Every time you have to enter your PIN to access your bank account, you run a small risk of being hacked. Possibly a basic principle of the theory of relativity – that information cannot travel faster than light – offers the solution to this problem. Researchers want to use this fact to make your banking information fundamentally uncrackable.
When you enter your PIN at an ATM, you need to be able to trust that the bank protects that sensitive information from hackers. Security experts want to go a step further: with a new system they can completely sideline unsavory types.
To do that, they want to use a so-called zero knowledge proof, also known in English zero knowledge proof or called ZKP. This is a system that allows you to prove your identity without having to share a PIN or password. Someone who wants to prove his or her identity, the proponent, can thereby demonstrate to another person, the controller, that he or she has certain information without actually having to reveal this information.
Color boxes
ZKPs developed in the 1980s are based on mathematical concepts. An example is the three-color problem. In doing so, a map with thousands of areas is filled in with only three colors, in such a way that neighboring areas are never the same color.
It takes a lot of computing power to build such a map from scratch. The person who wants to prove his identity could make a card in advance that serves as proof of identity. The controller can then request the colors of any two areas that touch each other and check whether they are indeed different. By rapidly asking for the colors of random adjacent regions, the inspector can become increasingly certain that the prover really has the correct colored card in his hand – without the prover having to hand over the entire card.
A hacker, who does not have the original card, can of course give random answers to the checker. But with each additional question, the chances increase that his answers will lead to a card that contradicts itself. Once that happens, it’s obvious he doesn’t know the original card.
This system stands or falls with speed. You have to trust that a hacker can’t create a map fast enough that can trick the controller. He should therefore not have a supercomputer or lightning-fast algorithm that the security world does not know about.
Squat free
Quantum scientist Sébastien Designolle of the University of Geneva in Switzerland and his colleagues now have found a way to eliminate this risk. They use a constant of nature that, according to Einstein’s special theory of relativity, is carved into marble. “You want to be as paranoid as possible,” says Designolle.
Imagine two proofers, each having to respond to the questions of one of two verifiers within a certain time frame. The proofs are placed so far apart that it is impossible for them to discuss their answers. Even if their consultations happen at the speed of light, it would take too long to arrive at an answer within the time requested. Once the proponents have submitted their answers, the two auditors will be able to submit. They check whether the prover’s answers match and thus can detect false bets.
In an experiment, the team placed two computers, which acted as the pointers, at a distance of 400 meters. The computers were synchronized with GPS clocks. A signal traveling at the speed of light would take 1.3 microseconds to bridge the distance between the two. Two controller computers then each asked one of the proofers to confirm the color of two areas within 0.84 microseconds. That is less than the fastest possible transfer time. To make sure that the proving computers didn’t give both correct answers by accident, the checking computers asked half a million questions.
Safe duo
Computer scientist Matthew Green of Johns Hopkins University in Maryland, USA, says the concept could solve a fundamental problem of existing ZKPs: that you can attack them if you have computers that are fast and powerful enough.
“What they’re saying is there’s a way around this. We can create evidence that is perfectly safe. No matter how much time you spend cracking them, you will never crack them,” he says. ‘The price for this is that you have to use two computers for this new system. The speed of light is what it is.’