Quasar Encryption

Does anyone have the faintest clue what they're talking about here? If I had to guess, it's just another random-number generator. It definitely doesn't sound like two telescopes pointing at the same piece of key can contruct the same key -- now that would be cool.

The National Institute of Information and Communications Technology is trying to patent a system of encryption using electromagnetic waves from Quasars.

According to The Nihon Keizai Shimbun, this technology is used to take cosmic radio waves are received through a radio telescope, encrypt and then retransmit them. Because cosmic waves are irregular, it is virtually impossible for others to decipher them. A spokesman is quoted as saying that the system could be used for the transmission of state secrets and other sensitive information.

The radio telescope can decipher the information by observing the cosmic wave patterns emitted by a particular quasar selected in advance. Even if the encrypted data is stolen, it is impossible to read it without the appropriate quasar's radio signals.

The only way to really break the code is to know which radio telescope the coder is using and what Quasar it is pointing at. Only then do you have a slim chance of decoding it.

I can see the story on the home page of Nikkei.net Interactive, but can't get at the story without a login.

Posted on March 27, 2006 at 1:21 PM • 58 Comments

Comments

ZwackMarch 27, 2006 1:38 PM

It does sound like they are using two radio telescopes and a radio set up...

RT1 picks up random data stream from quasar...
RT2 picks up random data stream from same quasar...

User1 encrypts signal over the output of RT1 and broadcasts it. (is this just an XOR? It sounds like it to me...)

User2 takes broadcast signal and decrypts it using the output from RT2...

There needs to be a way to synchronise the encryption/decryption and that bit could be interesting... The rest of it is just a way to make sure that you have the same random data stream available to both users.

Z.

Alun JonesMarch 27, 2006 1:43 PM

With a truly random bit stream that can't be guessed or predicted (duh, that's part of "random" by definition) by anyone other than the recipient (who knows where to look for it), a simple XOR would be sufficient. [Note that there are already methods to deal with such irritating things as "1 occurs more frequently than 0", and so on that you might see in a natural source of random bits]

arlMarch 27, 2006 1:48 PM

The Quasar's radio signal is the key. Select the quasar and the time to start and you have a very interesting one-time pad. If I figure out what quasar you are looking at, I can read your mail.

Eric K.March 27, 2006 1:51 PM

While a natural source of random noise is interesting, there's still a problem similar to that of biometrics.

The data representing the quasar should not be confused with the quasar itself. Nor should the data *identifying* the particular quasar and starting datetime of the recording used be confused with the random digital noise.

The set of datetimes available for use as starting times for the recording is limited based on how long we've been recording output from quasars.

As far as which quasar, there are a limited number in view, and a limited number that are going to be useful to both parties, as the quasar has to be simultaneously visible to both parties for them to capture the random noise. This is probably easiest for quasars located above the earth's poles, as they won't rotate out of view. But the problem here is that both parties have to be located in the same hemisphere or have access to the same recordings.

Someone with enough money could record the noise from all visible quasars and use that to brute-force the encryption. Yes, there are a very large number of quasars and a very large number of starting datetimes to work with, but does the size of the 'keyspace' in question even *remotely* compare with that of more "conventional" and accepted, peer-reviewed encryption algorhythms?

I seriously doubt it.

Ben KMarch 27, 2006 1:52 PM

The NSA has (allegedly) long used cosmic noise to generate one-time pads. This may be a variation that doesn't require distributing the pads. If both parties pick up the same noise at exactly the same time....

jmrMarch 27, 2006 1:58 PM

@Ben

In which case, it's not a one-time pad. The real key exchange is the exchange of information about which Quasar to listen to.

Preston L. BannisterMarch 27, 2006 2:07 PM

This is just a Vernam cipher. You have two choices, use one telescope and the signal from a quasar to generate a one-time pad (with the usual distribution problems), or use two telescopes and transmit as a key (with the usual problems) the exact record start time and quantization levels (tricky!).

Pretty cool way to generate a random stream, but the remainder has all the usual problems.

ikegamiMarch 27, 2006 2:16 PM

I'm curious as to which problem this solves. The key is not the data from the quasar; the key is the identity of the quasar to use and the time at which to start reading data from it. That information needs to be communicated between the two parties secretly beforehand. This looks like a one time pad to me, with all the associated key management problems.

paulMarch 27, 2006 2:51 PM

As a practical matter, I'd really rather not be the one to use the two-telescope setup. Between atmospheric absorption, local interference conditions, and limited windows of time when both radiotelescopes were capable of observing the same quasar, things could get really ugly. Things could get even uglier if whatever setup you were using for quantizing to 1 or 0 were even slightly off. You could probably manage something if you quantized something other than phase/amplitude in a particular frequency band, but I wouldn't bet my supersecret data on it. (And, as people have noted, there's still the key-distribution problem)

With the one-scope solution, what you have is essentially a steganographically-distributed key (since data from radio telescopes is generally publicly available at some point). The prior art that comes to mind for me is a voice-scrambling system used for top-level conversations during WW2: voice transmissions were modulated by a noise source that consisted of specially-pressed phonograph records; each succeeding noise master was destroyed after the requisite number of copies (five?) had been made and couriered to the transmission stations.

JDMarch 27, 2006 2:54 PM

I had to go to India to find this.
Quasar Cipher download
Version: 3.0
Date Added: 2002-03-14
File size: 247.8 KB
From the developer: "Quasar Cipher is a multi-file text/binary editor armed with security tools. Set your own key commands for 50 functions. Built-in macro expansion. Encryption systems: DES, TripleDES, reinforced 'RC4', Blowfish, AES (Rijndael). Load an encrypted file, give the password, read it right away. No need to first uncompress and decrypt. File on disk remains encrypted. Generates tough passwords, password-locks exes, and encrypts email. For corporate and ordinary users."
These were the URI's.
http://www.zdnetindia.com//downloads/...
http://www.hersh.org/jfchua/QCipher.zip

I never used it. What are tough passwords?

Ed T.March 27, 2006 3:08 PM

Hmmm, and if you forget which quasar you were listening to when you encrypted the data, does that mean that it is lost in a black hole?

~EdT.

JDMarch 27, 2006 3:15 PM

About RC4
RC4 is a stream cipher designed by Rivest for RSA Data Security (now RSA Security). It is a variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation.

Independent analysts have scrutinized the algorithm and it is considered secure.
RC4 is used for file encryption in products such as RSA SecurPC.

SecurPC has been superseded by RSA Security's Keon Desktop

RSA Security Ships New RSA Keon Standalone Desktop Software
Designed to Turn PCs Into "Digital Vaults" for Protecting Digital Credentials and Sensitive Information

Maybe Quasar Encryption will secure RFID tags.
Also:
The backend software system that manages data about RFID tags can be infected, and it can spread infection to another system via the tags.

bobMarch 27, 2006 3:23 PM

Since its unlikely that you have a radio telescope AT the location you have something super-duper secret (field agent with briefcase satelite radio AND 60' dish radio telescope perhaps? mounted on surfaced submarine? air force one?) to originate or answer, now you have to have a communication link between your intelligence source and the quasar source. That's what I would try to intercept/tamper with/jam.

aikimarkMarch 27, 2006 3:26 PM

Also, one should question the number of radio telescopes available to do this. They tend to be very large structures, which means that the encryption system relies on a limited resource.

If there was a way to use the quasar data, simultaneously by both sender and receiver, with no recording of the captured signal, then broker would have a much more difficult time cracking this. However, the mere fact that these events had to be simultaneous, would be a point of weakness.

Although slight, there would need to be ultra precise timing of these received signals, since the waves reaching a point with a higher latitude would receive the signal earlier than the receiver at a lower latitude.

jmrMarch 27, 2006 3:29 PM

Besides, one-time pads rely on transmission of a key whose length is at least that of the data to encrypt in order to be secure. The information about which quasar to listen to and when to begin listening is exactly equivalent to the seed of a pseudo-random number generator. Once the seed is known, the entire sequence of "random" values is known.

Thus, the system can be brute-forced by looking at all available quasars, as pointed out by other readers. Since a one-time pad has the property that it can't be meaningfully brute-forced, this system is not a one-time pad. I believe these properties place this scheme in the realm of a stream cipher.

AnonymousMarch 27, 2006 3:44 PM

Disappointing that the Inquirer should write such a credulous article. They're supposed to be not just the tech press, but the skeptical tech press.

ModeratorMarch 27, 2006 4:04 PM

JD, I don't know what you think you're accomplishing by making so many comments under a variety of screen names, but please cut it out. I'm leaving those that are at least coherent and have a discernible connection to the topic at hand, but the rest are just going to be deleted.

If you want to post anything that comes into your head, the place for that is a blog of your own. There are several sites that will let you create one free.

Terry BrowningMarch 27, 2006 4:41 PM

There seems to be the assumption that different receivers on earth will pick up the same signal from the same natural source. Not true.
Identical receivers with synchronised clocks pointed at the same part of the sky will produce significantly different signals even when the receivers are only separated by a few thousand wavelengths. This is how interferometers work: compare the signals and infer higher-resolution imaging information. This has been a practical technology for many, many years in radio astronomy and is now in use at optical wavelengths (google for interferometry).
The bigger the separation, the better the results; practical radio telescope arrays separate the antennae by millions or billions of wavelengths. Just like the encryption scheme.

scottMarch 27, 2006 6:50 PM

I assume that the receiver would record the secure transmission and the 'recent past' of the quasar signal. They'd then do a cross-correlation to determine at what point the quasar stream was first used.

Once the transmitter and receiver are syncronized, the lock could be maintained with a bit of tweaking to the time offset at the receiver.

Loss of signal at one end or the other could be a problem. The sender could fill in with something that would be easy for the receiver to decide is padding. To handle the receiver losing the quasar signal, there'd need to be a handshake and/or the databits would be encoded with sufficient redundancy and time-smearing that normal outages were survivable.

Jan Theodore GalkowskiMarch 27, 2006 7:38 PM

i believe this quasar thing is an attempt to provide a source for hyperencryption, that technique described by Rabin at

http://athome.harvard.edu/dh/hvs.html

they are apparently trying to circumvent the complexities associated with having "virtual satellites", including complexities of managing the server nodes and such.

hyperencryption is a kind of bootstrap encryption cascade which forces eavesdroppers to invest massive amounts of archival storage in the attempt to break a single encrypted channel, even assuming they have unlimited computing resources, access to quantum computers, or even hypothetical algorithms which might break public key cryptography and "P vs NP", and thereby defeat them.

the quasars are mutually observable, and that's nice. there might be adjustments available by hopping among a set of agreed upon sources. but there are plenty of other naturally random and publicly available sources that could be used. it's also not at all clear that these are inherently preferable to artificial sources, like the Internet sources Rabin cites as examples in his talk.

incidently, Rabin's lecture is introduced by Harvard theoretical physicist Lisa Randall, per

http://www.physics.harvard.edu/people/facpages/...


MartinMarch 27, 2006 7:50 PM

This method could work in principle. It is more-or-less what makes Very Long Baseline Interferometry work. (http://en.wikipedia.org/wiki/VLBI) Quasars are so small (point-like, diameters of milli-arcseconds) that their noise emissions are highly correlated when viewed across terrestrial baselines in the microwave range. To use one for secure communications, you have to define the observing frequency and bandwidth, and you need to know the precise time and the position of the receivers in space. And, yes, you need a sensitive antenna and receiver. It seems like a lot of work to me, but a nice qualifying exam problem.

MikeIMarch 27, 2006 9:44 PM

Isn't the shared secret just "which Quasar?" with the key is just as strong as the number of quasars to choose from. The signal and the start time are the IV. Am I missing something?

Chris SMarch 27, 2006 9:46 PM

Let's assume the system is essentially XOR-ing a data stream with a keystream derived from from a quasar observation beginning at a particular time. That's straight-forward, and apparently do-able.

One definite advantage is that both the sender and the receiver have deniability. There are places where a copy of PGP is likely going to get you jail time. But simply having a radio-telescope, a whole list of observation times and locations, and a data archive full of bitstreams derived from it? Nothing suspicious about that at all, because for some people -- this is normal.

Better yet - occasionally sending massively long apparently random bitstreams to other such locations is also normal.

If someone decides you *are* hiding something, they will indeed have a much lower workload to decrypt this than if heavy duty crypto was used. But getting to that point is hard. The average sender or receiver is hiding in plain view, in a community of radio-telescope users, and it will be rather hard to separate the quasar-encryption users from the rest of the pack.

AchimMarch 28, 2006 12:57 AM

Hello Bruce,

This is the Nikkei Newspaper Online Edition article:

All the best from Japan,

Achim

"Monday, March 27, 2006

Institute Develops Encryption Method Using Signals From Quasars
TOKYO (Nikkei)--The National Institute of Information and Communications Technology has filed a patent for technology to encrypt information using electromagnetic waves coming to Earth from dying stars.

Using this technology, cosmic radio waves are received through a radio telescope, encrypted and then retransmitted. Because cosmic waves are irregular, it is virtually impossible for others to decipher them.

"It can be used for the transmission of state secrets and other sensitive information," said Ken Umeno, senior researcher at the institute.

The waves are emitted by quasars, stars that are nearing the end of their lives. These quasi-stellar objects form when stars break down. Many quasars have been discovered at distances of several billion light years from Earth.

The receiver can decipher the information by observing the cosmic wave patterns emitted by a particular quasar selected in advance. Even if the encrypted data is stolen, it is impossible to read it without the appropriate quasar's radio signals. Because large and expensive radio telescopes are needed to receive such signals, there is little chance of third parties gaining access to them.

(The Nihon Keizai Shimbun Monday morning edition)

AnonymousMarch 28, 2006 2:56 AM

Surely you wouldn't just use the raw, observable data as the key. You'd look at some property in the recieved signal which would be consistant between two seperate telescopes. It might not be an easy task to come up with the right approach, but it is almost definately possible.

Whether the whole system is practical in other aspects I have no clue. ^_^

PaeniteoMarch 28, 2006 4:40 AM

@Chris S:
If finding GPG on your PC could bring you into trouble, why do you think that finding QPG (Quasar Privacy Guard) would not?

Anyway, requiring radio telescopes etc, this tech is hardly for the average citizen living under some oppressive regime, who would have to fear prosecution because of using crypto.
This technology seems only useful for use between government agencies (and impractical even there: not every embassy will likely have a radio telescope on their roof). And government agencies could simply deploy proven strong crypto as well.

Maybe it would have its use as a ultra-secret communication protocol between two paranoid astronomicans...

LeoMarch 28, 2006 7:48 AM

It seems to me that this is another example of using deterministic, chaotic systems to accomplish encryption and decryption. Key generation using the observed time-series implies that the observation conditions in both endpoints of the "secure channel" are equivalent... I am not sure over which part of the spectrum this can be guaranteed to be so.

If however this can be made to work, then these observations can be used as either one time pads (RNG scenario) or key generators. In any event, the difficulty of getting the measurements (this includes the identification of the objects, the gathering of the data at the correct wavelegths, etc) is what determines the security of the system.

WRT to a brute force attack... I am not sure, but I doubt that there are enough powerful enough radio telescopes in the world to observe ALL quasars at the same time... and it seems to me that trying to mount such an attack would be so obvious that the message transmission itself could be cancelled and rescheduled.

Opinions?

aikimarkMarch 28, 2006 8:16 AM

I think such monitoring might be subject to tampering. For instance, I might position a spy satellite above several different radio telescopes and do the following:
1. take a picture of which direction the dish was pointed and point my dish in the same part of the sky. At least I would be capturing a similar stream for later brute-force cracks.

2. reposition the satellite so that it was in line between the dish and the quasar and transmit some signal in a directional beam into the dish.

3. inspect the data streams for evidence of my satellite's signal.

paulMarch 28, 2006 9:52 AM

I am rethinking my initial objections. If this method is to be used for things like transmitting "state secrets" then that implies the transmitter and receiver will be fairly large entities with lots of resources, in which case the synchronization/calibration issues could be much more reasonable. At that point, it could become a one-time-pad operation (distributed by the quasar itself) where access to the pad is controlled by ownership of a large radiotelescope, suitable calibrated. The transmitter and receiver would only have to worry about a fairly small number of opponents (many of whom would have no reason to attempt an attack), and the construction of a new telescope capable of aiding a cracking effort could be readily detectable.

MoonShadowMarch 28, 2006 11:10 AM

The fact that it's a quasar is irrelevant. The crypto works like this:
Work out who you're trying to defend against and what kind of budget they might have.
Find a publically available, publically visible source that broadcasts random bits at a high rate.
Grab blocks of bits from the source to XOR your messages against.
Delay sending the messages long enough that your opponent can't possibly afford to buffer the source's output.
The keys are the times to start grabbing bits from the stream (and must be preexchanged so the recipient can record the same bits). The advantage over OTP is that the keys are (hopefully) much smaller than the message.

A.March 28, 2006 12:28 PM

@moonshadow:

The fact that it's quasars is not irrelevant at all. It makes the key distribution simpler given that the astronomic object is known. If it is unknown, it is technically infeasible to brute force an attack, since radio telescopes are by design similar to high gain antennas and thus unable to listen to big numbers of spatially distinct sources simultaneously.

Mike HamburgMarch 28, 2006 12:34 PM

@Jan --

This is indeed Rabin-style HyperEncryption.

The reason it's preferable to the internet "virtual satellite" is that the internet sources model was never very strong to begin with (and I should know, I worked on it with Rabin). The problem is, it's a bounded access model rather than a bounded storage model, and the access isn't actually all that bounded. If the adversary hacks or wiretaps your ISP's router, he has all the data and it's game over (well, except that you're layering this over conventional crypto).

This is once again a bounded access model: your adversary might be able to store all the radio telescope data, but there are significantly more known quasars than radio telescopes in the world, so the adversary can't hope to collect it all.

We considered using astronomical observations for hyperencryption, but we weren't sure that any phenomena sufficiently random to provide data would be consistently observable. There was also the issue of budget: old computers and RNGs are cheap compared to radio telescopes.

@rest of the forum: So yeah, this crypto is provably secure, under a few assumptions.

Assume you and your communications partner have radio telescopes, and can observe some large common area of the sky. For most of us, this is a problem...

Assume you need to point a radio telescope at the source to observe it, and that doing so gives a reasonable amount of reliable random data; tens or hundreds of bytes per second ot 90% correlation suffices if you aren't encrypting much data. This is the shakiest assumption; if it doesn't hold, this cryptosystem doesn't work.

Assume that your adversary has at most k radio telescopes (k << #quasars) and no way to eavesdrop on yours (like a spy satellite that watches where you're pointing your telescope).

Assume that you have a secure means to agree on a random initial key, such that your adversary can't either get a man-in-the-middle attack or break it in some relatively short time period. The time period depends on the other constants of the system... say, a few days. Under some circumstances, you can bootstrap this key using the birthday paradox, but you still have to contend with man-in-the-middle attacks.

Assume that you have an insecure but reliable channel to exchange messages, such as the internet. If the adversary can tamper with it, you are exposed to DOS (obviously; how else are you getting messages through?) but not to compromise.

Under these assumptions, you can set up a cryptosystem which is provably unbreakable with probability 1-e for arbitrarily small e, even if your adversary has unbounded computational and storage resources.

[end of long-winded rant]

SamhMarch 28, 2006 3:31 PM

Not only are there a limited number of telescopes to do this, and limited windows when this would be possible, but they are not always owned by the same governing body. Many telescopes capable of provding this facility are owned by more than one governing body. These are often funded by Governments of different countries. Transferring state secrets would rarely, if at all, be possible.

Steve GeistMarch 28, 2006 5:25 PM

Other than not distributing the key on vinyl LP records, how is using quasars as a key source much different from Bell Labs' World War II-era SIGSALY, which used the random noise from mercury-vapor rectifiers to digitally encode voice communications?


AGMarch 28, 2006 5:27 PM

Bruce how about this?
http://www.space.com/missionlaunches/...

Put a laser communication sat in space.

Encryption key gets passed to the sat in low orbit via laser, then to location on the ground also via laser.

The beam convergence is so small it could not be intercepted ensuring a good key.

Then communication could commence in a less secure and greater speed format securely encrypted.

Thoughts?

Pat CahalanMarch 28, 2006 6:27 PM

@ Adam

Seems like a pretty good idea, but that's a pretty big up-front cost.

Pat CahalanMarch 28, 2006 6:30 PM

Now that I think more about it...

"Gentlemen, phase three. We place a giant laser on the moon. Let me demonstrate."

Not-so-technical-boyMarch 28, 2006 8:50 PM

"...with a truly random bit stream that can't be guessed or predicted..."
Is it correct to assume that this discussion of interplanetary sources of random bits means that it's not possible for ordinary plebians to create a truly random bit stream by other means. If it is possible, how? Can it be done on a PC? Are there programs to do it?

another_bruceMarch 29, 2006 12:42 AM

you and i can never see the same quasar because we're in different locations, even if it really is the same quasar. it is not clear to me how using a quasar to generate a key is any better than using more commonplace celestial objects we can both observe with reasonable simultaneity, such as digits 3-8 of today's nasdaq volume. this sounds like snake oil.

AnonymousMarch 29, 2006 12:50 AM

"you and i can never see the same quasar because we're in different locations, even if it really is the same quasar. "

The same is true of anything at all. Yet if two people read a sign from differant perspectives, they still make out the same letters and words. It's just a matter of figuring out what aspects of a quasar signal will be correlated regardless point of reception.

loonieMarch 29, 2006 4:47 AM

@Mike Hamburg:

Thnk you for your post, it is extremely clarifying.

@another_bruce:

Using quasars is better precisely because their time series is not available in the newspaper, and getting hold of the data is nontrivial. Buying one of each of all the newspapers in the world for a given date is feasible; buying radio telescope time in all the radio telescopes in the world at the same time to listen to a subset of all quasars is infeasible, obviously detectable AND pretty useless, given that the number of quasars that you cannot listen to simultaneously is much larger that the number that you can.

AGMarch 29, 2006 11:31 AM

@Pat Cahalan

NO!!! He's onto my plan already. Dang you Agent Cahalan!

What is the price tag on a truly secure encryption key?

SamhMarch 29, 2006 1:11 PM

So I was speaking with an astronomer friend of mine last night, and the subject came up.

Basically the chances of it working in practice are minute, if not impossible, and would be surprised if they actually had a reliable demonstration of it in action.

The problem is really getting exactly the same measurements read at both locations.

Of course, as has been mentioned here, the real weakness is that you have to both know which quasar to look at.

AGMarch 29, 2006 1:28 PM

The end all of it is a secure encryption key. This boils down to a chicken or the egg situation.

You cannot have a secure key unless you have a secure medium. You cannot have secure medium unless you have a secure key.

Therefore key transfer must happen OUTSIDE the medium (Internet). By snail mail, secret decoder ring, etc.

Question: If you used my laser sat idea to transport the first secure key could that first key then be used to transfer other keys over the Internet?

I guess you still would have trouble with getting good keys to all the individual nodes in your network.

PaeniteoMarch 30, 2006 1:41 AM

@AG:
If you have (no matter how) established a secret key between users, you can use this key to exchange "session keys" for individual messages. In fact, this is something that public key encryption does all the time (requiring "only" a tamper-proof medium instead of a secret medium for initial key distribution).

You should remember, however, to make the "master" key harder to crack than the individual session keys:
- You could distribute a DVD full of random data (maybe derived from a quasar ;-) and use this as a one time pad to exchange 128bit AES keys.
- You could also agree on a 384/768bit master key and the use something like Triple-AES to protect the exchange of your standard AES keys.
- Or, simply use AES-256 to protect AES-128 keys.
Note that this all only matters should 128bit AES become crackable some time in the future.

AnonymousMarch 30, 2006 7:02 AM

I am digging this out of long-term memory, but I think I can give you the missing piece in this system.

The two distant observers record data sets by looking at the same radio source at much the same time. They now have data sets with a reasonable level of correlation (and potentially an offset, but you can find the offset by comparing and destroying part of your data set).

The magic that I remember is that you can trade public information between sites as part of a procedure that increases the correlation between the partners, and leaves each partner with a data set that is no more correlated (maybe even less?) to a data set taken by an attacker with full knowledge of the quasar observation schedule and and identical observation hardware. The process of increasing the correlation between the data sets decreases the size of the data sets (and that feels right if for no other reason than entropy).

This has at least the same flavor as the Bounded-Storage Model, but I don't have the time or math skills to make a deeper comment on that front.

Hope this helps.

Fred WamsleyMarch 30, 2006 6:58 PM

I wish I could remember who pointed this out...

Alice and Bob aim the radio telescopes in their secure facilities at a quasar. Mallory parks a van at the vence of Alice's facility, flies a UAV over Bob's, and beams synchronized pseudorandom signal at the pickup electronics of each telescope. Mallory's signal only has to be powerful enough to overcome the telescope's lack of off-axis sensivity and to drown out a radio source three billion light-years away.

Then Alice and Bob both have keying material controlled by Mallory. Mallory adjusts his monocle and strokes his Persian cat.

MartinMarch 30, 2006 11:48 PM

A few more details about how radio telescopes work.

-Received signal bandwidths are such that it's fairly easy to generate gigabits per second of random, partly correlated data, although the correlation will be much less than 100%. If you can stand lower correlation (lower signal to noise ratio), you can use smaller dishes -- perhaps down to a few meters diameter. (Not much more than an old fashioned TVRO dish.)

-There is a lot of other information that has to be set right to get any results. First of all, you need a very high stability frequency standard at both ends (10^-14). Then you must choose the radio source, observing frequency (part in 10^10), know the precise geodetic position of telescopes, details of earth rotation, time (to nanoseconds) bandpass, polarization, etc. Altogether this data, particularly frequency, serves as an encryption key.

-The quasar has to be visible to both sites, when encryption is desired. Don't forget the earth does turn.

Thinking about all this, I can't quite say this technique has no merit. You could do something similar but non astronomical by distributing "live" random streams via any kind of network from a central source. I suppose it's a little better than the old one-time pad, because the random data does not have to be recorded in advance.

dcnstrctMarch 31, 2006 5:32 AM

Bruce, you are quoted in new scientist about this topic : http://www.newscientistspace.com/article.ns?...

here is the quote:

"This is interesting research, but there's no reason for anyone to use it in a practical application," says Bruce Schneier of Counterpane Security. "Furthermore, this is a brand new idea. Why would anyone want to use something new and untested when we've already got lots of good cryptography?"


Ok now to begin with you know as well as I do that there is absolutly NOTHING NEW about one-time pads. They have been around for hundreds of years, probalby longer. You also know that OTP has the potential to be the most secure form of encryption known to man. Messages encrypted with a OTP are mathematically proven to be COMPLETELY UNBREAKABLE as long as the pad which was used is truely random, and the pad does not fall into the hands of the people who are trying to decypher the message. So in other words OTP is the perfect crypto-system once you solve the problems of generating truely random pads, and exchanging those pads without disclosure to third parties.

So what these Japanese researchers have done is they have located a pretty decent source of randomness to generate pads from, and a very simple but effective way of exchanging the pads. To exchange the pads using this new quasar system all you have to do is tell the person on the other end which quazar to look at and when. As long as Alice can get those two small peices of data to Bob without disclosing the data to outside parties then they will be able to communicate with perfect secrecy from that point on.

To me this seems like a pretty great idea! I admit that the implimentation of this particular way of generating and exchanging pads is new and has not recieved a ton of peer review, but all of the concepts involved are not new at all.

In the quote above you claim that we already have lots of "good cryptography" but how do you know this ? How do you know that the NSA or simular groups in other countries havn't already created systems that break every popular form of encryption in use today ? You don't know this at all. You are only a crypto expert when it comes to what is known publically about cryptography, but in "the real world" the public knows next to nothing about the latest advances in this field. This means you know very little about what codes are breakable and what codes are not breakable, and therefor you should NEVER advise people to avoid building real systems around new cryptographic techniques. When you do so you are being irresponsible and you are lulling people into a false sense of security. You are just GUESSING that todays crypto is "good", but you have NO REAL CLUE, no real way of knowing. You simply do not have access to modern systems for breaking crypto, nor do you have access to information about those systems. With this in mind I think the most responsible thing you could do is to let people know that encryption techniques need to constantly evolve in order to keep up with the constant evolution of crypto-breaking-systems, because this is the truth and you know it very well.

--dcnstrct

nickMarch 31, 2006 8:40 PM

dcnstct writes, '"in "the real world" the public knows next to nothing about the latest advances in this field.' This is utter nonsense, as there are many more researchers working in the open these days than for secret organizations, and research in the open is more productive to boot.

The only big problem I see with the quasars, other than the practicality of building the TVRO-sized rig as Martin suggests, is how do we know that these signals are "truly random"? On what physical theories and assumptions is this claim based? How do we know that scientists won't in the future learn more about how quasars work or discover new scientific laws that demonstrate regularity in the data once deemed random? Of course, as any good cryptographer knows, the fact that such data has passed all the statistical tests that we've so far devised is merely suggestive and hardly proves that the data is truly random, any more than it proves that a pseudorandom data stream is secure. There has to be a more basic argument to prove randomness, such as implausibility of >>c communications with respect to causality that would occur if certain quantum phenomena were not truly random.

This is a problem that needs to be addressed for any "truly random" source, but some physical randomness assumptions and arguments are better than others. This is certainly not something we should take on faith or leave to physicists who by "randomness" merely refer to standard statistical tests rather than cryptographic criteria.
.

carl0sApril 19, 2006 12:55 AM

I'd really want to get a full paper about quasar encryption, I have to study for an exam of cryptography.Please help me! Today explained that I understood of the comments. i.e. My teacher asked me, how the encryption is used? is the noise a problem?

mikeApril 19, 2006 1:36 AM

Invisible Secrets 4 not only encrypts your data and files for safe keeping or for secure transfer across the net, it also hides them in places that on the surface appear totally innocent, such as picture or sound files, or web pages. These types of files are a perfect disguise for sensitive information. Nobody, not even your wife, boss, or a hacker would realize that your important papers or letters are stored in your last holiday pictures, or that you use your personal web page to exchange messages or secret documents. With Invisible Secrets 4 you may encrypt and hide files directly from Windows Explorer, and then automatically transfer them by e-mail or via the Internet.
http://www.yaodownload.com/utilites/...

Marcus LeechMay 9, 2006 1:47 PM

The problem is that there aren't *that* many quasars. They produce regular outbursts,
somewhat like pulsars, but far less regular
than pulsars.

You'd have to agree on quantizing levels in order
to form your 1s and 0s. You'd need to have
fairly precise agreement on when to start
looking, and the quasar would need to be
visible to both parties at the same time.

I'm a part-time radio astronomer, as well as
security geek. This could be made to work
(for weak, I would argue, definitions of the
word "work"). Another scheme could use
giant pulses from known pulsars (there are
about 700 known pulsars, but only a handful
that are visible to smallish radio telescopes).
The "regular" pulses are much too regular to
be useful, while the "giant" pulses occur on
a schedule that's apparently random. The
bit-rate would be very low.

I think this is just a dumb idea...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..