"Instead, we use use a physical instantiation of one-time-pad encryption to protect information. The process is based on a special single-pixel tomographic transform and the use of a physical secret key for each single-pixel measurement. The physical secret key is simply a thin foil, the composition of which is known only to the weapon owner. "
The thing about a one-time-pad is that it's only secure if you use it "one time". A malicious weapon inspector can make multiple measurements of known objects using the foil to deduce the foil's structure and, if he knows enough about how your system works, use that to deduce specifics of the warheads it's meant to verify.
I suspect this is just a bad analogy and this system would be fairly hard to crack, but their explanation should probably make a point of not comparing the foil to a one-time-pad, or explain why knowing the key doesn't give away protected knowledge.
Yeah, a zero knowledge system would mean that the inspector chooses the composition of the foil, and receives a return signal, that only the inspector may interpret and verify.
Zero knowledge means your peer participates in the authentication without needing you to inform them of your nuclear secrets, and them reading positive communication without needing to tell you a secret.
So the inspector should provide the foil sample, and the foil should be comprised of a publicly known composition, meanwhile they should still control a secret of some kind, and use a combination of the additional retained secret, and the exposed material as their own authoritative means of secretly confirming whether they can prove that know the difference between an authentic positive or negative result.
This way, the weapons producer cannot forge an arbitrarily desired result, by providing both the means of measurement, and the measured object.
The inspector must decide the degree of proof. The manufacturer must submit to a reasonable revelation of partial details.
This concept merely has the manufacturer stating that the foil signature is valid, because the foil signature is valid.
It's a fascinating application of crypto and physics, but there's a major problem with putting this into practice: How do you verify that the opponent has put this detector (I'll call it a "NuRF hat") on all of their nukes? As part of a treaty, both sides might apply the Nurf hat to only the number of nukes they are believed to have, but holding some back.
And if the opponent removes the Nurf Hat--claiming they decommissioned the nuke--how would you know it's true?
I believe the idea is that this is supposed to be used when decommissioning as part of a disarmament treaty, i.e. both parties witness the warhead being destroyed, but how do you know it's an actual warhead rather than a dummy that is being destroyed.
This is correct. The objective is to verify that the weapon you're seen being dismantled is indeed a real warhead and not a fake one. It should be noted that a fake one could include some random nuclear material and still would be a fake so you can't just measure radioactivity.
Very possible I've misunderstood to process, but given the hash is produced via the reuse of the secret key and that the crypto uses a one-time pad - why is it not possible to crack the secret key?
EDIT: For an explanation of how this might be done, see:
Yep, I took Boaz's crypto seminar, so I was looking for how this was different from his work. I couldn't find the full text of the article (maybe it isn't fully published yet), but the supplemental information mention that one of the primary distinguishing factors is that this is not based on neutron scattering which apparently makes distinguishing between weapons-grade and depleted material easier.
The thing about a one-time-pad is that it's only secure if you use it "one time". A malicious weapon inspector can make multiple measurements of known objects using the foil to deduce the foil's structure and, if he knows enough about how your system works, use that to deduce specifics of the warheads it's meant to verify.
I suspect this is just a bad analogy and this system would be fairly hard to crack, but their explanation should probably make a point of not comparing the foil to a one-time-pad, or explain why knowing the key doesn't give away protected knowledge.