[Cryptography] OTP USB TLA

Steven M. Bellovin smb at cs.columbia.edu
Mon Sep 22 18:15:54 EDT 2025 

I think that there are real-world protocols that do that. Or see §5 of 
https://www.cs.columbia.edu/~smb/papers/netmeas.pdf from 1992.

On 22 Sep 2025, at 17:54, Sampo Syreeni wrote:

> On 2025-09-09, John Gilmore wrote: > I had an idea a few years ago 
> that with the ubiquity of high bandwidth > USB interfaces and large 
> flash chips, someone could build a small USB > device that would cache 
> paired True random numbers
>
> ZjQcmQRYFpfptBannerStart
>
> This Message Is From an External Sender
>
> This message came from outside your organization.
>
>
>
> ZjQcmQRYFpfptBannerEnd
>
> On 2025-09-09, John Gilmore wrote:
>
>> I had an idea a few years ago that with the ubiquity of high 
>> bandwidth
>> USB interfaces and large flash chips, someone could build a small USB
>> device that would cache paired True random numbers when physically
>> plugged into a second such device.
>
> My recent idea is perhaps even funkier: why not time at the nanosecond
> level how non-contact chips communicate with each other, and build a
> purposely chatty privacy amplification protocol between them, relying 
> on
> the upper bound on propagation guaranteed by relativity? So that 
> Charlie
> can't *possibly* interlope/intervene from more than say 1ns==30cm away
> from Alice and Bob, in a challenge/response-protocol? He'd *surely* be
> hashed out by any stochastic tree walking protocol or such, right?
>
> It'd think something like this isn't just an idea. It's implementable
> with current hardware and even the attendant code. Plus it's further
> developable on any channel between Alice and Bob, where we know the
> minimum physical propagation latency between them.
>
> You could probably do something like this over the 4G Finnish mobile
> network I'm using right now. Because it already by necessity meaasures
> OFDM slot timing, and then at an even lower level necessarily tracks
> carrier phase. I'm reasonably sure that if even some of that data goes
> through my local node and truly back, I could build a protocol for
> shared key formation over that in...decent...time.
>
> Information theoretical analysis gives you lots of bright ideas. 
> However
> it's not the most useful kind of analysis, because it's central idea,
> entropy/information is a non-dimensional quantity in the end. It 
> doesn't
> and cannot really guide you further. It just is and stands there 
> staring
> at you, with its value from the start being arbitrary as well.
> --
> Sampo Syreeni, aka decoy - decoy at iki.fi, 
> https://urldefense.com/v3/__http://decoy.iki.fi/front__;!!BDUfV1Et5lrpZQ!TJ43iWZBTYE47ZQmxEAlcvqdHMQMj3Jm7E9Rkiz322uXOsDkz5voBf5eqPIFhRTkgvcJlUfmQi9Qy8k$ 
> +358-40-3648785, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2



         --Steve Bellovin, https://www.cs.columbia.edu/~smb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20250922/37e69f62/attachment.htm>

More information about the cryptography mailing list