Elimination of a Second-Law-attack, and all cable-resistance-based attacks, in the Kirchhoff-law-Johnson-noise (KLJN) secure key exchange system

We introduce the so far most efficient attack against the Kirchhoff-law-Johnson-noise (KLJN) secure key exchange system. This attack utilizes the lack of exact thermal equilibrium in practical applications and is based on cable resistance losses and the fact that the Second Law of Thermodynamics cannot provide full security when such losses are present. The new attack does not challenge the unconditional security of the KLJN scheme, but it puts more stringent demands on the security/privacy enhancing protocol than for any earlier attack. In this paper we present a simple defense protocol to fully eliminate this new attack by increasing the noise-temperature at the side of the smaller resistance value over the noise-temperature at the at the side with the greater resistance. It is shown that this simple protocol totally removes Eve's information not only for the new attack but also for the old Bergou-Scheuer-Yariv attack. The presently most efficient attacks against the KLJN scheme are thereby completely nullified.

physical competitor to a quantum key distribution for secure communication. For the duration of a single bit exchange, the communicating parties (Alice and Bob) connect their randomly chosen resistor and corresponding noise-voltage generator to a wire line (cable). These resistors are randomly selected from the publicly known set R L , R H { }, R L ≠ R H , where the elements represent low (L) and high (H) bit values. The Gaussian voltage noise generators-mimicking the Fluctuation-Dissipation Theorem and delivering band-limited white noise with publicly agreed bandwidth-produce enhanced thermal (Johnson) noise at a publicly agreed effective temperature T eff , typically being T eff ≥ 10 9 K [3], so the temperature of the wire can be neglected. The noises are statistically independent of each other and from the noise of the former bit period.
In the case of secure bit exchange-i.e., the LH or HL bit situations for Alice and Bob-an eavesdropper (Eve) cannot distinguish between these two situations by measuring the mean-square value of the voltage U c (t) and/or current I c (t) in the cable, because both arrangements lead to the same result. In the rest of the paper we assume that one of these secure bit exchange situations (either LH or HL) apply.

Figure 1.
Schematic of the Kirchhoff-law-Johnson-noise secure key exchange system. To defend against active and hacking attacks, the cable parameters and integrity are randomly monitored; the instantaneous voltage U c (t) and current I c (t) amplitudes in the cable are measured and compared via public authenticated data exchange; and full spectral and statistical analysis/checking is carried out by Alice and Bob. R, t and T eff denote resistance, time and effective temperature, respectively. Line filters, etc., are not shown.
To avoid potential information leak by variations in the shape of a probability distribution, the noises are Gaussian [1], and it has been proven that other distributions are not secure [4,5]. From a physics perspective, the security is provided by the Second Law of Thermodynamics because directional information, due to the direction of power flow, does not exist since the mean power flow is zero even though the LH and HL situations have asymmetric resistance arrangements [1]. In other words, the security of the ideal KLJN scheme against passive (non-invasive listening/measuring) attacks is as strong as the impossibility to build a perpetual motion machine of the second kind. The security against active (invasive) attacks is-perhaps surprisingly-provided by the robustness of classical physical quantities, which guarantees that these quantities can be monitored (and their integrity with the cable parameters and model can be checked) continuously without destroying their values. We observe, in passing, that the situation is totally different for the case of quantum physics.
The most famous and explored, and so far the most effective, attack against the non-ideal KLJN scheme is the Bergou-Scheuer-Yariv (BSY) cable resistance attack [6,7] which utilizes the fact that, due to the non-zero cable resistance, the mean-square voltage will be slightly less at the cable end with the smaller resistance value than at the other end with the greater resistance. It should be noted that the results (including their physical units) are wrong in Ref. [7], but a correct evaluation of the BSY effect was carried out later by Kish and Scheuer (KS) [8]. Eve's measured absolute difference between the mean-square voltages U cH 2 (t) and U cL 2 (t) of the "H" and "L" ends (cf. Figure 2) is given by [8] where k is Boltzmann's constant, Δf is noise bandwidth and R c is cable resistance. Clearly Δ KS scales with the square of the cable resistance, i.e., Δ KS ∝ R c 2 . During the Second-Law-attack, the powers flowing out from the "H" and "L" ends of the cable are calculated and compared. The temperature of the cable resistor R c can be neglected because of the high noise temperature of the generators. The notation is consistent with that in Figure 1.

The Second-Law-attack
In the rest of the paper we use the rules about transformations of noise spectra in linear systems, along with Johnson's formula for thermal noise, and write [1] Here U R 2 (t) denotes mean-square voltage fluctuations on the resistor, with resistance R, within the bandwidth Δf .
The cable resistance has a non-zero value, and therefore the resistors and their noise generators are not in thermal equilibrium in practical versions of the KLJN system (with T eff much greater than the cable temperature). Consequently the Second Law of Thermodynamics cannot provide full security. The cable-heating powers by the generators at the "H" and "L" ends are different and are given by and The difference between P Hc and P Lc can be utilized for the Second-Law-attack, because the resistor values R H and R L are publicly known. The implementation of this attack is to measure and compare the net power flows at the two ends of the cable, as illustrated in Figure 2. The mean power flow P HL from the "H" end toward the "L" end of the cable, and the mean power flow P LH from the "L" end toward the "H" end are, respectively, and The power flows P HL and P LH are directly measurable by Eve, and their difference, gives the difference between the powers supplied by the two cable ends; with the measured cable voltages and current (see Figure 2) it is It should be observed that the opposite current sign at the "L" end expresses the fact that the current flowing out from the "H" end is flowing into the "L" end (using the same current sign would instead provide the power dissipated in the cable resistance, which is always positive and gives no directional information).
Suppose now that Eve measures the above current-voltage cross-correlations at the two ends and evaluates the pertinent quantities. With the notation introduced in Figure 3, one finds that As an example, suppose that R H has the greater resistance value and R L the smaller one, i.e., R L < R H . In the ideal case, when R c = 0 , one obtains ΔP AB = 0 in accordance with the Second Law of Thermodynamics, which yields U c (t)I c (t) = 0 . However, in the practical case, with R c > 0 , one finds (i) if ΔP AB > 0 , then Alice has R H and Bob has R L , (ii) if ΔP AB < 0 , then Alice has R L and Bob has R H .

Figure 3.
Eve's measurements during the Second-Law-attack. The powers flowing out from the two ends of the cable are measured and compared. The notation is consistent with that in Figure 1.
The signal inherent in the Second-Law-attack scales linearly with R c , which provides a much better situation for Eve-especially in the case of vanishing cable resistance-than the square-law scaling of the BSY attack. Moreover, it is also obvious that in a practical case [3,9,10], where R c << R L << R H , Eve's signal-to-noise ratio is always greater in the Second-Law-attack than in the BSY attack. This is so because the BSY attack evaluates the dc fraction of ≈ R c 2 / R L R H ( ) in the measured (empirical) mean-square channel noise voltage, while the Second-Law-attack evaluates the dc fraction of R c / R H in the measured mean power flow. It should be noted that the measured mean-square channel noise voltage, and the measured mean power flow, follow similar statistics because they are the time average of the products of Gaussian processes [11].
The Second-Law-attack is an elegant and efficient one, but it does not challenge the unconditional security of the KLJN scheme [2]. Eve's probability p of successful guessing can arbitrarily approach the limit p = 0.5 by proper tuning of the parameters inherent in the KLJN scheme, such as resistances and bandwidth, and privacy amplification can be implemented if needed; this was evaluated in detail elsewhere [2], where relationships were reported between security level, cable parameters and communication speed. Nevertheless the new Second-Law-attack is important and may significantly increase the demands on parameter tuning and/or necessitate elaborate privacy amplification [12], which of course come at a cost.
In the rest of this paper we demonstrate two methods capable of fully eliminating the Second-Law attack. The advanced method nullifies the BSY attack as well.

Natural/"Simple" defense
Suppose it is possible to keep the cable and the resistors at the same temperature. This temperatureequilibration method virtually eliminates any Second-Law-attack information for Eve (but not the information in the BSY-attack, albeit its formula for the information leak is changed).
Temperature equilibration constitutes a very simple defense, but the cable temperature and its possible variations cannot be neglected any longer. If the cable temperature is different from that of the resistors, then the KLJN scheme is vulnerable to the Hao-type attack [13] (see its criticism in [14]). In principle, with cables of homogeneous temperatures, this attack can be avoided if Alice and Bob are able to monitor the temperature value of the cable by resistance and Johnson noise measurements, since they can then choose T eff to be the same as the cable temperature. While these steps can be taken, the KLJN scheme is no longer simple. Moreover, the mentioned defense method may be unpractical because of the requirement of a homogeneous cable temperature, small noise levels, and since it prohibits the adoption of enhanced KLJN methods wherein Alice and Bob eliminate their own contributions in order to accomplish higher speed, security [9,15] and fidelity [16].

Advanced defense, also eliminating all cable resistance attacks
As we have seen, the cable end with the smaller resistance value emits less power toward the other end, and this is the foundation of the Second-Law-attack. This effect, as well as Eve's related signal, can be completely eliminated by properly changing the ratio of the noise-temperatures of the generators for the resistors with the smaller and the greater resistance values (see Figure 4).
Suppose now that we introduce an offset in the noise-temperatures of the generators for the R H and the R L resistors so that the equation holds, where T eff is the noise temperature at the R H resistors and βT eff is the noise temperature of the R L resistors. The solution of equation (10) is This value of β for the temperature-offset consequently eliminates Eve's opportunity to use the Second-Law-attack. One finds β > 1 for R L < R H and β < 1 for R H < R L . Figure 4. Schematic for illustrating the elimination of the Second-Law-attack and the BSY-attack by introduction of a proper temperature offset. The notation is consistent with that in Figure 1.
The remaining, essential question is whether the defense method delineated above introduces a higher signal for Eve's BSY-attack or not. Reevaluating our analysis [8] of the BSY attack with the a temperature offset given by Eq. 11, one obtains where α = R L R H . By substituting the above value for β , the nominator becomes zero so that Hence a modification of the noise temperature of the generators supplying the noise of the R L resistors by the factor β yields a complete elimination the strongest attacks against the KLJN key exchange scheme, namely the Second-Law-attack and the BSY-attack [6][7][8].

Conclusions
We introduced the so far most efficient attack against the Kirchhoff-law-Johnson-noise (KLJN) secure key exchanger, i.e., the Second-Law-attack. This attack utilizes the lack of exact thermal equilibrium in practical applications involving cables with non-zero resistance and results in more advantageous scaling and signal-to-noise ratio for Eve.
Late-note: It has come to our attention that Gunn-Allison-Abbott [17] has published a paper about a new type of attack against the KLJN system, where the attack produces signal for Eve only at non-zero wire resistance. Based on our manuscript on arxiv, they tested the defense method described above in section 2.3 and found it working even in their system. We agree with this statement of their paper. Note, we extensively analyzed and criticized all their other claims of their preprint in two separate papers or ours [18,19]. Furthermore, they note that the "measurement" of α may be not obvious [17] from a security point of view. This is a misunderstanding by them [17] because the value of α is a public knowledge in the KLJN protocol [1][2][3].