Article 4ZFMC New Cryptography Method Promising Perfect Secrecy Is Met With Skepticism

New Cryptography Method Promising Perfect Secrecy Is Met With Skepticism

by
Jeremy Hsu
from IEEE Spectrum on (#4ZFMC)

In the ongoing race to make and break digital codes, the idea of perfect secrecy has long hovered on the horizon like a mirage. A recent research paper has attracted both interest and skepticism for describing how to achieve perfect secrecy in communications by using specially-patterned silicon chips to generate one-time keys that are impossible to recreate.

Modern cryptography requires computer algorithms to perform mathematically complex processes that transform ordinary data into gibberish. That usually makes the data unreadable for anyone who does not have the digital key that reveals the math used to protect the data-unless the opponent has enough computational power to crack the mathematically complex code without the key. But research published on 20 December 2019 in the journal Nature Communications claims to demonstrate a "perfect secrecy cryptography" system that can remain secure even against an opponent with access to future quantum computers.

"Perfect secrecy is the strongest security notion in cryptography," says Rafael Misoczki, a cryptographer at Intel Corporation who did not participate in the research. "If a cryptosystem achieves perfect secrecy, it is expected to remain secure regardless of the computational power of adversaries."

Most attempts to achieve perfect secrecy have focused on the development of quantum key distribution (QKD) systems. Such QKD systems rely on the principles of quantum physics to securely distribute digital keys around the world. But deploying QKD systems requires companies and governments to make costly investments in new quantum communication channels such as satellite networks, Misoczki points out.

By comparison, the new perfect secrecy cryptography method described in Nature Communications works with existing optical communication infrastructure. The method was developed by an international team of researchers based at the King Abdullah University of Science and Technology in Saudi Arabia and Scotland's University of St. Andrews, along with the Center for Unconventional Processes of Sciences in California.

"I like to think of it as a bridge that provides a viable implementation of the ideas of QKD on a classical optical network," says Andrea Fratalocchi, an electrical engineer at King Abdullah University of Science and Technology (KAUST) in Saudi Arabia and a lead author of the paper.

MzU3MTk0MQ.jpeg Image: Nature Communications This figure demonstrates how an array of reflective disks arranged in the pattern of a person's fingerprint can create chaotic light states as the laser bounces around within the pattern.

Instead of relying on quantum physics to make their digital keys secure, Fratalocchi and his colleagues use chaotic light states to safeguard the secrecy of the keys. To accomplish this, they imprinted the surface of silicon chips with reflective nanodisks in the shape of point patterns (in this case inspired by human fingerprints). The patterned surfaces of the chips act like a maze for laser light waves to bounce around inside as they travel through in a random fashion.

"Fully chaotic means that any input condition of light entering in the pattern generates chaotic motion, with no exception," Fratalocchi explains. "Not every pattern satisfies this requirement, and the right pattern has to be found by computer simulations."

Crucially, any small and irreversible change in the structure of the patterned chips will create an entirely different scattering effect on the light waves. The researchers demonstrated this experimentally by putting impure water droplets on the chip surfaces and showing how the tiny deposits left behind by the evaporated water changed both the original chip pattern and subsequent chaotic light state. (They envision future chips using absorbent hydrogels that can change shape to alter the pattern.)

To make use of this system, two users-frequently named Alice and Bob in cryptography scenarios-would each have a patterned chip that can generate chaotic light states. Alice and Bob start out by launching laser pulses that travel through their respective chips. Next, they transmit their different chaotic light states to the other person through a conventional optical cable.

Once each transmission is complete, both Alice and Bob measure the spectral signature of the chaotic light state they received from the other person and use a secondary channel to publicly communicate any acquired data that did not change. By comparing their acquired data, they can jointly create a one-time key based on overlapping repeated sequences of the spectral signatures.

"Our final goal is to use this system to provide an answer to all existing threats in cryptosecurity." -Andrea Fratalocchi, KAUST

By randomly and irreversibly changing their chips' patterns, Alice and Bob can create and transmit one-time keys that would be secure against eavesdropping or interception by a third party (frequently named Eve in such scenarios). This is because each patterned chip would start out existing in thermodynamic equilibrium with its respective environment, so that each subsequent change in the chip patterns would increase the total disorder in both the system and environment.

Even if Eve tried to recreate the key by storing all the signals exchanged between Bob and Alice or by developing a perfect physical copy of both patterned chips, it would be impossible for Eve to replicate the exact environmental surroundings of each chip that also help determine the chaotic light states. That's because second law of thermodynamics would make it physically impossible for Eve to replicate the original thermodynamic equilibrium of each chip's starting condition.

The one-time keys created through this method would help implement a version of perfect secrecy cryptography, called one-time pad (OTP), that was originally invented in the age of telegraph technology during World War I in 1917. This OTP method pairs an encoded message with a one-time random key that is as long as the text that needs to be transmitted. But both the cumbersome key length and the challenges in figuring out how to securely transmit the key have prevented OTP from catching on.

The chaotic chip approach of Fratalocchi and his colleagues seems to offer a solution to the problem of securely transmitting keys. Furthermore, the researchers also developed an algorithm to extract more digital information from each pulse of laser light and therefore speed up the process of creating the one-time keys for longer messages.

The international research team has already filed a provisional patent on the work with an eye toward developing it for commercial applications within a few years. When asked if there are any downsides or limitations to the practical use of such a method, or lingering security concerns, Fratalocchi said he was not aware of any.

"We have been contacted by different companies that have different interests and with whom we are discussing different applications for different security concerns," Fratalocchi says. "Our final goal is to use this system to provide an answer to all existing threats in cryptosecurity."

But several independent experts in cryptography and physics expressed either caution or outright skepticism about whether this approach can truly achieve perfect secrecy cryptography for practical use.

"I want to stress that my main problem with this paper is that it makes extremely strong claims, but it is blatantly clear that the author has no idea whatsoever about the basics of cryptography," says Yehuda Lindell, a computer scientist at the Center for Research in Applied Cryptography and Cyber Security at Bar Ilan University in Israel. "This is always a massive concern."

"Cryptography is really hard-someone coming from a different field, claiming that they have solved all the problems, is just not credible." -Yehuda Lindell, Bar Ilan University

Lindell acknowledged that he himself is not a physicist and could not necessarily verify that aspect of the team's work. But he highlighted what he described as "blatant mistakes" in the paper about cryptography. For example, he disputed the paper's claim that quantum computers could break all classic cryptography methods by pointing out how the Advanced Encryption Standard (AES) can remain secure against even quantum computers by doubling the key length.

"Had the paper positioned it as something worth studying, based on initial research, I think that I would have responded very differently," Lindell says. "Cryptography is really hard-someone coming from a different field, claiming that they have solved all the problems, is just not credible."

The idea of using chaos theory in cryptography was initially proposed by British physicist Robert Matthews in 1989, says Kwek Leong Chuan, a physicist at the Center for Quantum Technologies at the National University of Singapore. But he added that the approach has not proven popular because of security loopholes.

"I believe that the security analysis needs further investigation," Kwek says. "Overall, while the effort is commendable, I suspect that possible loopholes in security might still plague such protocols."

The Intel cryptographer Misoczki described the new research as "interesting" while also pointing out some possible challenges in securely implementing the system. Specifically, he pointed out that the secondary public channel used for communication between Alice and Bob could be vulnerable to man-in-the-middle attacks that secretly relay and possibly change the communication between legitimate parties who believe they're directly communicating with each other.

To prevent such attacks, conventional cryptography relies on digital signatures and other authentication methods to ensure that people are exchanging messages directly with trusted individuals and not with a malicious third party. "It is not clear how to add this authentication layer for the new approach, since the secondary channel proposed in this work is only able to exchange keys," Misoczki says.

In response, Fratalocchi described the new approach as being compatible with many different authentication techniques, including those proposed for QKD systems. "Our system is very versatile and [also open] to different integrated authentication schemes beyond these, but I am not authorized to disclose any of them as they are part of present applications we are currently developing," Fratalocchi says.

An anonymous researcher who read a draft of the Nature Communications paper as part of the journal's peer review process [PDF] also highlighted "many practical concerns with the implementation of the system in its current form." That reviewer questioned whether the relative slowness of mechanically changing the chip patterns compared to the repetition rate of the laser pulses would mean that many laser pulses could have "identical initial conditions even when the users intend to change rapidly." The reviewer also suggested that the system's requirement for both users to have nearly identical optical laser sources "will prove to be a major challenge in any practical system."

Another possible complication comes from the requirement for achieving thermodynamic equilibrium between the chips and their environments. That could prove difficult and impractical for some applications if thermodynamic equilibrium cannot always be ensured all the time, Misoczki says. But despite his notes of caution, he remained open to seeing how the system might perform down the line.

"Overall, this work presents an interesting alternative to exchange keys in conventional communication channels," Misoczki says. "If correctly deployed, this could be used for OTP encryption to achieve the ultimate security notion in crypto known as perfect secrecy."

POLspo2O2cY
External Content
Source RSS or Atom Feed
Feed Location http://feeds.feedburner.com/IeeeSpectrum
Feed Title IEEE Spectrum
Feed Link https://spectrum.ieee.org/
Reply 0 comments