Novel Applications of Noise in Sensing and Communications
Laszlo B. Kish (1), Robert Mingesz (2), Zoltan Gingl (2), Gabor Schmera (3), Janusz Smulko (4),
Chiman Kwan (5), Peter Heszler(6), Claes-Goran Granqvist (7)
(1)Texas
A&M University, Department of Electrical and Computer Engineering, College Station, TX, USA
(2) University
of Szeged, Department of Experimental Physics, Dom ter 9, Szeged, H-6720, Hungary
(3) Space
and Naval Warfare Systems Center San Diego, CA, USA
(4) Gdansk
University of Technology, Gdansk, Poland
(5) Signal
(6) Research
(7) The
Processing, Inc., Rockville, MD, USA
Group of Laser Physics, University of Szeged, Hungary
Ångström Laboratory, Uppsala University, Sweden
Texas A&M University, Department of Electrical and Computer Engineering
Noise as an information carrier:
1. Fluctuation-Enhanced Sensing
2. Johnson-Noise Informatics:
- Totally secure classical communication
- Zero-power communication (stealth)
- Classical teleportation (totally secure networks)
- Thermal noise driven computers
Texas A&M University, Department of Electrical and Computer Engineering
Fluctuation-Enhanced Chemical Sensing (1998-2007)
• Microscopic fluctuations in a system can contain much more information about the system than the
average values of the corresponding physical quantities.
• Often, the measurement of these fluctuations can serve with some unique information that cannot be
assessed by other means or it causes the least perturbation to the system.
• Fluctuation-Enhanced Sensing (2001, John Audia, SPAWAR, US Navy): sensing of physical, chemical
or biological agents where fluctuations are utilized to gain sensory information.
Patents:
1. Biological: L.B. Kish, M. Cheng, R. Young, M. King, S. Bezrukov, "Sensing Phage-Triggered Ion Cascade (SEPTIC)", U.S.
Patent, #: 60/630,975 (November 24, 2004).
2. L.B. Kish, G. Schmera, J. Smulko, "System and Method for Gas Recognition by Analysis of Bispectrum Function", Patent
pending, Navy Case #96130 (March 2004).
3. L.B. Kish, G. Schmera"Method of Molecule Counting Using Fluctuation Enhanced Sensors", Patent pending, Navy Case #95831
(March 2004).
4. L.B. Kish, G. Schmera, "Fluctuation Enhanced Chemical Sensing by Surface Acoustic Wave Devices", US Navy patent
pending, Navy Case #8412, (June 2003).
5. L.B. Kish, C.G. Granqvist and R. Vajtai, "Sampling-and-Hold Chemical Sensing by Noise Measurements for Electronic Nose
Applications", Swedish patent # 990409-5.
6. L.B. Kiss, C.G. Granqvist, J. Söderlund, "Detection of chemicals based on resistance fluctuation-spectroscopy", Swedish patent,
#9803019-0; Publ. # 513148.
Texas A&M University, Department of Electrical and Computer Engineering
Chemical sensing by Fluctuation-Enhanced Sensing.
"Noise Nose"
US Army Research Office small-business-research-initiative grant (joint with
Signal Processing Co., Rockville, MD):
Laptop Computer-Based Electronic Dog Nose by Fluctuation-Enhanced Sensing
Phase-1: 7/2006-6/2007; Phase-2: 11/2007-10/2009
Texas A&M University, Department of Electrical and Computer Engineering
Electronic noses
Large number (6-40) of different types
of sensors are needed in classical
electronic noses. That implies price,
reliability and aging problems.
(Working temperature: 150 - 350 oC)
P.E. Keller, et al, (TAC’95 conference)
Texas A&M University, Department of Electrical Engineering
and Computer Engineering
Usual way of sensing (dR is resistance or other dc sensor signal):
dR1 = A1,1 C1 + A1,2 C 2 + ... + A1,N C N
.
.
.
dR M = A M,1 C1 + A M,2 C 2 + ... + A M,N C N
M≥N
Texas A&M University, Department of Electrical and Computer Engineering
Chemically sensitive materials produce noise. Can we use the noise spectrum to
characterize the chemical environment?
The first authors exploring this possibility and demonstrating it in conducting polymers were Bruno Neri
and coworkers (P. Bruschi, F. Cacialli, A. Nannini and B. Neri, Sensors Actuators B 19 (1994) 421. and
P. Bruschi, A. Nannini and B. Neri, Sensors Actuators B 25 (1995) 429.)
Gottwald and coworkers have shown chemical sensitivity of noise in non-passivated semiconductors (P.
Gottwald, Zs. Kincses and B. Szentpali, in. Unsolved Problems of Noise (UPoN’96), (World Scientific,
Singapore, 1997), p. 122.)
A
m
p
l
i
t
u
d
e
time
Texas A&M University, Department of Electrical and Computer Engineering
Kish, Vajtai, Granqvist, Unsolved Problems of Noise 1999; Sensors and Actuators B, 2000)
Agent-induced noise in one sensor with K characteristic frequency ranges with independent
behaviour can substitute for K sensor. Single sensor electronic noise is theoretically possible
dS(f1 ) = B1,1 C1 + B1,2 C 2 + ... + B1, N C N
.
.
.
dS(f K ) = BK,1 C1 + BK,2 C 2 + ... + B K, N C N
K≥N
Texas A&M University, Department of Electrical and Computer Engineering
Fluctuation-enhanced chemical sensing.
Chemical
Sensor
AC
Preamplifier
Statistical
Analyzer
Original
Processing
Texas A&M University, Department of Electrical and Computer Engineering
Pattern
Recognition
ENHANCED CHEMICAL SENSING SYSTEM
GAS SOURCES:
INORGANIC
ORGANIC
BIOLOGICAL ODOR
WARFARE
A SMALL ARRAY OF TAGUCHI SENSORS
GAS SENSOR
ARRAY
other
PREAMPLIFIER
AND
SIGNAL CONDITIONER
PATTERN GENERATOR
PATTERN
DATABASE
PATTERN
RECOGNIZER
OPERATOR FEEDBACK
(LEARNING PHASE ONLY)
OPERATOR
DISPLAY FOR
ASSESSMENT
Texas A&M University, Department of Electrical and Computer Engineering
Lab Demo Prototype of Fluctuation-Enhanced Sensing
(Fluctuation and Noise Exploitation Lab, TAMU)
Preamplifier and
Filters
Signal Conditioning,
AD Conversion
Statistical Analyzer,
Pattern Recognizer,
Pattern Databank,
Output Display,
Keyboard Control
Gas Sensor
Chamber
Sensor Driver and
Signal Distributor
Classical Signal Output
(Single Number)
Texas A&M University, Department of Electrical and Computer Engineering
Is the idea new? This is, of course, already used by Nature.
For example, animal noses, which produce stochastic fluctuation type signals
for the animal brain.
Texas A&M University, Department of Electrical and Computer Engineering
Fluctuation-Enhanced Sensing is bio-mimic !
Stochastic
spike train
Excitation
BRAIN
Neuron
Stochastic
spike train
Excitation
statistical signal analysis,
spatiotemporal crosscorrelation analysis,
pattern recognition
Neuron
Stochastic
spike train
Excitation
Neuron
Texas A&M University, Department of Electrical and Computer Engineering
Some experimental results on Taguchi sensors.
Taguchi sensors are heated semiconductor-oxide films where the resistance of the inter-grain
junctions is modulated by the adsorbed agent which act as doping.
Stochastic microscopic fluctuations are generated in the sensor signal due to the diffusion of
agent on the sensor's surface and in the sensor.
Unfortunately, it is an obvious consequence that the elementary fluctuations are not linearly
additive.
Texas A&M University, Department of Electrical and Computer Engineering
Nanoparticle film sensors (5nm WO3 with < 1%Palladium particles)
Fluctuation-Enhanced Response in WO3 Nanoparticle Films for Gas Sensing
J. Ederth, et al, Sensors and Actuators, 2005
T=350oC
t 104
10000
i
Sensitivity-Enhancement of 300 !
v
(note, it can be even more at particular
temperatures and concentrations)
i 3
1000
t 10
i
s
102
n100
e
S
The only way is to use
Fluctuation-Enhanced
10
Sensing with Normalized PDS
P
G
Gu
Sensing with PDS
Sensing with Resistance
Sensing below 10 ppm
11
0
50
100 150 200 250 300 350
Concentration of ethanol (ppm)
Texas A&M University, Department of Electrical and Computer Engineering
Kish, et al, IEEE Sensors, 2005
10-24
10-26
10-28
H2S gas, SnO2 thick film sensor, 150oC
10ppm
5ppm
1ppm
f Su(f)/R4
10-30
10-32
10-34
10-36
10-38
synth. air 1
synth. air 2
-40
10
synth. air 4
synth. air 3
10-42
101
102
f (Hz)
Texas A&M University, Department of Electrical and Computer Engineering
Texas A&M University, Department of Electrical and Computer Engineering
Frozen smell. Kish, et al, ICNF 2001.
The sensor stays with the fungus, even after the heating is stopped.
NAP 11AS
(air quality, odor sensor)
f*S v(f) (arb. units)
10 -12
10 -13
10 -14
fgelgg
fh11cg
fh21gg
fh31ad
10 -15
non-inoculated
Penicillium verrucosum
Penicillium roqueforti
Aspergillus flavus
Data taken 12 h after interruption of heating
0.1
1
10
100
1000
10000
100000
Frequency (Hz)
The measurements were done in the cold state, after exposure in the warm state (heating
for 1 minute), to non-inoculated and inoculated gels with Penicillium verrucosum,
Penicillium roqueforti, and Aspergillus flavus fungi. The measurement was done after 12
h the heating was switched off.
Texas A&M University, Department of Electrical and Computer Engineering
Bispectrum. COTS sensors. More sophisticated and powerful tool. This information which is hidden when
using classical power density spectra. Smulko and Kish, Sensors and Materials, 2004
Needs non-Gaussian signal (best with nanoscale sensors)!
Synthetic air
B( f1 , f 2 ) = F( f1 )F( f 2 )F( f1 + f 2 )
Hydrogen 380 ppm
Note: all figures are generated by the same, single COTS sensor (NOx sensor) !
Ethanol fumes
Ethanol 70 ppm
Texas A&M University, Department of Electrical and Computer Engineering
Diffusion
barrier
Nano-DDS Conference, Washington DC, June 2007.
Spectra of the simulated situations. Molecules A, B ad C. Notations: 1A: 1 molecule A; 1B: 1 molecule C; 1A-2B: 1 molecule A and 2 molecules B; etc. The white noise
at low frequencies is caused by the diffusion barriers.
Texas A&M University, Department of Electrical and Computer Engineering
Receiver operating characteristic (ROC) curves
bispectrum: B( f1 , f 2 ) = F( f1 )F( f 2 )F( f1 + f 2 )
Texas A&M University, Department of Electrical and Computer Engineering
"Johnson-noise informatics"
Robert Mingesz
Zoltan Gingl
- Zero signal power communication (stealth)
- Thermal noise driven computers (1.1 kT/bit)
(c.f. Prof. Yanagida's plenary talk on Monday)
- Totally secure classical communication
- Classical telecloning (totally secure networks)
• L.B. Kish, "Totally Secure Classical Communication Utilizing Johnson (-like) Noise and Kirchoff's Law";
•
•
•
•
•
•
Arxiv Preprint Server, uploaded September 15, 2005: arxiv.org/abs/physics/0509136;
Physics Letters A 352 (March, 2006) 178-182.
Unpublished manuscript featured in the Science magazine, by Adrian Cho, "Simple noise may stymie spies without quantum weirdness"
Science 309, p. 2148 (September 30, 2005).
L.B. Kish, "Protection against the man-in-the-middle-attack for the Kirchhoff-loop-Johnson(-like)-noise cipher and expansion
by voltage-based security", Fluctuation and Noise Letters 6 (2006) L57-L63.
L.B. Kish, R. Mingesz, "Totally secure classical networks with multipoint telecloning (teleportation) of classical bits
through loops with Johnson-like noise", http://arxiv.org/abs/physics/0603041 (March 5, 2006).
L.B. Kish, "Methods for using existing and currently used wire lines (power lines, phone lines, internet lines) for totally secure classical
communication utilizing Kirchhoff's loop and Johnson-like noise", http://arxiv.org/abs/physics/0610014 (October 2, 2006)
R. Mingesz, Zoltan Gingl, Laszlo Kish, "Realization and Experimental Demonstration of the Kirchhoff-loop-Johnson(-like)-Noise
Communicator for up to 200 km range", Physics Letters A, in press (2007).
Unpublished manuscript featured in the New Scientist magazine, by D. Jason Palmer, "Noise keeps spooks out of the loop" New Scientist,
issue 2605, p. 32, (23 May 2007)
Texas A&M University, Department of Electrical and Computer Engineering
Pre-history:
L.B. Kish, "Stealth communication: Zero-power classical communication, zero-quantum quantum
communication and environmental-noise communication", Applied Physics Lett. 87 (December 2005),
Art. No. 234109
Texas A&M University, Department of Electrical and Computer Engineering
Introduction:
"Stealth communication: Zero-power classical communication, zero-quantum quantum communication and
environmental-noise communication", Applied Physics Lett. 87 (December 2005), Art. No. 234109
Classical and quantum communication today: the sender emits signal energy
Texas A&M University, Department of Electrical and Computer Engineering
Introduction:
Is it possible to do communication without emitting
signal energy in the information channel?
(Ask around and, most probably, you will hear consistent "no" answers"...)
Texas A&M University, Department of Electrical Engineering
and Computer Engineering
Introduction:
Is it possible to do communication without emitting
signal energy in the information channel?
The answer is YES
Texas A&M University, Department of Electrical Engineering
and Computer Engineering
Introduction:
"Stealth communication: Zero-power classical communication, zero-quantum quantum communication and
environmental-noise communication", Applied Physics Lett. 87 (December 2005), Art. No. 234109
Zero-Signal-Power Classical Communication
CHANNEL
SYSTEM
IN THERMAL
EQUILIBRIUM
SENDER
MODULATING A
PARAMETER
CONTROLLING
THERMAL NOISE
RECEIVER
MEASURING
AND ANALYZING
THERMAL NOISE
Texas A&M University, Department of Electrical and Computer Engineering
Introduction:
"Stealth communication: Zero-power classical communication, zero-quantum quantum communication and
environmental-noise communication", Applied Physics Lett. 87 (December 2005), Art. No. 234109
Zero-Quantum Quantum Communication
CHANNEL
QUANTUM
SYSTEM IN
GROUND STATE
SENDER
MODULATING A
PARAMETER
CONTROLLING
ZERO-POINT
FLUCTUATIONS
RECEIVER
MEASURING
AND ANALYZING
ZERO-POINT
FLUCTUATIONS
Texas A&M University, Department of Electrical and Computer Engineering
Introduction:
"Stealth communication: Zero-power classical communication, zero-quantum quantum communication and
environmental-noise communication", Applied Physics Lett. 87 (December 2005), Art. No. 234109
Bandwidth-based method (for wires)
Classical: (kT>>h/(RC))
R
C1
Quantum: (kT<<h/(RC))
1
(T)
R
SENDER
u1(t)
To channel
C2
2
u2(t)
(T)
Ground
RECEIVER
From channel
NOISE
ANALYZER
Output
Ground
Texas A&M University, Department of Electrical and Computer Engineering
"Stealth communication: Zero-power classical communication, zero-quantum quantum communication and
environmental-noise communication", Applied Physics Lett. 87 (December 2005), Art. No. 234109
Reflection-based method (for waves)
RECEIVER
SENDER
3
2
Y
X
1
Rw
Y
Rw
DELAY LINE
CORRELATOR
RECEIVER
OUTPUT
Texas A&M University, Department of Electrical and Computer Engineering
Introduction:
Secure communication via the internet by encryption
Secure key
(shared by A & B)
Secure key
(shared by A & B)
A (Alice)
B (Bob)
Eavesdropper (Eve)
Communicator,
Cipher
Communicator,
Cipher
Encrypted information
The eavesdropper (Eve) does not have the secure key thus she is unable to decrypt the information.
• But how to share the secret key securely through the line when Eve is watching?
• The sharing of the secret key is itself a secure communication.
• It is not secure, only "computationally secure". The condition is that Eve's computing
hardware and/or her algorithm is not significantly more advanced than that of Alice and Bob.
Texas A&M University, Department of Electrical and Computer Engineering
Introduction:
What does absolute security mean?
Any one of the following cases means absolute security:
(quantum communication belongs to points 3 or 4)
1.
The eavesdropper cannot physically access the information channel.
2.
The sender and the receiver already have a shared secret key for the communication.
3.
The eavesdropper has access and can do measurements on the channel but the laws of
physics do not allow to extract the communicated information from the measurement
data.
4.
The eavesdropper can extract the communicated information however, when that
happens, it disturbs the channel so that the sender and receiver discover the
eavesdropping activity.
Texas A&M University, Department of Electrical and Computer Engineering
Introduction:
Generic quantum communicator scheme (for quantum key distribution)
(about $1 billion/year research funding)
A (Alice)
Quantum
communicator
B (Bob)
"Dark" optical fiber
Quantum
communicator
Single photons carry single bits
Actually, one photon effectively has less than a bit information due to noise in the detection, channel and detector.
Texas A&M University, Department of Electrical and Computer Engineering
Introduction:
Generic quantum communicator scheme (for quantum key distribution)
Base of security: quantum no-cloning theorem: copies of single photons will be noisy.
After making a sufficient error statistics, the eavesdropping can be discovered.
Classical, public channel
A (Alice)
Single photons carry single bits
Quantum
communicator
B (Bob)
Quantum
communicator
Extra noise is introduced when
the cloned photon is fed back.
Eavesdropper
(Eve)
Texas A&M University, Department of Electrical and Computer Engineering
Introduction:
Generic quantum communicator scheme (for quantum key distribution)
Base of security: quantum no-cloning theorem: copies of single photons will be noisy.
After making a sufficient error statistics, the eavesdropping can be discovered.
TO DISCOVER THE EAVESDROPPING WE NEED TO BUILD AND EVALUATE A STATISTICS!
Classical, public channel
A (Alice)
Single photons carry single bits
Quantum
communicator
B (Bob)
Quantum
communicator
Extra noise is introduced when
the cloned photon is fed back.
Eavesdropper
(Eve)
Texas A&M University, Department of Electrical and Computer Engineering
Introduction:
Some practical problems at the conceptual level
Conceptual weakness of quantum communication is the need of making a statistics to discover the eavesdropping.
One-time eavesdropping on a single photon cannot be detected. This is called information leak. In practical
realizations, even in the idealized case of ideal single photon source and no detector or channel noise,
at least 1% of the raw bits can be extracted without a reasonable chance to discover the eavesdropping.
THE EAVESDROPPER CAN HIDE IN THE NOISE AND COLLECT INFORMATION.
A (Alice)
B (Bob)
Single photons carry single bits
Quantum
communicator
Quantum
communicator
Detection noise (inherent)
Channel noise (practical)
Detector noise (practical)
Eavesdropper
(Eve)
Solution (by Ch. Bennett): Privacy Amplifier (classical information software-tool) to make a short, highly secure
key from a long poorly secure key. This can reduce the information leak by orders of magnitude.
Texas A&M University, Department of Electrical and Computer Engineering
The focus question:
Is it possible to do absolutely secure communication with
classical information?
(When we asked it around, we had heard consistently "no" answers...)
Texas A&M University, Department of Electrical and Computer Engineering
The focus question:
Is it possible to do totally secure communication with classical information,
such as voltage and/or current in a wire?
Texas A&M University, Department of Electrical and Computer Engineering
The focus question:
Is it possible to do totally secure communication with classical information,
such as voltage and/or current in a wire?
The answer is YES.
Points 3 and 4 hold for the classical case, too.
3.
The eavesdropper has access and can do measurements on the channel but the laws of
statistical physics physics do not allow to extract the communicated information from
the measurement data.
4.
The eavesdropper can extract the communicated information however, when that
happens, she disturbs the channel so that the communicators discover the eavesdropping
activity.
Texas A&M University, Department of Electrical and Computer Engineering
Quantum Internet unit
(telecloning to 2 Units, Fidelity
60%, at Furusawa's Lab (Tokyo, 2006)
http://aph.t.u-tokyo.ac.jp/~furusawa/t_Lab_Setup.jpg
Kirchhoff-Johnson Internet unit tested
(pair of two communicators)
Fidelity 99.98%
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
Future Kirchhoff-Johnson Internet unit
Texas A&M University, Department of Electrical and Computer Engineering
The focus question:
Pre-conclusion: two contradictory statements:
1.
It was said: secure communication requires "quantum" because quantum information is
very fragile and that fragility is essential for security.
2.
We will see that classical information can be even more secure because classical
information is extremely robust. Its security is superior to quantum security:
- Zero-bit eavesdropping security;
- Natural, zero-bit defense against the Man-in-the-Middle-Attack.
What is the outcome of these two contradictory claims?
Texas A&M University, Department of Electrical and Computer Engineering
The focus question:
Secure communication needs stochastics
(the common factor in the quantum and classical secure communication methods).
Texas A&M University, Department of Electrical and Computer Engineering
Basic idea: resistor loop (Kirchhoff loop): secure key generation and sharing
Possible loop resistance Rloop values: Rloop = 2*RS , 2*RL , RS + RL
NOTE: THIS CIRCUIT MUST BE THE CORRECT MODEL OF THE SYSTEM OTHERWISE THE SYSTEM IS NOT SECURE!
RA
RB
Communicator A
RS
Information channel
(wire)
RL
Communicator B
RS
Texas A&M University, Department of Electrical and Computer Engineering
RL
Basic idea: resistor loop (Kirchhoff loop): secure key generation and sharing
Possible loop resistance Rloop values: Rloop = 2*RS , 2*RL , RS + RL
If the Eavesdropper was only passively observing and Alice and Bob could publicly measure the loop
resistance without uncovering the location of the resistors then secure communication could be
established in the mixed state:
RB = Rloop - RA ; RA = Rloop - RB
RA
RB
Communicator A
Information channel
(wire)
Communicator B
Eavesdropper
RS
RL
RS
Texas A&M University, Department of Electrical and Computer Engineering
RL
Jan Melin's report
Texas A&M University, Department of Electrical and Computer Engineering
Secret Key Generation and Exchange: Simplest Example for Totally Secure Classical
Communication
The idealized system defined by this circuit diagram is totally secure, conceptually/theoretically.
The foundation of this security is: The Second Law of Thermodynamics (out of Kirchhoff's laws).
UCh(t), ICh(t)
A
R1
U1A(t)
Su1A(f)
R0
U0A(t)
Su0A(f)
B
R0
U0B(t)
Su1B(f)
Texas A&M University, Department of Electrical and Computer Engineering
R1
U1B(t)
Su1B(f)
The loop resistance can be evaluated in two different ways
Johnson-Nyquist formulas for this Kirchhoff loop:
Su, R|| ( f ) = 4kT
R A RB
R A + RB
Si, R || ( f ) =
(a)
R A RB
R A + RB
UCh(t)
SCh(f)
4kT
R A + RB
(b)
R A + RB
UA(t)+UB(t)
SuSA(f)+SuRB(f)
ICh(t)
SiCh(f)
Texas A&M University, Department of Electrical and Computer Engineering
SECURE KEY GENERATION AND EXCHANGE BY VOLTAGE MEASUREMENTS
Su,ch
SECURE BIT IS GENERATED/SHARED
time
A
B
UCh(t), ICh(t)
Su,ch Si,ch
R1
U1A(t)
Su1A(f)
R0
U0SA(t)
Su0A(f)
R0
U0B(t)
Su1B(f)
Texas A&M University, Department of Electrical and Computer Engineering
R1
U1B(t)
Su1B(f)
Eavesdropper's Passively Observed/Extracted Information:
Resistances but not their locations
R1, 2 =
4kTSu,ch ±
(
4kTSu,ch
2
)
3
- 4Su,ch
Si,ch
2Su,ch Si,ch
A
B
UCh(t), ICh(t)
Su,ch Si,ch
R1
U1A(t)
Su1A(f)
R0
U0A(t)
Su0A(f)
R0
U0B(t)
Su1B(f)
Texas A&M University, Department of Electrical and Computer Engineering
R1
U1B(t)
Su1B(f)
Eavesdropper's Passively Observed/Extracted Information: Resistance values but not their locations.
Gaussian processes allow distribution functions up to the second order only. But the net power flow is zero because the
Johnson-Nyquist formula of thermal noise is based on the Fluctuation-Dissipation Theorem which satisfies the Second
Law of Thermodynamics.
Therefore the total security is related to the impossibility of constructing a perpetual motion machine.
U ch I ch = 0
A
B
UCh(t), ICh(t)
Su,ch Si,ch
R1
U1A(t)
Su1A(f)
R0
U0A(t)
Su0A(f)
R0
U0B(t)
Su1B(f)
Texas A&M University, Department of Electrical and Computer Engineering
R1
U1B(t)
Su1B(f)
Hacking into the Communicator: Active Eavesdropping
DI can be small stochastic (crosscorrelation between DU and DI )
or a large, short current pulse
Alice
SENDER
DI ES (t)
Bob
RECEIVER
DI ER (t)
DU E ,Ch (t)
R1
U1S(t)
Su1S(f)
R0
U0S(t)
Su0S(f)
DI E (t)
R0
U0R(t)
Su1R(f)
Texas A&M University, Department of Electrical and Computer Engineering
R1
U1R(t)
Su1R(f)
Uncovering the eavesdropper by:
Broadcasting the instantaneous current data and comparing them
THE EAVESDROPPER IS DISCOVERED WHILE EXTRACTING A SINGLE BIT OF INFORMATION.
The stochastic current method can extract zero bit, the large current pulse method can extract one bit.
BETTER THAN KNOWN QUANTUM COMMUNICATION SCHEMES BECAUSE NO STATISTICS IS NEEDED.
Alice
SENDER
A
DI ES (t)
DI ER (t)
A
Bob
RECEIVER
DU E ,Ch (t)
R1
U1S(t)
Su1S(f)
R0
U0S(t)
Su0S(f)
DI E (t)
R0
U0R(t)
Su1R(f)
Texas A&M University, Department of Electrical and Computer Engineering
R1
U1R(t)
Su1R(f)
The attack "below the belt": Man-In-The-Middle (MITM) attack
The original current-comparison naturally defends against it
Alice
SENDER
I S,Ch (t)
I R,Ch (t)
R0
R1
R0
U1,S(t) U0,S(t)
Su1,S(f) Su0,S(f)
R1
R0
Bob
RECEIVER
R1
R0
R1
U0,E(t) U1,E(t) U0,E(t) U1,E(t) U0,R(t) U1,R(t)
Su0,E(f) Su1,E(f) Su0,E(f) Su1,E(f) Su1,R(f) Su1,R(f)
Texas A&M University, Department of Electrical and Computer Engineering
Let us suppose 7 bits resolution of the measurement (a pessimistic value), then P0 = 1 / 128 , which is less
than 1% chance of staying hidden. On the other hand, P0 is the probability that the eavesdropper can stay
hidden during the correlation time t of the noise, where t is roughly the inverse of the noise bandwidth.
Because the KLJN cipher works with statistics made on noise, the actual clock period T is N >> 1 times
longer than the correlation time of the noise used [1]. Thus, during the clock period, the probability of
staying hidden is:
Pclock = P0N
Supposing a practical T = 10t (see [1]) the probability at the other example P < 10 - 20 .
This is the estimated probability that, in the given system the eavesdropper can extract a single bit without
getting discovered. The probability that she can stay hidden while extracting 2 bits is P < 10 - 40 , for 3 bits
it is P < 10 - 60 , etc. In conclusion, we can safely say that the eavesdropper is discovered immediately
before she can extract a single bit of information.
At 7 bit current comparison, the probability of staying hidden for a single
clock period is less than 10-20
Texas A&M University, Department of Electrical and Computer Engineering
Suppose the eavesdropper synchronizes the current values with
twin current generators during the MITM attack.
She can extract at most one bit while she is discovered. She will be discovered because the
high-resistance end will see a large voltage and interpret the situation as it is a non-secure-bit
communication case. The other end will interpret it as a secure bit communication.
This contradiction uncovers the eavesdropper.
However: she can extract zero bit if the voltage values are also compared at the two ends.
Alice
SENDER
Bob
RECEIVER
V
R1
U1,S(t)
Su1,S(f)
R0
U0,S(t)
Su0,S(f)
V
R0
U0,R(t)
Su1,R(f)
Texas A&M University, Department of Electrical and Computer Engineering
R1
U1,R(t)
Su1,R(f)
Suppose, the eavesdropper synchronize the voltage values with two
twin voltage generators during the MITM attack?
Then she can extract zero bits because the current values are
compared at the two ends, already in the original scheme.
Alice
SENDER
R1
U1,S(t)
Su1,S(f)
Bob
RECEIVER
R0
U0,S(t)
Su0,S(f)
R0
U0,R(t)
Su1,R(f)
Texas A&M University, Department of Electrical and Computer Engineering
R1
U1,R(t)
Su1,R(f)
Measuring and comparing the instantaneous voltage and current values
provides total, zero-bit security, against invasive attacks
CLASSICAL INFORMATION IS ROBUST AND IT ALLOWS CONTINUOUS MONITORING !
Public channel for broadcasting/comparing the instantaneous values of local
current (A) and voltage (V) data
Alice
SENDER
DI ES (t)
A
V
R1
U1S(t)
Su1S(f)
R0
U0S(t)
Su0S(f)
DI ER (t)
DU E ,Ch (t)
DI E (t)
A
Bob
RECEIVER
V
R0
U0R(t)
Su1R(f)
Texas A&M University, Department of Electrical and Computer Engineering
R1
U1R(t)
Su1R(f)
What does absolute security mean?
Any one of the following cases means absolute security:
(quantum communication belongs to points 3 or 4)
1.
The eavesdropper cannot physically access the information channel.
2.
The sender and the receiver have a shared secret key for the communication.
3.
The eavesdropper has access and can do measurements on the channel but the
laws of physics do not allow to extract the communicated information from the
measurement data.
4.
The eavesdropper can extract the communicated information however, when
that happens, it disturbs the channel so that the sender and receiver discover the
eavesdropping activity.
Texas A&M University, Department of Electrical and Computer Engineering
Conclusion about the idealized chipher, as it is defined by
its circuit diagram
1. A dogma was killed. It is possible to do secure communication via a classical
channel.
2. Secure communication through a wire.
3. Natural protection against the man-in-the-middle-attack.
4. The eavesdropper is discovered latest after extracting a single bit.
5. Extremely robust: vibration, dust, thermal gradient, ageing resistant. The
noise voltage can be in the order of tens of volts, which makes screening
unnecessary.
6. Very cheap compared to quantum informatics. No single mode lasers, cooled
detectors, thermal and vibration protection are needed and virtually no
maintenance costs.
7. Stealth communication, if necessary.
Texas A&M University, Department of Electrical and Computer Engineering
Conceptual and practical aspects: important questions and comparisons
• During efficient breaking in, how many bits can the eavesdropper extract without
uncovering the eavesdropping in an idealized scheme?
- RSA: infinite number of bits
- Quantum: usually a few thousand bits
- Kirchhoff-Johnson: zero bit.
Because no statistics making is needed for eavesdropper detection. Impossible with quantum informatics.
• Security at practical situations. While the theoretical concept offers total security, total
security of practical physical secure communicators is like approaching zero or infinity in
physics.
Never exists in reality, for example, in quantum communication:
no ideal single photon source
no noise-free channel
no noise-free detector, etc.
Texas A&M University, Department of Electrical and Computer Engineering
Practical limits
For total security, the loop must be exactly the same as defined by its circuit diagram.
Any deviation may give information to the eavesdropper. The situation is similar to the case
of quantum communication:
The more we approach the ideal conditions, the more secure the system is.
Therefore the security of the system can be designed to the required level depending on
resources.
1. Wave situation should be avoided. fmax L << c
Moreover, the clock frequency should be low-enough to make a sufficient statistics: fc
<< fmax
F or a pra ct ic a l e stim a ti on, l e t u s s uppose tha t c = 2 * 10 8 m e te r/s , f max L = 0 .1 * c , and
f c = 0 .1 * f max . T hen t he e f fe c ti ve bandw id th - d is tanc e produ ct f c L = 2 * 10 6 m e te r Hz .
T hi s is sl igh tl y (f ac to r of 2-3 ) b et te r than p r e s en t qu a ntu m co mm un ica to r a rr ange m en ts
[ 8] I. Marcikic, H. de Riedmatten, W. Tittel, H. Zbinden, and N. Gisin, Long distance
teleportation of qubits at telecom wavelength, Nature 421, 509 (2003 ).
MULTI WIRE+CHIP!
2. Inaccuracies: Wire resistance should be much less than any of the bit resistances. The bit
resistances and noise generators should be as identical at Alice and Bob as possible.
3. Wire capacitance and inductance should not effect the loop impedance. This is another
constraint on the frequency bandwidth (but should be easy to handle it with artificial noise
generators).
4. Transients. Caused much concern and generated fundamental questions among
colleagues but easiest to deal with this problem in the practice (especially for non-stealth
communication).
Texas A&M University, Department of Electrical and Computer Engineering
Assuming waves, serial resistance (Bergou-Scheuer-Yariv), different noise temperatures (Hao),
etc, are deviations from basic assumptions and imply different circuitries which are not totally
secure.
Such assumptions are allowed at the practical considerations but they have nothing to do with
the security at the conceptual level.
A
B
UCh(t), ICh(t)
Su,ch Si,ch
R1
U1A(t)
Su1A(f)
R0
U0SA(t)
Su0A(f)
R0
U0B(t)
Su1B(f)
Texas A&M University, Department of Electrical and Computer Engineering
R1
U1B(t)
Su1B(f)
Assuming waves, serial resistance (Bergou-Scheuer-Yariv), different noise temperatures (Hao),
etc, are deviations from basic assumptions and imply different circuitries which are not totally
secure.
Such assumptions are allowed at the practical considerations but they have nothing to do with
the security at the conceptual level.
distributed RLC network
A
B
UCh(t), ICh(t)
Su,ch Si,ch
R1
U1A(t)
Su1A(f)
R0
U0SA(t)
Su0A(f)
R0
U0B(t)
Su1B(f)
Texas A&M University, Department of Electrical and Computer Engineering
R1
U1B(t)
Su1B(f)
Practical limits
For total security, the loop must be exactly the same as defined by its circuit diagram.
Any deviation may give information to the eavesdropper. The situation is similar to the case
of quantum communication:
The more we approach the ideal conditions, the more secure the system is.
Therefore the security of the system can be designed to the required level depending on
resources.
1. Wave situation should be avoided. fmax L << c
Moreover, the clock frequency should be low-enough to make a sufficient statistics: fc
<< fmax
F or a pra ct ic a l e stim a ti on, l e t u s s uppose tha t c = 2 * 10 8 m e te r/s , f max L = 0 .1 * c , and
f c = 0 .1 * f max . T hen t he e f fe c ti ve bandw id th - d is tanc e produ ct f c L = 2 * 10 6 m e te r Hz .
T hi s is sl igh tl y (f ac to r of 2-3 ) b et te r than p r e s en t qu a ntu m co mm un ica to r a rr ange m en ts
[ 8] I. Marcikic, H. de Riedmatten, W. Tittel, H. Zbinden, and N. Gisin, Long distance
teleportation of qubits at telecom wavelength, Nature 421, 509 (2003 ).
MULTI WIRE+CHIP!
2. Inaccuracies: Wire resistance should be much less than any of the bit resistances. The bit
resistances and noise generators should be as identical at Alice and Bob as possible.
3. Wire capacitance and inductance should not effect the loop impedance. This is another
constraint on the frequency bandwidth (but should be easy to handle it with artificial noise
generators).
4. Transients. Caused much concern and generated fundamental questions among
colleagues but easiest to deal with this problem in the practice (especially for non-stealth
communication).
Texas A&M University, Department of Electrical and Computer Engineering
Example for generic practical solution
Alice
Bob
Texas A&M University, Department of Electrical and Computer Engineering
Inaccuracies. How large is
the impact of 1%
inaccuracy?
Response to Scheuer-Yariv's only
meaningful point. They indicate
1% voltage drop on the wire at
certain practical conditions. They
say that is enough for the
eavesdropper to decode the signal.
Here is the proof that their claim
is not true.
Model study of distribution functions [7]. (a): Amplitude distribution functions sampled by the sender and
receiver. (b): Amplitude distribution functions sampled by the eavesdropper at the two ends of the wire.
Though we accept the 1% drop of the MS voltage as a realistic practical goal [7] we
disagree with Sch-Y's claim that the eavesdropper can easily detect this 1% drop.
Shannon's channel coding theorem:
C = fc [1+ p log2 p + (1- p) log 2 (1- p)]
With the very same voltage drop, we have ca rried out a model study [7] of the
distribution functions of the voltages, currents and the drop of the MS voltage for
R1 / R0 = 10, with a linear full-wave de tector [14] and clock period t c = 3/ fmax
r esu lts in rel at iv e st andard dev ia ti on 0.2 of the vo lt age and cur r en t sta tis tic s [ 14 ]. Th e
r esu lts a r e su mm a ri zed in Fi gure 2. No te , on ly th e r e la ti ve pos iti ons and the sh a pe o f th e
cu rves have m ean ing , no t th e ac tu a l x a nd y va lues . D ur ing th e c lock pe ri od, due to Eq .
( 2) , the tim e is enough on ly fo r a fe w st a ti sti ca ll y ind e penden t s a m p li ng o f the s e
d istri bu ti on f unc ti ons . T h is sa m p li ng is enough f or t he s ende r a nd the re ce ive r , se e Fi gur e
2 (a ) , t o d e c ide b e tw een th e two func ti on s w it h 0.3 % e rr or r a te [ 7 ] . Howeve r the
eav e sd r oppe r , who m ea s u r es t he vo lt age d r op, has t o de c id e be tw e en the t wo sit ua ti ons
by sa m p li ng the f (x ) a nd g (x) den s ity fun ct ion s g iv e n in Fi g . 2 (b ) a nd tha t m us t b e done
w it h the sam e sm a ll nu m be r o f ind e penden t s a m p les . T he cha r ac ter isti cs w id th (s ta nda r d
dev ia ti on ) o f the s e curv e s (20 % o f th e pe a k's x coo r d ina te ) is 20 tim e s g rea te r t han the
d if fe r enc e o f the l oca ti ons o f the x coo rd ina te s o f the peak s (1 % ). T he e ave s droppe r 's
ta s k se e m s t o be hope les s by the naked eye ho w eve r , by u s ing p r oper sta tisti ca l too ls , she
can still e x tra c t so me in f or m a ti on . A deepe r a na lys is ba s ed on Shannon 's channe l cod ing
theo r em [7 ] con cl udes t ha t in t hi s c ase the uppe r li m it o f i n forma ti on le ak is 0 .7% o f the
tr ans mitt ed b its . Th is is c lo s e to bu t le s s th a n the i nfo rm a ti on le a k o f quan tu m
co mm un ica to r s w it hou t p ri vacy a m p lifi e r s of tw a re ( see above ). T hus S c h-Y' s 1 % d r op of
the M S vo lt ag e y ie lds a l owe r in for m a ti on l eak th a n tha t of quan tu m co mm un ica to r s.
Su,ch
Texas A&M University, Department of Electrical and Computer Engineering
time
The realized communicator pair.
Statistics at Alice's side during 74497 clock cycles. At a BSchY attack, the eavesdropper will
have only a single clock cycle to distinguish between LH and HL.
The wire resistance is about 2% of the loop resistance during the LH or HL states: RL=2 kOhm, RH=11kOhm, Rw=200 Ohm.
(a)
(b)
(c)
Texas A&M University, Department of Electrical and Computer Engineering
Statistics at Alice's side during a BSchY attack,
single clock cycle.
(a)
The wire resistance is about 2% of the loop resistance during the
LH or HL states: RL=2 kOhm, RH=11kOHm, Rw=200 Ohm.
The poor statistics seen in figures (a) and (b) are enough for Alice and Bob to identify secure bit alignment
with 0.02% error rate (99.88% fidelity). However when Eve tries to identify the bits from the two
histogram recorded at the two ends of the line (see figure (c)) she must work with these distributions which
are very stochastic, almost identical and totally overlapping with a 1% or less shift of their centers [7]
which results in less than 0.19% eavesdropped bit / transmitted secure bit.
Three independent records of LH and HL at Alice's side
(c)
Single record of each states at Alice's side
(b)
Texas A&M University, Department of Electrical and Computer Engineering
R. Mingesz, Z. Gingl, L.B. Kish, Realization and Experimental Demonstration of the Kirchhoff-loop-Johnson(-like)Noise Communicator for up to 2000 km range; www.arxiv.org/abs/physics/0612153
Texas A&M University, Department of Electrical and Computer Engineering
R. Mingesz, Z. Gingl, L.B. Kish, Realization and Experimental Demonstration of the Kirchhoff-loop-Johnson(-like)Noise Communicator for up to 2000 km range; www.arxiv.org/abs/physics/0612153
DSP Unit
Analog
Unit
KLJN
Line
Analog
Unit
DSP Unit
Computer
The computer control parts of the communicator pair have been realized by ADSP-2181
type Digital Signal Processors (DSP) (Analog Devices).
Robert Mingesz
Zoltan Gingl
The communication line current and voltage data were measured by (Analog Devices)
AD-7865 type AD converters with 14 bits resolution from which 12 bits were used. The
DA converters were (Analog Devices) AD-7836 type with 14 bits resolution. The
Johnson-like noise was digitally generated in the Gaussian Noise Generator unit where
digital and an alog filters truncated the bandwidth in order to satisfy the KLJN
preconditions of removing any s purious frequency components. The major bandwidth
setting is provided by an 8 -th order Butterworth filter with sampling frequency of 50
kHz. The remaining small digital quantization noise components are removed by analog
filters.
The experiments were carried out on a model-line, with assumed cable velocity of light
of 2*10 8 m/s, with ranges up to 2000 km, which is far beyond the range of direct quantum
channels, or of any other direct communication method via optical fibers. The device has
bit rates of 0.1, 1, 10, and 100 b it/second for ranges 2000, 200, 20 and 2 k m, respectively.
The wire diameters of the line model are selected so that they resulted in about 200 Ohm
internal resistance for all the different ranges. The corresponding copper wire diameters
are reasonable practical values for the different ranges are 21 mm (2000 km), 7 mm (200
km), 2.3 mm (20 km) and 0.7 mm (2 km). Inductance effects are negligible with the
selected resistance values, R0 and R1 , at the given ranges and the corresponding
bandwidths. If the wire is a free hanging one with a few meters separation from earth,
such as power lines, parasitic capacitances are not a problem up to 10% of the nominal
range. For longer ranges than that, either coaxial cables driven by the capacitor killer are
needed or the speed/bandwidth must be decreased accordingly.
Texas A&M University, Department of Electrical and Computer Engineering
R. Mingesz, Z. Gingl, L.B. Kish, Realization and Experimental Demonstration of the Kirchhoff-loop-Johnson(-like)Noise Communicator for up to 2000 km range; www.arxiv.org/abs/physics/0612153
The noise bandwidth is selected so that the highest possible Fourier component in the line
is at frequency 10 times lower than the lowest frequency standing-wave mode in the line.
That condition results in noise bandwidths 5, 50, 500 and 5000 Hz fo r ranges 2000, 200,
20 and 2 km, respectively.
Transient wave effects at the end of clock period are avoided in the Gaussian Noise
Generator unit by driving the envelope of the time functions of noise voltage and current
to zero before the switching using a linear ramp amplitude modulation (via 8% of the
clock duration); and the reverse process is done at the beginning of the next clock cycle
after the switching of resistors. Moreover a short pause (8 % of the clock time) with no
data collection, except for security check, after the initial linear ramp at the beginning of
stationary noise, is applied in order to avoid possible other types of transient effects of
stochastic nature (though we have not seen any transients). All these are done before the
filtering process to avoid any spurious frequency components due to the linear ramp.
Because the security protection based on current and voltage comparison was effective up
to 50 kHz bandwidth, 1 nF capacitors at the two ends of the line were satisfactory line
filters. Furthermore, these capacitors would have removed possible switching spikes
originating from capacitive coupling in the analog switches due to possibly unbalanced
parasitic capacitors; therefore there were no detectable switching transients in the line.
The 11 kOhm resistor is composed by conn ecting a 9 kOhm serial resistor to the 2 kOhm
resistor. The 2 kOhm resistors are two serial 1kOhm resistors with a 1 nF capacitor
shunting their joint point to the ground to remove possible digital quantization noise. The
1 kOhm resistor at the generator dive end was also used as a probe to measure the current
in the line. The value of K is selected so that the noise voltage of the greater resistor is 1
Volt for all noise bandwidths. This resulted in Su ( f ) values of the greater resistor 0.2,
0.02, 0.002, 0.0002 V 2 /Hz for ranges 2000, 200, 20 and 2 k m, respectively.
Note: cable capacitance provides a further
filtering but we cannot relay on that alone
because of eavesdropping possibility.
Texas A&M University, Department of Electrical and Computer Engineering
R. Mingesz, Z. Gingl, L.B. Kish, Realization and Experimental Demonstration of the Kirchhoff-loop-Johnson(-like)Noise Communicator for up to 2000 km range; www.arxiv.org/abs/physics/0612153
Eavesdropping tests. Sample size: 74,497 clock cycle
Ceav
= 1+ p log 2 p + (1 - p) log 2 (1- p)
C trans
MEASURED NUMBER, OR RATIO, OF
TYPE OF BREAKING
EAVESDROPPABLE BITS WITHOUT
SETTING ON THE CURRENT-VOLTAGE
ALARM (TESTED THROUGH 74497 BITS)
REMARKS
0.19%
0.00000019% at 1 0 times thicker
wire
(theoretical
extrapolation).
Arbitrarily can be enhanced by
privacy amplification [12,13]; the
price is slowing down.
Hao (iii) [ 8] attack in the present
KLJN system
Zero bit
Below the statistical inaccuracy.
Considering the 12 bit effective
resolution of noise generation
accuracy, it is theoretically:
< 0.000000006%
Kish (iv) [ 9] attack utilizing resistor
inaccuracies in the present KLJN
system
Zero bit
Current pulse injection (Kish) [1] in
the present KLJN system
Zero bit
BSchY (i) [2,6] attack in the present
KLJN system
Below
statistical
inaccuracy.
Theoretically, when pessimistically
supposing 1% resistance inaccuracy,
it is: < 0.01%
One bit can be extracted while the
alarm goes on thus the bit cannot be
used.
Texas A&M University, Department of Electrical and Computer Engineering
Quantum telecloning to 2 Units, Fidelity
60%, at Furusawa's Lab (Tokyo)
http://aph.t.u-tokyo.ac.jp/~furusawa/t_Lab_Setup.jpg
Kirchhoff-Johnson network element tested
Fidelity 99.8%
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
Future Kirchhoff-Johnson network element
Texas A&M University, Department of Electrical and Computer Engineering
How about using existing wires to build a network?
• Quantum communicators need "dark optical fibers", which are separate well
isolated fibers, because the single photon concerns.
• Can we use existing and currently used wires, such as power lines, phone lines,
internet wire lines?
• The answer is yes. http://arxiv.org/abs/physics/0610014
Texas A&M University, Department of Electrical and Computer Engineering
Line Filter Box
Line
1
BE
BP
3
BP
BE
BE
BE
Line
BP
2
RL
RH
RN
RH
RL
External
Line In
External
Line Out
1
3
Line Filter
Box
2
Local line (e.g.
to hou sehold
line input)
The line filter box (see Figure 1) should be installed at each intersection of the line to
separate the non-KLJN communicator loads from the KLJN frequency band.
Communicator A
Communicator B
Example for how to use KLJN frequency Band Excluder (BE) and Band Pass (BP) filters to
preserve a single Kirchhoff loop in the KLJN frequency band between two KLJN communicators
with one intersection between them.
Thick (blue) lines: original line current; thin (red) line: KLJN current;
double (green) lines: both types of currents.
Texas A&M University, Department of Electrical and Computer Engineering
Power Station A
Power Station B
Communicator A
Communicator B
(KLJN)
(KLJN)
Communication via idealized 3-phase power lines with symmetric loads of the 3-phase
transformers at Power Stations A and B, respectively.
Texas A&M University, Department of Electrical and Computer Engineering
Power Station A
Power Station B
BP
Communicator A
(KLJN)
BP
BE
BE
Communicator B
(KLJN)
Co mm un ica ti on v ia p rac ti ca l 3 -phase powe r li ne s.
Texas A&M University, Department of Electrical and Computer Engineering
Telecloning (teleportation) of bits via the network.
L1
R1
L2
R2
L3
R3
Coordinator-server (CS) and regular network
Note: the Coordinator-server is also connected by a KLJN wire to one of the units, say to Unit 1.
•The Units run their KLJN ciphers until a secure bit exchange is reached.
•Then each Unit reports to the CS the logic relation, G [ = +1 (same bit) or -1 (opposite bit)],
between their own left port and the bit at the left port of the right hand neighbor.
•If the Nth Unit wants to clone the bit at the left hand side of Unit 1, then he sends a request to
the CS.
N- 1
•The CS calculates F = P Gk and send F to Unit N. Then Unit N multiplies his own left bit
1
(+/-1) with F and gets the teleclone of the left bit of Unit 1. This cloned bit exists only at Unit 1
and Unit N. It does not exist at the other Units at the CS: teleportation type transfer.
Texas A&M University, Department of Electrical and Computer Engineering
Multi-telecloning and secure key exchange over the whole network
L1
R1
L2
R2
L3
R3
Coordinator-server (CS) and regular network
Note: the Coordinator-server is also connected by a KLJN wire to one of the units, say to Unit 1.
Suppose, the regular network is fast enough.
•The CS calculates and sends all the relevant Fjk functions to all Units.
•Then the Units calculate the bit status of all the other units.
•Note, the whole process needs only a few clock period until most units have a secure bit
exchange. In 3 clock periods, about 85% (5/6) of the units has secure bit.
•We have generated and exchanged a 0.85*N bit long secure key over the whole network
in 3 clock periods of the KLJN cipher !
Texas A&M University, Department of Electrical and Computer Engineering
Initialization for unconditional security (Mingesz attack)
Robert Mingesz has pointed out some important vulnerabilities. If the eavesdropper accesses
the communication in the regular network and learns all the F functions belonging to the
telecloning to one Unit, she will know either the network key or its inverse.
L1
R1
L2
R2
L3
R3
Coordinator-server (CS) and regular network
Therefore, the regular network must be made totally secure which requires a specific
installation process, where first an at least N-bit long secret key is generated at Unit one. At the
same time, each inter-Unit-connection and Unit-CS-connections also generate independent Nbit long secure keys. Then, they use the regular network and the inter-connection secure keys
as a One-Time-Pad to transfer/share from Unit-to-Unit the N-bit long key generated by the first
Unit. The Coordinator server should also posses a Unit. This initialization process takes time
(about 7 minutes for the NY example) however, at the end the whole network shares an N-bit
long secure key. And the system can run in the way described earlier so that the
communication via this regular network during the first network key distribution uses this
secret key.
Later, the regular network is using the network key generated/shared at the previous
clock cycle.
Texas A&M University, Department of Electrical and Computer Engineering
Conclusion:
1.
Johnson (-like) noise makes absolutely secure classical communication possible.
2.
The foundation of the security are Statistical Physics (the Second Law of
Thermodynamics), and the robustness of classical information.
3.
Due to the robustness of classical information, the communicator is conceptually
more secure than quantum communicators because zero-bit security is
theoretically possible.
4.
Concerning practical aspects, it seems, the Johnson (-like) noise based
communicator is superior to quantum communicators in all known practical
aspects, except the inability to communicate without wire.
5.
It is computer chip/card and network ready device.
Texas A&M University, Department of Electrical and Computer Engineering
End of talk
Texas A&M University, Department of Electrical and Computer Engineering
Texas A&M University, Department of Electrical and Computer Engineering
Texas A&M University, Department of Electrical and Computer Engineering
Superior to quantum communication
regarding: security; speed; price;
robustness against vibration, shock,
dust, ageing; network readiness; low
power consumption.
Disadvantage: needs a wire.
Note: this comparison table is for the
usual
case
when
quantum
communication is trying to transfer the
quantum state securely. If this luxury aim
is abandoned (see above) then its
performance will significantly improve at
the network key distribution and
telecloning aspects. 100% fidelity is
theoretically possible.
Quantum Comm.
KLJN Comm.
Physics behind the security
Quantum
(Fragile information bit)
Classical statistical
(Robust information bit)
Max. number of eavesdropped bits
before 99% probability of
eavesdropper detection
Few thousand
0-4
Vulnerability against the
man-in-the-middle attack
Usually yes
No
Information leak below the
eavesdropper detection radar
(eavesdropper hiding in noise)
>1%
0.01% or less is easily reachable
Ultimate speed-cut-off versus range
Exponential cut-off
1/range cut-off
Network key distribution
No. Only point-to-point
Yes. Whole-network key
distribution within two clock
periods
Telecloning
Yes, with fidelity < 71%
Yes, with 100% fidelity
Network telecloning in one step.
Number of units N
N Æ•
N- 1
(N 2 - N) / 2
N ª 30
Vibration resistant
No
Yes
Shock resistance
Poor
Excellent
Dust resistant
No
Yes
Microelectronic integrated parallel
multi-line (>100) driver chip
No
Yes
Low-power consumption
No
Yes
Texas A&M University, Department of Electrical and Computer Engineering
December 2005, over 500 websites with various blogs. Many knows what is a resistor
and a Kirchhoff-loop and feels relevant expertise. Less knows what noise is. More reasonable
comments tried to break the system with arguments relevant for the practical system.
No one could challenge the security of the idealized system.
http://www.impactlab.com
The German "Bundesamt für Sicherheit in der Informationstechnik (BSI)"
(Federal Office for Information Security) that sent me multiple emails containing attempts to
break the cipher. All these efforts have been without success because of relevant the statistical
physical properties of thermal(-like) noises, which is a great physical encryption mechanism.
Texas A&M University, Department of Electrical and Computer Engineering
Many emails in last December! Some significant ones.
>Bruce, please save my time and send me only serious comments. Or ask somebody else to check before
>because my time/energy is limited.
Laszlo, the author of this note is *very* serious. He was a top-notch cryptographic mathematician and number
theorist, and the former head of the relevant department at Bell Labs. And of course, the Shamir he cc'd is
the "S" of RSA.
http://www.schneier.com
Texas A&M University, Department of Electrical and Computer Engineering
www.schneier.com/blog/archives/2006/02/more_on_kishs_c.html
Texas A&M University, Department of Electrical and Computer Engineering
On the Impossibility of Keeping Out Eavesdroppers Using Only Classical Physics
by Terry Bollinger
http://terrybollinger.com/qencrypt/BollingerCritiqueOfKishPaper-2006-01-31.pdf
"The nice thing about this visualization is that it provides a fairly vivid way of understanding why it is so hard to
be sneaky in quantum communications. The problem is this: When someone attempts to sneak in an
observation on an entangled set of particles in the here-and-now, the quantum result look just as if a record of
that transgression was captured, sent back in time to the original generation of the entangled particles, and then
rebroadcast for everyone in the future to see. It is a bit like breaking into a store today, only to find out that
last week the store had already shipped out a video of you doing it to every police station in the area."
Response to Bollinger's "On the Impossibility of Keeping Out
Eavesdroppers Using Only Classical Physics" and to Some
Other Comments at Bruce Schneier's Blog Sites
by Laszlo B. Kish
www.ece.tamu.edu/~noise/research_files/Response_Bollinger.pdf
Apple - Orange: Quantum Physics - Classical Statistical Physics
The passively observing eavesdropper has zero info. However, if
she is invasive and breaks the lock, the police arrives during that
process.
Based on the Second Law of Thermodynamics: to extract info from
the idealized cipher by a passive observer is a similar kind of job like
building a perpetual motion machine.
Texas A&M University, Department of Electrical and Computer Engineering
It is with some distress that I have, as of yesterday, switched from being someone about to post a
blistering critique of Kish's proposal to someone who had a not-entirely-pleasant "aha!" moment
about it. It is now my public statement, speaking only for myself, that as best I can tell Kish's proposal
works at least as well in the engineering limit as quantum proposals to accomplish very similar goals.
. . .
And my final comment is: wow.
-speaking only for myself-Posted by: Terry Bollinger at March 9, 2006 10:46 AM
www.schneier.com/blog/archives/2006/02/more_on_kishs_c.html
Texas A&M University, Department of Electrical and Computer Engineering
Quantum realization (!!!)
Telecloning and secure distribution of classical bits via quantum
communicator network without telecloning the quantum states
quantum entangled bit exchange units
L1
R1
L2
R2
L3
R3
Coordinator-server (CS) and regular network
If quantum information networks will be practically applied
(whenever wire communication is impossible), then this should be the way to go.
We do not need to transfer the quantum states! That would be an
unnecessary luxury. We need only to transfer the information bit securely.
Texas A&M University, Department of Electrical and Computer Engineering
The enhancements: each clock period can be used but that will need double wires and special
complementary channels. Worthwhile? (Probably not). It will need a more complex initialization against
the Mingesz attacks (see in the paper).
A
B
A
B
Known port distribution: unsecure
U A1 B1
Secure port distribution: secure
A1
B1
A2
B2
U A 2 B2
Example: the A1 and B1 ports are run randomly/independently until the first secure bit:
Situation of
secure bits
Low (-1) at B1
A1
A1
B1
Resulting port
control
A1 = A2
B1 = B2 - B2
A1 = A2 - A2
B1 = B2
Texas A&M University, Department of Electrical and Computer Engineering
A POSSIBLE SOLUTION OF KLJN NETWORKS.
- The simplest connection which is almost as good as the best one:
The single-wire network of electrically isolated Kirchhoff loops
- Telecloning (teleportation) of bits via the network.
- Multi-telecloning and secure key exchange over the whole network
- Quantum realization (!!!): telecloning of classical bits via quantum networks
without telecloning the quantum state
- Initialization for maximal security (Mingesz attacks)
- Enhanced KLJN communicator making use of 100% of clock periods
- Some of the many questions and about perspectives
Texas A&M University, Department of Electrical and Computer Engineering
The simplest connection.
The single-wire network of electrically isolated Kirchhoff-loop-Johnson-like-noise
(KLJN) ciphers. Eeach Unit has two communicators (left and right).
L1
R1
L2
R2
L3
R3
Coordinator-server (CS) and regular network
Note: the Coordinator-server is also connected by a KLJN wire to one of the units, say to Unit 1.
If the bit is sent through the line from the left to the right so that the Mth unit measures the secure bit at the left port and Unit (M-1)
tells Unit M through the regular network that the measured bit is correct or opposite, the communication through N units will need
about 2*N clock periods, which is very slow because single-wire KLJN units for short distance are similarly slow as quantum
communicators.
So, how can we use this network for high-speed key generation? Telecloning of the local secure
bits to all the units.
Note: the attached regular network can be million times faster!
Texas A&M University, Department of Electrical and Computer Engineering
SECURE KEY GENERATION AND EXCHANGE
Su,ch
SECURE BIT IS GENERATED/SHARED
time
A
B
UCh(t), ICh(t)
Su,ch Si,ch
R1
U1A(t)
Su1A(f)
R0
U0SA(t)
Su0A(f)
R0
U0B(t)
Su1B(f)
Texas A&M University, Department of Electrical and Computer Engineering
R1
U1B(t)
Su1B(f)
Examples:
1% of NY's population (200,000) people are connected by a KLJN computer card
and wire connections of less than 1km between nearest neighbors. Then the clock
period is less than 1 msec. If the regular network is fast enough, a secure key
generation and whole-network distribution can be done with 60Mbit/sec speed.
1% of Bryan-College Station population (2000 people), otherwise the same
conditions. The theoretical speed is 600kbit/sec.
Compare this with your 128 bit key secure internet connection.
Texas A&M University, Department of Electrical and Computer Engineering
Remarks: small number of connections needed (nearest neighbor)
It is i mportant to note that the network described in Figure 7 is very different from the basically point-topoint key distribution methods used by quantum communication and software solutions. Even though, the
possibility of telecloning of quantum states to multiple receivers has been pointed out by van Loock and
Braunstein [8] the fidelity is poor (<71%) and to reach an acceptable fidelity (>50%) the number of Units
has to be limited to 30. Moreover, each Unit has to be connected to all the other Units by a separate
communicator and separate lines, which means N (N - 1) communicator devices and (N 2 - N) / 2 l ines
indicating that the method is essentially a point-to-point communication type. For the New York example
mentioned above, such a quantum telecloning solution requires about 200 thousand communicator devices
at each Unit and that requires almost 40 billion communicator devices and nearly 40 billion optical cables.
Moreover, these 40 billion connections are both short-distance and long-distance ones because we ha ve to
directly connect the farthest Units, too.
On the other hand, the KLJN-based network (Figure 7) requires only two communicator
devices for each intermediate Units and one for the end Units. The intermediate Units
have to be connected only with the two nearest neighbors and the end Units of only one
neighbor. That requires only 2 * (N - 1) communicator devices and (N - 1) wires. In the
New York example mentioned above, the two communicator devices at each Unit and
two wires at each Unit makes only about 200 thousand communicator devices and about
200 thousand cable connections, moreover, these connections are all of short distance
type, connecting only the nearest neighbors.
Texas A&M University, Department of Electrical and Computer Engineering
Remarks
If the regular network and the CS are fast enough compared to the KLJN clock, the whole
network receives an N-bit long key at every (second or third) KLJN clock period. On the
other hand, the whole network will receive the same key. Therefore, the system is totally
secure only against external attacks: hackers from outside the network. Within the
network, the security, which can be added to the network-key security, is only a regular
network security protecting the information sent to/from to the CS Unit. Thus, we have
the same level of security against hackers within the network, as regular networks do.
What is the proper approach to encryption when we have this continuous high-speed key
generation and simultaneous who le-network-key distribution?
Can the generated secure bits be used to increase the security of the internal network?
Higher dimensional network topologies and redundancy to protect against broken lines or
Units down. This can, for example, be realized with server units with more than two (L
and R) ports. The ports Pi (k) (i = 1...Q) of the k-th server can be connected to up to Q
different Units. The Coordinator-server would collect the logic relations and eva luate Eq.
1, accordingly.
Network redundancy and coding at higher dimensional topologies (?)
This network can a lternatively be used to announce information to one or more Unit(s) or
to the whole network simultaneously, in a totally secure way. Is there a need for this kind
of solution?
Texas A&M University, Department of Electrical and Computer Engineering
U A1 B1
U A 2 B2
Texas A&M University, Department of Electrical and Computer Engineering
U A1 B1
U A 2 B2
Texas A&M University, Department of Electrical and Computer Engineering
Example for classical sensing: Resistor Thermometer
R
U = I R(T)
(T)
•
We need to know the R(T) function.
•
We need to provide the accurate driving current I.
•
We are heating the sensor during the measurement and that causes an error.
Texas A&M University, Department of Electrical Engineering
and Computer Engineering
Example: Thermal noise thermometry in practice
R
u(t)
Su ( f ) = 4kTR
(T)
•
We do not need to know the R(T) calibration function.
•
It is enough to measure the actual R.
•
We still need to provide the calibrated driving current I for the R measurement.
•
We are still causing an error by heating; however this error can strongly be
reduced by using a resistor material of resistivity independent of temperature.
Texas A&M University, Department of Electrical Engineering
and Computer Engineering
Thermal noise thermometry from first principles
R
u(t)
Su ( f ) = 4kTR
(T)
R
(T)
i(t)
4kT
Si ( f ) =
R
R=
Su / Si
T=
Su Si
4k
1. We can determine the T and R(T) from the above equations!
2. Thus, we do not need to know the function R(T).
3. No heating because no external bias current is needed. Least perturbation of the system.
Texas A&M University, Department of Electrical Engineering
and Computer Engineering