Shahriar Ferdous

Christiana Chamon, Shahriar Ferdous, Laszlo B. Kish

This paper introduces and demonstrates four new statistical attacks against the Kirchhoff-Law-Johnson-Noise (KLJN) secure key exchange scheme. The attacks utilize compromised random number generators at Alice's/Bob's site(s). The case of partial correlations between Alice's/Bob's and Eve's probing noises is explored, that is, Eve's knowledge of Alice's and Bob's noises is limited but not zero. We explore the bilateral situation where Eve has partial knowledge of Alice's and Bob's random number generators. It is shown that in this situation Eve can crack the secure key bit by taking the highest cross-correlation between her probing noises and the measured voltage noise in the wire. She can also crack the secure key bit by taking the highest cross-correlation between her noise voltages and her evaluation of Alice's/Bob's noise voltages. We then explore the unilateral situation in which Eve has partial knowledge of only Alice's random number generator thus only those noises (of Alice and Eve) are correlated. In this situation Eve can still crack the secure key bit, but for sufficiently low error probability, she needs to use the whole bit exchange period for the attack. The security of the KLJN key exchange scheme, similarly to other protocols, necessitates that the random number generator outputs are truly random for Eve.

Christiana Chamon, Shahriar Ferdous, Laszlo Kish

This paper demonstrates the vulnerability of the Kirchhoff-Law-Johnson-Noise (KLJN) secure key exchanger to compromised random number generator(s) even if these random numbers are used solely to generate the noises emulating the Johnson noise of Alice's and Bob's resistors. The attacks shown are deterministic in the sense that Eve's knowledge of Alice's and/or Bob's random numbers is basically deterministic. Moreover, no statistical evaluation is needed, except for rarely occurring events of negligible, random waiting time and verification time. We explore two situations. In the first case, Eve knows both Alice's and Bob's random noises. We show that, in this situation, Eve can quickly crack the secure key bit by using Ohm's Law. In the other situation, Eve knows only Bob's random noise. Then Eve first can learn Bob's resistance value by using Ohm's Law. Therefore, she will have the same knowledge as Bob, thus at the end of the bit exchange period, she will know Alice's bit.

Shahriar Ferdous, Christiana Chamon, Laszlo B. Kish

In (Nature) Science Report 5 (2015) 13653, Vadai, Mingesz and Gingl (VMG) introduce a new Kirchhoff-law-Johnson-noise (KLJN) secure key exchanger that operates with 4 arbitrary resistors (instead of 2 arbitrary resistance values forming 2 identical resistor pairs in the original system). They state that in this new, VMG-KLJN, non-equilibrium system with nonzero power flow, the security during the exchange of the two (HL and LH) bit values is as strong as in the original KLJN scheme. Moreover, they claim that, at practical conditions, their VMG-KLJN protocol "supports more robust protection against attacks". First, we investigate the power flow and thermal equilibrium issues of the VMG-KLJN system with 4 arbitrary resistors. Then we introduce a new KLJN protocol that allows the arbitrary choice of 3 resistors from the 4, while it still operates with zero power flow during the exchange of single bits by utilizing a specific value of the 4th resistor and a binary temperature set for the exchanged (HL and LH) bit values. Then we show that, in general, the KLJN schemes with more than 2 arbitrary resistors (including our new protocol mentioned above) are prone to 4 new passive attacks utilizing the parasitic capacitance and inductance in the cable, while the original KLJN scheme is naturally immune against these new attacks. The core of the security vulnerability exploited by these attacks is the different line resistances in the HL and LH cases. Therefore, on the contrary of the statement and claim cited above, the practical VMG-KLJN system is less secure than the original KLJN scheme. We introduce another 2, modified, non-equilibrium KLJN systems to eliminate the vulnerability against some - but not all - of these attacks. However the price for that is the loss of arbitrariness of the selection of the 4th resistor and the information leak still remains greater than zero.

Mutaz Melhem, Christiana Chamon, Shahriar Ferdous et al.

A new attack against the Kirchhoff-Law-Johnson-Noise(KLJN) secure key exchange scheme is introduced. The attack exploits a parasitic (periodic) AC voltage-source at either Alice or Bob ends. Such situations exist due to AC ground loops and electromagnetic interference (EMI). In the low-frequency case, the procedure is the generalized form of the former DC ground loop based attack. In the high-frequency case, the power spectrum of the wire voltage is utilized. The attack is demonstrated in both the low and the high-frequency situations. Defense protocols against the attack are also discussed.

Christiana Chamon, Shahriar Ferdous, Laszlo B. Kish

This paper introduces and demonstrates two new attacks against the Kirchhoff-Law-Johnson-Noise (KLJN) secure key exchange scheme. The attacks are based on random number generators with compromised security. First we explore the situation in which Eve knows the seed of both Alice's and Bob's random number generators. We show that in this situation Eve can crack the secure key bit within a fraction of the bit exchange period even if her current and voltage measurements have only a single bit of resolution. In the second attack, we explore the situation in which Eve knows the seed of only Alice's random number generator. We show that in this situation Eve can still crack the secure key bit but she needs to use the whole bit exchange period for the attack. The security of the KLJN key exchange scheme, similarly to other protocols, necessitates that the random number generator outputs are truly random for Eve.