Project C-43: A Final Piece of Public-Key Cryptography History

This finally explains what James Ellis was talking about in “The Possibility of Non-Secret Encryption” when he dropped a tantalizing hint about wartime work at Bell Labs.

Tags: cryptography, encryption, history of cryptography

Posted on June 17, 2013 at 12:47 PM • 11 Comments

Comments

wiredog • June 17, 2013 12:56 PM

Interesting. Simple, presumably easy to implement, but only works for landlines. And only for relatively short ones, as you would have speed of light issues too. The telephone switches might cause problems as well.

But a brilliant idea.

Andreas Krey • June 17, 2013 1:32 PM

No, it won’t work at all. When you can measure both current and voltage on the line you can separate the signals flowing in the two directions. No need for separated tapping points.

John Hardin • June 17, 2013 1:49 PM

@wiredog:

And only for relatively short ones, as you would have speed of light issues too.

Where do speed-of-light issues come into it? The only place propagation delay would interfere is between where the noise is injected and where it is removed, and those are adjacent in the receiver.

lazlo • June 17, 2013 2:39 PM

Is it just me, or is your article in the second link badly ocr’d? Or maybe there’s just noise in the system that hasn’t been canceled out.

Steve Wildstrom • June 17, 2013 3:31 PM

I don;t think it would really have worked for a variety of reasons. There was a keen understanding on the part of Bell Labs scientists and engineers, reveled in both the Final Report and the more detailed preliminary reports, of how difficult it was to provide voice security through noise injection alone. The human ear is extraordinarily good a picking speech signal out of almost any noise. That is why the operational Project X system (a/k/a/ SIGSALY) used noise masking on top of a variety of other techniques for obfuscating the signal.

It really was not until the digital era allowed standard data encryption protocols to be used that the problem of secure voice was truly solved.

Zap hod • June 17, 2013 3:44 PM

We need Uncle Clive’s analysis.

Mr. Stone • June 17, 2013 9:31 PM

wiredog: “Speed of light issues.” Nahh, you’re dealing with it locally, but even if you weren’t, you’d then just need a phasing line that accounts for the transmission delay. You can locally adjust this until it’s intelligible.

Andreas: It’s not as if voltage varies on one end, and current on another. Yes, you’ll lead and lag the phase of both with the modulating signal, but that’s okay, since you’re using it to recover the plainvoice.

Steve: I doubt that Bell Labs had any problem finding a standard telephone line to play with this on. 🙂

It’d work just fine, provided the person speaking didn’t pay any attention to the noise coming back at them — it converts a (required) full duplex telephony link into half duplex with the local noise injection.

Magnum • June 17, 2013 9:56 PM

This is exactly how the telephone banking system (Alcatel IVR) I worked on in the mid-90s was supposed to mask the button tones when customers entered their PINs.

I could never hear anything when it was turned on, they told us it was only audible much closer to the IVR end than the telephone you dialled in with. They did say that an older version of the system would emit a horrible screech after the “Please enter your PIN, followed by hash” prompt, until the customer had finished entering the PIN.

Clive Robinson • June 18, 2013 12:44 AM

First off some posters appear to be confusing 2-wire and 4-wire phone systems. This idea is based on one half of a 4-wire system. That is rather than have TX&RX “share a pair” as in 2-wire (or one wire phantom) systems sender A’s voice goes out to B on one pair, whilst sender B’s voice goes back to A on the other pair.

For those mistakenly thinking that you cannot seperate the noise from the speach, you can because the voice is propergating in one direction and the noise in the oposit direction. Provided the line is long enough you can make a “directional coupler” that will seperate the two signals sufficiently well.

Oddly we have had this conversation on this blog before [1] back in 2005 with Laszlo Kish’s totaly secure clasical security system and follow on postings.

However although the detection systems you might use to attack these noise based systems is the same the systems are very different.

[1] Bruce and others made several postings about L.B.Kish’s system This later Bruce post gives refrences back to some others http://www.schneier.com/blog/archives/2007/06/more_on_kishs_e.html

[2] Laszlow Kish (Kiss) home page http://www.ece.tamu.edu/People/bios/bkish.php

[3] The debate about Kish’s key transfer system is still open, http://www.ece.tamu.edu/%7Enoise/research_files/research_secure.htm

cknns • June 18, 2013 6:57 AM

bruce did the certificate for http://www.schneier.com expired?

aikimark • June 18, 2013 10:55 AM

@cknns

He used an https: prefix, which invoked a certificate checking process. The simple solution would be to change the link to use http: protocol.