Noise Properties in the Ideal Kirchhoff-Law-Johnson-Noise Secure Communication System

Zoltan Gingl; Robert Mingesz

doi:10.1371/journal.pone.0096109

Abstract

In this paper we determine the noise properties needed for unconditional security for the ideal Kirchhoff-Law-Johnson-Noise (KLJN) secure key distribution system using simple statistical analysis. It has already been shown using physical laws that resistors and Johnson-like noise sources provide unconditional security. However real implementations use artificial noise generators, therefore it is a question if other kind of noise sources and resistor values could be used as well. We answer this question and in the same time we provide a theoretical basis to analyze real systems as well.

Citation: Gingl Z, Mingesz R (2014) Noise Properties in the Ideal Kirchhoff-Law-Johnson-Noise Secure Communication System. PLoS ONE 9(4): e96109. https://doi.org/10.1371/journal.pone.0096109

Editor: James P. Brody, University of California, Irvine, United States of America

Received: January 19, 2014; Accepted: April 2, 2014; Published: April 22, 2014

Copyright: © 2014 Gingl, Mingesz. This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

Funding: The publication/presentation is supported by the European Union and co-funded by the European Social Fund. Project title: “Telemedicine-focused research activities on the field of Matematics, Informatics and Medical sciences.” Project number: TÁMOP-4.2.2.A-11/1/KONV-2012-0073. The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.

Competing interests: The authors have declared that no competing interests exist.

Introduction

Communication security is getting more and more important in many different applications including electronic banking, protecting personal data, securing intellectual property of companies, transmission of medical data and many more. The Kirchhoff-Law-Johnson-Noise (KLJN) protocol was introduced as a low cost unconditionally secure key exchange protocol using only passive components: four resistors, two switches and interconnecting wires [1]. The protocol is based only on the laws of classical physics and has been introduced as an inexpensive alternative to quantum communicators. The first real implementation has been shown a few years after its discovery [2], [3] and it has inspired the development of another secret key exchanged method [4]. There are many potential applications including securing computers, algorithms and hardware (memories, processors, keyboards, mass storage media) [5], key distribution over the Smart Grid [6], ethernet cables [7], uncloneable hardware keys [8]. Several attack methods has been discussed [9]–[14], however the ideal KLJN system is found to be secure. Debates are still going on [15], [16] and recent papers discuss practical considerations for the applications [17], [18].

The KLJN key exchange protocol is rather simple. During the communication a secret key is generated and shared between the two communicating parties, Alice and Bob. The system consists of two communicators and a transmission wire, see Fig. 1. Each communicator includes two resistors R_L and R_H and two series voltage noise sources V_LA(t), V_HA(t) and V_LB(t), V_HB(t) representing the thermal noise of the resistors at Alice and Bob, respectively:(1)

Download:

Figure 1. The KLJN secure communication system.

https://doi.org/10.1371/journal.pone.0096109.g001

(2)where S_L(f) is the power spectral density of the voltage noise sources V_LA(t), V_LB(t) and S_H(f) is the power spectral density of the voltage noise sources V_HA(t), V_HB(t); k is the Boltzmann constant and T is the temperature.

A switch is used to select one of the resistors to be connected to the wire connecting the two communicators, see Fig. 1. At the beginning of each bit exchange, both Alice and Bob connect a resistor (R_H or R_L) to the wire. If both, Alice and Bob connect the higher value resistor, the voltage noise level will be high in the wire. If they both connect the low value resistor, the voltage noise will be low. If they connect different value resistors, the noise level will be intermediate and this is invariant if the resistors are swapped. [1], [13]. This level can also be identified by the eavesdropper, Eve, however she cannot determine who has chosen the low value resistor. For this reason, this is the secure state that can be used for key exchange.

Note that in real applications the noise would be too small, therefore artificial noise generators are used to provide large enough signals in a given frequency band. In this case, the noise equivalent temperature is above 10⁹ K [1]. On the other hand generators can enhance the security and offer new schemes with higher practical security in the non-ideal situations [17].

Results

According to the papers about the KLJN communication method the artificial noise generators are only used to emulate high temperatures, so they must generate Johnson-like noise. Therefore the security proof based on physical laws remains valid [1]. Our approach is in some sense opposite to the previous ones, when security has been proven for the given noise properties. Here we determine what the requirements of noise properties for unconditional security are. On the other hand, our analysis is based on statistical methods instead of physical laws of thermodynamics, therefore it can be more easily understandable for computer engineers and software engineers.

Let us assume that the system is operated in the LH situation, when Alice has switched on the lower value resistor and noise, while Bob uses the higher value resistor and noise as shown in Fig. 1.

In this case Eve measures the following voltage V_E(t) and current I_E(t) (flowing from Bob’s side towards Alice) in the wire:(3)and(4)where V_LA(t) and V_HB(t) are the voltage noise signals at Alice and Bob, respectively. She can have two hypotheses: the correct one and the opposite. She can calculate the statistics of Alice’s voltage noise for both cases. Since she knows the resistor values and the used voltage noise statistics, it is clear, that she will know that her assumption is wrong, if she gets invalid values during her calculations. For the correct assumption she must get correct results of course. Let us see what happens in the case of the wrong hypothesis. In this case Eve assumes that the high value resistor has been chosen by Alice. Therefore she calculates Alice’s noise voltage V_A(t) as:

(5)(6)

(7)

The variance is given by the sum of variances:(8)where σ_A² is the variance of V_A(t) and σ_L² and σ_H² are the variances of the voltage noise V_LA(t) and V_HB(t), respectively.

The communication can only be secure if σ_A = σ_H, otherwise Eve will know that Alice connected the low value resistor and voltage generator to the wire. Substituting this into Eq. (8) yields:(9)

(10)

(11)or in other form

(12)Therefore the noise amplitude must depend on the resistance as in the case of thermal noise; it must be proportional to the square root of the resistance. Otherwise the communication is certainly unsecure.

In the following we check how the security depends on the probability distribution of the noise. When the eavesdropper makes the correct assumption, she can calculate the noise signal that Alice is using exactly; therefore she gets the correct probability distribution of course. When she makes the wrong assumption then she obtains:(13)

The probability density p_A(x) of V_A(t) is given by the convolution of the probability densities of the two independent terms in Eq. (13). If p(x) is the probability density function with unity variance,(14)and(15)then(16)where σA² is the variance of V_A(t), and

(17)If Eq. (12) is satisfied, then σ_A = σ_H, that is needed for secure communication. Furthermore p_A(x) measured by Eve must also be identical to the probability density function p_H(x) of the noise voltages V_HA(t) and V_HB(t), otherwise Eve can detect that her assumption is wrong. Therefore using Eqs. (16) and (17) p_A(x) can be expressed as.(18)and finally we get

. (19)

Discussion

Eq. (19) is valid for normal distribution only [19], therefore we can conclude that the noise sources V_LA(t), V_LB(t) and V_HA(t), V_HB(t) must have normal distribution and the ratio of their amplitude must be equal to the square root of the ratio of the corresponding resistor values. In other words, Johnson-like noise must be used for the secure key exchange in the KLJN system. Note that although several other distributions – for example Cauchy-distribution – satisfy the condition that the convolution in Eq. (19) does not change the type of distribution, however the finite variance required by energetic considerations is only provided by normal distribution.

It is easy to see that for example random numbers with uniform distribution can’t be used for secure communication. In this case Eq. (17) gives a trapezoidal probability density function for p_A(x) as shown on Fig. 2, therefore its deviation from p_H(x) can be very easily detected. We have developed a simple software application written in LabVIEW that can be used to simulate the KLJN protocol [20]. Normal or uniform distribution can be selected and the values of R_L, R_H, amplitude of V_LA(t), V_LB(t) and V_HA(t), V_HB(t) can be arbitrarily chosen. The application performs Eve’s calculation of V_A(t) for both hypotheses, and plots the corresponding measured amplitudes and probability densities.

Download:

Figure 2. The probability density function p_A(x) in the case of uniform distribution (solid line) strongly differs from p_H(x) (dashed line).

https://doi.org/10.1371/journal.pone.0096109.g002

Limitations and Open Questions

We have presented a mathematical statistical approach to determine the noise properties and resistor values required for secure communication and the results are in agreement with the original physical approach [1]. On the other hand our work does not address the question of complete security.

Considerable additional work could be carried out to investigate several attack types with similar approach. For example, in practical applications the effect of resistor inaccuracies, wire resistances can also be analyzed using our method; Eq. (8) can be applied to find the difference between the observed and expected variances, σ_A² and σ_H², respectively. This means that the information leak due to these inaccuracies can be estimated. On the other hand, if the desired security level is given, the required resistor values and accuracy of the components can be obtained.

Furthermore one can consider correlation properties, bandwidth of the noise sources that is important in practical applications and discussed in several publications.

Conclusions

In this paper we have shown a mathematical statistical approach to find out what kind of noise sources are required for secure communications in the Kirchhoff-Loop-Johnson-Noise unconditionally secure key exchange system. In agreement with the results can be found in the literature we found that the noise amplitude must scale with the square root of the corresponding resistor value and Gaussian noise sources must be used.

Note that our approach can serve as a starting point to quantitatively analyze several attack types in practical applications.

Acknowledgments

Zoltan Gingl thanks Béla Szentpáli for drawing his attention to the problem. Discussions with Gyula Pap about probability distributions are greatly appreciated.

Author Contributions

Wrote the paper: ZG. Contributed to the analysis: ZG RM.

References

1. Kish LB (2006) Totally secure classical communication utilizing Johnson(-like) noise and Kirchhoff’s law. Phys. Lett. A 352: 178–182
- View Article
- Google Scholar
2. Mingesz R, Gingl Z, Kish LB (2008) Johnson(-like)-noise-Kirchhoff-loop based secure classical communicator characteristics, for ranges of two to two thousand kilometers, via model-line, Phys Lett A. 372: 978–984
- View Article
- Google Scholar
3. Mingesz R, Kish LB, Gingl Z, Granqvist CG, Wen H, et al. (2013) Unconditional security by the laws of classical physics. Metrology & Measurement Systems XX: 3–16 DOI:https://doi.org/10.2478/mms-2013-0001 Available: http://www.degruyter.com/view/j/mms.2013.20.issue-1/mms-2013-0001/mms-2013-0001.xml.
- View Article
- Google Scholar
4. Liu PL (2009) A key agreement protocol using band-limited random signals and feedback. IEEE J Lightwave Technol 27: 5230–5234
- View Article
- Google Scholar
5. Kish LB, Saidi O (2008) Unconditionally secure computers, algorithms and hardware. Fluct Noise Lett 8: L95–L98
- View Article
- Google Scholar
6. Gonzalez E, Kish LB, Balog RS, Enjeti P (2013) Information theoretically secure, enhanced Johnson noise based key distribution over the smart grid with switched filters. PLOS ONE 8(7): e70206
- View Article
- Google Scholar
7. Lin PK, Ivanov A, Johnson B, Khatri SP (2011) “A novel cryptographic key exchange scheme using resistors.” In Computer Design (ICCD), 2011 IEEE 29th International Conference on, 451–452. IEEE, doi: 10.1109/ICCD.2011.6081445.
8. Kish LB, Kwan C (2013) Physical uncloneable function hardware keys utilizing Kirchhoff-Law-Johnson-Noise secure key exchange and noise-based logic, Fluctuation and Noise Letters, 12, 1350018 http://dx.doi.org/10.1142/S0219477513500181, Available: http://vixra.org/abs/1305.0068.
9. Hao F (2006) Kish’s key exchange scheme is insecure. IEE Proc. Inform. Soc. 153: 141–142
- View Article
- Google Scholar
10. Kish LB (2006) Response to Feng Hao’s paper “Kish’s key exchange scheme is insecure”. Fluct. Noise Lett. 6: C37–C41
- View Article
- Google Scholar
11. Scheuer J, Yariv A (2006) A classical key-distribution system based on Johnson (like) noise – How secure? Phys. Lett. A 359: 737–740
- View Article
- Google Scholar
12. Kish LB (2006) Response to Scheuer-Yariv: “A classical key-distribution system based on Johnson (like) noise – How secure?”. Phys. Lett. A 359: 741–744
- View Article
- Google Scholar
13. Kish LB, Horvath T (2009) Notes on recent approaches concerning the Kirchhoff-law-Johnson-noise-based secure key exchange. Phys. Lett. A 373: 901–904
- View Article
- Google Scholar
14. Kish LB, Scheuer J (2010) Noise in the wire: The real impact of wire resistance for the Johnson(-like) noise based secure communicator. Phys. Lett. A 374: 2140–2142
- View Article
- Google Scholar
15. Bennett CH, Riedel CJ (2013) On the security of key distribution based on Johnson-Nyquist noise. Available: http://arxiv.org/abs/1303.7435.
16. Kish LB, Abbott D, Granqvist CG (2013) Critical analysis of the Bennett–Riedel attack on secure cryptographic key distributions via the Kirchhoff-Law–Johnson-Noise scheme. PLOS ONE 8(12): e81810
- View Article
- Google Scholar
17. Kish LB (2013) Enhanced secure key exchange systems based on the Johnson-noise scheme. Metrology & Measurement Systems XX: 191–204 Available: http://www.degruyter.com/view/j/mms.2013.20.issue-2/mms-2013-0017/mms-2013-0017.xml?format=INT.
- View Article
- Google Scholar
18. Saez Y, Kish LB (2013) Errors and their mitigation at the Kirchhoff-Law-Johnson-Noise secure key exchange. PLOS ONE 8(11): e81103
- View Article
- Google Scholar
19. Feller W (1968, 1971), An introduction to probability theory and its applications, Vol. 1 and Vol. 2, John Wiley & Sons, ISBN 0 471 25708-7 and 0 471 25709-5.
20. Kirchhoff’s-Law-Johnson-Noise secure key distribution simulation software. Available: http://www.noise.inf.u-szeged.hu/Research/kljn.

[ref1] 1. Kish LB (2006) Totally secure classical communication utilizing Johnson(-like) noise and Kirchhoff’s law. Phys. Lett. A 352: 178–182
View Article
Google Scholar

[2] View Article

[3] Google Scholar

[ref2] 2. Mingesz R, Gingl Z, Kish LB (2008) Johnson(-like)-noise-Kirchhoff-loop based secure classical communicator characteristics, for ranges of two to two thousand kilometers, via model-line, Phys Lett A. 372: 978–984
View Article
Google Scholar

[5] View Article

[6] Google Scholar

[ref3] 3. Mingesz R, Kish LB, Gingl Z, Granqvist CG, Wen H, et al. (2013) Unconditional security by the laws of classical physics. Metrology & Measurement Systems XX: 3–16 DOI:https://doi.org/10.2478/mms-2013-0001 Available: http://www.degruyter.com/view/j/mms.2013.20.issue-1/mms-2013-0001/mms-2013-0001.xml.
View Article
Google Scholar

[8] View Article

[9] Google Scholar

[ref4] 4. Liu PL (2009) A key agreement protocol using band-limited random signals and feedback. IEEE J Lightwave Technol 27: 5230–5234
View Article
Google Scholar

[11] View Article

[12] Google Scholar

[ref5] 5. Kish LB, Saidi O (2008) Unconditionally secure computers, algorithms and hardware. Fluct Noise Lett 8: L95–L98
View Article
Google Scholar

[14] View Article

[15] Google Scholar

[ref6] 6. Gonzalez E, Kish LB, Balog RS, Enjeti P (2013) Information theoretically secure, enhanced Johnson noise based key distribution over the smart grid with switched filters. PLOS ONE 8(7): e70206
View Article
Google Scholar

[17] View Article

[18] Google Scholar

[ref7] 7. Lin PK, Ivanov A, Johnson B, Khatri SP (2011) “A novel cryptographic key exchange scheme using resistors.” In Computer Design (ICCD), 2011 IEEE 29th International Conference on, 451–452. IEEE, doi: 10.1109/ICCD.2011.6081445.

[ref8] 8. Kish LB, Kwan C (2013) Physical uncloneable function hardware keys utilizing Kirchhoff-Law-Johnson-Noise secure key exchange and noise-based logic, Fluctuation and Noise Letters, 12, 1350018 http://dx.doi.org/10.1142/S0219477513500181, Available: http://vixra.org/abs/1305.0068.

[ref9] 9. Hao F (2006) Kish’s key exchange scheme is insecure. IEE Proc. Inform. Soc. 153: 141–142
View Article
Google Scholar

[22] View Article

[23] Google Scholar

[ref10] 10. Kish LB (2006) Response to Feng Hao’s paper “Kish’s key exchange scheme is insecure”. Fluct. Noise Lett. 6: C37–C41
View Article
Google Scholar

[25] View Article

[26] Google Scholar

[ref11] 11. Scheuer J, Yariv A (2006) A classical key-distribution system based on Johnson (like) noise – How secure? Phys. Lett. A 359: 737–740
View Article
Google Scholar

[28] View Article

[29] Google Scholar

[ref12] 12. Kish LB (2006) Response to Scheuer-Yariv: “A classical key-distribution system based on Johnson (like) noise – How secure?”. Phys. Lett. A 359: 741–744
View Article
Google Scholar

[31] View Article

[32] Google Scholar

[ref13] 13. Kish LB, Horvath T (2009) Notes on recent approaches concerning the Kirchhoff-law-Johnson-noise-based secure key exchange. Phys. Lett. A 373: 901–904
View Article
Google Scholar

[34] View Article

[35] Google Scholar

[ref14] 14. Kish LB, Scheuer J (2010) Noise in the wire: The real impact of wire resistance for the Johnson(-like) noise based secure communicator. Phys. Lett. A 374: 2140–2142
View Article
Google Scholar

[37] View Article

[38] Google Scholar

[ref15] 15. Bennett CH, Riedel CJ (2013) On the security of key distribution based on Johnson-Nyquist noise. Available: http://arxiv.org/abs/1303.7435.

[ref16] 16. Kish LB, Abbott D, Granqvist CG (2013) Critical analysis of the Bennett–Riedel attack on secure cryptographic key distributions via the Kirchhoff-Law–Johnson-Noise scheme. PLOS ONE 8(12): e81810
View Article
Google Scholar

[41] View Article

[42] Google Scholar

[ref17] 17. Kish LB (2013) Enhanced secure key exchange systems based on the Johnson-noise scheme. Metrology & Measurement Systems XX: 191–204 Available: http://www.degruyter.com/view/j/mms.2013.20.issue-2/mms-2013-0017/mms-2013-0017.xml?format=INT.
View Article
Google Scholar

[44] View Article

[45] Google Scholar

[ref18] 18. Saez Y, Kish LB (2013) Errors and their mitigation at the Kirchhoff-Law-Johnson-Noise secure key exchange. PLOS ONE 8(11): e81103
View Article
Google Scholar

[47] View Article

[48] Google Scholar

[ref19] 19. Feller W (1968, 1971), An introduction to probability theory and its applications, Vol. 1 and Vol. 2, John Wiley & Sons, ISBN 0 471 25708-7 and 0 471 25709-5.

[ref20] 20. Kirchhoff’s-Law-Johnson-Noise secure key distribution simulation software. Available: http://www.noise.inf.u-szeged.hu/Research/kljn.

Figures