A Zero-Knowledge Protocol for Nuclear Warhead Verification

Hannah Davinroy


In times of an uncertain nuclear future, with the intersection of advancing technology for nuclear energy in the midst of a slew of diplomatic tensions, the questions of nuclear non-proliferation is as important as ever. Since the emergence of nuclear technology in the 1930s through the thaw of Cold War tensions in the 1990s, global politics have played a great role in the monitoring of nuclear technology. National governments and state-sponsored research laboratories remain necessarily guarded of their top-secret technology. In the 1990s, questions of verification and inspection during disarmament became more prominent. Many agree that while a “global-zero” might not be possible in terms of total operational nuclear warheads, a number in the hundreds per nuclear nation is realistic. The limitation of total deployed strategic warheads has been explored in disarmament deals like the New START Treaty ratified by President Obama and Russian Prime Minister Dmitry Medvedev in 2010. This disarmament, which requires a reduction in the total number of deployed strategic warheads, depends on the ability of each nuclear country — and even non-nuclear nations — to monitor the status of warheads as they remain deployed, are stored, or enter the dismantlement queue.

Status Quo Verification and the Desire for a Zero-Knowledge System

The creation of a verification system is both technologically very difficult and politically even more so. No country wants its nuclear secrets to be leaked. Though the current system of counting the number of deployed strategic warheads does not allow for the escape of any national secrets, this status quo method cannot provide an exact number without a significant uncertainty. In a game where an underestimation could cause catastrophic loss, the development of a new protocol is much desired. Alex Glaser — professor in Princeton’s Woodrow Wilson School of Public Policy, Boaz Barak – Principal Researcher at Microsoft New England, and Rob Goldston — former director of Princeton Plasma Physics Laboratory and professor of astrophysics at Princeton, have done just this. Scrutinizing the problem of verification without revealing secret technology, Glaser, Boaz, and Goldston apply the idea of zero-knowledge proof to the confirmation of disarmament. During a time with nuclear non-proliferation and inspection in the news every day and the framework of a US-Iran agreement being developed, Glaser and Goldston were enthusiastic to sit down and talk about the future of a zero-knowledge verification protocol.

The process includes the creation of a fingerprint, almost a reverse x-ray, of the contents of the test object — potentially a nuclear warhead. The test objects are then subjected to transmission of a preloaded known number of 14MeV neutrons. The initial fingerprint, as created by the host, is then compared with the transmission pattern to confirm that the test objects are identical. Indeed, if multiple tests are run simultaneously and the fingerprints are randomized to the transmission pattern of the test object, the probability that they are not identical falls even more. Though in theory the noise of a transmission pattern could reveal information about the contents of the test object, Goldston points out, “With neutrons, you’re not going to get an exact number; you’re going to get statistically uncertain numbers so that the signal carries no information and the noise carries no information.”

The advantage of a technology that not only doesn’t reveal any sensitive information but also does not measure the sensitive information in the first place is obvious. Citing the possibility for verification methods to backfire and instead cause nuclear proliferation, Goldston says, “What we don’t want is the inspectors from the IAEA [International Atomic Energy Agency] to learn what the warheads consist of.” Not only would sensitive information give countries a stronger arsenal but indeed a stronger understanding of how to prepare countermeasures against a nuclear attack.

This zero-knowledge approach also creates a disincentive for countries to deceive the inspector. The falsification of a template or the use of non-identical test objects would put the host at serious risk. Glaser weighs in, “Built in there is a certain deterrent to cheat, because very likely, if I cheat, something is going to show up on the x-ray then the inspector will learn something. I may get away with it once, but over time it will fail, and that’s counterproductive because you have revealed the secret to the inspector.”

Major Issue if a System is Developed under the Framework

With the proposed zero-knowledge method put forth by Goldston and Glaser, though it addresses the issue of doctoring both the fingerprints submitted by the host and the test objects, the issue of mistrust and concealed technologies remain. The way the method is proposed, the host will provide the verification system to the inspector. Glaser elaborated, “The bottom line is that electronics are vey hard to authenticate to make sure that this electronic piece of equipment is doing what it is supposed to do. The problem is that the host, whoever owns the warhead, will insist that the electronic that is being used is his own.” The inspector must then have a very high level of trust that the system itself has not been falsified to give positive identification of a warhead when it was not a warhead, or vice versa. Though this poses a serious obstacle to the adoption of the zero-knowledge system, Goldston believes that international cooperation in the development of the technologies will overcome this. He says, “There’s a lot of argument that says we should work together, and they should see what we’re thinking about so when the [inspection system] arrives, they know what it’s supposed to be, they can inspect it and see that it really is what it’s supposed to be. And if it’s a relatively simple thing and everyone has developed it together than that will be an easier process.”

What is Happening with Zero-Knowledge Today

Though Glaser, Boaz, and Goldston have been refining their idea and addressing some of the loopholes, there has been relatively little progress — or really need for progress — since the publication of their paper, “ A zero-knowledge protocol for nuclear warhead verification” in Nature in June 2014. “In the army they’re always saying, ‘Hurry Up and Wait,’“ Goldston says, “For this it’s ‘Wait and Hurry Up.’ There’s enough money to play with the idea now, but suddenly the politicians will jump in and say, ‘What have you got?’”

For now, the goal is to continue to ready the research for application. Even after receiving a five-year grant from the National Nuclear Security Administration of the U.S. Department of Energy, the process is slow. “We’ve got enough money to do a very good proof of principle on how well this works, and we also know we won’t be taking our system and attaching it to a real, deployed warhead in the next five years, though there is the possibility that we could work with some special materials. The goal at the end of five years is to have done enough prototyping that you could start to build a real one.” Glaser was even more pessimistic about the creation of a workable prototype of their envisioned system, though more hopeful about a general zero-knowledge method, “For me it’s about injecting some new momentum and new ideas, maintaining some of the knowledge and hopefully generating some new knowledge.”

One of these areas of new knowledge is the emergence of non-electronic zero-knowledge methods. In particular, a non-electronic detector would create less opportunity of tampering by the host. Such technologies as superheated emulsions, or ‘bubbles’ could be arranged in a microscopic matrix in order to measure transmission patterns instead of electronic, and possibly faulty, detectors.

Though Goldston and Glaser make a strong argument for their zero-knowledge methods, the adoption of such verification processes will take many iterations and quite a long time. In the global context of uncertain national security, countries are paranoid, and as Goldston aptly put it, “Being fooled is high stakes.”

Additional Information on Zero-Knowledge Protocol

Science on a Saturday” — General public talk on Zero-Knowledge Protocol given by Rob Goldston at the Princeton Plasma Physics Laboratory on Feb. 28, 2015

Glaser, Alexander, Boaz Barak, and Robert J. Goldston. "A Zero-Knowledge Protocol for Nuclear Warhead Verification." Nature 510 (June 2014): 497.

Hannah Davinroy is a physics major at Princeton University. She plans to pursue a career in science policy, using her background in physics to tackle today’s national and international challenge. She believes that in times of an uncertain future with climate change, technological warfare, and threats to global health, policy makers with a background in science and scientists who dedicate themselves to furthering society are invaluable.

These contributions have not been peer-refereed. They represent solely the view(s) of the author(s) and not necessarily the view of APS.