A graph with its 3-colouring. For each edge, we check that the two connected vertices are of different colours.
A team from UNIGE has implemented a new way to secure data transfers based on the physical principle of relativity.
The volume of data transferred is constantly increasing, but the absolute security of these exchanges cannot be guaranteed, as shown by cases of hacking frequently reported in the news. To counter hacking, a team from the University of Geneva (UNIGE), Switzerland, has developed a new system based on the concept of “zero-knowledge proofs”, the security of which is based on the physical principle of relativity: information cannot travel faster than the speed of light. Thus, one of the fundamental principles of modern physics allows for secure data transfer.
This system allows users to identify themselves in complete confidentiality without disclosing any personal information, promising applications in the field of cryptocurrencies and blockchain. These results can be read in the journal Nature.
When a person – the so called ‘prover’ – wants to confirm their identity, for example when they want to withdraw money from an ATM, they must provide their personal data to the verifier, in our example the bank, which processes this information (e.g. the identification number and the pin code). As long as only the prover and the verifier know this data, confidentiality is guaranteed. If others get hold of this information, for example by hacking into the bank’s server, security is compromised.
Zero-knowledge proof as a solution
To counter this problem, the prover should ideally be able to confirm their identity, without revealing any information at all about their personal data. But is this even possible? Surprisingly the answer is yes, via the concept of a zero-knowledge proof. “Imagine I want to prove a mathematical theorem to a colleague. If I show them the steps of the proof, they will be convinced, but then have access to all the information and could easily reproduce the proof”, explains Nicolas Brunner, a professor in the Department of Applied Physics at the UNIGE Faculty of Science. “On the contrary, with a zero-knowledge proof, I will be able to convince them that I know the proof, without giving away any information about it, thus preventing any possible data recovery.”
The principle of zero-knowledge proof, invented in the mid-1980s, has been put into practice in recent years, notably for cryptocurrencies. However, these implementations suffer from a weakness, as they are based on a mathematical assumption (that a specific encoding function is difficult to decode). If this assumption is disproved – which cannot be ruled out today – security is compromised because the data would become accessible.
Today, the Geneva team is demonstrating a radically different system in practice: a relativistic zero-knowledge proof. Security is based here on a physics concept, the principle of relativity, rather than on a mathematical hypothesis. The principle of relativity – that information does not travel faster than light – is a pillar of modern physics, unlikely to be ever challenged. The Geneva researchers’ protocol therefore offers perfect security and is guaranteed over the long term.
Dual verification based on a three-colorability problem
Implementing a relativistic zero-knowledge proof involves two distant verifier/prover pairs and a challenging mathematical problem. “We use a three-colorability problem. This type of problem consists of a graph made up of a set of nodes connected or not by links”, explains Hugo Zbinden, professor in the Department of Applied Physics at the UNIGE. Each node is given one out of three possible colours – green, blue or red – and two nodes that are linked together must be of different colours. These three-colouring problems, here featuring 5,000 nodes and 10,000 links, are in practice impossible to solve, as all possibilities must be tried. So why do we need two pairs of checker/prover?
“To confirm their identity, the provers will no longer have to provide a code, but demonstrate to the verifier that they know a way to three-colour a certain graph”, continues Nicolas Brunner. To be sure, the verifiers will randomly choose a large number of pairs of nodes on the graph connected by a link, then ask their respective prover what colour the node is. Since this verification is done almost simultaneously, the provers cannot communicate with each other during the test, and therefore cannot cheat. Thus, if the two colours announced are always different, the verifiers are convinced of the identity of the provers, because they actually know a three-colouring of this graph. “It’s like when the police interrogates two criminals at the same time in separate offices: it’s a matter of checking that their answers match, without allowing them to communicate with each other”, says Hugo Zbinden.
In this case, the questions are almost simultaneous, so the provers cannot communicate with each other, as this information would have to travel faster than light, which is of course impossible. Finally, to prevent the verifiers from reproducing the graph, the two provers constantly change the colour code in a correlated manner: what was green becomes blue, blue becomes red, etc. “In this way, the proof is made and verified, without revealing any information about it”, says the Geneva-based physicist.
A reliable and ultra-fast system
In practice, this verification is carried out more than three million times, all in less than three seconds. “The idea would be to assign a graph to each person or client”, continues Nicolas Brunner. In the Geneva researchers’ experiment, the two prover/verifier pairs are 60 metres apart, to ensure that they cannot communicate. “But this system can already be used, for example, between two branches of a bank and does not require complex or expensive technology”, he says. However, the research team believes that in the very near future this distance can be reduced to one metre. Whenever a data transfer has to be made, this relativistic zero-knowledge proof system would guarantee absolute security of data processing and could not be hacked. “In a few seconds, we would guarantee absolute confidentiality”, concludes Hugo Zbinden.
Original Article: Securing data transfers with relativity
More from: University of Geneva
The Latest Updates from Bing News & Google News
Go deeper with Bing News on:
Secure data transfer
- Ransomware gang exploits critical vulnerability in popular file transfer software
A cybersecurity advisory issued Wednesday said that a major ransomware group had successfully exploited a previously unknown vulnerability in Progress Software’s MOVEit software.
- The roadmap to cross-border data transfer
India should ally with countries as ‘trusted partners’ that share similar values in terms of democracy, privacy and security principles ...
- Cyberdefenders respond to hack of file-transfer tool
"The SuspectFile site is operated by an Italian researcher," noted Brett Callow, a threat analyst for the cybersecurity company Emsisoft, in a response to the Chronicle. "I don't know him, but people ...
- Zero-day MOVEit Transfer vulnerability exploited in the wild, heavily targeting North America
Read the technical details about this zero-day MoveIT vulnerability, and learn how to detect and protect against this SQL injection attack.
- Progress Software security flaw leads to massive data theft
The Burlington company discovered the flaw last week, but online criminal gangs were already using it to steal data.
Go deeper with Google Headlines on:
Secure data transfer
[google_news title=”” keyword=”secure data transfer” num_posts=”5″ blurb_length=”0″ show_thumb=”left”]
Go deeper with Bing News on:
- Digital car keys raise security concerns
Mobile phone-based automotive digital keys are the future of the software-defined car. However, cybersecurity experts are still determining if digital keys are as secure as the industry claims.
- Avira Prime Review 2023: The Ultimate Antivirus Software For All Devices
Explore the comprehensive 2023 review of Avira Prime, the ultimate antivirus software that provides optimal protection for all your devices.
- 1Password passkeys beta is here: Everything you need to know
These passkeys are unique for each service, and they’re unhackable. The problem is that apps and services still use passwords while also starting to support passkeys. That’s why you still need a ...
- Eufy home security review: Smart systems and packages compared
Independent Advisor's experts have spent hours researching and reviewing Eufy’s home security packages – here’s what they thought ...
- What Is the Most Secure Operating System?
We run through the security features, mechanisms, and protocols provided by ChromeOS, Linux, macOS, and Windows, as well as iOS and Android.
Go deeper with Google Headlines on:
[google_news title=”” keyword=”unhackable” num_posts=”5″ blurb_length=”0″ show_thumb=”left”]