Physical Cryptography: Nuclear Disarmament and Zero-Knowledge Proofs
One of my colleagues/friends at Princeton University recently published an article in Nature Communications (a very highly-ranked, reputable journal!) which I thought might be of some interest to the Steemit community. The article is "A physical zero-knowledge object-comparison system for nuclear warhead verification" by Philippe et al.
I just wanted to take this opportunity to bring this work to the community's attention and give the layman's terms summary of the paper as well as a little bit of commentary. I hope you enjoy!
The problem: verifying nuclear weapons without learning anything about them (zero-knowledge proofs).
Nuclear arms agreements and disarmament treaties often require the verification of the existence of certain types and quantities of nuclear weapons. However, the design of those weapons is almost certainly secret/classified information. How can we verify the authenticity of a nuclear weapon without revealing any information about the weapon itself?
This is a really interesting problem. There are so many different types of nuclear weapons out there, and the different countries that have developed their own weapons generally try very hard to keep those designs secret to prevent anyone from discovering vulnerabilities in their designs and/or from more easily duplicating their weapons. This leads to the very interesting problem stated above. Suppose two countries with nuclear weapons reach agreements to simultaneously reduce the number of nuclear weapons that they have in their arsenals. How can both countries verify that the other does in fact have certain quantities of these weapons, while simultaneously learning nothing about the designs of the weapons.
The solution: non-electronic fast neutron differential radiography
The answer to this problem that my friend proposed (and demonstrated experimentally) is a very clever one. Stated succinctly, the idea is to use a "non-electronic fast neutron differential radiography technique using superheated emulsion detectors that can confirm that two objects are identical without revealing their geometry or composition." This technique could essentially be the basis for a method to verify the authenticity of a nuclear weapon, without actually learning any secret details about the design or composition of the weapon. Now, if what I've just described sounds like gibberish to you, you're not alone! I'll try to break it down in simple terms.
The first important thing to understand is the idea of a "zero-knowledge" proof. What exactly does that mean? Basically, these types of proofs are mathematical, cryptographic methods to show basically prove something is true, without revealing any sensitive information. For example, the classic example that I've heard goes something like this: Suppose there mountain with two caves. At the back of the caves, they are connected by a door, which is randomly open 50% of the time and closed 50% of the time. Now let's say that John claims to know how to open the door, but Alice doesn't believe him. He wants to prove to her that he knows how to open the door, but he doesn't want to actually reveal the information about how to open the door. So John has Alice wait outside the caves, and he walks in through one cave, through the door, and walks out the other cave.
Now, Alice doesn't know if John ever actually opened the door or not, since the door is randomly open 50% of the time. So she makes him walk through again. Once again, John enters through a certain cave, and when he reaches the door there will be a 50% chance it will be open. If open he walks through, and if closed he opens the door and walks through. In either case, John emerges through the opposite cave and all Alice knows is that there is a 50% chance John opened the door. The more times John repeats this experiment, the higher Alice's certainty that John does indeed know how to open the door. In this way, John can "prove" cryptographically that he knows how to open the door, without actually revealing any sensitive information about how to open the door.
A zero-knowledge object-comparison system
My friends technique described in the paper is basically a proof-of-concept technique that can prove whether two objects are the same or not, without revealing information about the object. The technique works by exposing an object (potential nuclear weapon) to a neutron beam and recording their 2D transmission radiographs on detectors that are preloaded with the complement radiograph plus Poisson noise of a known reference object. If the item is valid, the final radiograph will contain the same amount of exposure that would be expected if no object were in the path of the neutron beam. If the final radiograph contains more or less exposure (beyond a certain deviation), than the object can be known to be a fake.
In practice, this type of verification would work like this:
- The inspector chooses a certain orientation and energy for the neutron beam to be used on the weapons.
- The host of the test then creates a set of detectors preloaded with the complement of the radiograph data along with Poisson noise added to the data.
- The weapons being verified are then exposed to the neutron beam at the same angle of orientation and at the same energy level as used on the reference weapon. Both the inspector and the host can simultaneously measure the energy level of the beam to verify that the agreed level is being used.
- After each test, the number of results in each detector is counted by both parties, and the result of the final total exposure on all the detectors can be compared to the total expected exposure to determine if the weapon is valid or not.
This test can be repeated, just like John walking through the caves, to arbitrarily increase the validity of the test results. The inspector can continue to test the items using a neutron beam at many different angles and energy levels, and gain more and more confidence that the weapons are or are not the same as the reference weapon.
This technique is zero-knowledge because the final expected distribution on the detectors is simply Poisson noise. The complement of the radiograph data is preloaded on the detectors, but the inspector never gets to read the detectors until after the beam has been exposed, thus no knowledge is leaked about the devices themselves. Also, this technique is non-electronic, meaning there are no electronic components to be hacked or spoofed. The detectors used here are bubble detectors. When exposed to neutron beams, irradiated superheated bubbles are formed, such that the total number of bubbles in the detector is related to the amount of radiation exposed to the detector.
What a great application of practical cryptography!
I was very excited to hear about this idea. Such a great application of simple cryptographic, mathematical ideas. A zero-knowledge technique to verify the authenticity of nuclear weapons. It's possible that these types of ideas could help with nuclear disarmament agreements. If countries can no for sure that information about their devices will not be leaked, they may be more inclined to allow inspectors to verify their weapons arsenals, building trust without leaking information.