[14328] in cryptography@c2.net mail archive
Re: Can Eve repeat?
daemon@ATHENA.MIT.EDU (Ivan Krstic)
Mon Sep 29 09:47:31 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 29 Sep 2003 00:44:07 -0400
To: Greg Troxel <gdt@ir.bbn.com>,
Peter Fairbrother <zenadsl6186@zen.co.uk>
Cc: iang@systemics.com, cryptography@metzdowd.com
From: Ivan Krstic <ccikrs1@cranbrook.edu>
In-Reply-To: <20030926131005.197E51F7B@fnord.ir.bbn.com>
On Fri, 26 Sep 2003 09:10:05 -0400, Greg Troxel <gdt@ir.bbn.com> wrote:
[snip]
> The current canoncial
> paper on how to calculate the number of bits that must be hashed away
> due to detected eavesdropping and the inferred amount of undetected
> eavesdropping is "Defense frontier analysis of quantum cryptographic
> systems" by Slutsky et al:
>
> http://topaz.ucsd.edu/papers/defense.pdf
Up-front disclaimer: I haven't had time to study this paper with the level
of attention it likely deserves, so I apologize if the following contains
incorrect logic. However, from glancing over it, it appears the
assumptions on which the entire paper rests are undermined by work such as
that of Elitzur and Vaidman (see the article I linked previously).
Specifically, note the following:
"This security is derived from encoding the data on nonorthogonal quantum
states of a physical carrier particle. Since such quantum states cannot be
duplicated or analyzed in transit without disturbing them, any attempt to
interfere with the particle introduces transmission errors and thereby
reveals itself to Alice and Bob."
And:
"They [Alice and Bob] then assume that all errors are eavesdropping
induced and estimate Eve's potential knowledge of their data in this
worst-case situation."
If we do away with the idea that there are no interaction-free
measurements (which was, at least to me, convincingly shown by the Quantum
seeing in the dark article), this paper becomes considerably less useful;
the first claim's validity is completely nullified (no longer does
interference with particles necessarily introduce transmission errors),
while the effect on the second statement is evil: employing the proposed
key distillation techniques, the user might be given a (very) false sense
of security, as only a small percentage of the particles that Eve observes
register as transmission errors (<=15%, according to the LANL figure).
Best regards,
Ivan Krstic
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
