Deterministic Random Number Generator Attack against the Kirchhoff-Law-Johnson-Noise Secure Key Exchange Protocol
This paper identifies a critical vulnerability in the KLJN secure key exchange protocol, impacting its security for users relying on this method.
This paper demonstrates that the Kirchhoff-Law-Johnson-Noise (KLJN) secure key exchange protocol is vulnerable to attacks if the random number generators used to create Johnson noise are compromised. The attacks are deterministic, allowing Eve to crack the secure key bit quickly if she knows both Alice's and Bob's random noises, or to learn Bob's resistance and then Alice's bit if she only knows Bob's random noise.
This paper demonstrates the vulnerability of the Kirchhoff-Law-Johnson-Noise (KLJN) secure key exchanger to compromised random number generator(s) even if these random numbers are used solely to generate the noises emulating the Johnson noise of Alice's and Bob's resistors. The attacks shown are deterministic in the sense that Eve's knowledge of Alice's and/or Bob's random numbers is basically deterministic. Moreover, no statistical evaluation is needed, except for rarely occurring events of negligible, random waiting time and verification time. We explore two situations. In the first case, Eve knows both Alice's and Bob's random noises. We show that, in this situation, Eve can quickly crack the secure key bit by using Ohm's Law. In the other situation, Eve knows only Bob's random noise. Then Eve first can learn Bob's resistance value by using Ohm's Law. Therefore, she will have the same knowledge as Bob, thus at the end of the bit exchange period, she will know Alice's bit.