The Kirchhoff-Law-Johnson-Noise (KLJN) secure key exchange system has been introduced as a simple, very low cost and efficient classical physical alternative to quantum key distribution systems. The ideal system uses only a few electronic components—identical resistor pairs, switches and interconnecting wires—in order to guarantee perfectly protected data transmission. We show that a generalized KLJN system can provide unconditional security even if it is used with significantly less limitations. The more universal conditions ease practical realizations considerably and support more robust protection against attacks. Our theoretical results are confirmed by numerical simulations.
Incredibly huge amount of information is exchanged at each second—electronic communication is becoming one of the most important parts of the industry, economy, medicine, education, entertainment, personal life and many more. It is obvious that in several cases reliable protection of the information is essential and that is not easy task. There are many methods and algorithms to encrypt data and although they appear practically unbreakable today, one can’t be sure about their security in the future.
Natural physical processes and systems can be promising alternatives to digital encryption to hide information from the eavesdroppers. Much is expected from the quantum key distribution (QKD)1; however an extremely simple and low cost classical physical system has been proposed as an efficient alternative to provide unconditional security using only a few resistors, switches and wires, called KLJN system2 (also referred to as KKD system3). The idea is surprisingly simple and elegant: the thermal (Johnson) noise of the resistor serves as the signal source and only a simple circuit is needed to establish communication between the two parties, usually named as Alice and Bob. The schematic of the circuit is shown on Fig. 1.
At both ends of the communication line there is an identical pair of resistors with publicly known lower and higher values, RL and RH, respectively. Both communicating parties can connect one of the resistors to the interconnecting wire. It has been shown using the second law of thermodynamics2 and mathematical statistics4 that the eavesdropper can’t distinguish between the two cases when different resistors are selected at the two ends, therefore one bit of information can be transferred with unconditional security. Note that the zero-mean Johnson noise voltages of the resistors are represented by separate voltage generators. The power spectral density of the thermal noise voltage is equal to 4kTR, where k is the Boltzmann constant and T is the temperature of the resistor R. The use of separate voltage generators allows high enough voltage amplitudes in practical applications, virtually emulates very high temperatures. Note that recently it has been proven using mathematical statistical methods that only this kind of normally distributed stochastic process and special scaling can guarantee perfect security5.
The outstanding performance of the KLJN system has been demonstrated by the first practical realization using a digital signal processor based system6 and has inspired the development of another secret key exchange method7. The simplicity and flexibility of the system motivated the proposal of many possible applications in different environments including securing computer communications, hardware components, memories, processors, keyboards, mass storage devices, key distribution over the Smart Grid, ethernet cables, uncloneable hardware keys and automotive communication8,9,10,11.
The ideal KLJN key exchange system is considered to be unconditionally secure; however numerous attacks have been introduced using the non-ideal properties that appear in practical realizations. The tolerance of resistor values and temperature, the resistance of the interconnecting wires and switches, any deviation from the ideal normal distribution and even interference can cause information leak12,13,14,15,16,17,18,19,20,21,22. The latest attack is based on directional wave measurements and uses the finite resistance of the transmission wire3,23,24. As usual at physical secure key exchange systems, there is an on-going sequence of attacks, defense-methods, new attacks; new defense-methods with modified systems of improved security.
Any practical realization has limitations and exhibits non-ideal behaviour, therefore the question arises, how sensitive the security on the tolerance of the properties of the components is; how well the ideal cases can be approximated; are there any efficient methods to compensate the effects of non-ideal features? Here we generalize the KLJN key exchange protocol by using arbitrary resistors and we prove that in the ideal case it is still unconditionally secure if the noise voltages are properly chosen. This allows operating the practical realizations close to the ideal one, since resistor values always have certain tolerance (typically 5%) and temperature dependence. In the same time this generalization makes flexible, even real-time compensation techniques possible. We have carried out numerical simulations to confirm our theoretical results.
The generalized KLJN key exchange protocol
In the original KLJN system two identical resistor pairs are used at both ends of the communication wire. Here we allow the use of four arbitrarily chosen resistors as shown on Fig. 2.
The normally distributed Johnson noise of the resistors is represented by separate voltage generators again. The eavesdropper Eve can measure the current IE(t) and the voltage VE(t) in the interconnecting wire and can process these signals to determine which resistors are connected to the wire. If in both the LH and HL cases the same information is obtained, then no information leak occurs. Table 1 summarizes the possibilities.
Conditions for security
The eavesdropper can measure the variance of the voltage and the current and the correlation of these signals. All these must be the same for both the LH and HL cases.
First, consider the variance of the current in the LH and HL states:
Substituting the expressions of IE given in Table 1 we get:
The equivalence of the variance of the voltage fluctuations observed by Eve implies that
Again, expanding these using the formulas for VE provided in Table 1 yields
Finally, it is required to have the same correlation between the current and voltage signals:
Substituting the current and voltage expressions from Table 1 into Eqn. 5 results the following equation:
The left hand side of this formula can be written as
and for the right hand side of Eqn. 6 we obtain
We have used the fact that the cross correlation terms are zero, since all voltage noise signals are independent. Using Eqn. 6, 7 and 8 finally we get
This equation is in agreement with the physical argument that the power flow from the two sides must be the same for HL and LH states22. Note that because the voltage and current noise signals have zero mean, their covariances are also the same for both LH and HL cases. Therefore, since IE(t) and VE(t) are bivariate normally distributed stochastic signals, every higher moments of IE(t) and VE(t) will be the same for both LH and HL cases according to the Isserlis’ theorem25.
In summary, Eqn. 2, 4 and 9 must be satisfied in order to guarantee secure communication.
Note here that in the case of the original KLJN protocol both sides of Eqn. 9 are zero and one can easily see that in agreement with the previous results2,4,5 the noise variance scales with the value of the corresponding resistor. In our generalized case the voltage and current signals observed by the eavesdropper are not independent, but their statistical properties are the same for both the LH and HL states.
Determining the voltage amplitudes
According to the above it is possible to choose four arbitrary resistor values and one of the voltage variances. In the following example we assume that the variance of VLA(t) is given and the rest three must be calculated using Eqn. 2, 4 and 9:
It is important to note that since the variance is proportional to the temperature, the restrictions on the noise variances can be interpreted physically as having different temperatures for each resistor.
In order to confirm our theoretical results we have carried out numerical simulations. The variances and the correlation of the current IE and voltage VE were calculated for both the HL and LH cases. We have tested three different configurations as listed in Table 2. Three bit error rate (BER) values have been calculated using the variance of the current, variance of the voltage and the correlation data for the transfer of 1 million bits. The BER values are very close to 50% indicating that the leak is practically zero. According to a one-sample T-test the BER value does not differ significantly from 50% at the significance level of 1%.
Figures 3 and 4 visualizes the statistics of the quantities that can be observed by the eavesdropper in the HL and LH states. It can be easily seen that in both states the histograms are practically identical; according to the two-sample Kolmogorov-Smirnov test there is no significant difference between them at the significance level of 1%. The eavesdropper can’t extract any information from the data using any of the three considered quantities.
Figure 4 shows the correlation histogram of the current and voltage. The correlation is not zero in contrast to the original KLJN configuration4,5. On the right hand side the scatter plot corresponding to the joint probability distribution of the voltage and current can be seen. The asymmetrical shape indicates the non-zero correlation as well5 and it corresponds to a non-zero, but identical power flow from one side to the other both in the HL and LH cases22.
Our theoretical and numerical simulation results show that the KLJN key exchange protocol provides security even under significantly generalized conditions: the resistor values can be chosen arbitrarily. In order to ensure security the voltage noise variances must be chosen according to the equations we have presented above. This means that the required dependence of voltage amplitudes on resistor values has also been generalized. Considering the original physical picture this means that the system is not any more in thermal equilibrium, the temperature of the resistors will be different. However, since practical realizations use separate artificial noise generators to emulate the Johnson noise of the resistors, this does not mean any limitation or problem. On the other hand Eqn. 9 is equivalent to the assumption that the mean power flow in the two states are the same22. The original protocol is a special case in our approach, when both sides of Eqn. 9 equal zero.
The generalized protocol helps to improve the security in practical applications significantly and allows new realizations as well. For example consider the original KLJN system using resistors with a given tolerance. In this case the original protocol will cause some information leak, however if the resistor values are measured, the voltage amplitudes can be slightly changed to eliminate the leak. Note that tuning the voltage amplitude is rather easy to implement by today’s precision analogue and digital circuits. It is easy to see, that even the parasitic resistance of switches and the interconnecting wire resistance can be compensated, it is a special case in our approach. This is in agreement with the complete elimination of the effect of wire resistance that has been discussed by Kish et al.2.
During the communication both Alice and Bob can measure the components’ resistance continuously; they can measure voltage at different points and can also determine the loop current. The on-line measurement of the communicating resistors, resistance of the switches and resistance of the interconnecting wire is possible, and the parties can inform each other about their observations even via a public link. Therefore it is also possible to implement real-time continuous information leak elimination. For example automatic compensation of the changes in the wire resistance is possible, when the interconnecting cable is replaced for any reason. These features are very important in practical applications, because the sensitivity of the original KLJN system on the non-ideal properties of the components can be dramatically reduced and several attack types based on cable resistance, resistance inaccuracies due to tolerance or temperature dependence or on any other parasitic resistance in the loop can be eliminated26.
Our calculations are mainly based on the mathematical statistical approach described in our recent publications in the subject4,5. We have calculated the variances of the quantities and the correlation between the considered signals. Agreement with previous results based on classical physical approach was also important and it has been demonstrated as well.
Numerical simulations were based on a code written in the LabVIEW environment and the source code is available for download27. The simulation of the transfer of a single bit in the HL and LH state was carried out by generating 1000 samples to represent the four voltage noise signals. Then VE and IE observed by the eavesdropper were calculated. Using these data the variances of VE and IE and the correlation values were determined.
In order to check any possible information leak and to measure the statistics of the above mentioned quantities 1 million bits were transferred. The BER was calculated using all three indicators. During the BER estimation all bit transfers were taken for both the HL and LH states and the median was used as a threshold value to determine the bit state for an individual bit transfer. After this we have calculated the ratio of unsuccessful bit guessing to get the BER value and we have performed statistical tests as well, one-sample and two-sample Kolmogorov-Smirnov test to analyse the distributions, one-sample and two-sample T-test to compare the mean values using significance level of 1%.
How to cite this article: Vadai, G. et al. Generalized Kirchhoff-Law-Johnson-Noise (KLJN) secure key exchange system using arbitrary resistors. Sci. Rep. 5, 13653; doi: 10.1038/srep13653 (2015).
This work is licensed under a Creative Commons Attribution 4.0 International License. The images or other third party material in this article are included in the article’s Creative Commons license, unless indicated otherwise in the credit line; if the material is not included under the Creative Commons license, users will need to obtain permission from the license holder to reproduce the material. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/