Zero-Knowledge Proof: Verification Without Information
Alexander Glaser, Associate Professor of Mechanical and Aerospace Engineering and International Affairs, Woodrow Wilson School, has a game for you to play. Imagine your friend Alice claims to have the secret recipe for a popular soda drink and wants to sell it to you. Being cautious, she doesn’t want to surrender the recipe before you have paid for it; and you have no intention of handing over the cash before making sure that Alice actually knows the secret. What do you do?
Let’s assume we can reformulate this dilemma as a “Coke-vs-Pepsi” test, where Alice proves that she can in fact tell the difference between both drinks when you may not even believe there is a difference at all. Without Alice looking, you prepare two identical cups, one with Coke and one with Pepsi, and place them next to each other. Alice then takes a sip from one or from both cups and without making any comments. Then, again without Alice looking, you either switch the positions of the cups or you leave them as they are. Alice then takes another sip and tells you whether the cups have been switched or whether they are in the same position. You repeat this process ten or maybe a hundred times. If Alice didn’t know how to distinguish Coke from Pepsi, in this repeated game, she would not be able to answer correctly whether or not cups have been switched. At the end, you are convinced that she must know the recipe, but you haven’t learned anything else—especially not how to distinguish Coke from Pepsi.
This type of proof, a so-called “zero-knowledge proof,” was first mathematically formalized in the 1990s. Since then, it has become an important tool in the digital domain. Professor Glaser, however, has been the first to apply the concept to the physical domain. Only, in his line of work, the stakes are much higher—the soda drinks are nuclear warheads, and the verifier may be another weapon-producing state, like Russia or China. As director of Princeton University’s Nuclear Futures Laboratory, a hybrid science and policy group, Glaser and his team of students and postdocs use mockups or simple test objects—rather than actual warheads—to develop cryptographic techniques that can verify whether nuclear weapons are authentic without exposing any design secrets.
“What has always fascinated me about arms-control physics is the idea of turning traditional physics problems upside-down,” says Professor Glaser who, along with first author and MAE doctoral candidate Sébastien Philippe and two other colleagues, published the first experimental demonstration of a zero-knowledge proof in Nature Communications. “With warhead dismantlement verification, you bring in your radiation detection equipment and measure readings from an item, but you are not allowed to see what you are measuring. This modification of an otherwise simple problem turns it into a great challenge.”
The inherent problem with nuclear verification is that neither side wants to show their cards. If a team of scientists—from the United States or another nuclear weapon state—were allowed unrestricted access to dismantle a Russian warhead, they could tell fairly quickly if the device was real. But no country would ever allow this because it would expose some of their most closely guarded national secrets.
While little progress has been made over the past decade with arms-control agreements, Professor Glaser is preparing for the day when a new window of opportunity opens and verification technology is suddenly needed. His experiment, which mimics what it might look like if the U.S. and Russia agreed to verification involving individual nuclear warheads (rather than missiles), is an interactive many-round game (just like the Coke-vs-Pepsi test) with parties on either side.
On the playing field is a trusted reference item (the so-called “template”) and another item that the inspected party offers for dismantlement and which is supposedly identical to the template. There is also a neutron source and a row of gel-filled tubes, which are sensitive to neutron radiation and, with increasing exposure, produce tiny bubbles that can be counted afterwards. When one of the items is placed between the source and detector array—a unique neutron signature or “fingerprint” is seen by the detectors. The trick is to come up with a scheme that produces an agreed upon number of bubbles in these detectors if—and only if—the host is telling the truth.
“Essentially, we are figuring out how to compare two images without ever looking at the image itself,” explains Professor Glaser. “When this game is repeated many times, then the inspector is gradually convinced that the host is telling the truth, the inspected weapon is genuine but, in the process, the inspector doesn’t learn anything else besides this single fact.”
Professor Glaser: The Path to Nuclear Physics
While questions like this perplex most scientists who look for proof in what they can actively observe and measure, this type of thinking has long intrigued Professor Glaser. Growing up in West Germany, down the street from a U.S. army base, the Cold War was a reality he lived every day. He began studying nuclear physics shortly after the Berlin Wall came down—a time when massive amounts of plutonium were declared “excess” by the U.S. and Russian governments. A material that was long considered a most valuable resource suddenly became a waste management problem and security risk, for which disposition options had to be found.
“Quasi overnight, the Cold War was over and both sides had all these materials to make tens of thousands of nuclear weapons,” says Professor Glaser. “The early 1990s was a time of great optimism, which is what drew me into the field. We thought countries would realize stockpiling large numbers of warheads didn’t make sense so then it became a question of materials. Even if you agree to dismantle a warhead, the materials are still there. What do you do with all this excess plutonium and enriched uranium?”
One opportunity is nuclear energy. As a master’s student at Darmstadt University of Technology, Professor Glaser’s first project was to design a “swimming-pool reactor” that did not generate electricity but eliminated plutonium most efficiently. To most engineers it would have seemed like a useless pursuit. But for Glaser, taking electricity out of the equation created an entirely new qualitative problem and an opportunity for new design choices. Today, he continues to explore this area of research with other nuclear-fuel-cycle technologies.
Applying Arms Control Physics Today
He came to Princeton in 2005 as a postdoc excited to work with the Program on Science and Global Security team, who had worked for decades on many problems of nuclear arms control, disarmament, and verification. While most nuclear verification research takes place at national laboratories guarded by high-level security clearances, Glaser collaborates with other universities in an unclassified setting as part of the Consortium for Verification Technology, supported by the Department of Energy’s National Nuclear Security Administration.
“Most scientists in our field simply can’t talk about the work they are doing, but freely sharing ‘random thoughts’ and intuitions is how the best ideas are often formed,” says Professor Glaser. In fact, the idea for the zero-knowledge proof technique first came about during a conversation with Princeton’s former dean of faculty, a computer scientist, who told Glaser about the concept. Intrigued, Glaser reached out to his colleague Robert Goldston and cryptographer Boaz Barak, and the team went on to publish the first paper on their the zero-knowledge proof concept in Nature in 2014.
With a dual appointment at the Woodrow Wilson School, Professor Glaser has helped inform the policy debate at the United Nations related to nuclear nonproliferation, arms control, and disarmament. Recently, together with his colleagues at the program, he offered advice during negotiations with Iran regarding how a plutonium production reactor and a uranium enrichment plant should be redesigned.
“It was a fascinating case where technical analysis informed policy and made a real difference. For example, when we have a choice between two reactor designs, which differ significantly in their capabilities to support a nuclear weapons program, we ought to choose the design that is more proliferation resistant,” he says. “At least in some countries, nuclear power will be a part of the answer to climate change. This is why it is important that we develop sound technology and policies that take into account all aspects of this unique technology.”
An avid gamer, Professor Glaser can often be found playing old Atari games and arcade machines. Recently, those vintage circuit boards made him think about verification applications for old electronics. Today, the idea of using a computer that is programmed to protect national secrets is a tough sell because there is a credible risk of hacking, hidden switches, or backdoors, which could be used to transmit or restore the information at a later date. However, Glaser wonders if there is a use for old computer chips build in the 1980s that may be unable to store information. After all, he says, no one thought of adding hidden switches and backdoors at the time— and even if they had, the chips weren’t sophisticated enough to begin with.
“That would be the ultimate meld of work and fun,” he says. “The day we pull out an old motherboard from one of these arcade machines and use it for nuclear verification is the day I happily retire.”