[14239] in cryptography@c2.net mail archive
Re: quantum hype
daemon@ATHENA.MIT.EDU (Peter Fairbrother)
Mon Sep 22 16:39:46 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 22 Sep 2003 21:37:47 +0100
From: Peter Fairbrother <zenadsl6186@zen.co.uk>
To: <Michael_Heyman@NAI.com>, <cryptography@metzdowd.com>
In-Reply-To: <5856CEA9F0E6244CB2A8F771620417810823BC@rocexmb1.corp.nai.org>
Michael_Heyman@NAI.com wrote:
>> From: owner-cryptography@metzdowd.com
>> [mailto:owner-cryptography@metzdowd.com]On Behalf Of Dave Howe
>>
>> Peter Fairbrother may well be in possession of a break for the QC hard
>> problem - his last post stated there was a way to "clone" photons with
>> high accuracy in retention of their polarization
>> [SNIP]
>>
> Not a break at all. The physical limit for cloning is 5/6ths of the bits will
> clone true. Alice need only send 6 bits for every one bit desired to assure
> Eve has zero information. For a 256-bit key negotiation, Alice sends 1536 bits
> and hashes it down to 256 bits for the key.
Agreed. It's not a break, though it does make it harder. Many people think
the no-cloning theorem says you can't clone photons at all. Most COTS QC
gear only "works" under that false assumption.
Then there's the noise/error rates - in practice it's very hard to get > 60%
single photon detection rates, even under the most favourable conditions,
and low error rates are hard to get too.
I tend to the opinion, without sufficient justification and knowledge to
make it more than an opinion, that most COTS QC products are probably secure
today in practice, but claims for theoretical security are overblown.
There may be yet another problem which I should mention. First, I'd like to
state that I'm not a quantum mechanic, and I find the math and theory quite
hard, so don't rely too much on this.
I'm not certain that the 5/6 figure is a universal physical limit. It may
just be an artifact of the particular unitary transform used in that
specific cloning process.
It _may_ be possible for the cloner to get some information about which
photons were cloned incorrectly. This is tricky, and I don't know if it's
right - it involves non-interactive measurement of virtual states, kind of.
Another possibility is to imperfectly clone the photon more than once.
The no-cloning theorem per se doesn't disallow these, it only disallows
perfect cloning, but other physics might.
QC's unbreakability isn't based on a "hard problem", it's based on the
physical impossibility of perfect cloning. But exactly what that
impossibility means in practice, I wouldn't like to say. You can't clone
every photon. Can you only clone 5/6 of photons? Or 99.99999...% of them? It
may be the latter.
BTW, you can decrease the wavelength of a photon by bouncing it off moving
mirrors.
--
Peter Fairbrother
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
