After reading through the paper[1] it appears that the only security afforded is an ability to detect energy fluctuations caused by a MITM attacker? A public channel is then assumed to exist to allow both parties to broadcast the monitored energy levels to each other for comparison (evidently over a high bandwidth link and with low latency). A further assumption appears to be made that an attacker is unable to perform a MITM attack on the public broadcast link.

I am naturally sceptical of research of this nature that does not mention:

* practical implementation issues such as the required accuracy of clock synchronisation, required A2D converter parameters, required tolerances for electronic components, etc.

* emanation security/side channel considerations (timing analysis, power analysis and filtering, etc)

* prior work and existing equipment in the space of protected cabling: pressurised cable monitoring, time-domain reflectometry, etc.

[1] http://arxiv.org/pdf/1206.2534v2

I didn't read the whole paper and I'm no electrical engineer, but I'm also quite skeptical that this works. I'd probably believe it if current propagated infinitely fast, but obviously it doesn't.

My first attempt to tap into a channel with this system would be to tap into two points at some distance apart, then measure then changes in current at each point. Since the receiving resistor is flipped randomly and the sending resistor is flipped with the data, it seems to me intuitively that all you need to do to crack this is use a bit of basic electromagnetic physics to derive a formula to extract the data from propagation delays of the effective resistance experienced by the circuit measured at two distant points. I could be wrong though.

First of all, this sort of paper pops up fairly frequently and, so far, none have stood up to peer review for long. There's probably an error somewhere in their proof.

Second, long distance communication and scalable networks cannot rely on direct point-to-point links. You can't build everyone a point to point link with each other and individual links, even for classical signals, can only extend for a few hundred kilometers before signal-to-noise drops so far that any known communication protocol breaks down completely. Yes, commercial quantum systems built to date do rely on point-to-point links, but quantum memory and quantum repeater networks (currently enjoying rapid improvement in research) will allow chained entanglement swapping through untrusted nodes, allowing quantum crypto to work in network topologies very similar to the existing internet. The method in the linked paper does not appear to permit this and would have to rely on trusted nodes at best.

In other words, even if it there isn't an error in their proof, they need to show that their technology can be expanded beyond trusted-point-to-trusted-point links in order for it to be of practical use.

If you want truly unbreakable encryption, there's always the one-time pad. In that case, the unbreakability is guaranteed by mathematics, an even stronger guarantee than physics.

Certainly, the one-time pad suffers from the need of each pair of parties to exchange keys beforehand. As far as I can see, the problem is just as bad for quantum crypto or this thermodynamic crypto because you have to arrange a fiber optic cable, a laser line of sight, or a copper wire between each pair who want to communicate.

You can't use quantum crypto or this thermodynamic crypto on the Internet for example. You need to set up unshared exclusive-use connections between each of the parties.

If you're going to the trouble of doing that, you might just as well exchange some terrabyte disks of one-time pad data, and you'll achieve the same (or greater) guarantee of security.

Quantum Cryptography is actually Quantum Key Distribution, an algorithm for securely creating a one-time pad between two peers. The proof that quantum crypto is unconditionally secure is just Shannon's proof.

The benefit of quantum crypto is that you can basically setup or even stream a one-time pad over a public network, without having to trust the middle-man. Another benefit over, say non-linear/chaotic systems is that fibre, line-of-sight wireless and satellite communication already forms the backbone of our network infrastructure.

Now only to solve the single-photon detector hardware issues.

While this is good science and I enjoy hearing about it, it needs to be said that "unbreakable" encryption is a solved problem.

The existing public key plus symmetric key infrastructure, with a sufficiently long key, achieves "unbreakable" encryption for any practical purpose, including communications that are a matter of life & death and national security.

There are many ways to compromise existing crypto through implementation errors, bugs, or bad key management, but the same caveat would apply to quantum crypto or this new thermodynamic crypto.

The main unsolved practical problem in crypto is getting it built into every form of communication to happen automatically and transparently. And that would happen if people demanded it. So the main problem is a social one: getting people to care about privacy and secrecy enough that they demand it.

Alice is essentially sending plaintext and bob is encoding it via the random resistor configurations he chooses. Since the reciever controls the encryption, as dhx pointed out, you could just act as a man in the middle reading signals from alice on one circuit and forwarding them to bob on another, A & B would never be the wiser.

Didn't read the paper yet but it also seems that without having many many resistors the number of signal states would be pretty low (bob's resistor count squared, assuming alice only has 2 resistors, i.e. a digital signal) making it rather trivial to extrapolate the original signal. Would this essentially rule out using this technique for encrypting a digital signal ?

This really reminds me of Diffie-Hellman key exchange. Does anyone with a background in physics know how it might be related (or not)?

Reminds me of SIGSALY from WW2: http://en.wikipedia.org/wiki/SIGSALY