New Scientist reports:
Current disarmament treaties limit the number of nuclear warheads that a country has deployed and ready to use. Future treaties may also place limits on stored ones, but a country could mock up a fake storage center and destroy its missiles for show while keeping its real stockpiles intact.
Radiation scans can verify that a non-deployed warhead is genuine, but would also reveal secret details, making nations unwilling to consent. "An expert can look at the radiation signature and essentially reverse engineer the design," says Alexander Glaser of Princeton University. For a way to verify that a warhead marked for destruction is real without spilling a state's secrets, Glaser and his colleagues turned to a mathematical method that can prove something is true without revealing why it's true.
Cryptographers dreamed up such "zero-knowledge proofs" in the 1980s. To understand how they work, imagine two cups holding the same number of marbles, x. To prove to someone that both contain x marbles, you first create two buckets, each with 100-minus-x marbles: these are called "inverses" of the cups. A verifier then mixes each original cup with a randomly chosen bucket: if, and only if, the two cups really were the same will the marbles in each of the final, mixed buckets consistently total 100. Yet the verifier never finds out what x was. (http://www.boazbarak.org/Papers/nuclear-zk.pdf)[PDF]
(Score: 3, Interesting) by cafebabe on Thursday June 26 2014, @09:31AM
The description given for zero knowledge proofs may not seem overwhelming. Indeed, it is never possible to be 100% certain with a zero knowledge proof. However, the process can be repeated until a level of certainty is reached. Want to be 99% certain? Repeat the process seven times. Want to be 99.9999% certain? Repeat the process 20 times.
1702845791×2
(Score: 3, Interesting) by geb on Thursday June 26 2014, @09:44AM
Stripping away the academic language, this appears to be a proposed design for software aboard a portable nuke identification scanner.
You get all parties to agree on an algorithm, load it into a neutron beam imager, and then the software acts like a trusted third party that can say "yes this item is a nuclear warhead" or "no this is a fake"
At first glance the whole thing seems pointless because the protocol could only ever prove a positive. You can't wander around scanning every single item within or owned by your inspected nation to see whether there are any nukes hidden away somewhere. However, it makes sense if you assume relatively accurate accounting of fissile material transfers elsewhere in the country.
The movements of weapons grade fissile material are supposed to be tracked, so if you claim that you possess amount X of material, suitable for building Y warheads of one type plus Z warheads of another type, you need to be able to show the existence of Y and Z warheads.
Limiting information to the inspector by condensing everything down to nuke/not-a-nuke would let you try a few tricks in adapting designs and secretly moving fractions of your fissiles elsewhere, but this does still sound useful.
(Score: 2) by cafebabe on Thursday June 26 2014, @01:13PM
There is stronger incentive to under-report weapons rather than over-report. The common scenarios for over-reporting occur when a leader is clearly mad or by another leader with the incentive to strike first. ("Weapons of mass destruction"?)
When you've set your level of under-bluff, this protocol discourages substitutions.
1702845791×2
(Score: 2) by zocalo on Thursday June 26 2014, @12:40PM
UNIX? They're not even circumcised! Savages!
(Score: 2, Funny) by ticho on Thursday June 26 2014, @12:42PM
I think they lost their marbles.
(Score: 3, Informative) by AsteroidMining on Thursday June 26 2014, @02:32PM
Bob, of course, has to chose the bags at random in doing the check, but otherwise this is pretty clear.
(Score: 0) by Anonymous Coward on Thursday June 26 2014, @02:53PM
"In principle, this protocol can be repeated as many times as Bob wishes."
Given that in the first step, Alice has emptied her two bags, repeating the protocol is pointless: It is now known that both bags are empty (and thus each contain the same number of marbles, namely zero).
Of course it might be that Bob doesn't trust Alice to pour all marbles into the bucket. What if one of the bags contains one marble more, and Alice manages to hide that marble away instead of pouring it in the bucket together with all the other marbles? But then, she probably doesn't hide that marble in the bag now.
(Score: 0) by Anonymous Coward on Thursday June 26 2014, @04:45PM
Behind the scenes, it's CIA Charlie's job to swap out the verification buckets that don't conform to a valid result for ones that do. While Bob is distracted by Alice' cleavage, Charlie is hard at work on a sidechannel attack.
(Score: 2) by AsteroidMining on Thursday June 26 2014, @05:54PM
These "marbles" are really counts, and what they are trying to hide is the count rate (i.e., how many neutrons per second), so a new bag is always available.
The problem here would be in the implementation, as always. Let's hope both sides have the source code.