[14230] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: quantum hype

daemon@ATHENA.MIT.EDU (Dave Howe)
Sun Sep 21 12:15:28 2003

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Dave Howe" <DaveHowe@gmx.co.uk>
To: "Email List: Cryptography" <cryptography@metzdowd.com>
Date: Sun, 21 Sep 2003 17:04:20 +0100

>> no. its the "underlieing hard problem" for QC. If there is
>> a solution to any of the Hard Problems, nobody knows about them.
>right, so it's no better than the arguable hard problem of
>factoring a 2048 bit number.
Peter Fairbrother may well be in possession of a break for the QC hard
problem - his last post stated there was a way to "clone" photons with
high accuracy in retention of their polarization (at the cost of a
irrelevent increase in wavelength) so that Mallory could test photons with
BOTH filters, determining the value of the bit (from the correct filter
which would show a strong bias to the correct bit value) and the
orientation (given the incorrect filter would be roughly 50/50)

> wrong. i don't consider those that shouldn't know about
> some things to be my enemies. i know that crypto is
> useful when someone actively seeks information.
Hmm. normally, the agent attempting to intercept your traffic is termed
the attacker; I don't know many attackers that aren't enemies :)

> but if i want my girlfriend not to see those
 mails i send to this other chick (i have no
> girlfriend btw),
I suspect my wife might not like it if I had one :)

> i encrypt them and guard against the risk that i leave
> the window open when she comes home and she
> accidentally hits enter to read that email.
but not against you accidentally leaving the plaintext window open, or
your system having stored a draft of the plaintext someplace.
endpoint security is typically much, much harder than transmission
security (despite key exchange not being an issue) simply because so many
standard machines and software is orientated towards data loss prevention,
not security.

> i guess it's a matter of definition, so let's just leave it there.
indeed. perhaps "interceptor" rather than enemy would be closer?

> You seem to have a lot more of a grasp than I.
I am (as usual) standing on the shoulders of giants; I am simply repeating
my understanding of what they said trying to dumb it down to my miserable
level :)

> Anyhow, we are deviating here and there from the topic.
> So let me summarise:
>   - QC, if correctly used, can serve as the basis for OTP
>    encryption.
correct - it is a key negotiation method, not an actual transmission
method.

>  - The provable security of QC thus actually comes from OTP.
no, the provable security of OTP is a given. the security of QC comes from
not being able to determine the polarization of a photon without pushing
it though a filter and seeing if it fits :)

>  - QC needs an unbroken channel. The channel does not have to be
>    private because an observer destroys photons, which can be
>    detected.
destroying photons would mean breaking (diverting the flow of photons
down) the channel, so there is no real distinction.

>  - This observer could DoS the communication, but that's akin to
>    cutting the land-line.
indeed. not only akin, but actually a case of :)

>  - Actually, no, because if I don't rely on QC but have other
>    means, I can switch to another medium if someone cuts my
>    landline.
in fact, you would be better served using another channel (or channels)
for actual data, and keeping the optical channel for key negotiation only.
a successful MiTM attack relies on controlling *all* the communications
between alice and bob. if there are multiple channels, and even one is
missed, alice and bob can determine there was a middleman involved and the
attack breaks down. Ideal for transmitting the actual data would be (say)
a broadcast medium; alice can check her own trasmissions, and bob can read

> Btw: is this list archived?
yes
http://www.mail-archive.com/cryptography%40metzdowd.com/index.html
and in general terms, always assume mailing lists are not only archived,
but read avidly by the enemies I have and you haven't got ;)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post