It’s Monday morning and you’re on your way to grab an espresso from a café on the corner. When you enter, you run into the dreaded “cash only” sign. “No problem,” you think, walking to the nearest ATM. You arrive at the vending machine, take out your debit card, insert its worn chip and collect your hands in mini-shields while entering your secret PIN code.
During the process, however, cunning thieves may have overlooked your humble precautions. They may even have hacked the ATM preventively to collect your code. To raise money for coffee, you have actually risked theft.
Could there be a safer way to do this? A team of researchers from Canada and Switzerland is determined to find out. They published a plan in the journal Nature earlier this month detailing an ultra-secure ATM that would completely reinvent the system.
“The assumption of trusting the device when doing something related to identification is a kind of problem, at least at the basic level,” said Sébastien Designolle, a physicist at the University of Geneva and co-author of the study.
“Drop all assumptions” is the motto he and other researchers followed while coming up with a more secure mechanism for retrieving cash.
By anchoring their far-reaching idea with the physicist Albert Einstein’s theory of special relativity, they propose to replace the PIN system with what is called a zero-knowledge proof.
That is how it works.
Evidence in practice
Do you remember brain trimmers? Evidence of proof is like an adult version of such mind games. In cryptography, which is the study of secure communication, they are a method by which party A proves to party B that they know something. The catch is that party A, the certifier, cannot disclose the information they know to party B, the verifier.
But there is a way for party A to get around the reservation.
Suppose you have a friend named Jones who can only see in black and white, but you can see in color. Your goal is to prove to Jones that you can actually see color. If you were to use a zero-knowledge proof, it could look like this:
Jones has a red card and a blue card in front of you. So, behind his back, he either changes them or does not change them. He lays them out in front of you again, and asks, “Have I exchanged them?”
The game could be repeated a hundred times and you will always have the right answer because you can see the colors. After many repetitions, Jones would finally say, “Okay, I believe in you. You can see color.” At that point, you have shown him your color identification ability without revealing the colors you see.
“In our study,” Designolle explained, “the proof is the three-color of a graph.”
There is some knowledge behind the idea. Tricolor is a notoriously difficult mathematical problem that theorists have been studying for years. It begs the question: How can you color a huge map of figures with three shades so that the same colors never touch?
This would not be like a world map, we are used to. It would be so big that people need technology to understand it, but even with such help, Designolle said it would take years to find a three-color solution.
Taking the concept of ATMs, he proposes to give everyone a device with a unique colored card with a pre-programmed three-color solution. To withdraw cash, connect the device to an external outlet on the ATM, the verifier in this case.
The machine would query your device or test with hundreds of thousands of questions regarding sections of your card’s colors. Despite the complexity of three-color, your device would respond immediately because it has been pre-programmed.
Because each round of queries is randomized, even if the verifier asks for different edges, the ATM would never receive enough information to know the entire card, Designolle explained, “which is the crucial point.”
Eventually, just like in the situation with Jones, the ATM will confirm your identity and roll out your cash because of your device’s consistent correct answer – like the way Jones said, “Okay, I believe in you. You can see color.” Ta-da.
But remember, drop all assumptions
The invention seems solid – to me, at least. But Designolle and his team aimed to drop all assumptions. They still did not fully trust the security of the tri-color card system.
Hypothetically, they argue, someone could detect your device’s sparse response on its map and try to reverse-calculate the full image, enabling them to falsify your identity.
“The functions you can perform in one direction are very difficult, but not impossible, to calculate in the other direction,” said Designolle.
For example, if you multiply two prime numbers and get a very large number, it is difficult to go back to the elementary numbers. But that does not stop it from being done. The same goes for tricolor.
So how can we take these machines to a level of unconditional safety? Designolle thought, well, how about invoking two devices?
“The idea behind this is exactly the same as a police officer investigating and questioning two separate suspects [questions] in different spaces so they can not communicate, “Designolle said.” If they tell the same version of the story, then it’s a good tip that they’re actually telling the truth. ”
Back to the ATM.
With two units, you would divide yourself into two proofs, just like the two suspects. Then, two verifiers, ATMs, will simultaneously ask their respective proofs the usual three-color questions.
Yes, you need to connect two separate devices to two separate ATMs. At present, researchers say the system works with ATMs that stand 60 meters (about 196 feet) apart. But they say they can get it down to a meter, or about 3 feet. It sounds way too complicated, but keep in mind that the purpose of the experiment is to illustrate what an unconditionally secure ATM mechanism might look like. It’s theoretical – for now, at least.
If every proof seems to have the same, unmanageable knowledge, it would be safe to say that your identity is verified.
And like the criminal suspects, the devices would not be able to communicate with each other. Conversely, any potential hacker should calculate not one, but thaw, complex maps at exactly the same time, an unusually challenging – if not impossible – task.
Here’s the moment you’ve been waiting for – where Einstein comes in. The reason these devices would not be able to communicate is that they would be bound by Einstein’s special theory of relativity.
We can not travel faster than the speed of light
Einstein’s special theory of relativity marries space and time beautifully. But more importantly for Designolle’s team, it also leads to limitations on how fast the information moves.
“With special relativity,” said Designolle, “it seems quite reasonable to believe this not computational but physical assumption … that information can not go faster than the speed of light.”
As long as the two ATMs ask their respective connected, card-filled devices questions fast enough that delays always remain shorter than the time required to transmit information – limited by the speed of light – we will protect ourselves from the possibility of the devices talking to each other.
In a way, the evidence could not verify their “alibi” for falsifying an identity.
There is only one last problem. These relativistic constraints are not so airtight when it comes to non-conventional physics. Enter quantum calculation.
Quantum bumps and leaving a hypothetical world
Light works differently in the quantum world. Quantum mechanics allows for a fascinating principle called quantum entanglement. In short, when two quantum particles – namely light particles – are wound together, they can instantly communicate.
It’s not even a question of how fast the information moves. It’s instant. If particle A has knowledge of something, you can be absolutely sure that particle B also already knows that.
“Suppose I do not have the color of a graph, but I will pretend I have,” Designolle said, referring to a potential hacker. “I could come up with a procedure that uses quantum entanglement between the two chips to answer the questions correctly. In a way, I can cheat.”
Although Designolle’s team believes that their mechanism should be able to guarantee security from quantum hackers, they are not safe. However, they are currently considering whether the protocol itself could use quantum samples instead of standard devices.
And if you’ve gotten this far, you might be wondering just how theoretical these ultra-secure ATMs are. Is it at all possible to bring them to reality?
Right now, Designolle said, the main problem is cost. To create the necessary devices for the mechanism, the chips may not be the same type that we find on our debit cards today. They have to be extremely powerful, which means they are likely to be very expensive. One idea he has is to rely on the system for large companies that trade in secure information and can afford the expensive chips.
It would actually loosen the relativistic constraints because there would be a greater distance between each party’s unit and the affirmative “ATM”, so light would take longer to travel. This means that there would be more room for delays before hackers could enter the system.
But apart from the realistic applications, Designolle said: “On a personal note, it was really interesting just to see that sometimes something very simple is actually hard to come up with … At one point, yes, this happened, but it was not especially clear from the beginning that it would be so simple in the end. “