Schneier on Security
A blog covering security and security technology.
« Cybercrime Paper |
| Mapping Drug Use by Testing Sewer Water »
July 21, 2009
Verifiable Dismantling of Nuclear Bombs
Cryptography has zero-knowledge proofs, where Alice can prove to Bob that she knows something without revealing it to Bob. Here's something similar from the real world. It's a research project to allow weapons inspectors from one nation to verify the disarming of another nation's nuclear weapons without learning any weapons secrets in the process, such as the amount of nuclear material in the weapon.
Posted on July 21, 2009 at 6:50 AM
• 23 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"Other countries are also said to have shown interest in the work, including the US, Canada, Russia, Australia and Japan. "
Not interested is Iran, North Korea, Pakistan, India and Israel.
I am confused, what if the devices being brought to the facility are these fake bombs that still are radioactive?
What proof is offered to the inspectors that the bombs coming in are genuine other than the fact that they are radioactive?
There are many holes in the system (unless parts of the process were not shared which is likely) but there were a couple of assumptions in the scenario that allow for these holes to be present.
1: Assume both sides are genuine in there presence.
2: Assume both sides consent on the process being used.
3: Assume both sides consent not to subvert the process.
This appears to be much more of a politically charged theatrical performance then an actual proof of disarmament. Both of which are important.
The biggest hole in the entire process is also the most basic:
The hardest part of creating a nuclear weapon is the enrichment of the nuclear material.
Yes, you may come up with a scheme in which the "Mark I" weapons have been dismantled. However, what's not seen is the removed material being sent over to the "Mark II" factory.
>Not interested is Iran, North Korea, Pakistan, India and Israel.
"these are not the nukes you are looking for."
The point here is not to conduct a 1-hour-notice, kick-down-the-door, hostile inspection of a presumed cheater (say on the pre-2003 Iraq model of nuclear facility inspection). Obviously the protocol described is inadequate for that, and no such claims are being made on its behalf.
The point here is non-proliferation _to the inspecting party_. That is, there is a relationship of some limited (and asymmetric) trust between inspector and inspectee, sufficient to satisfy the inspecting party that there will be no diversion. The inspections, a formal requirement of a disarmament treaty, cannot be dispensed with, but must not result in transmission of weapons design data.
Think Thailand and Argentina inspecting U.S. stockpile disassembly on behalf of the UN. There's a presumption of trust that the US is not going to cheat on its legal treaty obligations, and an absolute requirement not to risk creation of new nuclear weapons states. That's when this sort of protocol could be useful.
There was a very similar procedure to develop detectors that would allow arms treaty verifiers to count the number of warheads in silos without revealing which silos had real or dummy warheads.
It's exactly a cryptographic problem.
However along with the scientists and weapons engineers I would have included a couple of magicians and maybe a bank robber to two. Scientists are very bad at spotting ways people can be tricked - experiments don't normally set out to deceive you
~NobodySpecial: I like the idea of the magicians!
Zero knowledge proofs are so tricky; I swear they cannot be done, even though I've run the numbers to prove they exist =p
The whole exercise seems to invalidate the process. If the exercise is based on cobalt-60 then what prevents the disarming nation from putting cobalt-60 in the container to be "tested" and not the actual physics package?
Well, the ramifications if one party found a way to beat the system would be somewhat awful, and things guarded by locked doors and CCTV aren't exactly what I'd call 'cryptographically secure' in the real world either.
Not to mention, what trust is there to be built on the grounds of removing your arsenal when the ability to verify quantitative removal data comes without verifiable proof of the initial count of bombs there are to dismantle?
All sides destroy 500 bombs, so who had 600? 1000?
"Alice can prove to Bob that she knows something without revealing it to Bob"
This is all well and good if Alice actually intends to prove disarmament to Bob in good faith, but if the intent is to deceive then this actually helps with deception.
In other words, this system gives incentive to proliferate nuclear arms in order to have enough arms allocated so it can prove disarmament.
The cobalt is just for the tests, it is very easy to detect U/Pu from the radiation. What it doesn't go into is preventing the inspectors from being able to estimate the amount/mix of fissile materials or the geometry of the package.
The idea is that another country can confirm that N weapons were dismantled and all the nuclear material was removed without knowing how much. This does mean the weapons state could have taken half the core out of each device before sending it - but presumably they have the capability to produce new material anyway so this isn't an issue.
This is a critical bit of security research. Provable dismantling / destruction is at least as important as proof of possession / manufacture, especially since the most reliable proof is actual combat use, as at Hiroshima and Nagasaki.
Someone said, "Other countries are also said to have shown interest in the work, including the US, Canada, Russia, Australia and Japan. "
>> Not interested is Iran, North Korea, Pakistan, India and Israel.
These countries should be very, very interested. If North Korea doesn't someday want to be on the receiving end of bunker-buster nukes, they might want to think now about ways they can prove publicly that they dismantled their nukes, without compromising various state secrets (such as, they don't actually work).
Israel should be interested for the opposite reason -- they will never disarm, but might require Arab powers to "throw down your guns, boys, we've got the drop on you." Ways of achieving mutual assured destruction (irony intended!) might prevent unnecessary escalation and even nuclear war.
Please stick to the topic: verification schemes for nuclear disarmament. This isn't the place for a debate about Israel, or any other country for that matter. Two comments deleted so far.
The "blob of glue with multi-coloured glitter" is a method that has been in used for some time now - it was used to uniquely identify missiles. I remember reading about it in Scientific American about twenty years ago.
@ Paul Renault,
'The "blob of glue with multi-coloured glitter" is a method that has been in used for some time now'
It was I think originaly discussed for tanks and other land based weapons back in either the first or second round of arms limitations talks.
I think it was just a patch of fiberglass made using "choped strand mat" and "clear epoxy resin" with a thin red box outline.
If I remember correctly (it's to early in the morning to look in books) it was due to research which gave rise to the notion of "subliminal channels" (ie side/covert) by Simmons back in 1983 in the first round.
"... putting cobalt-60 in the container to be "tested" and not the actual physics package?"
The simple answer is nothing to stop them providing they can make a sufficiently good fake.
And that's the rub making a good fake is way way harder than you'ld think.
Apart from the actual device geometry simply observing a box with the appropriate detectors for even a short period is usually enought to identify which reactor the material came from before enrichment and a whole load of other information. With longer detection periods it will be possible to "enumerate" the physics package in quite some detail.
However I suspect that the big "nuke states" won't cheat or realy care (except about leaking design info to non nuke states).
The simple reason is that nukes need a lot of loving care and attention, which makes them inordinatly expensive to maintain over even a couple of years, irespective of the security costs.
This is one of the reasons there is such a large stock pile of "weapons". On any given day most that are actually "good to go" would have less than a 50/50 chance of working. And anything upto 80% of the stock pile are effectivly in a "decommissioned" state for maintanence...
It is no big secret that the US nukes have so many safety features various people have put the chance of suposadly "good to go" nuke actually working around 10-20%
Just about all the big nuke nations would rather spend the money on something else as there is little or no reason to have them other than for purely political reasons (think veto status at UN etc).
More conventional weapons using fuel air and flare material can produce preasure waves etc equivalent to battlefield nukes.
I suspect that both the US and UK would love to be shot of 90% of what they have and maintain just a "technical deterant" (if they have not in reality actually already pulled them).
I must admit I'm curious as to what the curiously named "physics package" is actually supposed to be. Very simplisticaly there are four parts to a nuke,
1, The Initiator or Golf ball.
2, The fisile material that gets compressed.
3, The explosive shell that does the compression.
4, The tamper which has various purposes.
The least stable components are usually the explosive shell and the golfball. The most stable the tamper.
However there are a whole bunch of other parts that go into a nuke that are made of various materials. For instance most metals or plastics used as support structures or fixings will become brittle very quickly due to the low level of radiation they are subject to (read up about steel in Nuke Reactors containment vessels etc for a good clue as to what happens and why).
I'm assuming that the "physics package" contains only the fissile material and optionaly the golfball (which is realy the secret bit due to it being the predomanent device that determins a devices yield).
The "Physics package" is usually held to be the fissile material - in this case the core (or primary in the case of a 2-stage thermonuclear weapon), the neutron initiator, the tritium injector (in the case of a boosted fission weapon) or the secondary and connecting radiation channel in the case of a full thermonuclear weapon.
This process is designed around good faith - not around a hostile inspection of a country's disarmament. Nor is it meant to prove that a country has disarmed all of it's weapons.
The use case of this procedure is simple and restricted: if a country says "I will decommission 100 nuclear devices, and I invite Thailand to watch - but I don't want Thailand to see how the nukes that I'm disarming worked," this is designed to facilitate that. It's someone else's problem to determine if 100 nukes is all the weapons I've ever had (and people are pretty good at this).
It's also pretty easy to tell what type of radioactive material is inside a closed box by measuring its emissions - geiger counters (and their associated tools) are more advanced than the simple beeping boxes that are normally seen. In other words, the people watching the process will be able to tell that the box has something dangerous in it, and not just some Cobalt-60.
This just seems dumb. Not only is there no benefit to stringently authenticating this part of the process (either they act in bad faith and build some more nukes/use fakes or they act in good faith) but the entire premise that somehow (completish) nuclear disarmament makes us safer is absurd. Indeed even the CTBT, quite likely increases the chances of nuclear strikes.
I mean the incentives to secretly keep/build nukes becomes greater if you believe your enemies don't possess any deterrent. Even if you know your enemy can implement an emergency program and build it's own nukes in a few months or even weeks it's likely they will sign a hasty treaty after the first detonation rather than risk being obliterated during that time. Worse, given this risk anytime countries perceive themselves to be facing an existential threat they will have huge incentives to rearm. This in turn creates a strong incentive for their enemy to engage in a pre-emptive strike.
Equally worrisome is that a global disarmament regime would further enhance the uncertainty created by the CTBT about who really has nuclear weapons. After all if you know your opponent has nukes that will deter you from deploying your own. If everyone knows you have nukes and they don't then a single demonstration you are willing to use them will likely bring you victory. However, if you mistakenly guess they don't have nukes your demonstration could very well blow up into a sizeable nuclear exchange.
For christ's sake the disarmament people should go read about the chillingly serious proposals in the US after WWII to preemptively attack the Russians before they had their own nukes. Is that really what we want to go back to? Or worse, people incorrectly assuming their enemies don't currently have nukes?
Nation state disarmament will only make sense when either the spectre of total war fades away or an international body makes credible guarantees of nuclear retaliation against any state deploying nukes.
That use case makes no sense. It's like going to all the trouble to encrypt the folder containing employee evaluations on your work computer...and then telling your employees the password in case you forget. As long as your employees behave in good faith the system works great but then again as long as the employees behave in good faith so does not encrypting the folder at all.
Also remember the very *point* of the project is to prevent the inspection team from learning the type and amount of the radioactive material in the package. That is why the article mentions the instruments having simple indicators. If you measured the emitted radiation in detail you would discover exactly what they want to keep hidden.
The point is that verifying someone took out the radioactive material simply isn't the weak point in the process. Accurately determining the *current* number of weapons the country has is the weak point. If you can already count the number of nukes a country has decommisioned by other means then this procedure is totally redundant. Equally so if you can just count their total number of currently commissioned nukes by other means. If you can't do either then what was the point of verifying the number they are decommisioning now?
Also what's the point of verifying no one is removing any radioactive material? If you want to keep the total amount of radioactive material per warhead a secret you can't let anyone count the number of warheads in and fissionable material out. So either
1) The disarming country must have a supply of plutonium of unknown amount/%Pu240 to mix in with the plutonium removed from the warhead to prevent the inspecting country from infering the amounts in the warheads.
2) The radioactive material has to be kept in a sealed storage area under constant monitoring by the inspectors thus preventing it's use as fuel.
3) Facilities using the material as fuel must be constantly monitored by the inspectors as well as transit of the material.
In case 1 there was no point at all in verifying the country took all the nuclear material out of the warhead. By stipulation they have an unknown amount of replacement material they could just stuff back in.
Case 2 is possible but seems both practically difficult and horribly wasteful (throwing out the fuel). Not to mention that nothing prevents the 'disarming' country from simply reinserting the stored cores (with proper design) in short order if they ever feel the need to use nukes.
Case 3 is possible but also practically difficult and either falls into case 1 or risks side channel leakage of the type and amount of the nuclear package, e.g., information about power output, fuel orders etc.. tell you something about the fuel recieved from the dismantled nukes.
Overall it seems like a whole lot of work for non-existant gain.
The US and USSR worked out the crypto for this decades ago now. This is why Los Alamos does crypto.
It's not foolish. It's just not reported properly.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.