> Here, we demonstrate a covert communications method in which photon emission is rapidly electrically modulated both above and below the level of a passive blackbody at the emitter temperature. The time-averaged emission can be designed to be identical to the thermal background, realizing communications with zero optical signature for detectors with bandwidth lower than the modulation frequency
It sounds like maybe they're modulating the emissivity of a diode up and down so that over time, its IR spectrum looks like black body radiation. Only someone looking at the intensity of the thermal radiation coming from the diode at really fast timescales (kilohertz or megahertz) would notice that there was a signal being transmitted.
> We do have encryption methods, but at the same time we’re always having to create new encryption methodologies when bad actors find new decryption strategies.
> But if someone doesn’t even know the data is being transferred, then it’s really very hard for them to hack into it. If you can send information secretly then it definitely helps to prevent it being acquired by people you don’t want to access it.
Very strange framing. Symmetric cryptography has been "unhackable" for a while now, for all intents and purposes. The real advantage is surely that nobody notices you're transmitting data at all?
The cypher may be prefectly impenetrable, but the software running on the transmitter or receiver may be more brittle. You cannot attack what you don't even know exists nearby.
In practice you can infer a lot. The payload of a TLS stream is formally indistinguishable from random data, but you can still tell on the wire that it's TLS. There aren't a lot of widely-used TLS implementations. It's been a while since I looked at the specifics, but I bet there's a lot of more specific signature data in the plain-text parts of the protocol like supported ciphers. You can make some good guesses from the metadata.
In the case of a physical interception, you can probably infer more. If you, after reading this article, spot an enemy drone that doesn't have any obvious emissions, then, well, there might only be one option for the software running on that drone, namely The Software that your enemy uses on their drones.
Anyway, it's not clear to me from the article whether the source object from the signal will necessarily be invisible. I think every transmitter still at least looks like a point source of blackbody radiation. The signal may not be detectable from thermal background radiation, but if the background itself is coming from a big obvious drone, well, you know it "exists nearby".
You do have to try, though, is the point. It's not automatic just because the output of the cipher itself is cryptographically random. And when you do try, the lack of metadata will itself be a clue as to the software generating it.
> transmitter still at least looks like a point source of blackbody radiation
The whole trick is that on average it is a source of blackbody radiation exactly like any other piece of matter next to it, same temperature. It does not produce a light or dark spot on an IR camera image. It turns hotter ("positive light") and colder ("negative light") with a very high frequency, in a controllable way.
But once you've located the device, you can use a number of electronic warfare approaches to crack into it, not necessarily through its main radio interface. For instance, electromagnetic interference, heating, etc, all can inject a subtle hardware failure that the software is not ready to handle.
It adds a layer of obscurity, but not real security. If somebody is looking, neither sender or receiver can detect it or know if their ciphertext was intercepted. Depending on the methods used, the cipertext might not be immediately crackable with currently known algorithms and resources. However, it can be archived and broken at a later date, or by an actor who has access to algorithms/resources that aren't currently public.
Covert transmission is security. Think of a spy or North Korean dissident, mere detection of a transmission means compromise; Eve will extract the plain text using the trusty $10 wrench.
harvest-now-decrypt-later attacks aren't much of a concern for modern symmetric cryptography. heck, even known-broken ciphers like rc4 aren't easy to break in a non-interactive setting with modest ciphertext sizes and no key reuse.
Sure, but for symmetric ciphers it's not hard to hit the "by anyone, for my lifetime" threshold. NIST does not define a sunset date for AES-256, for example.
The big claim in general appears to be that the signal is not obvious because it averages out to normal background radiation noise. The article doesn't communicate this well though.
The bit that you quoted, I think that's just a random sentence that looks dumb out of context. I don't think it means anything special.
Or you can call it encryption along different axis. Much like extracting GPS signals from below thermal floor level - you can do it if you 1) know it's there, and 2) know exactly how to key in. It's impressive as heck, but you can always rephrase it in terms of information theory in ways that makes it sound like slightly different shade of mundane.
I don't believe you're missing anything. This is just stegenography with a possibly new covert channel, right? Apparently the secret depends on advisaries not noticing the special hardware deployed on each end. Would using spread sprectum techniques would work just as well?
I think the reason the negative luminance is potentially important for secrecy is that it means the average of the signal you’re transmitting is zero, making it indistinguishable from noise.
This is basically spread-spectrum / CDMA, but in a different frequency range? As others have mentioned in comments here, GPS signals are already far below the thermal noise floor.
I don't understand what makes it hidden if anyone with the right equipment can pick it up. That's like calling X-rays hidden because most cameras can't pick them up.
True. I think the novel point is that on average, the emitter just isn't emitting. Normally, you can have a very simple piece of equipment that can pick up the fact that a signal source is emitting something, but then you need to get a more specialised piece of equipment to actually collect and decode the transmission. This just raises the stakes to having to have the specialised equipment to see that there is a transmission at all.
Another example: in some regimes merely using Tor is illegal, or say in the US using it is enough to justify a search warrant for probable cause, with no evidence of any actual wrongdoing. The EU Chat Control lobby is also trying very hard to criminalize encryption. The simple act of trying to communicate privately is taken as indicative of criminal wrongdoing in the modern world. Being able to communicate without adversarial parties knowing you're communicating is a boon.
+1. As another example see https://en.wikipedia.org/wiki/Numbers_station -- people can't decipher the messages, but they strongly suspect something spy-y is going on. If they couldn't even detect it, there would be no suspicion.
Also hi StevenWaterman, I recognize you from previous comments! I think this is the first time that's happened to me on HN
Also even if they know you are transmitting, it may still be beneficial to prevent them from knowing how much you are transmitting.
Imagine the enemy detects some of your transmission, even knowing it's encrypted, they can still look at the data rate (or estimate order of it):
- 5 bps = probably a random transmitter, maybe audio spy device, maybe remote detonated weapon
- 5 Mbps = probably a feed from military hardware or personnel
Similar inferences can be made about volume, if they can identify distinct transmissions. Etc. If tricks like these can make the enemy confuse 5 Mbps TX for a 5 bps one, it has obvious tactical utility.
DSSS is sort of both security and obscurity at the same time. The very act of spreading your spectrum out via a secret key also has the effect of reducing the amplitude of your transmission, ideally below the noise floor. A receiver on the other side wouldn't see anything except noise unless they had the same key.
Link to the paper: https://www.nature.com/articles/s41377-025-02119-y
From the abstract:
> Here, we demonstrate a covert communications method in which photon emission is rapidly electrically modulated both above and below the level of a passive blackbody at the emitter temperature. The time-averaged emission can be designed to be identical to the thermal background, realizing communications with zero optical signature for detectors with bandwidth lower than the modulation frequency
It sounds like maybe they're modulating the emissivity of a diode up and down so that over time, its IR spectrum looks like black body radiation. Only someone looking at the intensity of the thermal radiation coming from the diode at really fast timescales (kilohertz or megahertz) would notice that there was a signal being transmitted.
> We do have encryption methods, but at the same time we’re always having to create new encryption methodologies when bad actors find new decryption strategies.
> But if someone doesn’t even know the data is being transferred, then it’s really very hard for them to hack into it. If you can send information secretly then it definitely helps to prevent it being acquired by people you don’t want to access it.
Very strange framing. Symmetric cryptography has been "unhackable" for a while now, for all intents and purposes. The real advantage is surely that nobody notices you're transmitting data at all?
The cypher may be prefectly impenetrable, but the software running on the transmitter or receiver may be more brittle. You cannot attack what you don't even know exists nearby.
A secure cipher is indistinguishable from random data, you can't infer what software is on either end just by eavesdropping.
In practice you can infer a lot. The payload of a TLS stream is formally indistinguishable from random data, but you can still tell on the wire that it's TLS. There aren't a lot of widely-used TLS implementations. It's been a while since I looked at the specifics, but I bet there's a lot of more specific signature data in the plain-text parts of the protocol like supported ciphers. You can make some good guesses from the metadata.
In the case of a physical interception, you can probably infer more. If you, after reading this article, spot an enemy drone that doesn't have any obvious emissions, then, well, there might only be one option for the software running on that drone, namely The Software that your enemy uses on their drones.
Anyway, it's not clear to me from the article whether the source object from the signal will necessarily be invisible. I think every transmitter still at least looks like a point source of blackbody radiation. The signal may not be detectable from thermal background radiation, but if the background itself is coming from a big obvious drone, well, you know it "exists nearby".
Only because TLS never tried to be metadata-resistant in that way.
For example, Noise protocol + Elligator + constant bandwidth, is indistinguishable.
You do have to try, though, is the point. It's not automatic just because the output of the cipher itself is cryptographically random. And when you do try, the lack of metadata will itself be a clue as to the software generating it.
> transmitter still at least looks like a point source of blackbody radiation
The whole trick is that on average it is a source of blackbody radiation exactly like any other piece of matter next to it, same temperature. It does not produce a light or dark spot on an IR camera image. It turns hotter ("positive light") and colder ("negative light") with a very high frequency, in a controllable way.
But once you've located the device, you can use a number of electronic warfare approaches to crack into it, not necessarily through its main radio interface. For instance, electromagnetic interference, heating, etc, all can inject a subtle hardware failure that the software is not ready to handle.
Hence, "the real advantage is surely that nobody notices you're transmitting data at all?"
Not just that you are transmitting any data, but that there's some "you", or your device. "All clear, nothing to see here".
You really need to look up the Kirchoff principle
It adds a layer of obscurity, but not real security. If somebody is looking, neither sender or receiver can detect it or know if their ciphertext was intercepted. Depending on the methods used, the cipertext might not be immediately crackable with currently known algorithms and resources. However, it can be archived and broken at a later date, or by an actor who has access to algorithms/resources that aren't currently public.
Covert transmission is security. Think of a spy or North Korean dissident, mere detection of a transmission means compromise; Eve will extract the plain text using the trusty $10 wrench.
harvest-now-decrypt-later attacks aren't much of a concern for modern symmetric cryptography. heck, even known-broken ciphers like rc4 aren't easy to break in a non-interactive setting with modest ciphertext sizes and no key reuse.
It all depends on who the message needs to be secure from, and for how long.
Sure, but for symmetric ciphers it's not hard to hit the "by anyone, for my lifetime" threshold. NIST does not define a sunset date for AES-256, for example.
> Only a receiver with the right equipment can pick up the hidden message.
So all an eavesdropper has to do is setup the right equipment then? I guess it is only invisible until the technology becomes more widely available.
They also have to know where to look.
The big claim in general appears to be that the signal is not obvious because it averages out to normal background radiation noise. The article doesn't communicate this well though.
The bit that you quoted, I think that's just a random sentence that looks dumb out of context. I don't think it means anything special.
As invisible as radio signals then.
Now now... Let's be fair...
Radio broadcasts to everyone.
Light you can block off to a single direction.
Oh wait, directional radio antennas exist. Nevermind, yes. Exactly like radio waves.
> Light you can block off in a single direction.
Sorta, kinda. You're really only just attenuating things a lot. It's tricky to actually block it off fully.
Same with radio waves, as light is literally the same phenomena as radio waves, it's just shaking faster.
Maybe I'm missing something, but this reads like a complicated way to say "We made an IR diode that gets cold as well as hot."
Or you can call it encryption along different axis. Much like extracting GPS signals from below thermal floor level - you can do it if you 1) know it's there, and 2) know exactly how to key in. It's impressive as heck, but you can always rephrase it in terms of information theory in ways that makes it sound like slightly different shade of mundane.
No, this has nothing whatsoever to do with encryption, and no real security, probably
Depends on how you modulate it. Think e.g. frequency hopping / spread spectrum: it's encryption, just done on modulation instead of transmitted data.
I don't believe you're missing anything. This is just stegenography with a possibly new covert channel, right? Apparently the secret depends on advisaries not noticing the special hardware deployed on each end. Would using spread sprectum techniques would work just as well?
I think the reason the negative luminance is potentially important for secrecy is that it means the average of the signal you’re transmitting is zero, making it indistinguishable from noise.
Yeah, but saying that doesn't get the military to give you money.
I would much rather have been called a computerologist than a computer scientist.
Yep.
It's impressive how this article made this sound like a breakthrough, didn't even mention the entire historied field of steganography once.
The paper itself mentions steganography in the second sentence at least.
Makes me look at steganography in slips on sunglasses an entirely new light.
This is basically spread-spectrum / CDMA, but in a different frequency range? As others have mentioned in comments here, GPS signals are already far below the thermal noise floor.
So it's a camouflaged semaphore?
I don't understand what makes it hidden if anyone with the right equipment can pick it up. That's like calling X-rays hidden because most cameras can't pick them up.
True. I think the novel point is that on average, the emitter just isn't emitting. Normally, you can have a very simple piece of equipment that can pick up the fact that a signal source is emitting something, but then you need to get a more specialised piece of equipment to actually collect and decode the transmission. This just raises the stakes to having to have the specialised equipment to see that there is a transmission at all.
It seems simpler to use a secure radio protocol instead of relying on security by obscurity for communication.
A covert signal is still beneficial even if the signal is secure. The existence of the signal is valuable metadata.
For a contrived example, imagine I'm in a warzone:
- Secure = Enemies can't read my messages. Good. But they can still triangulate my position.
- Covert = Enemies don't know I exist
Another example: in some regimes merely using Tor is illegal, or say in the US using it is enough to justify a search warrant for probable cause, with no evidence of any actual wrongdoing. The EU Chat Control lobby is also trying very hard to criminalize encryption. The simple act of trying to communicate privately is taken as indicative of criminal wrongdoing in the modern world. Being able to communicate without adversarial parties knowing you're communicating is a boon.
+1. As another example see https://en.wikipedia.org/wiki/Numbers_station -- people can't decipher the messages, but they strongly suspect something spy-y is going on. If they couldn't even detect it, there would be no suspicion.
Also hi StevenWaterman, I recognize you from previous comments! I think this is the first time that's happened to me on HN
Also even if they know you are transmitting, it may still be beneficial to prevent them from knowing how much you are transmitting.
Imagine the enemy detects some of your transmission, even knowing it's encrypted, they can still look at the data rate (or estimate order of it):
- 5 bps = probably a random transmitter, maybe audio spy device, maybe remote detonated weapon
- 5 Mbps = probably a feed from military hardware or personnel
Similar inferences can be made about volume, if they can identify distinct transmissions. Etc. If tricks like these can make the enemy confuse 5 Mbps TX for a 5 bps one, it has obvious tactical utility.
Unless they have "the right equipment". Then you are right back at the same situation.
Nobody has "the right equipment" everywhere all at once, especially not with operators (human or otherwise) set to monitor it all the time.
In the real world, obscurity is the cornerstone of security.
DSSS is sort of both security and obscurity at the same time. The very act of spreading your spectrum out via a secret key also has the effect of reducing the amplitude of your transmission, ideally below the noise floor. A receiver on the other side wouldn't see anything except noise unless they had the same key.
Secure channels can still be jammed. Undetectability is a fundamentally different goal than secrecy.
I am sure you could encrypt the warmth message somehow.
Unless your adversary is scanning for RF emissions, which is getting more and more common.