To be impartial who are the “everyone’s” you speak of?

Are they considered in general to be sufficiently knowledgeable as to make meaningful tests?

If not, then the system has not been meaningfully tested has it?

And that raises the question,

Who is the person with sufficient reputation who would admit to having carried out any tests and be subject to the same level of criticism Laszlo Kish has recieved?

Whilst cryptograpers and other security researchers actualy see critics and relevant criticism as a healthy response that is part of the game researchers in other fields see it considerably less so.

So I suspect that Laszlo’s “Totally Secure Classical Communications” is now seen as ‘A Poisoned Chalice’.

But let’s assume for the sake of argument TSCC is secure, the next question is, Is it practical for general use by ordinary users?

It would appear that it is not realy any more practical than QKD in that it requires a point to point link via a constrained and quantified communications channel.

So in general terms TSCC like QKD is a solution looking for a problem, which makes it very niche at best.

But worse for TSCC, QKD has many detractors not just for it’s lack of practicality but also because although in theory it’s secure the practical implementations have been found to be insecure in many cases which has significantly reduced confidence in it. This has the unfortunate effect of tarnishing TSCC with the same brush which the above conversation of if TSCC is realy Clasical, Quantum or just some quirk of statisticaly based measuring methods realy does not help.

]]>http://www.ece.tamu.edu/~noise/research_files/research_secure.htm

More data will follow in the paper.

Laszlo Kish

]]>Interesting considerations. Your own definition of classical physics seems to be the deterministic physics. Stochasticity and noise comes with both classical statistical physics and quantum physics. The difference between Fermi-Dirac and Boltzmann is due to the Pauli principle and the non-distinquishability (I hope I spelled correctly) of quantum particles.

Your considerations generate a natural question. What do we need for a secure physical layer? Quantum physics and classical statistical physics have one thing in common: randomness/statistics. What else do we need? Is there a general rule?

Laszlo

]]>Regarding Matthew Skala’s comments here and on his web site http://ansuz.sooke.bc.ca/software/security/kish-classical-crypto.php:

See especially the new preprint http://arxiv.org/pdf/physics/0602013. It mentions that another paper is also in preparation which will address practical issues.

Skala is concerned that Eve can record voltage and current as function of time at high bandwidth and at several positions along the wire. This would then help determine which end has the larger resistor, because of propagation delays. Note that Eve does not have to inject any current into the wire.

See http://www.phys.sci.kobe-u.ac.jp/~sonoda/notes/nyquist_random.ps

for a derivation of the Nyquist relation. See also http://en.wikipedia.org/wiki/Fluctuation_dissipation_theorem.

(Laszlo: perhaps you would contribute to that article, which is a little sparse?)

The average squared noise voltage <V^2> across a resistor is directly proprotional to bandwidth delta nu (Hz). Higher bandwidth gives higher <V^2>. But the wire has a limited bandwidth. Also, in the practical case described in the new preprint, there are low-pass filters at each end of the wire limiting the bandwidth of the noise. Thus, Eve can measure the voltage at high bandwidth, but the low-pass filters will smooth out the signal Eve was hoping to observe.

Information leakage due to taps at each end of a wire which has finite resistance is to be avoided by choosing suitable resistor values such that there will not be enough time to determine the position of the larger resistor before the end of the clock period.

Regarding http://terrybollinger.com/qencrypt/BollingerCritiqueOfKishPaper-2006-01-31.pdf

Bollinger’s concerns that this classical method lacks something which is present in the quantum approach:

In my opinion, the difference between “classical” and “quantum” physics is much overrated. As Einstein noted, “there is, strictly speaking, today, no such thing as a classical field-theory” (A.E. Philosopher Scientist, P.A. Schilpp, ed., vol 2 p. 675). The work of Maxwell, Boltzmann, Gibbs, and others on electrodynamics and statistical mechanics is quite different from Newtonian mechanics. But regardless of how we define a classical theory, the problem here arises because people suppose they know for sure that there is a “classical domain” and a “quantum domain” and that experiments in the classical domain somehow cannot benefit from quantum effects.

In “quantum cryptography,” the actual physical state of the photon (e.g. its polarization) cannot be known before it is measured, and even then, only the measurement result is known, not the full state. Because a single photon (or a pair of entangled photons) is involved, we are supposed to believe that this is fundamentally different from the situation where one or another macroscopic resistor is switched into a circuit. But, with the resistor, there are also many things which cannot be known even after the measurement. We know nothing about the microscopic environment of each electron in the resistor, and after we measure a noise voltage, we know only the average squared voltage. Just as measuring photon polarization tells us almost nothing about the full state of the photon, measuring the voltage tells us very little about the microscopic state of the resistor.

Look at the Sonoda derivation of the Nyquist relation. A resistor is modeled as containing N electrons distributed along length L. Each electron has thermal kinetic energy in the x direction of 1/2 kT, and there is a local electric field which accelerates it randomly. All we know about these fields is that they average to zero, that they are uncorrelated, and that they must maintain the average kinetic energy 1/2 kT for each electron. From this we derive the Johnson noise.

One may consider a theory classical if it doesn’t involve Planck’s constant, but I suggest that the appearance of Boltzmann’s constant also makes the theory non-classical. Individual particles and point sources are non-classical.

In quantum cryptography, detection of the evesdropper occurs when Alice and Bob learn they had their polarizers set at equal angles but did not observe compatible results. (By the way, in QC, the transmitted key is used only after Alice and Bob determine that it was not overheard, so the fact that evesdropping is not noticed instantly is not a problem). In Kish’s scheme, evesdropping is detected when Alice and Bob find that they are measuring significantly different voltages and currents.

The point is, in both schemes, the evesdropper cannot measure the physical property of interest without disturbing it. There is nothing more magical about polarization of a single photon than there is about the voltage and current arising from a pair of resistors at opposite ends of a wire. To detect the polarization of a passing photon, you have to insert a polarizer into the fiber. To determine the location of the larger resistor, you have to inject current into the wire. The low-pass filters and the finite clock period serve the same purpose as the photon number: there is not enough information available to a passive evesdropper to detect the randomly chosen polarization or resistance setting, but Alice and Bob know their own instrument setting, and hence have enough additional information to establish a shared secret.

]]>In your December 17th message, you point out an important aspect. If the sender and receiver operate with two DC voltage generators, then nobody can decode the message. That was my first attempt last summer but I failed with it due to the very same reason. However, the noise cipher does not operate with DC but with thermal-like noise. Thus we have more info about the voltage than in the DC case. We know how does the effective noise voltage scale with the value of the resistor. In this way, the sender and receiver have just enough knowledge to extract the information.

Note: you could ask if the system works with DC voltage that scale in the same way as the thermal noise. I tried that, too. It does not work because it is not secure. Then the eavesdropper has enough information to extract the bits.

Finally, you could ask, if different type of noise scaling would work. The answer is again no. In that case, the fluctuation-dissipation theorem is violated and there will be a net energy flow between the two sides. Then by clever current-voltage crosscorrelation measurements, the eavesdropper can again find out what is the situation at the two ends.

Laszlo

]]>Interesting interpretation. Or is it more proper to talk about joint information? The received information is part of a joint information between the two ends. To receive it, the receiver has to know his own resistor setting. If the receiver does not look up his own resistor value, he cannot extract any information. Just like the eavesdropper, he will know only the global situation (2 high resistances; 1 high and 1 low; or 2 low resistances).

Laszlo

]]>This is not Kish’s claim, however. He claims (and it’s an interesting question whether that is truely that case – we have seen some supposed rebuttals in this thread) that he is capable of transferring data without any of the data being actually on the line. That, in itself, is known to be possible.

A simple example, proveably unattackable, is giving you a one time pad key in advance, and then sending the actual data encrypted with said one time pad key.

Shachar

]]>Laszlo ]]>