[14169] in cryptography@c2.net mail archive
Re: quantum hype
daemon@ATHENA.MIT.EDU (David Wagner)
Sat Sep 13 18:08:35 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: David Wagner <daw@cs.berkeley.edu>
To: jsd@av8n.com (John S. Denker)
Date: Sat, 13 Sep 2003 14:43:32 -0700 (PDT)
Cc: madduck@madduck.net (martin f krafft),
daw@cs.berkeley.edu (David Wagner),
cryptography@metzdowd.com (crypto list)
In-Reply-To: <3F638F64.10000@av8n.com> from "John S. Denker" at Sep 13, 2003 05:43:00 PM
> On 09/13/2003 05:06 PM, David Wagner wrote:
> > Quantum cryptography *assumes* that you
> > have an authentic, untamperable channel between sender and receiver.
>
> Not true. The signal is continually checked for
> tampering; no assumption need be made.
Quantum crypto only helps me exchange a key with whoever
is on the other end of the fibre optic link. How do I know
that the person I exchanged a key with is the person I wanted
to exchange a key with? I don't ... unless I can make extra
assumptions (such as that I have a guaranteed-authentic channel
to the party I want to communicate with).
If I can't make any physical assumptions about the authenticity
properties of the underlying channel, I can end up with a scenario
like this: I wanted to exchange a key securely with Bob, but instead,
unbeknownest to me, I ended up securely exchanging key with Mallet.
I believe the following is an accurate characterization:
Quantum provides confidentiality (protection against eavesdropping),
but only if you've already established authenticity (protection
against man-in-the-middle attacks) some other way.
Tell me if I got anything wrong.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com