What's the truth about this "absolutely unbreakable" cipher?

Question

A story appeared on Forbes today claiming that we now have an absolutely unbreakable cipher. It cites a paper published in Nature Communications. However, I'm skeptical:

But what if there were a method of enabling data to be sent using an "absolutely unbreakable" one-time communication technique? What if that technique could achieve perfect secrecy cryptography via correlated mixing of chaotic waves in an irreversible time-varying silicon chip?

That seems like a lot of buzzwords and doesn't sound convincing.

With no software or code to manipulate, traditional methods of cracking computer encryption are irrelevant

Again, Dr. Cruz reiterated that there is no code to manipulate, and the limited software is ROM based, so traditional methods of hacking encryption are irrelevant.

Don't ciphers and their weaknesses exist independent of software and code? Solitaire has neither software nor code, but has weaknesses.

The cryptographic keys generated by the chip, which are used to unlock each message, are never stored

You need the keys to decrypt the message, so even if they're never stored, something good enough to reconstruct them must necessarily be stored.

It is claimed that even facing an attacker with "unlimited" technological power, even if they could access the system and copy the chips, would be unable to break the encryption because it is protected by the second law of thermodynamics and the "exponential sensitivity of chaos."

I really don't like the sound of this.

Professor Andrea di Falco of the School of Physics and Astronomy at the University of St. Andrews, another author of the study, said that "this new technique is absolutely unbreakable, as we rigorously demonstrated in our article."

A really extraordinary claim.

The second law of thermodynamics prevents this attack. Every time Alice and Bob change the chip with an irreversible process, they increase the total entropy of the system and the environment, creating new chaotic structures exponentially different from the ones used in the communication (conditions 3 and 4). If Eve accesses the system, it is impossible to recreate the initial chips and to perform any search, as this requires reverting the transformation of Alice and Bob with an entropy decrease, thus violating the second law.

This is contrary to my understanding of the second law of thermodynamics. Can't you easily decrease entropy in systems that aren't closed (such as the chips), just by increasing it more outside the system (exhaust heat somewhere)?

---

So is this new cryptosystem legit, or is it just more snake oil? If it's legit, then what are the explanations for my above concerns? If it's snake oil, how did it manage to dupe both Nature Communications and Forbes?

Answer 1

I will go out on a limb here and say that it reeks of snake oil. I have seen the answer by @dirdi, but I am very skeptical. It is clear from the paper that the authors have almost no understanding of cryptography: they refer to algorithms used as DES, AES and RSA, and that quantum computers break them all.

We know that quantum computers only have quadratic speedup to break symmetric ciphers, to the best of everyone's knowledge. Also the reference to DES, AES and RSA together is very suspect. I quote: "Conventional cryptographic schemes based on DES, AES and RSA encode messages with public and private keys of short length." Huh???

There is no theoretical model for this, like one has for quantum computation (with all of the problems that exist there). Rather, it is more experimental in nature - and we know where that tends to end. Bottom line, this looks really bad and like a lot of other cases where people from other fields think that they can solve all of the world's hard cryptographic problems without knowing anything about cryptography.

Answer 2

Since I am not a physicist, I am unable to answer all your questions about the paper, but a few:

It is claimed that even facing an attacker with "unlimited" technological power, even if they could access the system and copy the chips, would be unable to break the encryption because it is protected by the second law of thermodynamics and the "exponential sensitivity of chaos."

I really don't like the sound of this.

The technology is not based on an algorithm or the like, but leverages physical properties (i.e. it works on the physical layer of the OSI model). Since laws of nature cannot be "broken" the claim seems to be legit. However, there is the possibility of advances in physics that may open attack vectors. (Note that laws of nature cannot be proven, but only be falsified).

You need the keys to decrypt the message, so even if they're never stored, something good enough to reconstruct them must necessarily be stored.

No. The messages are only encrypted during transmission. They are decrypted upon arrival at the communication partner. The technology described in the paper is not determined to encrypt stored data.

Don't ciphers and their weaknesses exist independent of software and code? Solitaire has neither software nor code, but has weaknesses.

The biggest problem with this technology seems to be authentication. As far as I can see, there needs to be an authentication phase that has not been described in detail, as well as an authenticated public channel. So a man-in-the-middle attack seems feasible to me. However, somebody may prove me wrong?!

Let me add one question you have not asked:

Is it applicable?

The two communication parties need to have a direct fiber cable connection. So it could be used to secure the connections in backbone networks or e.g. between two data-centers and thus to protect critical infrastructure. But if you want to use this to communicate with a friend who lives at the other side of town, the answer is no.

Answer 3

I stopped at the point that things were described as "exponentially different" - an expression that seems a perfect (if minor) example of language thats designed for hype not meaning.

If they are tackling a complex technical problem, but can't describe the findings rigorously, then my confidence in their broader rigour is minimal.

Answer 4

Nature Communications provides the comments from the reviewers as well as the response from the authors. The first reviewer was quite critical, but the other two were very positive, and after the authors responded to the first reviewer, it seems that they signed off on the manuscript.

If you are really interested in the veracity of the papers claims, it is worth reading: PDF of reviewer comments and authors response

Answer 5

That seems like a lot of buzzwords and doesn't sound convincing.

What did you expect from a newspaper?

The journalist probably just skimmed the paper/interviews for buzzwords and inserted them in random order.

After reading the paper it seems legit. (Although I am a mathematician and cryptography isn't something I am very intimate with, so I cannot be sure.)

They use the Vernam cipher which is completely unbreakable and completely useless. At least in general.

Why unbreakable? Because it uses a random cypher that is the size of the message sent. And the cypher changes randomly for each message. Provided that you can send the cypher securely to the recipient, the message is undecypherable by itself.

Why useless? Well if you can send the cypher to the recipient securely, why don't you send the whole message on the same channel then? It is the same size. In practice sending the cypher is as hard as sending the original message.

So they use Vernam cipher and their contribution is in communicating the cypher to both ends securely. Each end of the network (the call them Alice and Bob) has an image scanner that they put their thumb on and then use the image to produce random messages that are then sent over the fiber to the other end. The cypher is some combination of both images that they construct at each end.

In the quantum limit, when a user (say Bob) launches a single photon in the chip, the receiver (Alice) measures a photon emerging at a random position from the chip. If Alice injects the photon back in the same scattering channel, the reciprocity theorem of quantum mechanics46 guarantees that Bob measures the emerging photon in the same input channel he originally used.

Due to the reciprocity43 of the communication network connecting Alice and Bob, if Eve does not perform active eavesdropping, the users measure identical optical observables (intensity, power density spectra (PDS), etc.). ... At the conclusion of the sequence, Alice and Bob communicate on the public line all cases of the acquired data that did not change, extracting an OTP key from overlapping repeated sequences.

Is the above usable in practice? According to a PHD student in cryptography in my institute, one of the major issues in cryptography is that computers cannot generate enough "true" random numbers ("true" random number generation is relatively slow, i.e. not enough random numbers). Instead the "true" random numbers available are used as "seeds" for the "pseudo" random number generators. And "pseudo" random numbers are predictable (well, with enough computational power).

In the above paper the user must put his thumb on the scanner to add "chaos" (a.k.a. help generate "true" random numbers manually) for each message sent. I doubt that this would be widely usable as is.

Answer 6

mixing of chaotic waves

Snakeoil, wrapped in the language of Quantum Cryptography.

Quantum Cryptography is attracting some serious research, but it's definitely future tech, it's not clear that it could ever work, and if it is even possible, it's decades or more away from being a marketable product.

The cryptographic keys generated by the chip, which are used to unlock each message, are never stored

You need the keys to decrypt the message, so even if they're never stored, something good enough to reconstruct them must necessarily be stored.

No, not necessarily. As above, the whole thing is implausible, but this bit in isolation is plausible. As described, this is just Perfect Forward Secrecy.

In short, once you have a secure channel, you can use it to generate a random shared symmetric key, for temporary use. Because the temporary key is not stored, and is not predictable, messages encrypted using it cannot later be broken, even if the underlying keys used in generating the temporary key could somehow be obtained.

Answer 7

Snake oil. High quality snake oil.

I read the article. Here are a few quotes.

1)

sensitivity of chaos

Sensitivity to what?

2)

unconditional security in the key distribution

Sounds interesting. But later they write that key exchange is

conducted over the public authenticated channel

Unconditional, sure.

3)

The scheme ... exchanges keys ... at full speed

"full speed key exchange" sounds cool :) They have just forgotten to mention this speed and to tell what schemes are not "full speed"

4) Do you think the probability can only have values within the range [0;1]? Are you sure? On the fig. 4b the authors show that the probability varies from $10^5$ to $10^8$. We should ask them if the probability can also be negative.

5) One more interesting finding on the same fig. 4b:

Probability distribution of the electromagnetic energy

We know the probability distribution of event. We know the distribution of energy depending on some parameter. But Probability distribution of the electromagnetic energy is something new. For smb. who doesn't know the basics of mathematics and physics this can sound like something scientific.

6)

Kerckhoff limit

The diagram of their scheme shows Kerckhoff limit. You know the Kerckhoff principle. Many know even 6 Kerckhoff principles. Any one can explain the Kerckhoff limit?

7)

The system’s security is evaluated following the Kerckhoff principle.

It is a solid prove. Isn't it?

8)

exponential sensitivity of chaos prevents the attacker from ...

Poor attackers, if you new how sensitive the chaos is...

Answer 8

There is one big claim to start with: We found a way to transmit a message from A to B in such a way that it can only be read by the intended receiver B, and cannot be intercepted and read by an attacker on the way from A to B. This is achieved using a direct physical connection.

I would say that with what I know about quantum physics, this may not be impossible. The problem is the direct physical connection required. But if my computer at home is A, and my computer at work is B, it is completely impractical to create a direct physical connection. If A is one specific computer in the White House, and B is one specific computer in the Kreml, it would create massive problems creating a direct connection. If there is no direct connection, then we can only transmit from A to A1 to A2 to A3 ... to An to B, with possible physical intercepts at A1, A2, ..., An.

But transmitting information from A to B safely is not everything. You then have to store the information. (Or you would have to retransmit it from A to B everytime it is accessed, which doesn't help because then we have to store the information at A). And here we have no help whatsoever.

But what I can't see is how this could be used to just transmit data from London to Los Angeles. Direct phyiscal connections would be needed.

Answer 9

The truth is that if you invest in this product, you will definitively help the guys who launched the press release.

It's a technobabble article on a "business magazine" full with ridiculous claims and buzzwords that the average investor doesn't understand but which suggest a certain level of algorithmic and/or operational magic.

If you care to waste enough of your precious time to skim over the article past the first few lines, you will, in summary find this:

1. Input human fingerprint.
2. Quantum super powers chaos theory kick-ass.
3. ???
4. Unbreakable.

Well, that's awesome, even moreso as the technology is CMOS compatible, easily manufactured, and inexpensive! You should buy stocks immediately before someone else does. Do not risk missing the chance of getting rich. Oh wait, I forgot to mention that the technology follows the laws of thermodynamics. That's an extra bonus.

Joke aside, the claims are ridiculous.