Random Number Generator, Zero-Crossing, and Nonlinearity Attacks against the Kirchhoff-Law-Johnson-Noise (KLJN) Secure Key Exchange Protocol

TL;DR

This paper introduces three novel attack methods against the KLJN secure key exchange protocol, revealing vulnerabilities related to RNGs, thermodynamics, and nonlinearity, and discusses conditions for maintaining security.

Contribution

It presents new attack techniques exploiting RNG weaknesses, thermodynamic non-equilibrium, and noise nonlinearity, advancing understanding of KLJN protocol vulnerabilities.

Findings

Deterministic RNG attacks can crack bits quickly.

Partial noise knowledge enables bit recovery after exchange.

Nonlinear noise distortion causes significant information leaks.

Abstract

This dissertation demonstrates three new types of attacks against the KLJN scheme. The first attack type is based on compromised RNGs. The first RNG attacks are deterministic. First, Eve knows both noises. She can crack the bit via Ohm's Law and one-bit powers within a fraction of the bit exchange period. Second, Eve knows only Bob's noise, so she can learn Bob's resistance value via Ohm's Law and Alice's resistance at the end of the bit exchange period. She can also use a process of elimination. The second RNG attacks are statistical. First, Eve has partial knowledge of Alice's and Bob's noises. She can crack the bit by taking the highest cross-correlation between her noises and the measured noise in the wire, and by taking the highest cross-correlation between her noises and Alice's/Bob's noises. Second, Eve has partial knowledge of only Alice's noise. She can still crack the bit, but after the bit exchange period. The second attack type is based on thermodynamics. Previously, the KLJN scheme required thermal equilibrium. However, Vadai, et al, in (Nature) Science Reports shows a modified scheme, where there is a non-zero thermal noise, yet the system resists all the known attacks. We utilize coincidence events between the line current and voltage and show that there is non-zero information leak. As soon as thermal equilibrium is restored, the system is perfectly secure again. The final attack type is based on the nonlinearity of the noise generators. We explore the effect of distortion at the second and third orders. It is demonstrated that 1% distortion results in a significant information leak. We also show that decreasing the effective temperature results in the KLJN scheme approaching perfect security.