ETH Zürich » Computer Science » Theory » Cryptography

The Role of Physics in Cryptography

Algorithms, both for using and breaking cryptographic systems, are traditionally modeled as mathematical objects, and therefore cryptography and cryptanalysis are traditionally seen as mathematical disciplines. However, all processes in the real world, including computation and communication, are physical processes involving noise, quantum effects, and other uncertainty factors. This fact can be used both for the benefit and detriment of cryptography.

On the negative side, two developments should be mentioned. The first is quantum computing, leading potentially to efficient methods for factoring large numbers and computing discrete logarithms. The second is the exploitation (by the cryptanalyst) of different types of side information channels which are available because a cryptosystem is implemented and embedded in a physical environment (e.g. a smart-card). Examples of such channels are the time required for a certain computation (see Paul Kocher's work on timing attacks), the power consumption as a function of what is computed (e.g. differential power analysis), electro-magnetic radiation, or the behavior of a device when faults are provoked, e.g. by setting the power level outside of the specifications, by physical stress, or by applying electro-magnetic fields.

Designing tamper-resistant devices with only low-capacity side channels is a core issue in security engineering. Cryptographic research must propose adequate models of side channels and resistant implementation techniques, for instance by masking key values or reordering the sequence of instructions. In addition, one should try to devise algorithms whose implementations can be inherently less vulnerable to side-channel attacks.

On the positive side, one can exploit the fact that an adversary does not know the exact state of a physical system. A first possible source of uncertainty for the adversary is the inherent impossibility of measuring quantum states exactly. For instance, one can measure at most one bit of information about the polarization of a photon, which is a continuous quantity. Quantum cryptography is the discipline that exploits this fact.

A second source of uncertainty for the adversary is the noise in communication channels. Cryptography is usually used in a context where error-free communication channels (e.g. TCP connections) are available. In such a model, information-theoretic secrecy is possible only if, roughly speaking, the key is as long as the message. By combining cryptographic coding and error-control coding, perfect information-theoretic secrecy can be achieved by public discussion between two parties not sharing a secret key initially, by exploiting information available to them as well as (even more reliably) to the adversary.