A team from UNIGE has implemented a new way to secure data transfers based on the physical principle of relativity.
The volume of data transferred is constantly increasing, but the absolute security of these exchanges cannot be guaranteed, as shown by cases of hacking frequently reported in the news. To counter hacking, a team from the University of Geneva (UNIGE), Switzerland, has developed a new system based on the concept of “zero-knowledge proofs”, the security of which is based on the physical principle of relativity: information cannot travel faster than the speed of light. Thus, one of the fundamental principles of modern physics allows for secure data transfer.
This system allows users to identify themselves in complete confidentiality without disclosing any personal information, promising applications in the field of cryptocurrencies and blockchain. These results can be read in the journal Nature.
When a person – the so called ‘prover’ – wants to confirm their identity, for example when they want to withdraw money from an ATM, they must provide their personal data to the verifier, in our example the bank, which processes this information (e.g. the identification number and the pin code). As long as only the prover and the verifier know this data, confidentiality is guaranteed. If others get hold of this information, for example by hacking into the bank’s server, security is compromised.
Zero-knowledge proof as a solution
To counter this problem, the prover should ideally be able to confirm their identity, without revealing any information at all about their personal data. But is this even possible? Surprisingly the answer is yes, via the concept of a zero-knowledge proof. “Imagine I want to prove a mathematical theorem to a colleague. If I show them the steps of the proof, they will be convinced, but then have access to all the information and could easily reproduce the proof”, explains Nicolas Brunner, a professor in the Department of Applied Physics at the UNIGE Faculty of Science. “On the contrary, with a zero-knowledge proof, I will be able to convince them that I know the proof, without giving away any information about it, thus preventing any possible data recovery.”
The principle of zero-knowledge proof, invented in the mid-1980s, has been put into practice in recent years, notably for cryptocurrencies. However, these implementations suffer from a weakness, as they are based on a mathematical assumption (that a specific encoding function is difficult to decode). If this assumption is disproved – which cannot be ruled out today – security is compromised because the data would become accessible.
Today, the Geneva team is demonstrating a radically different system in practice: a relativistic zero-knowledge proof. Security is based here on a physics concept, the principle of relativity, rather than on a mathematical hypothesis. The principle of relativity – that information does not travel faster than light – is a pillar of modern physics, unlikely to be ever challenged. The Geneva researchers’ protocol therefore offers perfect security and is guaranteed over the long term.
Dual verification based on a three-colorability problem
Implementing a relativistic zero-knowledge proof involves two distant verifier/prover pairs and a challenging mathematical problem. “We use a three-colorability problem. This type of problem consists of a graph made up of a set of nodes connected or not by links”, explains Hugo Zbinden, professor in the Department of Applied Physics at the UNIGE. Each node is given one out of three possible colours – green, blue or red – and two nodes that are linked together must be of different colours. These three-colouring problems, here featuring 5,000 nodes and 10,000 links, are in practice impossible to solve, as all possibilities must be tried. So why do we need two pairs of checker/prover?
“To confirm their identity, the provers will no longer have to provide a code, but demonstrate to the verifier that they know a way to three-colour a certain graph”, continues Nicolas Brunner. To be sure, the verifiers will randomly choose a large number of pairs of nodes on the graph connected by a link, then ask their respective prover what colour the node is. Since this verification is done almost simultaneously, the provers cannot communicate with each other during the test, and therefore cannot cheat. Thus, if the two colours announced are always different, the verifiers are convinced of the identity of the provers, because they actually know a three-colouring of this graph. “It’s like when the police interrogates two criminals at the same time in separate offices: it’s a matter of checking that their answers match, without allowing them to communicate with each other”, says Hugo Zbinden.
In this case, the questions are almost simultaneous, so the provers cannot communicate with each other, as this information would have to travel faster than light, which is of course impossible. Finally, to prevent the verifiers from reproducing the graph, the two provers constantly change the colour code in a correlated manner: what was green becomes blue, blue becomes red, etc. “In this way, the proof is made and verified, without revealing any information about it”, says the Geneva-based physicist.
A reliable and ultra-fast system
In practice, this verification is carried out more than three million times, all in less than three seconds. “The idea would be to assign a graph to each person or client”, continues Nicolas Brunner. In the Geneva researchers’ experiment, the two prover/verifier pairs are 60 metres apart, to ensure that they cannot communicate. “But this system can already be used, for example, between two branches of a bank and does not require complex or expensive technology”, he says. However, the research team believes that in the very near future this distance can be reduced to one metre. Whenever a data transfer has to be made, this relativistic zero-knowledge proof system would guarantee absolute security of data processing and could not be hacked. “In a few seconds, we would guarantee absolute confidentiality”, concludes Hugo Zbinden.
Original Article: Securing data transfers with relativity
More from: University of Geneva
The Latest on: Secure data transfer
- THE CAC ASSESSMENT COLLECTION – PART 1: What You Should Consider Before Exporting Data from Chinaon December 6, 2022 at 1:55 pm
With the rapid development of the global digital economy, multinational companies (MNCs) have been forced to find legally compliant ways to transfer data across borders. In the past, many MNCs relied ...
- A Transatlantic Data Privacy Framework is Essentialon December 6, 2022 at 9:06 am
Toward that end, it is essential that the United States and Europe bring into force an agreement on data privacy. Disagreement between Brussels and Washington over the protection of data is not new; ...
- How Nebraska’s HIE Is Leveraging Real-Time Data to Improve Maternal, Postpartum Healthon December 5, 2022 at 12:11 pm
The next generation of HIEs must think beyond the transfer of information and explore how they can use real-time health data to improve population health outcomes, according to the CEO of Nebraska's ...
- The Future of Multi-Cloud Securityon December 2, 2022 at 9:39 am
The likelihood of a security incident is not a matter of if it happens, but when. This is especially true for enterprises working in banking, finance, healthcare, and government, who deal with ...
- User Authentication Now a Top Strategy to Secure APIs, Axway IT Industry Survey Revealson December 2, 2022 at 4:08 am
Axway, a provider of API management software, announced new data from its inaugural 2022 Open Everything Strategy Survey Report.
- The Data-Transfer Challenge Stumping Meta, And How Your Global Business Can Overcome Iton December 2, 2022 at 3:15 am
The lack of an agreed data-transfer framework highlights the need for businesses of all sizes to consider their own data-handling practices.
- How Ransomware Trends Will Drive Significant Data Management Changes In 2023on December 2, 2022 at 2:08 am
The spread of ransomware-as-a-service continues to challenge large enterprises, but organizations of every shape and size will need to pay attention to the threats in 2023.
- Four keys to effectively monitor, control secure file transferon December 1, 2022 at 10:45 pm
A secure file transfer system that moves data quickly and reliably. Learn about four keys you can apply to improve the security, auditability, service delivery and scalability of your file ...
- Future iPhones may be able to transfer data by pointing them at each otheron November 30, 2022 at 4:19 am
For instance, wireless protocols may differ significantly with respect to transmission ranges, data transfer rates, power consumption requirements, security/encryption capabilities, etc. Apple says ...
- Quantum secure electronic passports under developmenton November 28, 2022 at 4:00 pm
Based on that, we developed protocols for the passport that were then subjected to a further independent security evaluation." The demonstrator shows a solution for contactless data transfer between ...
via Bing News
The Latest on: Secure data transfer
[google_news title=”” keyword=”secure data transfer” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
via Google News