Talk:Secure communications using the KLJN scheme

From Scholarpedia
Jump to: navigation, search

    Contents

    Reviewer A

    1. loosely referred to as the Kish cipher,

    • Comment: Kish cypher is used much more frequently in non-scientific popular articles
    • Proposed: loosely referred to as the Kish cypher, or cipher,


    2. Alice, to the receiver, Bob.

    • Correct to: Alice, with the other party, Bob.

    3. Both Alice and Bob randomly change each of their resistors

    • Correct to: At the beginning of the bit exchange cycle, Both Alice and Bob randomly change their resistors


    4. So long as the resistor switching time is faster than the averaging time required to measure the noise, Eve cannot use the switching time window to decode the resistor values at a given instant.

    • Comment: not true in general, only in the singular case of zero distance, where the speed of switching does not matter anyway. In practical cases, the opposite is true. The best example is the most secure transient protocol based on adiabatically-slow random walks of the resistors, see: Kish, Metrology and Measurement Systems 20 (2013) 191-204 (open access)
    • Action to take: delete sentence.


    5. Thus classical amplitude-time uncertainty protects the scheme during switching events, and during each bit interval the security is a consequence of thermodynamic equilibrium, and hence the Second Law of Thermodynamics, as will be later discussed in further detail.

    • Comment: the "classical amplitude-time uncertainty" defends the system only during the bit exchange period (not during switching) and only at the non-ideal situations where Eve's useful information will be limited by the finite duration of the bit exchange period.
    • Correct to: The security is a consequence of thermodynamic equilibrium, and hence the Second Law of Thermodynamics, as will be later discussed in further detail.


    6. Only random sequences of bits are sent rather than an actual message.

    • Correct to: Only random sequences of bits are exchanged rather than an actual message.


    7. One enhancement to note is that in practice an active noise source, rather than a resistor, is used so that the noise equivalent temperature is much higher than internal noise of the line.

    • Correct to: One enhancement to note is that in practice an active noise source, rather than the Johnson noise of the resistor, is used so that its noise temperature is much higher than that of the line.


    8. There are also number further improvements

    • Correct to: There are also a number of further improvements


    9. pairs of resistors representing bit values are used

    • Correct to: pairs of resistors representing the bit values are used


    10. current mean-square amplitudes, or power density spectra, which cannot be distinguished.

    • Correct to: current mean-square amplitudes, or power density spectra, thus these states cannot be distinguished.


    11. By solving the system of equations (3) and (4),

    • Correct to: In the mixed state, by solving the system of equations (3) and (4),


    12. Therefore the security level is perfect and, because this level is the same for arbitrary calculation or measurement accuracy by Eve, as limited only by the laws of physics, it is unconditional security or, in other words, it is information theoretic security (Liang 2008)

    • Correct to: Therefore the security level is perfect in the ideal situation. The level of security remains the same for arbitrarily great computational power, measurement accuracy and speed of Eve, and limited only by the laws of physics and by the conditions of the protocol. It is unconditional security or, in other words, information theoretic security (Mingesz 2013), (Liang 2008).


    13. limit the noise-bandwidth because it must be sufficiently small that the time-dependence of the channel noise amplitudes is slow enough

    • Change to: limit the channel-bandwidth because it must be sufficiently small that the time-dependence of the channel noise amplitudes and (possible) switching transients are slow enough


    14. along the wire, implying that wave and propagation/delay effects are negligible.

    • Action: add after this sentence: This is the quasi-static limit of electrodynamics.


    15. resistor switching takes place when the voltage and currents were zero in the line.

    • Action: add after the above this sentence:

    In (Kish 2013: L.B. Kish, "Enhanced Secure Key Exchange Systems Based on the Johnson- Noise Scheme", Metrology and Measurement Systems 20 (2013) 191 an improved transient protocol was given where the resistors started from the resultant value of the mixed state and reached their randomly chosen value by an adiabatically slow random walk.


    16. cable capacitance killer, against this attack.

    • Action: add after the above: The natural alternative method is decreasing the noise bandwidth (and key exchange speed) so that capacitive currents are negligible.


    17. mathematically ideal sense and can approach the level of

    • Proposed: mathematically ideal sense and it can approach the level of

    Response to Reviewer A

    1. loosely referred to as the Kish cipher,

    • Comment: Kish cypher is used much more frequently in non-scientific popular articles
    • Proposed: loosely referred to as the Kish cypher, or cipher,


    Reply: Disagree. Cypher vs cipher is just a British vs. US spelling issue. No need to mention that, as that is implicitly understood and not a technical issue.

    Action: No action taken.


    2. Alice, to the receiver, Bob.

    • Correct to: Alice, with the other party, Bob.

    Reply: Agree.

    Action: Fixed.


    3. Both Alice and Bob randomly change each of their resistors

    • Correct to: At the beginning of the bit exchange cycle, Both Alice and Bob randomly change their resistors

    Reply: Disagree. This is explained later on in the article in the section called "The core....." Here, in the introduction the idea is to give the reader the simplest possible picture. The finer details come later. One step at a time!

    Action: No action taken.


    4. So long as the resistor switching time is faster than the averaging time required to measure the noise, Eve cannot use the switching time window to decode the resistor values at a given instant.

    • Comment: not true in general, only in the singular case of zero distance, where the speed of switching does not matter anyway. In practical cases, the opposite is true. The best example is the most secure transient protocol based on adiabatically-slow random walks of the resistors, see: Kish, Metrology and Measurement Systems 20 (2013) 191-204 (open access)
    • Action to take: delete sentence.


    Reply: We don't have time to argue about this. So sentence is now deleted. What remains is correct anyhow and therefore we are all happy.

    Action: Done.


    5. Thus classical amplitude-time uncertainty protects the scheme during switching events, and during each bit interval the security is a consequence of thermodynamic equilibrium, and hence the Second Law of Thermodynamics, as will be later discussed in further detail.

    • Comment: the "classical amplitude-time uncertainty" defends the system only during the bit exchange period (not during switching) and only at the non-ideal situations where Eve's useful information will be limited by the finite duration of the bit exchange period.
    • Correct to: The security is a consequence of thermodynamic equilibrium, and hence the Second Law of Thermodynamics, as will be later discussed in further detail.

    Action: Done.


    6. Only random sequences of bits are sent rather than an actual message.

    • Correct to: Only random sequences of bits are exchanged rather than an actual message.

    Reply: This is nitpicking. But we concede.

    Action: Done.


    7. One enhancement to note is that in practice an active noise source, rather than a resistor, is used so that the noise equivalent temperature is much higher than internal noise of the line.

    • Correct to: One enhancement to note is that in practice an active noise source, rather than the Johnson noise of the resistor, is used so that its noise temperature is much higher than that of the line.

    Reply: Agreed.

    Action: Done.


    8. There are also number further improvements

    • Correct to: There are also a number of further improvements

    Reply: Agreed.

    Action: Done.


    9. pairs of resistors representing bit values are used

    • Correct to: pairs of resistors representing the bit values are used


    Reply: Either are correct. We prefer the way we have it.

    Action: No action taken.


    10. current mean-square amplitudes, or power density spectra, which cannot be distinguished.

    • Correct to: current mean-square amplitudes, or power density spectra, thus these states cannot be distinguished.

    Reply: Agreed.

    Action: Done.


    11. By solving the system of equations (3) and (4),

    • Correct to: In the mixed state, by solving the system of equations (3) and (4),

    Reply: Agreed.

    Action: Done.


    12. Therefore the security level is perfect and, because this level is the same for arbitrary calculation or measurement accuracy by Eve, as limited only by the laws of physics, it is unconditional security or, in other words, it is information theoretic security (Liang 2008)

    • Correct to: Therefore the security level is perfect in the ideal situation. The level of security remains the same for arbitrarily great computational power, measurement accuracy and speed of Eve, and limited only by the laws of physics and by the conditions of the protocol. It is unconditional security or, in other words, information theoretic security (Mingesz 2013), (Liang 2008).

    Reply: Agreed.

    Action: Done.


    13. limit the noise-bandwidth because it must be sufficiently small that the time-dependence of the channel noise amplitudes is slow enough

    • Change to: limit the channel-bandwidth because it must be sufficiently small that the time-dependence of the channel noise amplitudes and (possible) switching transients are slow enough

    Reply: Agreed.

    Action: Done.


    14. along the wire, implying that wave and propagation/delay effects are negligible.

    • Action: add after this sentence: This is the quasi-static limit of electrodynamics.

    Reply: Agreed.

    Action: Done.


    15. resistor switching takes place when the voltage and currents were zero in the line.

    • Action: add after the above this sentence:

    In (Kish 2013: L.B. Kish, "Enhanced Secure Key Exchange Systems Based on the Johnson- Noise Scheme", Metrology and Measurement Systems 20 (2013) 191 an improved transient protocol was given where the resistors started from the resultant value of the mixed state and reached their randomly chosen value by an adiabatically slow random walk.

    Reply: Agreed.

    Action: Done.


    16. cable capacitance killer, against this attack.

    • Action: add after the above: The natural alternative method is decreasing the noise bandwidth (and key exchange speed) so that capacitive currents are negligible.

    Reply: Agreed.

    Action: Done.


    17. mathematically ideal sense and can approach the level of

    • Proposed: mathematically ideal sense and it can approach the level of


    Reply: Agreed.

    Action: Done.

    Reviewer B

    This is a concise treatment of the topic and how it has been accepted and discussed in literature over the last 7 years. Apart of a few minor revisions it can be published as it.

    I propose a few minor revisions by addressing the questions below in a few extra sentences. That would improve the text and be of great help to the readers.

    1) I miss the information on the time needed to measure a noise spectrum with a certain precision and its effect on the transmission speed.

    2) The difference between high risk bits and the all-low or all-high cases, where the bit situation is obvious for everybody should be explained better.

    3) Concerning the cable discussion started by Liu, what is a capacitance killer?

    Response to Reviewer B

    1) Reviewer B: I miss the information on the time needed to measure a noise spectrum with a certain precision and its effect on the transmission speed.


    Reply: Because the decision about the secure bit needs only to determine if the noise intensity in the channel is at an intermediate value, a short observation time is enough to make a decision with a very low error rate. As mentioned, in the experimental demo (Mingesz 2008) the fidelity was 99.98%, which means the bit error probability was 0.02%.

    Action: We add the sentence, "In order to reach this small error rate, 100 independent noise samples were averaged, which reduced the speed only by a factor of fifty compared to the reciprocal of original noise bandwidth in the channel (Mingesz 2008)."


    2) Reviewer B: The difference between high risk bits and the all-low or all-high cases, where the bit situation is obvious for everybody should be explained better.


    Reply: Agreed.

    Action: In the introduction, we clarify this as follows: "If Alice's two resistors represent 0 and 1 and Bob's resistors represent 0 and 1, then there are four combinations: 00, 01, 10, and 11. Every 00 and 11 is discarded, because 10 and 01 will be indistinguishable to Eve. Note that for non-ideal cases, Alice and Bob may chose to drop further bits if they are judged to be high-risk. These so-called high-risk bits are dropped when Alice and Bob learn from comparing their current and voltage data that there is a risk that invasive eavesdropping has taken place, such as a man-in-the-middle-attack. Information leaks may also exist due to a vulnerability related to non-ideal elements or a design problem, resulting in the need to drop further high-risk bits."


    3) Reviewer B: Concerning the cable discussion started by Liu, what is a capacitance killer?


    Reply: This is where the capacitance of the coaxial cable is minimized by bootstrapping the shield.

    Action: In the section "Known attack types", the relevant sentence is expanded the following way: "Note that the capacitance killer arrangement is simply a coaxial cable with a bootstrapped shield. This is achieved in the standard way by driving the shield with a voltage follower. The input to the follower is the signal on the line. Thus there are no capacitive currents between line and the shield, as the voltage follower forces them to remain at the same potential."

    Reviewer C

    I carefully examined the article, and found that it is a well-written, interesting review of the KLJN scheme. I only have the following remarks:

    1. 2nd paragraph of Introduction: This paragraph is hard to understand if someone does not know how the KLJN scheme works, for this reason I suggest rewriting it. For example before the sentence “By measuring the Johnson noise on the line” I would insert a sentence like: “The thermal noise (Johnson noise) measured on the line is determined by the parallel combination of Alice and Bob's chosen resistances”

    2. Also in the introduction: “Every 00 and 11 is discarded, because 10 and 01 will be indistinguishable to Eve.” I would change it to: Every 00 and 11 is discarded, because only case 10 and 01 will be indistinguishable to Eve.

    3. Somewhere below Figure 1. I would insert a figure like Fig 2. from this article: Totally Secure Classical Networks with Multipoint Telecloning... with extra labels for 00, 01, 10 and 11 states. This figure would visualize how the protocol is working as well as voltage noise described by eq 3

    4. There is no information on the bit exchange speed of the protocol. In my opinion it would be informative, since the maximum theoretical speed is limited by the cable length.

    5. Pao-Lo Liu suggested a software-based key exchange protocol, which is inspired by the KLJN scheme. In my opinion it could be mentioned in the article.

    Reviewer D (invited by RG)

    The text by Abbott and Schmera provides a short but sufficiently clear and rigorous presentation of a very important topic, recently developed by several authors. Actually, the KLJN scheme represents a smart and relatively simple tool for secure communications which needs to be known, at least at an indroductory level, by a large community of scientists and technicians. This text, covering the subject and offering the basic bibliography, fills the lack. In conclusion, I strongly recommend the publication of this text in the present form.

    Personal tools
    Namespaces

    Variants
    Actions
    Navigation
    Focal areas
    Activity
    Tools