Kish cypher
Encyclopedia
The Kish cypher is a technique purported to maintain secure communications utilizing classical statistical physics due to Laszlo B. Kish
. The Kish cypher is a physical secure layer (hardware-based technique) where the security is provided by the laws of physics (the second law of thermodynamics
and Kirchhoff's laws
) and it should not be confused with a software-based approach called the Kish–Sethuraman (KS) cypher.
The use of resistors is an idealization for visualization of the scheme, however, in practice, one would use artificially generated noise with higher amplitude possessing Johnson-like properties. This removes the restriction of operation within thermal equilibrium. It also has the added advantage that noise can be ramped down to zero before switching and can be ramped up back to the nominal value after switching, in order to prevent practical problems involving unwanted transients.
To protect the Kish cypher against invasive attacks, including man-in-the-middle attack
s, the sender and receiver continuously monitor the current and voltage amplitudes and broadcast them via independent public channels. In this way they have full knowledge of the eavesdropper's information.
An eavesdropper may potentially crack the Kish cypher by evaluating a resistor value at one end of the wire, in the time window where the resistor at the other end is being switched out. The response to this claim is that this attack is completely avoidable by the simple trick of doing the switching when both the voltage and the current are zero in the line. In the hardware demonstration of the cypher, the voltage (and current) was ramped down to zero before the switching took place in order to create this situation in an easy way . A simpler method to eliminate this problem utilizes the fact that accurate noise measurement is slow, as it requires an averaging process. The resistors are switched faster than the noise measurement time.
The use of the Johnson noise formula to evaluate the resistor values requires thermal equilibrium. In the Kish cypher method this is far from the case. For example, it cannot be guaranteed that the receiver and sender are at the same temperature. This is addressed by using artificial noise sources with Johnson-like characteristics rather than actual resistor values.
Back in 2006, a defense against the Bergou-Yariv-Scheuer attack was mounted and then experimentally confirmed in 2007, where Mingesz et al. showed that it was possible to build a hardware realization communicating over two thousand kilometers with 99.98% fidelity and a maximum of a 0.19% leak to an eavesdropper. It also turns out that the sender can exactly calculate which of the bits have been detected by the eavesdropper—this was mathematically analyzed by Kish and Horvath in 2009.
Laszlo B. Kish
László Bela Kish is a physicist and professor of Electrical and Computer Engineering at Texas A&M University. His activities include a wide range of issues surrounding the physics and technical applications of stochastic fluctuations in physical, biological and technological systems, including...
. The Kish cypher is a physical secure layer (hardware-based technique) where the security is provided by the laws of physics (the second law of thermodynamics
Second law of thermodynamics
The second law of thermodynamics is an expression of the tendency that over time, differences in temperature, pressure, and chemical potential equilibrate in an isolated physical system. From the state of thermodynamic equilibrium, the law deduced the principle of the increase of entropy and...
and Kirchhoff's laws
Kirchhoff's laws
There are several Kirchhoff's laws, all named after Gustav Robert Kirchhoff:* Kirchhoff's circuit laws* Kirchhoff's law of thermal radiation* Kirchhoff's equations* Kirchhoff's three laws of spectroscopy* Kirchhoff's law of thermochemistry-See also:...
) and it should not be confused with a software-based approach called the Kish–Sethuraman (KS) cypher.
The Kish cypher scheme
The communication channel is a standard wire, and conceptually the sender can transmit a message by simply switching between two different resistor values at one end of the wire. At the other end, the receiver can also reciprocate by switching in and out resistors. No signals are sent along the line. The receiver simply uses a spectrum analyser to passively measure the Johnson noise of the line. From the noise, the total resistance of the line can be calculated. The receiver knows his/her own resistor value, so can then deduce the sender's resistor. In this way messages can be simply encoded in terms of binary states dependent on two resistor values. The system is thought to be secure because although an eavesdropper can measure the total resistance, the eavesdropper has no knowledge of the individual values of the receiver and sender.The use of resistors is an idealization for visualization of the scheme, however, in practice, one would use artificially generated noise with higher amplitude possessing Johnson-like properties. This removes the restriction of operation within thermal equilibrium. It also has the added advantage that noise can be ramped down to zero before switching and can be ramped up back to the nominal value after switching, in order to prevent practical problems involving unwanted transients.
To protect the Kish cypher against invasive attacks, including man-in-the-middle attack
Man-in-the-middle attack
In cryptography, the man-in-the-middle attack , bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other...
s, the sender and receiver continuously monitor the current and voltage amplitudes and broadcast them via independent public channels. In this way they have full knowledge of the eavesdropper's information.
An eavesdropper may potentially crack the Kish cypher by evaluating a resistor value at one end of the wire, in the time window where the resistor at the other end is being switched out. The response to this claim is that this attack is completely avoidable by the simple trick of doing the switching when both the voltage and the current are zero in the line. In the hardware demonstration of the cypher, the voltage (and current) was ramped down to zero before the switching took place in order to create this situation in an easy way . A simpler method to eliminate this problem utilizes the fact that accurate noise measurement is slow, as it requires an averaging process. The resistors are switched faster than the noise measurement time.
The use of the Johnson noise formula to evaluate the resistor values requires thermal equilibrium. In the Kish cypher method this is far from the case. For example, it cannot be guaranteed that the receiver and sender are at the same temperature. This is addressed by using artificial noise sources with Johnson-like characteristics rather than actual resistor values.
Attacking physical realizations of the Kish scheme
While the mathematical concept is unconditionally secure, hacking attacks against the actual physical realization of the Kish scheme, utilizing non-ideal features, such as inaccuracies and stray resistive elements, can be exploited to extract a fraction of the transmitted key bits. In 2005, Bergou proposed a method of finding such a weakness in the Kish scheme by utilizing the wire resistance. Then in 2006, Scheuer and Yariv analyzed Bergou's attack in detail. In 2010, Kish and Scheuer critically revisited the old Scheuer and Yariv results and showed that the original calculations of the Bergou-Scheuer-Yariv-attack were incorrect; moreover the new calculations indicate that the actual effect is about 1000 times weaker.Back in 2006, a defense against the Bergou-Yariv-Scheuer attack was mounted and then experimentally confirmed in 2007, where Mingesz et al. showed that it was possible to build a hardware realization communicating over two thousand kilometers with 99.98% fidelity and a maximum of a 0.19% leak to an eavesdropper. It also turns out that the sender can exactly calculate which of the bits have been detected by the eavesdropper—this was mathematically analyzed by Kish and Horvath in 2009.
Privacy amplification for the Kish cypher
Recently, T. Horvath, et al have studied the practical effectiveness of privacy amplification for the Kish cypher and for two subsequent classical key-distribution schemes inspired by it. They find that the high fidelity of the raw key generated in these key-exchange protocols allow Alice and Bob to always extract a secure key provided they have an upper bound on Eve's chances to correctly guess the bits. They conclude that this property can make the Kish cypher highly useful for practical applications.Securing computers and hardware by integrating the Kish cypher on chips
A specific advantage of the Kish system is that it can be integrated on digital chips to provide unconditionally secure key exchange (both for the first and the refreshed keys) for secure data communication between hardware units, such as processors, memories, hard drives, etc, within a computer or an instrument. Another advantage of such system is that, due to the short distances and the relevant range of frequency, the main non-idealities (wire resistance, inductance and capacitance) are negligible thus the Kish system can run under idealistic conditions to provide unconditional security without further precautions or processing, such as privacy amplification.See also
- CryptographyCryptographyCryptography is the practice and study of techniques for secure communication in the presence of third parties...
- Secure communicationSecure communicationWhen two entities are communicating and do not want a third party to listen in, they need to communicate in a way not susceptible to eavesdropping or interception. This is known as communicating in a secure manner or secure communication...
- Computer securityComputer securityComputer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
- Quantum cryptographyQuantum cryptographyQuantum key distribution uses quantum mechanics to guarantee secure communication. It enables two parties to produce a shared random secret key known only to them, which can then be used to encrypt and decrypt messages...
- Topics in cryptography
External links
- Unconditionally secure communications
- Homepage of the Kish cypher at Texas A&M University
- Bruce Schneier, Totally Secure Classical Communications?
- Bruce Schneier, More on Kish's Classical Security Scheme
- Totally Secure Non-Quantum Communications?
- Forget Quantum Encryption, Simple Scheme Can Stop Electronic Eavesdroppers
- Unconditionally secure communication via wire
- Kish’s "totally secure" system is insecure
- Quantum cryptography without the quantum?
- Secure wire communicator
- Status of the Kish cypher scheme
- A Russian report on the Kish cypher
- Japanese summary of the Kish cypher
- Discussion of practical aspects of the Kish cypher