Cable Capacitance Attack against the KLJN Secure Key Exchange

Abstract

The security of the Kirchhoff-law-Johnson-(like)-noise (KLJN) key exchange system is based on the fluctuation-dissipation theorem of classical statistical physics. Similarly to quantum key distribution, in practical situations, due to the non-idealities of the building elements, there is a small information leak, which can be mitigated by privacy amplification or other techniques so that unconditional (information-theoretic) security is preserved. In this paper, the industrial cable and circuit simulator LTSPICE is used to validate the information leak due to one of the non-idealities in KLJN, the parasitic (cable) capacitance. Simulation results show that privacy amplification and/or capacitor killer (capacitance compensation) arrangements can effectively eliminate the leak.

1. Introduction

The Kirchhoff-law-Johnson-(like)-noise (KLJN) key exchange system [1,2,3,4] was first introduced in 2005. Earlier, it was claimed that only quantum key distribution (QKD) [5] could offer unconditional (that is, information-theoretic) security. In due course, QKD’s fundamental security claims have been debated by experts in the field [6,7,8,9,10,11,12]. Furthermore, its practical realizations, including all commercial quantum communicators, have been fully cracked by hacking, that is, by utilizing non-ideal features of the hardware components [13,14,15,16,17,18,19,20,21,22,23,24,25,26]. While counter-measures were later proposed to overcome these attacks, when the idea of a new attack is unknown by the communicating parties and no counter-measures have been implemented yet, the eavesdropper can fully utilize such an attack [27,28,29,30].

Naturally, there have also been efforts to challenge KLJN’s security [31,32,33,34,35,36,37,38,39,40,41,42,43]. Studies have consistently shown that both the ideal and the practical KLJN versions remain unconditionally secure [4,34,35,36,37,38,39,40,41,42,43] despite facing various attacks and related information leaks associated with the non-idealities of components in the system. The impacts of the attacks against practical KLJN systems have been weak. With proper protocols, the eavesdropper’s (Eve’s) probability of successful guessing of a bit can always be reduced to a value that is sufficiently close to 0.5 [3,34,35,36,37,38] to preserve unconditional security [4].

We will show that one of the most effective attacks against the practical KLJN system is the cable capacitance attack. It was first mentioned in 2006 [36], but it has never been tested. Subsequently, in 2008, a solution was suggested to eliminate this attack by adding a capacitor killer (capacitance compensation) arrangement [39].

In this paper, we use the industrial cable and circuit simulator LTSPICE by Linear Technology to simulate practical realizations of the KLJN system and to evaluate the cable capacitance attack. Solutions to mitigate this attack, such as the capacitor killer arrangement [39] and privacy amplification [44], are also tested.

2. The KLJN Secure Key Exchange System

2.1. The KLJN Protocol

The KLJN secure key exchange system [1,2,3,4,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60] is based on Kirchhoff’s Loop Law and the Fluctuation-Dissipation Theorem. The core KLJN system is illustrated in Figure 1 [2]. It consists of a cable as an information channel, switches, and two identical pairs of resistors, $R_{\mathrm{L}}$ and $R_{\mathrm{H}}$, ($R_{\mathrm{L}}\ne R_{\mathrm{H}}$), where $R_{\mathrm{L}}$ represents the low key bit (0) and $R_{\mathrm{H}}$ represents the high key bit (1).

Figure 1. The core of the KLJN secure key exchange system [2]. The resistor values are $R_{\mathrm{L}}$ and $R_{\mathrm{H}}$. The thermal noise voltages, $U_{\mathrm{L}}\left(t\right)$ and $U_{\mathrm{H}}\left(t\right)$, are generated at an effective temperature $T_{\mathrm{eff}}$ (typically $T_{\mathrm{eff}}\ge {10}^{14}\text{K}$) [40]. The channel noise voltage and current are $U_{\mathrm{ch}}\left(t\right)$ and $I_{\mathrm{ch}}\left(t\right)$, respectively.

Figure 1. The core of the KLJN secure key exchange system [2]. The resistor values are $R_{\mathrm{L}}$ and $R_{\mathrm{H}}$. The thermal noise voltages, $U_{\mathrm{L}}\left(t\right)$ and $U_{\mathrm{H}}\left(t\right)$, are generated at an effective temperature $T_{\mathrm{eff}}$ (typically $T_{\mathrm{eff}}\ge {10}^{14}\text{K}$) [40]. The channel noise voltage and current are $U_{\mathrm{ch}}\left(t\right)$ and $I_{\mathrm{ch}}\left(t\right)$, respectively.

At the beginning of each bit exchange period (BEP), Alice and Bob randomly select $R_{\mathrm{L}}$ or $R_{\mathrm{H}}$ and connect the corresponding resistor to the cable. The Gaussian voltage noise generators in the figure represent either the Johnson noise sources of the resistors or external voltage noise generators emulating Johnson noise (filters are not shown). The noise is band-limited white noise with publicly agreed common bandwidth $B_{\mathrm{noise}}$ and a publicly agreed common noise-temperature $T_{\mathrm{eff}}$ [40]. The noises are statistically independent from each other and from the noise samples in the previous BEP [4]. Note that there are many advanced KLJN versions [41,42,56,60] with a greater number of resistor values, some with different temperatures [56,60].

Within each BEP, Alice and Bob measure the mean-square channel noise voltage $\langle U_{\mathrm{ch}}^2\left(t\right)\rangle$ and/or the channel noise currents $\langle I_{\mathrm{ch}}^2\left(t\right)\rangle$ in the cable. The BEP has to be properly chosen to provide sufficient time for good statistics on the mean-square noise voltages and currents but not enough time for Eve to effectively utilize possible information leaks due to hardware non-idealities. According to Johnson’s noise formula:

$$\langle U_{\mathrm{ch}}^2\left(t\right)\rangle =4k{T}_{\mathrm{eff}}\frac{R_{\mathrm{A}}{R}_{\mathrm{B}}}{R_{\mathrm{A}}+R_{\mathrm{B}}}{B}_{\mathrm{noise}}$$

(1)

$$\langle I_{\mathrm{ch}}^2\left(t\right)\rangle =4k{T}_{\mathrm{eff}}\frac{1}{R_{\mathrm{A}}+R_{\mathrm{B}}}{B}_{\mathrm{noise}}$$

(2)

where $k$ is the Boltzmann’s constant $1.38\times {10}^{-23}\hspace{0.17em}\text{J}/\text{K}$), $R_{\mathrm{A}}$ and $R_{\mathrm{B}}$ are the actual resistance values selected by Alice and Bob, respectively.

Based on Equation (1) or (2), by measuring $\langle U_{\mathrm{ch}}^2\left(t\right)\rangle$ and/or $\langle I_{\mathrm{ch}}^2\left(t\right)\rangle$, and by knowing their own resistance value, Alice and Bob can determine [2] the resistor value at the other end and hence they can learn the bit value (0 or 1) there.

With the cable being public, an eavesdropper (Eve) can also measure the channel noise voltages and currents. If Alice and Bob use the same resistance values, so the arrangement is $R_{\mathrm{L}}{R}_{\mathrm{L}}$ or $R_{\mathrm{H}}{R}_{\mathrm{H}}$, the resulting noise levels are singular, (see Equations (1) and (2)) thus the exchanged bit is non-secure and is discarded [2]. Conversely, the combinations $R_{\mathrm{L}}{R}_{\mathrm{H}}$ and $R_{\mathrm{H}}{R}_{\mathrm{L}}$ are degenerated because they produce the same noise levels. Thus the bit exchange is secure because Eve cannot differentiate between the two bit alternatives. From the noise levels (see Equations (1) and (2)) Eve knows that Alice and Bob have exchanged a secure bit, but she does not know the location of $R_{\mathrm{L}}$ and $R_{\mathrm{H}}$.

In reality, the cable is non-ideal. Thus Eve can exploit the non-idealities of the cable, such as parasitic resistance, parasitic inductance and parasitic capacitance, to attack the KLJN system.

2.2. Cable Capacitance Attack

In this paper, we assume coaxial cables because, in this case, the cable capacitance attack [36] can effectively be eliminated without the usage of privacy amplification. However, the attack works with any cable. Coaxial cables include two conductors: the inner wire, which is used as the KLJN channel, and the outer shield, which is grounded (for the ground, see also Figure 1). There is a non-zero capacitance between these two conductors that leads to capacitive currents. Part of the channel noise current is diverted by the parasitic capacitance, which causes a greater current at the end of the lower resistance. This gives Eve a chance to guess the value of the resistors with probability of success greater than 0.5.

Figure 2 shows the distributed elements model of coaxial cables. According to Kirchhoff’s current law, at position $x$, the channel noise current $I_{\mathrm{x}}\left(t\right)$ is the sum of the capacitive current $I_{c,x}\left(t\right)$ through the parasitic capacitor element $C_{\mathrm{x}}$, and the channel noise current $I_{x+1}\left(t\right)$. This is written as

$$I_{\mathrm{x}}\left(t\right)=I_{c,x}\left(t\right)+I_{x+1}\left(t\right)$$

(3)

The capacitive current $I_{\mathrm{c,x}}\left(t\right)$ is proportional to the time derivative of the channel noise voltage $U_{\mathrm{x}}\left(t\right)$ and it is given by

$$I_{c,x}\left(t\right)=C_{\mathrm{x}}\cdot \frac{d{U}_{\mathrm{x}}\left(t\right)}{dt}$$

(4)

We define the cross-correlation $\text{ρ}(x)$ [34] at position $x$ as the product of the channel noise current and the time derivative of the channel noise voltage:

$$\text{ρ}\left(x\right)={\langle I_{\mathrm{x}}\left(t\right)\cdot \frac{d{U}_{\mathrm{x}}\left(t\right)}{dt}\rangle }_{\text{τ}}$$

(5)

where ${\langle \rangle }_{\text{τ}}$ means finite time ($\text{τ}$) average. The location-dependence of $\text{ρ}(x)$ represents information leak [34].

Figure 2. Cable model and cable capacitive currents.

Figure 2. Cable model and cable capacitive currents.

3. Realization of the Attack

The cable and a circuit simulator LTSPICE by Linear Technology was used to emulate the practical KLJN system with the RG58 coaxial cable from its library. Throughout the simulations, we assumed that Alice selected $R_{\mathrm{L}}$ = 1 kohm and Bob $R_{\mathrm{H}}$ = 9 kohm; see Figure 3.

Figure 3. The simulated KLJN system with capacitive current $I_c$. The generator voltages $U_{\mathrm{th,L}}$ and $U_{\mathrm{th,H}}$ are the Johnson noise voltages of $R_{\mathrm{L}}$ and $R_{\mathrm{H}}$, respectively.

Figure 3. The simulated KLJN system with capacitive current $I_c$. The generator voltages $U_{\mathrm{th,L}}$ and $U_{\mathrm{th,H}}$ are the Johnson noise voltages of $R_{\mathrm{L}}$ and $R_{\mathrm{H}}$, respectively.

3.1. Generating the Noise

For the simulations, we generated Gaussian band-limited white noises. According to Johnson’s noise formula, the required rms noise voltage $U_{\mathrm{th}}$ is

$$U_{\mathrm{th}}=\sqrt{4k{T}_{\mathrm{eff}}R{B}_{\mathrm{noise}}}$$

(6)

As the mean value is zero, the rms noise voltages are the same as their standard deviations (denoted as ${\sigma }_{\mathrm{L}}$ and ${\sigma }_{\mathrm{H}}$ for $U_{\mathrm{th,L}}$ and $U_{\mathrm{th,H}}$, respectively). Thus

$$U_{\mathrm{th,L}}/U_{\mathrm{th,H}}={\sigma }_{\mathrm{L}}/{\sigma }_{\mathrm{H}}=\sqrt{R_{\mathrm{L}}/R_{\mathrm{H}}}$$

(7)

where $\sqrt{R_{\mathrm{L}}/R_{\mathrm{H}}}=\sqrt{1/9}$, thus ${\sigma }_{\mathrm{L}}/{\sigma }_{\mathrm{H}}=1/3$. For the simulations, the rms thermal noise voltages of $R_{\mathrm{L}}$ and $R_{\mathrm{H}}$ were chosen as 1 V and 3 V, respectively, corresponding to $T_{\text{eff}}\approx 7\times {\text{10}}^{16}\text{ K}$.

Figure 4a shows the probability density function (histogram) of the noise voltage of $R_{\mathrm{L}}$. In Figure 4b the cumulative distribution as normal probability plot can be seen where a straight line indicates exact normal distribution.

Figure 4. Statistics of the Johnson noise voltage of $R_{\mathrm{L}}$ with ${10}^6$ samples. (a) Probability density function (histogram); (b) Cumulative distribution as normal probability plot.

Figure 4. Statistics of the Johnson noise voltage of $R_{\mathrm{L}}$ with ${10}^6$ samples. (a) Probability density function (histogram); (b) Cumulative distribution as normal probability plot.

3.2. Comparing the Lumped and Distributed Element Models at Different Wavelengths

First, for enhanced computational speed, we explored the possibility of using a lumped element cable model for the simulations because the continuum model simulations are at least 1000 times slower. Our data below proves that lumped elements can be used for high-accuracy simulations at the operational conditions of KLJN.

The quasi-static condition is required for the security of the KLJN system [2,34]. That means

$$L_{\mathrm{ch}}\ll \lambda =c/B_{\mathrm{noise}} \mathrm{or} \gamma =\lambda /L_{\mathrm{ch}}\gg 1$$

(8)

where $L_{\mathrm{ch}}$ is the cable length, $\text{λ}$ is the shortest wavelength at the highest frequency component of the noise bandwidth $B_{\mathrm{noise}}$, $c$ is the propagation velocity in the cable, and $\text{γ}$ is the ratio of the wavelength to the cable length. It has been assumed that $\text{γ}$ must be at least around 10 to fulfill the KLJN conditions [34,49,50,57,58] (i.e., approximate quasi-static electrodynamics; see [49,50] concernig the proof that there are no waves in this limit).

Figure 5a,b shows the simple lumped element model and the distributed model of the RG58 coaxial cable. Based on the specific inductance and capacitance, the propagation velocity $c$ in the RG58 coaxial cable is $2\times {10}^8$ m/s. Three simulations were run to compare the resultant voltage waveforms at Alice’s side, at three different noise bandwidths $B_{\mathrm{noise}}$ (250 kHz, 25 kHz, 0.25 kHz) on these 2 models. The cable length was set at 1000 m, and based on Equation (8), the three corresponding wavelengths $(\text{λ})$ were 800 m, 8 km, and 800 km, while the corresponding $\text{γ}$ ratios were 0.8, 8 and 800. Other parameters such as the component values of the models used in the simulations are also shown in Figure 5.

Figure 5. The RG58 coaxial cable models (1000 m length) with $R_{\mathrm{L}}$ (1 kohm) and $R_{\mathrm{H}}$ (9 kohm). The lumped element model: component values $R_{\mathrm{S}}=10.5\hspace{0.17em}\mathrm{ohm}$, $L_{\mathrm{S}}=125\hspace{0.17em}\mathrm{\mu H}$, $C_{\mathrm{P}}=100\hspace{0.17em}\mathrm{nF}$. The distributed model had the following parameters: $R=0.021\hspace{0.17em}\mathrm{ohm}/\mathrm{meter}$, $L=250\hspace{0.17em}\mathrm{nH}/\mathrm{meter}$, $C=100\hspace{0.17em}\mathrm{pF}/\mathrm{meter}$. The characteristic impedance of the cable is 50 ohms.

Figure 5. The RG58 coaxial cable models (1000 m length) with $R_{\mathrm{L}}$ (1 kohm) and $R_{\mathrm{H}}$ (9 kohm). The lumped element model: component values $R_{\mathrm{S}}=10.5\hspace{0.17em}\mathrm{ohm}$, $L_{\mathrm{S}}=125\hspace{0.17em}\mathrm{\mu H}$, $C_{\mathrm{P}}=100\hspace{0.17em}\mathrm{nF}$. The distributed model had the following parameters: $R=0.021\hspace{0.17em}\mathrm{ohm}/\mathrm{meter}$, $L=250\hspace{0.17em}\mathrm{nH}/\mathrm{meter}$, $C=100\hspace{0.17em}\mathrm{pF}/\mathrm{meter}$. The characteristic impedance of the cable is 50 ohms.

Figure 6 shows the simulation results, where $U_{\mathrm{cha,lump}}$ and $U_{\mathrm{cha,dist}}$ are the voltage time functions of the lumped and distributed element models, respectively. In Figure 6a, the two waveforms are significantly different for the shortest wavelength with $\text{γ}=0.8$. In such a case, the waves can only be simulated with the distributed model. However, this situation is irrelevant for the operation of KLJN, as mentioned above.

Figure 6. The voltage waveforms at Alice’s side, $U_{\mathrm{cha,lump}}$ and $U_{\mathrm{cha,dist}}$, for the lumped and distributed element models, respectively, for a 1000 m cable, at (a) $\text{γ}$ = 0.8; (b) $\text{γ}$ = 8; (c) $\text{γ}$ = 800.

Figure 6. The voltage waveforms at Alice’s side, $U_{\mathrm{cha,lump}}$ and $U_{\mathrm{cha,dist}}$, for the lumped and distributed element models, respectively, for a 1000 m cable, at (a) $\text{γ}$ = 0.8; (b) $\text{γ}$ = 8; (c) $\text{γ}$ = 800.

In Figure 6b, with $\text{γ}$ = 8, the two waveforms are very similar whereas in Figure 6c, at $\text{γ}=800$, the two waveforms are indistinguishable. Thus we can conclude that for situations $\text{γ}$ $\ge$ 8, the lumped element simulations are satisfactory. Both cases are fine for the KLJN operation and we will use the $\text{γ}\ge 800$ condition in the rest of the paper.

For our resistor values $R_{\mathrm{L}}$ = 1 kohm and $R_{\mathrm{H}}$ = 9 kohm, the cut-off frequency by the cable capacitance is 1.76 kHz and 17.6 kHz for a 1000 and a 100 m cable, respectively. To avoid having the cable capacitance truncate the effective bandwidth of the noise, we used noise bandwidth $B_{\mathrm{noise}}=0.25\text{ kHz}$ for the noise generators $\text{γ}=800$ at 1000 m and $\text{γ}=8000$ at 100 m).

3.3. The Attack Protocol

In this section, we discuss the information leak caused by the cable capacitance and evaluate Eve’s success probability in terms of guessing the key bits. The fixed bit arrangement is used between Alice and Bob.

During the exchange of the i-th bit, Eve measures the cross-correlations:

$${\text{ρ}}_{\mathrm{ia}}={\langle I_{\mathrm{cha}}\left(t\right)\cdot \frac{d{U}_{\mathrm{cha}}\left(t\right)}{dt}\rangle }_{\text{τ}}$$

(9)

$${\text{ρ}}_{\mathrm{ib}}={\langle I_{\mathrm{chb}}\left(t\right)\cdot \frac{d{U}_{\mathrm{chb}}\left(t\right)}{dt}\rangle }_{\text{τ}}$$

(10)

where $U_{\mathrm{cha}}\left(t\right)$, $I_{\mathrm{cha}}\left(t\right)$, $U_{\mathrm{chb}}\left(t\right)$ and $I_{\mathrm{chb}}\left(t\right)$ are the channel voltages and currents at Alice’s and Bob’s ends, respectively, see Figure 7. The time average ${\langle \rangle }_{\text{τ}}$ is taken over the bit exchange period $\text{τ}$. Eve calculates ${\text{ρ}}_{\mathrm{i}}={\text{ρ}}_{\mathrm{ia}}-{\text{ρ}}_{\mathrm{ib}}$ $(i=1,\mathrm{\dots },N)$ and decides as follows:

$$\begin{array}{l}\text{If }{\text{ρ}}_i>0\text{ then }{q}_{\mathrm{i}}=1\hspace{0.17em}\hspace{0.17em}(Eve\hspace{0.17em}guessed\hspace{0.17em}the\hspace{0.17em}bit\hspace{0.17em}correctly)\hspace{0.17em}\hspace{0.17em}\\ \text{If }{\text{ρ}}_{\mathrm{i}}<0\text{ then }{q}_{\mathrm{i}}=0\hspace{0.17em}\hspace{0.17em}(Eve\hspace{0.17em}guessed\hspace{0.17em}the\hspace{0.17em}bit\hspace{0.17em}wrongly)\end{array}$$

(11)

When N approaches infinity, the probability of Eve’s successful guessing of the bits is equal to the expected value of $q$ and

$${\langle q_{\mathrm{i}}\rangle }_{\text{N}}\hspace{0.17em}=\hspace{0.17em}{p}_{\mathrm{E}}=0.5+\text{ε},\mathrm{where}0\le \text{ε}<0.5$$

(12)

where non-zero $\text{ε}$ represents an information leak. When $\text{ε}=0$, the KLJN key exchange system is perfectly secure. We found that the higher the difference between the resistances, the higher the bandwidth, or the higher the parasitic capacitance (the longer the cable), the greater the leak.

Figure 7. The simulated model with LH bit arrangement ($R_{\mathrm{L}}$ = 1 kohm and $R_{\mathrm{H}}$ = 9 kohm). $U_{\mathrm{cha}}\left(t\right)$, $I_{\mathrm{cha}}\left(t\right)$, $U_{\mathrm{chb}}\left(t\right)$ and $I_{\mathrm{chb}}\left(t\right)$ are the voltages and currents at Alice’s and Bob’s ends, respectively.

Figure 7. The simulated model with LH bit arrangement ($R_{\mathrm{L}}$ = 1 kohm and $R_{\mathrm{H}}$ = 9 kohm). $U_{\mathrm{cha}}\left(t\right)$, $I_{\mathrm{cha}}\left(t\right)$, $U_{\mathrm{chb}}\left(t\right)$ and $I_{\mathrm{chb}}\left(t\right)$ are the voltages and currents at Alice’s and Bob’s ends, respectively.

3.4. Simulation Results of the Cable Capacitance Attack

We simulated 6 different attack scenarios with these parameters: $R_{\mathrm{L}}$ = 1 kohm, $R_{\mathrm{H}}$ = 9 kohm, noise bandwidth $B_{\mathrm{noise}}$ = 0.25 kHz, sampling period $t_{\mathrm{s}}$ = 1 msec; for 3 different single-bit exchange durations (measured by the unit of the autocorrelation time of the noise), 20, 50, and 100; at 2 different cable lengths, 100 and 1000 m. At each scenario, the key was 1000 bits long.

The simulation results are shown in Table 1. At bit exchange duration = 20 (50 bits per second), with a 100 m cable, Eve’s success rate was 50.9%. However, when the cable length was increased to 1000 m with the other parameters unchanged, Eve’s success rate increased to 62.2%.

Table 1. Attack simulation results—Eve’s success rate p_E (%) with 1000 bits key length.

Bit Exchange Duration	Bits Per Second	100 m Cable	1000 m Cable
20	50	50.9%	62.2%
50	20	52.1%	69.7%
100	10	52.6%	76.9%

Table 1. Attack simulation results—Eve’s success rate p_E (%) with 1000 bits key length.

Bit Exchange Duration	Bits Per Second	100 m Cable	1000 m Cable
20	50	50.9%	62.2%
50	20	52.1%	69.7%
100	10	52.6%	76.9%

When the bit exchange duration was increased to 50 and 100, Eve’s success rate increased accordingly as shown in Table 1. In the most effective attack case, Eve success rate was 76.9%.

4. Defense against the Attack

4.1. Capacitor Killer

The parasitic capacitance of the RG58 coaxial cable can be eliminated by the well-known capacitance compensation technique, called capacitor killer arrangement [39], providing the same voltage on the outer shield of the cable as on the inner wire. This can be done by an ideal voltage follower, see Figure 8. There is no capacitive current from the inner wire to the outer shield, so the attack is nullified.

Figure 8. The KLJN system with the capacitor killer. An ideal voltage follower is driving the outer shield, which is not grounded at this time.

Figure 8. The KLJN system with the capacitor killer. An ideal voltage follower is driving the outer shield, which is not grounded at this time.

We simulated the capacitor killer arrangement in the most effective attack scenario (i.e., when Eve success rate was 76.9%). The simulation results showed that Eve’s success rate was reduced from 76.9% to 50.1%. This indicated that the capacitor killer is very effective in eliminating the leak due to the parasitic capacitance under the practical cable conditions we tested.

4.2. Privacy Amplification

Another method to secure the key exchange and to reduce information leak is by utilizing privacy amplification [44]. Due to the extraordinarily low bit error probability of the KLJN system [51,52,53], privacy amplification (which is basically an error enhancer) can be used to effectively reduce any information leak. The simplest and most secure concept [44] is that Alice and Bob XOR the subsequent pairs of the key bits (i.e., XOR the first and the second bits to get the first bit of the new key, XOR the third and the fourth bits to get the next one, etc.). In this way, the length of the new key will be half of the original one but Eve’s success probability will get closer to 0.5; that is, it moves toward the limit of zero information. We simulated the effect of this technique by utilizing the most effective attack scenario (see Table 1). The simulation results showed that by XOR-ing once, Eve’s success probability was reduced from 76.9% to 64.2%, which was further reduced to 54.4% by XOR-ing a second time to produce a cleaner key with the corresponding significantly higher security and one quarter of its original length.

5. Conclusions

By utilizing the LTSPICE simulator we have validated the cable capacitance attack. Both the capacitor killer method and privacy amplification have been able to eliminate the attack. The unconditional security of a practical KLJN key exchange system [4] has been preserved against this attack, too.

Note that the temperature compensation method [59] based on the non-equilibrium thermodynamical aspects of KLJN to eliminate the information leak in a wire resistance attack does not reduce the efficiency of the cable capacitance attack.

Finally, note that there is a new, advanced protocol, the random-resistor-random-temperature (RRRT) KLJN scheme [60], where all the former attacks become invalid or incomplete, and currently no known attack works against it. This is also true for the cable capacitance attack presented above; it is invalid against the RRRT-KLJN scheme. Further studies will be needed to find ways for all the former attack schemes to successfully extract information from the RRRT-KLJN system [60] at non-ideal conditions where they may leak information.