A directional wave measurement attack against the Kish key distribution system

The Kish key distribution system has been proposed as a classical alternative to quantum key distribution. The idealized Kish scheme elegantly promises secure key distribution by exploiting thermal noise in a transmission line. However, we demonstrate that it is vulnerable to nonidealities in its components, such as the finite resistance of the transmission line connecting its endpoints. We introduce a novel attack against this nonideality using directional wave measurements, and experimentally demonstrate its efficacy.

An attack by Hao 12,13 instead focuses upon imperfections of the terminals; inaccuracies in the noise temperatures of Alice and Bob create an information leak. However, it was demonstrated 9,13 that noise can be digitally generated with a sufficiently accurate effective noise temperature to prevent this attack from being useful in practice.
A theoretical argument has been made by Bennett and Riedel 14 that no purely classical electromagnetic system can be unconditionally secure due to the structure of Maxwell's equations. It is argued that the upper bound on secrecy rate by Maurer 15 must be zero because of the locally-causal nature of classical electromagnetics, and so an eavesdropper can perfectly reconstruct the key with the aid of a directional coupler. Kish, et al. 16 responded that a nonzero secrecy rate is unnecessary in practice, provided it can be achieved in the ideal limit.

Results
Circuit analysis. We begin our attack by analyzing the system in Figure 1 to determine the forward-and reverse-travelling waves through the transmission line. Let us denote the equivalent noise voltages of Alice and Bob V a (t) and V b (t) respectively, and the waves injected onto the line V' a t ð Þ and V' b t ð Þ. These are related by Noting that the mean-squared thermal noise voltage is AEV 2 ae 5 4kTBR, we find that As the transmission line in the KKD system is short-and so the forward-and reverse-travelling waves are equal throughout the line except for a loss factor a-we may write the left-and right-travelling waves at Bob's and Alice's ends of the line respectively as and so We may write this in matrix form v d (t) 5 Av i (t) and so find the covariance matrix C~AC i A t of the directional components: When the line is lossless and so a 5 1, Eqn. 9 is invariant under permutation of C A and C B , and so the covariance matrix provides no information on the choice of resistors. However, when a , 1 this property fails to hold, allowing the choices of C A and C B to be determined from the distribution of (v 1 , v 2 ); this allows an eavesdropper to attack the system by performing a statistical test between the two possible covariance matrices. Note that we need not measure the generator voltages themselves-which an eavesdropper cannot directly access-but merely the waves travelling in each direction.
Statistical processing. We have derived a statistical representation of the noise that travels along the transmission line; while we might measure the power travelling in each direction in order to determine the resistor configuration, the distributions to be distinguished are very similar, resulting in a relatively large bit-error rate (BER) as was shown in 11 . However, comparison of the variances of v 1 and v 2 is suboptimal.
We derive an improved test using Bayesian methods and demonstrate that the two cases can be far more easily distinguished than with a direct difference-of-mean-squares test of Scheuer and Yariv 10 .
Knowing the covariance matrices of v 1 (t) and v 2 (t) for each hypothesis, we may use Bayes' theorem 17 to determine the probability of each configuration. Let C 5 0 and C 5 1 refer to the events that (R a ,R b ) 5 (R h ,R l ) and vice-versa, respectively. Then, where p 0 (?,?) and p 1 (?,?) are the multivariate Gaussian PDFs for the measurements from each respective configuration. The most probable state, then, is given by the maximum-likelihood estimator 17

C~0
if The comparison is more conveniently made in terms of the loglikelihood, which for the n-variate zero-mean Gaussian distribution with covariance matrix S is given by 18 Noting that S is positive-definite, we may therefore write it in terms of its Cholesky decomposition S 5 KK T , and so filters and instrumentation that do not affect the steady-state signal. The mean-squared voltages V 2 a t ð Þ and V 2 b t ð Þ are proportional to the resistances R a and R b respectively. Note that in a practical system, artificial noise sources are used, and thus the equivalent noise temperature in our experiment is 3.62 3 10 15 K. This is equivalent to 1 V RMS of voltage noise with a 1 kV resistor over a bandwidth of 5 kHz. We perform our analysis in terms of the reflection coefficients C A and C B .
Only the final term depends upon the data, and there only through the total power of a group of signals K 21 x formed by linear combinations of the measured waves. It should be noted that this estimator differs substantially from that proposed by Scheuer and Yariv 10 , which makes a simple comparison of variances. The measured variables in our case are collected simultaneously and so exhibit the heavy correlations of Eqn. 9. With these correlations, the likelihood-ratio test provides far better performance than the difference in the variances of the marginal distributions would suggest. However, if the voltage and current measurements are considered separately, as in 9,11 where only the marginal distributions of each measurement are computed, these correlations vanish and so the estimator described in Eqns. 13 and 16 has substantially less power. The distribution of test statistics is shown in Figure 2 for a loss of 0.1 dB. The presence of correlation causes the distributions of test statistics to differ substantially, where otherwise they would be almost indistinguishable.
The results of simulation for various values of loss are shown in Figure 3. A pair of white noise processes are generated, Fouriertransformed, and the undesirable frequency components removed. They are combined according to Eqn. 8 to produce the voltage waves, and the maximum-likelihood estimator is used to determine the resistor configurations. This demonstrates that our estimator can differentiate the two distributions without the unreasonably large sample sizes that were previously thought necessary 11 .
Experimental results. Having demonstrated our attack in simulation, we proceed to experimental validation of the model. The estimation of hv/hx is key to the operation of the device, however the circuit synthesis is dependent upon a wave-based analysis of the system. We therefore measure experimentally the frequency response of the electronically-estimated hv/hx, shown in Figure 4, with a wave travelling in a single direction in order to verify that our analysis is appropriate.
We expect to see a magnitude response linear in frequency and a constant 190u phase response. This agrees with the experimental results shown in Figure 4, validating our analysis, and demonstrates that the signal through a short transmission line indeed propagates as a wave, in contradiction to the theoretical claims of Kish and Horvath 6 .
We measure the voltage components in each direction and compute the log-likelihoods (16). Their differences are thresholded to compute (13); the bit error rates for various averaging times and line parameters are shown in Figure 5. Even modest losses, below 0.1 dB, allow more than 99.9% of bits to be determined correctly in less than 20 correlation times, showing that the technique simulated in Figure 3 can be applied in practice.
Proposed countermeasures and alternative explanations. Several countermeasures to and alternative explanations of this attack have been proposed in response to a preprint of this paper; we take a moment to discuss each of these.
Arguments against the transmission-line model of the KKD system. It is argued 16,19 on several grounds that the wave-based model that we have used is inaccurate. It is first claimed that the wave equation on a finite domain does not admit sinusoidal solutions other than of frequencies f k 5 kn/2L, where n is the propagation velocity and L the length of the transmission line. However, this quantisation effect , the measurement variables are drawn from a correlated bivariate distribution having the same marginal variances, and are far more distinguishable. In either case, as losses increase and so the variances of the measurements and transformed measurements respectively differ more greatly, the two distributions, which mirror each other about zero, become increasingly assymmetric and so far more distinguishable. is induced by boundary conditions of the form v(0) 5 v(L); in the KKD system, resistive terminations allow arbitrary potentials to appear at the two ends of the line and so this does not occur. We also note that these spatial frequencies do not directly correspond to temporal frequencies in the injected signals, but are instead indicative of the spatial spectrum of the periodic extension of the voltage distribution along the line.
It is next claimed by Chen et al 19 that the signals within the KKD system cannot be waves because their energy does not exchange between electric and magnetic fields. However this will always be the case. Consider an infinitely long coaxial cable driven by a sinusoidal source V 0 (t). It is shown by Chen et al 19 that the relationship between the instantaneous voltages and currents in a small initial segment of the line will cause the energy to be evenly split between electric and magnetic fields. As we are considering an infinitely long coaxial cable, the voltages and currents contain no reflected components, and so will be given by The distribution of energy between electric and magnetic fields therefore does not change as the signal propagates along the transmission line. The voltages and currents are known 20 to satisfy the wave equation, and yet they do not exchange energy in the manner suggested by Chen et al 19 .
It is further claimed that a lack of discretisation of frequencies disagrees with the calculations of Planck and would invalidate Planck's Law. However, it is incorrectly claimed by Chen et al 19 that Planck's Law is derived for radiation inside a black-sided box; in fact, the box analysed by Planck 21 is perfectly conductive. It is these per-fectly conductive edges that induce quantisation of the spatial frequencies 21 . In simple terms, recall that Planck's formulation solves the ultraviolet catastrophe by introducing an upper frequency cut-off via quantisation. An attempt by Chen et al 19 to use this analogy to argue for a lower frequency cut-off in a coax line is therefore not valid and appears to have the situation inverted.
Another argument 19 has been made against the presence of waves using the equipartition theorem. It is claimed that the equipartition theorem requires each wave mode of the transmission line to possess an energy of kT=2, and that for a line in thermal equilibrium with the generators, the power on the line is insufficient to excite even a single wave mode. However, the non-idealized KKD system is not a thermodynamically closed system, but uses artificial noise sources and has resistive terminations. These terminations dissipate power into the environment, and the noise sources must be supplied with external power; the KKD system therefore is not in thermal equilibrium and the equipartition theorem does not apply.
It is also claimed by Chen et al 19 , based on a lumped-model analysis, that the phase velocity of the propagating signal is dependent upon the line terminations, invalidating the use of the d'Alembert solution to the wave equation. However, this analysis conflates phase and propagation velocities, and similar results-identical except for the addition of propagation time-can be derived from a wave-based analysis (see Supplementary Note S1). We note also that, contrary to the claims of Chen et al 19 , for guided modes, superluminal phase velocities do not violate special relativity as they do not imply superluminal wave signal propagation 22,23 .
Contrary to the implication of Chen et al 19 , there is no definitive definition of a wave in the literature. Even attempting to define a wave as a solution of the wave equation is overly restrictive, as waves in dispersive media do not strictly satisfy the standard wave equation 23 . Thus physics texts (e.g. 24 ) define a wave in the broadest possible terms as a transfer of energy from one state to another with a finite velocity. A wave does not even need to be periodic-for example, it can be overdamped or even chirped. It appears that, in each argument Chen et al 19 , preselects its own ad hoc definition of what a wave is in order to arrive at a non-standard viewpoint.
Experimental critique. It was suggested by Chen et al 25 that mains interference or DC offsets, might be responsible for our results, as they would produce an apparent DC offset during each measurement. Note that DC offsets are removed by high-pass filtering after digitisation, as shown in Figure 7, and 50 Hz interference is suppressed as well. The delay line is shielded by the coaxial braid, and  is wound in a non-inductive bifilar configuration 26 in order to further reduce mains pickup. The magnitude of the 50 Hz interference measured on the V x channel-see Figure 6-is 15 mV RMS after amplification, and remains constant whether or not a complete circuit exists through the two resistors to ground, thus suggesting this effect to be insignificant on that channel. Interference picked up by the V channel-the quantity considered by Chen et al 25 -increases with the establishment of a current loop, but at 40 mV RMS this is more than 85 dB below the generator signal, and so insignificant in the short time over which we average.
It is suggested 19 that our apparatus might have non-Gaussian signals present, and that this known vulnerability might be responsible for our results. However, our method uses only second-order statistics, and so does not depend upon the distributions of the signals, but merely their variances and correlations, which can be trivially computed as above.
Proposed countermeasures. A countermeasure to finite-resistance attacks has been proposed by Kish and Granqvist 27 . They propose to boost the noise temperature of one source in order to compensate for the extra resistance of the cable.
While their analysis considers only lumped models, our analysis shows that this type of countermeasure is effective against our attack, requiring the temperatures to be varied according to under our model. This allows our attack in its current form to be defeated if a can be accurately measured by the two parties. However, it remains for future work to determine if this can be implemented in a secure manner, as the measurement protocol for a remains unspecified.

Discussion
The technique above exploits imperfections in the KKD implementation; while it might be theoretically possible to counter this attack by reduction of losses as proposed by Kish 11 , the reduction of losses substantially below 0.1 dB ensures that this will be infeasible for all but the shortest or slowest of links. This raises the question of why our attack should succeed where existing finite-resistance attacks have failed. The attack of Scheuer and Yariv 10 considered only the variances of the measured variables. Our attack exploits the large correlation between waves in each direction; the estimator used above partially removes this common signal, increasing the ability to distinguish between the two cases statistically.
We have demonstrated an attack against the KKD key distribution system that exploits losses within the connecting transmission line. The attack has been shown experimentally to correctly determine more than 99.9% of bits transmitted over a 2 m transmission line within 20 correlation times. As this attack requires that losses be reduced to a fraction of a decibel in order to maintain a meaningful level of security, modifications to the system, such as proposed by Kish and Granqvist 27 , will be necessary in order to produce a secure link of any significant length and bitrate.

Methods
A directional coupler separates forward-and reverse-travelling waves on a transmission line 20 . We have constructed a similar device using differential measurements across a delay line, shown in Figure 6.
Consider the d'Alembert solution 7 to the wave equation in a medium with propagation velocity n, The forward-travelling component v 1 (t) differs from the reverse-travelling component v 2 (t) in the sign of its spatial argument. We use this to our advantage by computing the linear combinations Lv yielding the forward-and reverse-travelling waves as we desire. All that remains, then, is to determine hv/ht and hv/hx. The time derivative hv/ht may be determined digitally from sampled values of v(t). The spatial derivative is approximated as being proportional to the voltage across a short delay line, shown in Figure 6.
After digitisation, we high-pass filter the signals V and V x in order to remove any DC offsets or mains interference. The signals are then combined to produce the leftand right-travelling waves. The time-derivative hv/ht can be approximated by a difference operator, however in order to accommodate for the unknown propagation velocity and delay line length, common-mode leakage into V x , and losses in the delay line, we instead use a first-order least-mean-squares (LMS) adaptive filter 28 for initial calibration. A signal source is applied to one port and the other is terminated; this produces a right-travelling wave on the line, but none travelling to the left. The lefttravelling output V 2 is used as an error signal for the LMS filter, suppressing any contribution from the right-travelling wave.
The real part of the reflection coefficient, seen looking out of the right port, is computed by a cross-correlation between left-and right-travelling waves. When this falls below 0.01, calibration is declared complete and filter updates cease. After calibration, we validate the system by configuring it as a reflectometer. Open and shorted measurements are made, yielding reflection coefficients of 11 and 21 respectively. The reflection coefficients of several resistors are also measured, again yielding the expected values.
We have used this device to implement the attack described above, using resistances R l 5 1 kV, R h 5 10 kV, and a coaxial transmission line of characteristic impedance Z 0 5 50 V. The voltage sources are produced by an arbitrary waveform generator, producing independent normally-distributed voltages over a frequency range of 500 Hz-5500 Hz. The bandwidth B 5 5 kHz results in an approximate correlation time of B 21 5 200 ms 29 . Each configuration is set and the covariance matrices from Eqn. 9 are measured during the setup phase. Resistor configurations are randomly selected for each test as would be the case in an operational systemthough we used a pseudo-random number generator rather than a truly-random number generator-and the log-likelihood ratios are computed for the measured values of v 1 and v 2 . Their differences are thresholded to compute (13). Figure 7 | The digital signal processing of the directional wave measurement device, implemented on an STM32F407 microcontroller. A least-mean-squares filter is used at startup to determine the necessary filter coefficients; a signal is applied to one port while the other is connected to a terminator, and the filter coefficients adjusted to force V 2 5 0. Filter updates are disabled once the apparent reflection coefficient becomes sufficiently small.