Could celestial objects be used in cryptography?

Question

If it were possible to receive a string of numbers from a celestial object (by anyone on the Earth who knows which object to look at, and what time to look) could this be of any use in cryptography?

Or would it be useless, because if a bad-actor knew which object you were looking at and at what time, they could find the key?

Answer 1

I believe a potential application can be found in the so-called "bounded storage model" introduced by Maurer here:

https://crypto.ethz.ch/publications/Maurer92b.html

In summary, the bounded storage model is a theoretical research direction that studies cryptographic constructions where one assumes that only the adversary's storage is limited. This is in contrast with current (practical and safe to use) cryptographic schemes where we assume that the computational resources of the attacker are limited, e.g., Hardness of factoring for RSA or discrete logarithm for (Elliptic-Curve)Diffie-Hellman problem.

Interestingly, it can be shown that Information-theoretically secure cryptographic schemes exist if the bounded storage assumption is correct.

So, in this case, a celestial object could be seen as a public satellite that emits random bits; it is conceivable that the attacker doesn't have enough storage to store all of this data, whereas the users only need to store a fraction of all the bits and will achieve a secure key for example.

This more recent paper shows a few interesting constructions based on the bounded-storage model: https://eprint.iacr.org/2019/507.pdf.

Note: So far, this line of research is still a theoretical curiosity; perhaps it will become practical one day. However, "computational" cryptosystems we have today, including the post-quantum ones, are just fine :)

Answer 2

A standard candidate that I mentioned recently here is to setup a common reference string, assuming (1) the string received from the celestial object contains randomness, and (2) the observation of this string can be reliably made by distant parties. This gives an untamperable common random string, a very useful object for cryptographic protocols (in contrast, setting such a common reference string on earth requires either a large scale distributed protocol, or a trusted setup assumption).

Answer 3

Absolutely. Rather successful TOTP algorithm as implemented depends on current time being common for the two parties. Going to the foundations, calendar and time reckoning is ultimately based on astronomy observations.

Granted, currently we mostly keep the time by following some number of independent time sources; but rather ironically, if we (as end users) need to synchronize our computing equipment clocks, we do it increasingly more often than not by receiving a string of numbers from a man-made celestial object.

Answer 4

I would suggest that the best fitting use case is to use the signal for your own cryptographic keys, and not as part of a commonly verifiable reference.

Stars twinkle due to various optical effects including pollution. General radio sources produce entropic noise into the 100's GHz. When sampled, you'll get lots of quantization noise and other measurement errors riding the fluctuating signal. That's exactly what one budding cryptographer can use to generate private keys (after a little randomness extraction).

It's also what prevents bad actors from generating the same keys, even if they're stood next to you (but with their own equipment). Measurement errors will always mean the two of you will digitise different signals. 256 different bits are easily obtained from 12 bit samples at 10,000 samples/s (schoolboy Arduino type kit).

Where it's not indicated is for distributed randomness. You'd need lots of clever de-noising, Fourier transforms, fuzzy extraction, an agreed consensus protocol and hardware. So the operators of the consensus scheme will be requiring the users to trust them, defeating the objective.

Answer 5

Any cryptographic protocol must have:

• Some (public) algorithm which explains what to do. (Depending on secret algorithms would be called "security by obscurity" and can usually be discarded as inherently insecure.)
• Some secret information (i.e., one or several keys).

To be of any practical use, the key space needs to be large enough to make brute force attacks (especially when knowing the complete algorithm) infeasible.

It is important to keep in mind that when thinking about a cryptosystem like this, the problem of "losing the secret" is out of scope. I.e., the secret is supposed to be really secret, you can and must assume that the attacker does not know the secret before starting his attack.

The arguably most secure and at the same time trivial algorithm would be the usage of a one-time-pad; i.e. the secret is a (possibly very large) integer; and the algorithm simply is to XOR the secret and the plaintext for encryption, and to XOR the secret and the ciphertext for decryption.

This could be used thusly with celestial objects:

• The key is the ID of a star.
• The algorithm:
  • There is a constant-bandwith stream of ciphertext being transmitted all the time, in fixed-size blocks. Assume that this transfer works reasonably well, i.e. no significant pauses, and roughly known latency.
  • Both the sender and receiver constantly monitor the star and draw random bits from it in some form or fashion. I do not know if there are any practical measurements that actually work today, but one could imagine that the brightness of certain stars "flickers" enough to draw something from it.
  • The sender keeps XORing their next plaintext block, checksummed and padded to the required length, with the current batch of realtime random bits (i.e., one-time-pad) and sends it.
  • The receiver decodes this using the same XOR operation. To be a bit more safe against timing issues, it can keep the last N one-time-pads around and just try to decode with all of them; with the checksum and considering how fast the XOR is, it is feasible to have a sliding window of pads to find the correct one.

The strength of the algorithm depends on whether there are enough possible stars to pick from, and that the measurement is hard enough so that it is infeasible for an attacker to scan very many stars at a time.

There you have a basic idea of how you could use celestial objects in cryptography. At the end of the day it boils down to generating truly random bits, and you don't even need the time if you are able to have a constant connection. You can refine this as necessary; i.e. you could avoid having to constantly send ciphertext if you have some kind of shared time source (and it only needs to be roughly in sync, depending on how much buffer space you will want to use for your bits). There are plenty of practical problems to solve (e.g. how to generate the bits reproducible in the first place, avoiding phase shifting due to minute divergences and thus), but not unsolvable in principle.

Answer 6

I come at this from the astronomers point of view who has worked in X-ray astronomy which is closely related to the study of cosmic rays. Cosmic rays (high energy particles from space) are one source of random events. A google search will show many articles. I believe using a geiger counter as a random seed generator was implemented many years (1970's 80's) by a large computer company. My memory says Burroughs. However I can't find a reference.

Answer 7

There is a nice paper at https://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1190&context=ism that describes the applicability of celestial background radiation as a source of randomness. This seems like a much more practical use case, rather than trying to leverage the source at the higher level of incorporating it into any specific cryptographic algorithms.