Feedback

Theory vs. Practice

Diagnosis is not the end, but the beginning of practice. Martin H. Fischer


Academic "UNCONDITIONAL Security"... relying on (Hazardous) ASSUMPTIONS!

Here is the (Saudi, UK, and US) paper's introduction:

"Conventional cryptographic schemes based on data encryption standard (DES), advanced encryption standard (AES), and Rivest, Shamir, and Adleman (RSA) encode messages with public and private keys of short length. The main advantage of these algorithms is speed, and the main disadvantage is their security, which relies on computational and provable security arguments and not on unconditional proofs."

Note: in Academic jargon, "provable security" means that scientists are allowed to "prove" that something is 100% safe... until it is broken. Example: "RSA is provably-unbreakable"... under the (usually untold) assumption that no publicly available algorithm or machine can factorize big numbers quickly enough to compromise its security. In contrast, "unconditional proofs" are supposedly NOT relying on any assumptions (hence their value... and scarcity).

Academic dress

"Here we develop a physical realization of the OTP [One Time Pad] that is compatible with the existing optical communication infrastructure and offers unconditional security in the key distribution."

This patented work has been published in Nature Communications on December 20th, 2019 and they are not shy about it:

"This system is the practical solution the cybersecurity sector has been waiting for since the perfect secrecy theoretical proof in 1917 by Gilbert Vernam. It'll be a key candidate to solving global cybersecurity threats, from private to national security, all the way to smart energy grids." – Dr. AluĂ­zio M Cruz, co-author of the study

Is this really what it claims to be? Let's have a closer look!


How the magic works


Magicians attract your attention on something obvious while they do something less obvious in the background. That's why you have a pretty girl in tight clothing, enjoyable music (significantly enhanced by the assistant's captivating choreography), flashy lights (on the things that you must stare at), and a dark background (to hide what you should not perceive).

In contrast, scientists use to be a lot more boring, and (usually) lack the assistance of ever-smiling pom-pom girls bouncing all around.

Yet, some of them are not shy to use a trick or two borrowed from magicians, like using "a haystack to hide a needle", an expression that got some fame due to its recurring use in the field of... I.T. (Information Technology) security.


A Haystack to the rescue!


The new method consists in (1) a QKD key-exchange on optical fibers followed by (2) a 1917 Vernam's One Time Pad data encryption. The novelty comes from the claimed ability to perform unconditionally-secure QKD on unsafe public optical-fiber networks: Alice and Bob generate and exchange (via BB84) a secret key via photons' polarization and the quantum physics Heisenberg's Uncertainty Principle guarantees that tampering would disturb the photon's state in a detectable way hereby revealing unwanted interference.

Authentication and OTP integrity (mandatory components for any real security to be delivered) are left as an exercise for the reader.

Further, anyone familiar with either the former or the later techniques (QKD and OTP) will immediately raise questions: after all, many systems based on these theoretically-proven technologies have been broken, due to the difference between theory and practice.

For example, despite being (really) unconditionally-secure, the OTP is vulnerable to (even partial) known-plaintext attacks (the header of a network packet, a protocol handshake, an email, a Web page, a picture, an MS-Word document, etc.) where an adversary can replace the plaintext with the contents of his choice without knowing the secret key.

In the 10-page paper, the expression "perfect secrecy" (delivered by Vernam's 1917 OTP but also used for the new QKD) appears 8 times. "Perfect secrecy" is a synonym for "unconditional" security (mentioned 6 times). This is the electronic equivalent of our pom-pom girl dancing on every page of the paper (8 + 6 = 14 mentions on 10 pages) because real security requires quite a bit more work.

And here is the haystack: the terms "quantum", "QKD" (Quantum Key Distribution), and "second law of thermodynamics" Second law of thermodynamics: in a natural thermodynamic process, the sum of the entropies of the interacting thermodynamic systems increases. appear 46 times (4+ times per page on average) to insist that the strength of their system relies on the laws of classical and quantum physics.

Oops!

Classical physics is well established (even if not entirely correct) but quantum physics is a draft theoryand not a very strong one.

I am very serious.

The basis of quantum physics is made of axiomsAXIOM: "a statement which is generally accepted
               to be true, but is not necessarily so."

(Cambridge International Dictionary of English)
and postulatesPOSTULATE: "idea suggested as a basic principle
            before a further idea is formed from it:
            Greek astronomer Ptlolemy postulated
            that Earth was at the center of the universe."

(Cambridge International Dictionary of English)
that were required to link it to classical physics. Quantum physics is so flawed that some scientists believe that this theory was created to divert people from a mutilated equation of the (classical) field physics which, when not amputated, makes the quantum physics theory absolutely useless. Classical physics suffice then to explain most of the mysteries observed by mankind in its universe – a feat that quantum physics cannot even remotely caress (maybe for a reason, or two).

But, but, isn't it an heresy to suggest that a scientific fraud of this scale can be perpetrated by all the world's universities in total impunity? Let's quote the father of the laws of motion (the laws that laid the foundation for classical mechanics):

If you think, that only social sciences, law, history and literature are hijacked, you did not pay attention. Think that mathematics and physics are free? Think again.
Sir Isaac Newton (1643-1727), English mathematician, physicist, astronomer, and theologian

So, here, an unproven (and highly controversial) theory is used as the ONLY BASIS to demonstrate the strength of a cryptosystem presented as unconditionally-secure (which it obviously cannot be since a theory is, by definition, a major ASSUMPTION).

It is easy to understand why "quantum physics" is involved: most computer science experts will feel that this utterly obscure, incoherent, and complex theory is far beyond the scope of their competence – and the few physicists that know that it is absolute junk will fear excommunication (loss of their reputation, career, and pension) if they denounce their colleagues' scam.

Actually, this is not the first time that this specific scientific fraud is taking place: other QKD vendors also claimed that their products were "unbreakable" because they were "relying on the fundamental laws of physics". Predictably, these products were nevertheless repeatedly broken (often with humiliating cheap resources):

  • "Hacking commercial quantum cryptography systems by tailored bright illumination" (2010) PDF
  • "Full-field implementation of a perfect eavesdropper on a quantum cryptography system" (2012) PDF
  • "Gaps between industrial and academic solutions to implementation loopholes in QKD" (2015) PDF
  • "Is the security of quantum cryptography guaranteed by the laws of physics?" (2018) PDF

Note: "quantum cryptography" actually means QKD (Quantum Key Distribution) and the actual data encryption is usually performed via public networks with traditional computers running AES (the 1998 US standard for symmetric-key encryption) raising even more questions about the true purpose of the prosperous taxpayer-funded QKD market.

Here are the QKD issues that come to my mind:

  • ASSUMPTION (1) QKD is secure IF AND ONLY IF the "Quantum Physics" Theory is proven correct (which won't ever be the case, by any standard);
  • ASSUMPTION (2) unconditional AUTHENTICATION is used as QKD is vulnerable to MIM attacks (Eve pretends to be Bob to Alice and Alice to Bob);
  • ASSUMPTION (3) QKD is secure on IMPERFECT equipment generating LOSSES, NOISE, BATCHES of photon states and photon count MISSES;
  • ASSUMPTION (4) Lo-Gottesman QKD error-tolerance, proven for INFINITELY LONG KEYS, also stands for finite length keys with huge fluctuations;
  • ASSUMPTION (5) QKD theory absolutely requires REAL-TIME implementations, but in real-world implementations this does not matter – at all, right?

That's already a lot of (bold and hazardous) assumptions for a supposedly assumption-free "unconditionally-secure" crytosystem... but the above papers list many others. Hence, maybe, the constant failure of QKD products to operate safely in the real world...

I don't know you, but I find it difficult to read this new paper published by the respected Nature magazine during end-of-year celebrations and not think about how magicians dressed in black suits amass fortunes by exploiting people's lack of attention. But, at least, unlike scientists, magicians demonstrate their skills in the field of psychology by taking care of those bored by the sloppy tricks: they hire pretty and agile seductive assistants gracefully dancing in shinny tights to leave no part of the audience unsatisfied.

By adopting the practice, if not more serious, taxpayer-funded Science would certainly become far more enjoyable. Food for thoughts?