Brain-generated private keys offer a source of randomness that's far less likely to be snooped on than computational random number generators.
Private keys are essentially very random passwords used in cryptographic algorithms. They can be generated through a recording sample taken from a brain. Brain-generated passwords are ideal because an individual’s connectome may show sufficient variation to prevent a hacker from all-out network attack (Kelly et al. ). The far greater number of states in the human brain (2^210,000,000,000) versus typical cryptographic algorithms (2^256) are encouraging for this endeavor. If a (quantum) computer were ever powerful enough to guess a private key generated by an implant-stored algorithm, the network would collapse.
To evaluate the potential of neurons for private key generation, recordings from 384 to 640 neurons were taken from rhesus macaque primates during a center-out task (Li et al. ). Data was sorted into 10ms and 100ms bins. A neuron that had fired within the bin window was given a ‘1’, while those that were quiet were given a ‘0’. For each time window, the neurons were randomly sorted into groups of 32, constructing a 32-bit number based on firing state. Over 14 million 32-bit numbers were generated in this manner. After excluding 0 (the 32-bit number), each of the 14 million numbers were unique. However, the greater prevalence of the ‘0’ bit-state (quiet neurons) resulted in a non-uniform distribution (Figure 6), invalidating this rudimentary method as a means for private key generation.
Figure 6: The top panel depicts a histogram for the distribution of the total dataset of 32-bit numbers, sorted into 300 bins. The middle and bottom panels depict histograms for two particular days of recording, sorted into 300 bins. The non-uniform distribution in each case indicates a vulnerability in private key generation.
While only 32-bit numbers are utilized here, fully uniform 32-bit numbers can be concatenated to create larger numbers, and thereafter, significant computational barriers for private key guessing. It is important to use a dataset as uniform as possible, or else attacks can be utilized which make use of the most commonly-generated numbers. Simplifying to the 32-bit-state allows for increased sample size and more efficient data processing.
A second approach utilized a combination of biological and computational means. Using MATLAB’s random number generator, a neuron that had been given a ‘0’ bit-state had a 25% or 35% chance of being altered to a ‘1’. Figure 7 depicts a new level of uniformity of the dataset. While the data is increasingly uniform, the partial reliance on a random number generator is somewhat concerning. Fortunately, this combination is much more secure than simply using a random number generator on its own. With the neurons partially-generated by a persons brain, the advantages to individuality are maintained without full reliance on a random number generator.
Figure 7: a) Full distribution for neurons that had a 25% chance of changing their bit-state from a ‘0’ to a ‘1’. c) Full distribution for neurons that had a 35% chance of changing their bit-state from a ‘0’ to a ‘1’. It is probable that the “sweet spot” lies somewhere between 25% and 35%.
A third approach was again purely biological. This time, the number of times a neuron had fired in a particular bin was used to influence the bit-states in the neuron’s past bins. In Figure 8a, if a neuron had fired greater than twice in a particular bin, the previous three bins for that neuron had their bit-state set to ‘1’. In Figure 8b, if a neuron fired x times in a particular bin, x previous bins were set to ‘1’. There again appears to be increased uniformity when just comparing these two mechanisms, but not enough for private-key generation. It is possible that a variant of this mechanism could be used, however, the storage and manipulation of past neural recordings offer a potential security vulnerability, as a hacker may be able to edit the stored bit-states to a private key of their choosing. Real-time private-key generation is preferred for optimal security.
Figure 8: a) Full distribution for active neurons that, after firing at least three times, had their previous three bins changed from a ‘0’ to a ‘1’. b) Full distribution for neurons that had x previous bins set to ‘1’, where x is the number of spikes in a particular bin. In this case, bins were not “changed” from 0 to 1 – if a neuron already had a ‘1’ in a previous bin, the bin was included in the x count. Comparison between a) and b) shows increased uniformity.
Figure 9: a) Full distribution for outputs in which the results of two random neurons were merged. If either neuron had at least one spike, a ‘1’ was recorded, otherwise a ‘0’ was recorded. b) Full distribution for a similar case in which three neurons were used. There appears to be slightly more uniformity in the 3-neuron case, indicating that grouping neurons could produce increased uniformity.
A final approach merged neurons. If either of two neurons had a spike, a ‘1’ bit-state was recorded. A similar method was used for three neurons. Outside the first peak in Figure 9, there appears to be increased uniformity elsewhere in the dataset. This is promising because merging neurons offers no potential security vulnerabilities. When recording from 1,000 neurons, 10 neurons may be merged to offer a possibility of 2100 bit-states. This still exceeds the 277 offered by most private-key generation algorithms. As the number of recorded neurons increases, one can expect merged neurons to play a greater role in private-key generation.
This paper explored a simple binary model in a small number of neurons. The simple, real-time characteristics of this method is enticing because it allows more time for spike sorting and does not “hide” potential vulnerabilities behind a complex algorithm. However, utilizing a stored random number generator may be a security vulnerability (Figure 7), as is minor data storage (Figure 8). Further research into merging neurons (Figure 9) should be conducted to determine whether a fully-uniform dataset can be constructed. It is anticipated that as the number of recording neurons increases, so will the ability to generate private-key generation algorithms from neurons. Note that specific motor movements did not consistently elicit particular private keys. This can be explained by the immense amount of noise rampant within the brain.
Encapsulated within each of us is a relatively untapped, multi-billion dollar supercomputer. Our brains are capable of performing particular tasks with a power-efficiency and computing-strength greater than any arrangement of hardware. They are also incredibly talented at recognizing what makes us human, offering potential for a proof-of-cognition protocol to tie digital identities to biological ones. Additionally, an identity-based blockchain offers a safer means of data communication than a centralized server, which can be hacked. Unfortunately, our understanding of the brain lags significantly behind our understanding of machines. Further research into neural engineering may prove that a brain-to-brain network will exponentially increase humanity’s collective intelligence.
Reference: proof-of-cognition-implants , published May 2015. Disclaimer: Project Oblio’s mechanism does not rely on brain implants, but the mechanisms of action are the same. An early version of the paper provably exists in bitcoin address 13eeMVU5fXNfZdoBk5z4fEAbgSH9MawQ6H.