haven't read the whole thing, but this seems like a potential weak-spot: "Of course, this process can be used only once. But Alice and Bob can generate a huge volume of combined keys by passing different random patterns through their slabs when they meet."
When there's more than one key, there's potential for a human-factor screw-up. If there's no way for Alice and Bob to meet, then there's a time-limit. Finally, without access to the public combined-key, nothing works. So a few things can go wrong - and will.
"You must try to forget all you have learned. You must begin to dream." -- Sherwood Anderson
I have written an OTP program, but it is not for public use. I use the OTP generating routine here: http://www.fourmilab.ch/onetime/otpgen.html
The ANU Quantum Random Numbers Server at http://150.203.48.55/Matrix.php
Does this alleviate Bob's problem of determining whether or not Eve has gotten the plate before it got to Bob or after it got to Bob? Is it not really impenetrable encryption, or does it just move the challenge from "snooping electronically" to "stealing without detection"? If Eve got a hold of the plate before Bob did could she not even in theory substitute a different plate? Copy the plate? Provably too hard or just too hard as far as we know or doable given resources, which? Bob would have to destroy / mutate the plate right after use- destroy after reading. Humans are the weak link in that scheme, right? Bob can't be relied to remember much info without the aid of some form of transcription. So good for secure launch codes, the ultimate in "use-once-and-render-irrelevant" , (but what if there's failure to launch? What do you know ? Can you still destroy the glass or do you have to keep it around for forensics examination and what are the security implications there? ) but not so good for ad hoc communication. And anyways how is this better than the one time pads you can listen to on shortwave radio? http://www.spynumbers.com/ Or the mysterious Yosemite Sam broadcast coming out of NM? http://www.spynumbers.com/ys.wav Which may effectively be a one-time pad where numbers are represented by hard-to-detect changes in the background noise / amplitude of the seemingly same Bugs Bunny excerpt?
Is easily cracked. Consider the three-time pad equal to open-text, unless your opponent is lazy.
you would need a microscope ( eletronic one ? ) for to make an 1:1 copy of the crystal resp. of the glass - this microscope
would have to be connected to an emulating transmitter of the code . . . would mean the microscope is delivering the "key" for the
transmitter by scanning the glass or crystal . . .
Comment removed based on user account deletion
I think that the OTP also needs to be longer than the message to be truly secure, but IANA-cryptanalyst, so I'm not better than 90% sure on that.
Most encryption systems that I've seen compress the message before encryption, which makes it close enough to random to help a lot on that front of making Eve's life difficult ; and it makes the balance between message length and OTP length more favourable too.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
... the only major weakness...
Except that part where your key has to be as long as your message...