A ZERO-KNOWLEDGE PROTOCOL FOR NUCLEAR WARHEAD VERIFICATION

Similar documents
HOW TO KEEP A SECRET NEW APPROACHES TO TRUSTED RADIATION MEASUREMENTS FOR NUCLEAR WARHEAD VERIFICATION

ZERO-KNOWLEDGE NEUTRON DETECTION

Two-Color Neutron Detection for Zero-Knowledge Nuclear Warhead Verification

A New Approach to Nuclear Warhead Verification Using a Zero-Knowledge Protocol

VIRTUAL GAMMA-RAY SPECTROMETRY FOR TEMPLATE-MATCHING NUCLEAR WARHEAD VERIFICATION. Janet Schirm and Alexander Glaser

TREATY VERIFICATION CHARACTERIZING GAPS AND EMERGING CHALLENGES

NEXT STEPS TOWARD VERIFIED NUCLEAR DISARMAMENT

Virtual Gamma-ray Spectrometry for Template-Matching Nuclear Warhead Verification

DISARMAMENT HACKING 2.0 TOWARD A TRUSTED, OPEN-HARDWARE COMPUTING PLATFORM FOR NUCLEAR WARHEAD VERIFICATION

Neutron Multiplicity Counting for Future Verification Missions: Bias When the Sample Configuration Remains Unknown

Nuclear Warhead Verification: A Review of Attribute and Template Systems

The Challenge of Nuclear Warhead Verification For Arms Control and Disarmament: A Review of Attribute and Template Systems

Verification of fissile materials

Los Alamos NONINTRUSIVE VERIFICATION ATTRIBUTES FOR EXCESS FISSILE MATERIALS

Fissile material experiments at the Device Assembly Facility

RESEARCH OPPORTUNITIES AT THE CNS (Y-12 AND PANTEX) NUCLEAR DETECTION AND SENSOR TESTING CENTERS (NDSTC)

Nuclear Archaeology for Heavy Water Reactors to Distinguish Plutonium and Other Isotope Production Modes

MONTE CARLO FITTING OF THE AMLI NEUTRON SPECTRUM

Consortium for Verification Technology

Template-Based Imaging Analysis of Arbitrary Nuclear Material Configurations Using Time and Directionally-Tagged Fast Neutrons

Use of Imaging for Nuclear Material Control and Accountability

CPSC 467b: Cryptography and Computer Security

Los Alamos LA-UR- 0'-(0 0. Avigdor Gavro n. The Role of Science in Treaty Verificatio n

A Dedicated Detector for the Verification of Highly Enriched Uranium in Naval Reactors

Supporting Technology for Chain of Custody of Nuclear Weapons and Materials Throughout the Dismantlement and Disposition Processes

Confidence, Security. Verification

HIGH-THROUGHPUT RADIATION DETECTION SYSTEMS

Correlation in Spontaneous Fission of Cf252

CPSC 467: Cryptography and Computer Security

Neutron Multiplicity Simulations: Geant4 versus MCNPX-PoliMi

Neutron and Gamma Ray Imaging for Nuclear Materials Identification

Advanced Safeguard Tools for Accessible Facilities (Thrust Area #3)

BWXT Y-12 Y-12. A BWXT/Bechtel Enterprise SMALL, PORTABLE, LIGHTWEIGHT DT NEUTRON GENERATOR FOR USE WITH NMIS

Los Alamos National Laboratory Facility Review

Physics/Global Studies 280 Nuclear Weapons, Nuclear War, and Arms Control. Midterm Examination March 15

Holistic Approach to Nuclear Safety, Security and Safeguards: Opportunities and Challenges

Correlations in Prompt Neutrons and Gamma Rays from Fission

Time Correlation Measurements of Heavily Shielded Uranium Metal. Oak Ridge National Laboratory, 1 Bethel Valley Road, Oak Ridge, TN 37831

Pulsed Neutron Interrogation Test Assembly - PUNITA

Nonproliferation Challenges S&T Solutions Monitoring Centrifuges and Blend Down

Notes on Zero Knowledge

Detection of Neutron Sources in Cargo Containers

FAST NEUTRON MULTIPLICITY COUNTER

Uncertainty Quantification for Safeguards Measurements

CPSC 467: Cryptography and Computer Security

: Y/LB-16,056 OAK RIDGE Y-12 PLANT

Detection of Highly Enriched Uranium Using a Pulsed IEC Fusion Device

Emerging Capabilities for Advanced Nuclear Safeguards Measurement Solutions

WM2013 Conference, February 24 28, 2013, Phoenix, Arizona USA. Screening and Spectral Summing of LANL Empty Waste Drums 13226

Requirements on Neutron Detectors Alternative to He-3

CPSC 467b: Cryptography and Computer Security

Lecture 14: Secure Multiparty Computation

David Reyna Belkis Cabrera-Palmer AAP2010, Japan

Uncertainty in Measurement of Isotope Ratios by Multi-Collector Mass Spectrometry

DOCUMENT AVAILABILITY

ARACOR Eagle- Matched Operations and Neutron Detector Performance Tests

Digital simulation of neutron and gamma measurement devices

E = m (l/ t)2 2. that produces the epithermal neutrons via nuclear reactions. Thus, we can write

Lecture 10: Zero-Knowledge Proofs

Plutonium 239 Equivalency Calculations

Lecture 3: Interactive Proofs and Zero-Knowledge

Cryptography CS 555. Topic 23: Zero-Knowledge Proof and Cryptographic Commitment. CS555 Topic 23 1

WM2016 Conference, March 6 10, 2016, Phoenix, Arizona, USA. Recovering New Type of Sources by Off-Site Source Recovery Project for WIPP Disposal-16604

Monte Carlo simulations of a physical cryptographic warhead verification protocol using nuclear resonance fluorescence. by Jayson Robert Vavrek

High-Sensitivity Gamma-Ray Imaging With Double Sided Strip Detectors

A Brief Sensitivity Analysis for the GIRM and Other Related Technique using a One-Group Cross Section Library for Graphite- Moderated Reactors

Lecture 10. Public Key Cryptography: Encryption + Signatures. Identification

Comparison of Several Detector Technologies for Measurement of Special Nuclear Materials i

Lecture 15 - Zero Knowledge Proofs

TECHNICAL WORKING GROUP ITWG GUIDELINE ON IN-FIELD APPLICATIONS OF HIGH- RESOLUTION GAMMA SPECTROMETRY FOR ANALYSIS OF SPECIAL NUCLEAR MATERIAL

Materials Attractiveness and Security Strategy

Cf-252 spontaneous fission prompt neutron and photon correlations

Y-12 Report No.: Y/LB-16,019 OAK RIDGE Y-12 PLANT FIELD USE OF NMIS AT OAK RIDGE

Shielded Scintillator for Neutron Characterization

Plutonium and Highly Enriched Uranium 1996

Physics/Global Studies 280 Nuclear Weapons, Nuclear War, and Arms Control. Midterm Examination March 14

CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky. Lecture 10

General Overview of Radiation Detection and Equipment

Needs for Nuclear Reactions on Actinides

Lecture 38: Secure Multi-party Computation MPC

PROGRESS TOWARD MUTUAL RECIPROCAL INSPECTIONS OF FISSILE MATERIALS FROM DIMANTLED NUCLEAR WEAPONS. M. W. Johnson, T. B. Gosnell

FRAM V5.2. Plutonium and Uranium Isotopic Analysis Software

OFFICIAL USE ONLY INTERIM TECHNICAL REPORT ON RADIATION SIGNATURES FOR MONITORING NUCLEAR WARHEAD DISMANTLEMENT OFFICIAL USE ONLY

Correlations in Prompt Neutrons and Gamma Rays from Fission

Fast Neutron Detectors (and other CVT contributions by UF)

Stand-off Nuclear Radiation Detection

Evaluation of Nondestructive Assay Characterization Methods for Pipe- Over-Pack Containers

Security Protocols and Application Final Exam

Lecture Notes, Week 10

High Energy Neutron Scattering Benchmark of Monte Carlo Computations

SCANNING OF CARGO CONTAINERS BY GAMMA-RAY AND FAST NEUTRON RADIOGRAPHY

A Proposal of Nuclear Materials Detection and Inspection Systems in Heavily Shielded Suspicious Objects by Non-destructive Manner.

CALIBRATION OF SCINTILLATION DETECTORS USING A DT GENERATOR Jarrod D. Edwards, Sara A. Pozzi, and John T. Mihalczo

IEEE TRANSACTIONS ON NUCLEAR SCIENCE, VOL. 63, NO. 5, OCTOBER

M. S. Krick D. G. Langner J. E. Stewart.

Lecture 20: Non-malleable zero knowledge

Application of Spectral Summing to Suspect Low Level Debris Drums at Los Alamos National Laboratory

Cryptology. Vilius Stakėnas autumn

Secure Physical Computation using Disposable Circuits

Transcription:

A ZERO-KNOWLEDGE PROTOCOL FOR NUCLEAR WARHEAD VERIFICATION Alexander Glaser * and Robert J. Goldston ** *Princeton University **Princeton University and Princeton Plasma Physics Laboratory Los Alamos National Laboratory, March 19, 2015 Revision 2z

CONSORTIUM FOR VERIFICATION TECHNOLOGY PNNL Oregon State INL U Wisconsin U Michigan Penn State MIT Yale Columbia Princeton and PPPL LBNL Sandia LLNL NNSS Sandia LANL U Illinois ORNL Duke NC State (not shown: U Hawaii) U Florida Five-year project, funded by U.S. DOE, 13 U.S. universities and 9 national labs, led by U-MICH Princeton participates in the research thrust on disarmament research (and leads the research thrust of the consortium on policy) 2

BACKGROUND VERIFICATION CHALLENGES OF DEEP(ER) REDUCTIONS

WHAT IS NEW HERE? THE CHALLENGES OF DEEP REDUCTIONS AND MULTILATERAL NUCLEAR ARMS CONTROL NEW TREATIES MAY LIMIT TOTAL NUMBER OF WEAPONS Would then also include (non-deployed) weapons in storage Need to prepare for the transition from bilateral to multilateral nuclear arms control agreements NEW TREATIES MAY REQUIRE BASELINE DECLARATIONS Applies to both nuclear warhead and fissile material inventories How to bring in countries that currently consider these numbers sensitive? Source: Paul Shambroom (top) and U.S. Department of Energy (bottom) 4

WHAT IS TO BE VERIFIED? VERIFICATION CHALLENGES OF NUCLEAR DISARMAMENT AT LOW NUMBERS CORRECTNESS OF DECLARATIONS Warhead Counting Verify that numerical limit of declared items is not exceeded Warhead Authentication Verify authenticity of warheads prior to dismantlement COMPLETENESS OF DECLARATIONS How to make sure that no covert warheads exist outside the verification regime? Also (very) important, but not discussed here Source: U.S. Department of Energy (top) and U.S. Department of Defense, www.defenseimagery.mil (bottom) 5

WHERE WE ARE COMING FROM MOTIVATION BEHIND OUR PROJECT/RESEARCH

OUR GENERAL APPROACH TEMPLATE-MATCHING (using active neutron interrogation) More difficult to implement than attribute approach, but also more robust against important diversion scenarios Needs golden warheads to generate templates (reference signatures) ZERO-KNOWLEDGE PROTOCOL Can prove that a statement is true without revealing why it is true If successfully implemented, no requirement for engineered information barrier Robust against curious verifier NON-ELECTRONIC DETECTORS Electronic hardware and soſtware used for detectors and/or information barriers are hard to certify and authenticate Technologies based on non-electronic detection and storage may offer important advantages 7

PRINCETON/GLOBAL ZERO WARHEAD VERIFICATION PROJECT Princeton Plasma Physics Laboratory Experimental setup (currently under construction) 8

ZERO-KNOWLEDGE INTERACTIVE PROOFS X HUH? X YES! Q&A YES! P V Zero-Knowledge Proofs: The prover (P) convinces the verifier (V) that s/he knows a secret without giving anything about the secret itself away O. Goldreich, S. Micali, A. Wigderson, How to Play ANY Mental Game, 19th Annual ACM Conference on Theory of Computing, 1987 Graphics adapted from O. Goldreich, Foundations of Cryptography, Cambridge University Press, 2001; and eightbit.me P V 9

NUMBER OF MARBLES IN A CUP Peggy ( the prover ) has two small cups each containing the same number of marbles. She wants to prove to Victor ( the verifier ) that both cups contain the same number of marbles without revealing to him what this number is. 10

BUBBLE DETECTORS OFFER A WAY TO IMPLEMENT THIS PROTOTOCL AND AVOID DETECTOR-SIDE ELECTRONICS Commercial bubble detectors (BTI Technologies) Optical readout with camera Detectors with different neutron-energy thresholds (no cutoff, 500 kev, 1 MeV, 10 MeV) allow measurements that are sensitive to different diversion scenarios 11

BUBBLE DETECTORS OFFER A WAY TO IMPLEMENT THIS PROTOTOCL AND AVOID DETECTOR-SIDE ELECTRONICS Commercial bubble detectors (BTI Technologies) Optical readout with LEDs and photodiodes (Yale) Detectors with different neutron-energy thresholds (no cutoff, 500 kev, 1 MeV, 10 MeV) allow measurements that are sensitive to different diversion scenarios 12

PROPOSED HARDWARE IMPLEMENTATION OF A ZERO-KNOWLEDGE PROTOCOL FOR NUCLEAR WARHEAD VERIFICATION 1 Host secretly preloads arrays of bubble detectors with negative radiograph of the reference item 2 Inspector randomly chooses, which preloaded array to use on which item 3 Aſter interrogation, inspector verifies that detectors in arrays contain the same bubble count A1 A2 B1 B2 A1 A2 B1 B2 A1 A2 B1 B2 ARRAY 1 ARRAY 2 ARRAY 1 ARRAY 2 A1 A2 B1 B2 50% confidence aſter 1st round ARRAY 1 ARRAY 2 Reference item Test item 95% confidence aſter 5th round 13

RESULTS RADIOGRAPHY WITH 14-MeV NEUTRONS

Collimator slot Test object Detector array Neutron source (Thermo Scientific P 385) Collimator Graphics: Sébastien Philippe

ZERO-KNOWLEDGE VERIFICATION RADIOGRAPHY WITH 14 MeV NEUTRONS Reference item Valid item Simulated data from MCNP calculations; neutron detection energies > 10 MeV; N(max) = 5,000 A. Glaser, B. Barak, R. J. Goldston, A Zero-knowledge Protocol for Nuclear Warhead Verification, Nature, 510, 26 June 2014, 497 502 16

ZERO-KNOWLEDGE VERIFICATION RADIOGRAPHY WITH 14 MeV NEUTRONS Reference item Valid item Simulated data from MCNP calculations; neutron detection energies > 10 MeV; N(max) = 5,000 A. Glaser, B. Barak, R. J. Goldston, A Zero-knowledge Protocol for Nuclear Warhead Verification, Nature, 510, 26 June 2014, 497 502 17

ZERO-KNOWLEDGE VERIFICATION RADIOGRAPHY WITH 14 MeV NEUTRONS (Tungsten rings replaced by lead rings) Valid item Invalid item Simulated data from MCNP calculations; neutron detection energies > 10 MeV; N(max) = 5,000 A. Glaser, B. Barak, R. J. Goldston, A Zero-knowledge Protocol for Nuclear Warhead Verification, Nature, 510, 26 June 2014, 497 502 18

LOCAL TUNGSTEN DIVERSION 36-DEGREE SEGMENT OF OUTER TUNGSTEN RING (543 GRAMS, 7% OF TOTAL TUNGSTEN) 19

ZERO-KNOWLEDGE VERIFICATION RADIOGRAPHY WITH 14 MeV NEUTRONS 543 grams of tungsten removed from outer ring of test object; simulated data from MCNP calculations; neutron detection energies > 10 MeV A. Glaser, B. Barak, R. J. Goldston, A Zero-knowledge Protocol for Nuclear Warhead Verification, Nature, 510, 26 June 2014, 497 502 20

Source: Milton Bradley

TWO-COLOR INTERROGATION INTERROGATION WITH NEUTRONS FROM (p- 7 Li) REACTION (tuned to ~300 kev energy cutoff)

SIMULATED NEUTRON SPECTRUM FROM PROTON-LITHIUM DRIVEN NEUTRON SOURCE IN COLLIMATOR (In forward direction, measured at collimator exit, MCNP6 simulations) 23

BARE PLUTONIUM SPHERE 8.00 cm DIAMETER SPHERE, WEAPON-GRADE PLUTONIUM Test item based on BeRP ball, see J. Mattingly and D. J. Mitchell, Applied Radiation and Isotopes, 70 (2012), 1136 1140 (Isotopic shiſt from 93.7% to 81.2% Pu-239) Radiograph (never measured) Valid item Invalid item Essentially no structure in data, but absolute values secret Here: ~1,540 bubbles average (unknown to inspector) Simulated data from MCNP6 calculations, neutron detection energies > 500 kev N(max) = 10,000, i.e., 6 7 times higher than actual values from test item 24

BARE PLUTONIUM SPHERE 8.00 cm DIAMETER SPHERE, WEAPON-GRADE PLUTONIUM Test item based on BeRP ball, see J. Mattingly and D. J. Mitchell, Applied Radiation and Isotopes, 70 (2012), 1136 1140 Bare Ball 81.2% Pu-239 Bare Ball 93.7% Pu-239 MCNP6 simulations, N(max) = 10,000 25

WHAT IF SOMETHING GOES TERRIBLY WRONG? Possible Fail-Secure Mechanisms for ZKP Verification

FAIL-SECURE DATA VERIFICATION AND RELEASE If inspection system works properly and items are placed correctly, no information in signal or noise But what if something went wrong during inspection (unknown to host)? Problem with inspection system and/or problem with setup (alignment, detector location, etc.) Host wants to make sure measured data does not contain any information (besides N max and its Poisson noise) Challenge: How to design a protocol that allows the host to screen the data without the inspector losing trust in the integrity of the data Proposed solution: Data commitment 27

COMMITMENT SCHEME 1 DATA ASSURANCE 1 Detectors aſter inspection No information in data or noise if inspection successful 2 Detector information is committed (using non-electronic medium) 3 Host analyzes the detectors in private to confirm that no residual information is present N max N max N max N max N max N max N max For example, by (blindly) taking photographs of the detectors (without developing the film) Once detectors are released by host, the inspector is allowed to read out the detectors (with agreed method) and to compare against committed data (e.g. on photographs) 28

COMMITMENT SCHEME 2 DATA SPLITTING 1 2 3 Detectors aſter inspection No information in data or noise if inspection successful Detector information is divided (at host s discretion) Host analyzes her share of the detectors in private to confirm that no residual information is present N max N max N max N max N max N max N max host share host share host share host share host share host share host share Once the host is satisfied with the data in her share, the inspector is allowed to read out the data in his share (with agreed method) 29

TO BE CONTINUED

ACKNOWLEDGEMENTS PRINCETON Charles Gentile Robert J. Goldston Sébastien Philippe ELSEWHERE Boaz Barak (Microsoſt Research New England) Francesco d Errico (Yale University) Margarita Gattas-Sethi (Yale University) Moritz Kütt (Technische Universität Darmstadt) RESEARCH SUPPORTED BY Global Zero MacArthur Foundation Carnegie Corporation of New York U.S. Department of State National Nuclear Security Administration, U.S. Department of Energy 31

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback