[14166] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: quantum hype

daemon@ATHENA.MIT.EDU (David Wagner)
Sat Sep 13 17:11:36 2003

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: cryptography@metzdowd.com
From: daw@mozart.cs.berkeley.edu (David Wagner)
Date: Sat, 13 Sep 2003 21:06:56 +0000 (UTC)
Reply-To: daw@cs.berkeley.edu (David Wagner)
X-Complaints-To: usenet@abraham.cs.berkeley.edu

martin f krafft  wrote:
>So MagiQ and others claim that the technology is theoretically
>unbreakable. How so? If I have 20 bytes of data to send, and someone
>reads the photon stream before the recipient, that someone will have
>access to the 20 bytes before the recipient can look at the 20
>bytes, decide they have been "tampered" with, and alert the sender.

You're absolutely right.  Quantum cryptography *assumes* that you
have an authentic, untamperable channel between sender and receiver.
The standard quantum key-exchange protocols are only applicable when
there is some other mechanism guaranteeing that the guy at the other end
of the fibre optic cable is the guy you wanted to talk to, and that noone
else can splice into the middle of the cable and mount a MITM attack.

One corollary of this is that, if we want end-to-end security, one can't
stick classical routers or other such equipment in the middle of the
connection between you and I.  If we want to support quantum crypto,
the conventional network architectures just won't work, because any two
endpoints who want to communicate have to have a direct piece of glass.
Quantum crypto might work fine for dedicated point-to-point links,
but it seems to be lousy for large networks.

For these reasons, and other reasons, quantum crypto looks pretty
impractical to me, for most practical purposes.  There is some very
pretty theory behind it, but I predict quantum crypto will never replace
general-purpose network encryption schemes like SSH, SSL, and IPSec.

As you say, there is a lot of hype out there, but as you're discovering,
it has to be read very carefully.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post