[145237] in cryptography@c2.net mail archive
Re: Quantum Key Distribution: the bad idea that won't die...
daemon@ATHENA.MIT.EDU (silky)
Wed Apr 21 18:45:16 2010
Reply-To: michaelslists@gmail.com
In-Reply-To: <87vdblx7rr.fsf@snark.cb.piermont.com>
Date: Thu, 22 Apr 2010 08:05:23 +1000
From: silky <michaelslists@gmail.com>
To: "Perry E. Metzger" <perry@piermont.com>
Cc: cryptography@metzdowd.com
First of all, I'm sure you know more about this than me, but allow me
to reply ...
On Wed, Apr 21, 2010 at 11:19 PM, Perry E. Metzger <perry@piermont.com> wro=
te:
> > Useless now maybe, but it's preparing for a world where RSA is broken
> > (i.e. quantum computers) and it doesn't require quantum computers; so
> > it's quite practical, in that sense.
>
> No, it isn't. QKD is useless three different ways.
>
> First, AES and other such systems are fine, and the way people break
> reasonably designed security systems (i.e. not WEP or what have you) is
> not by attacking the crypto.
I didn't say AES, I said RSA. Specifically I was referring to Shors
factoring algorithm on quantum computers :
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=3D10.1.1.47.3862
> Second, you can't use QKD on a computer network. It is strictly point to
> point. Want 200 nodes to talk to each other? Then you need 40,000
> fibers, without repeaters, in between the nodes, each with a $10,000 or
> more piece of equipment at each of the endpoints, for a total cost of
> hundreds of millions of dollars to do a task ethernet would do for a
> couple thousand dollars.
Sure, now. That's the point of research though; to find more efficient
ways of doing things. If you stopped working on anything that seemed
initially too hard or unpractical I don't think we'd get anywhere.
> Third, QKD provides no real security because there is no actual
> authentication. If someone wants to play man in the middle, nothing
> stops them. If someone wants to cut the fiber and speak QKD to one
> endpoint, telling it false information, nothing stops them. You can
> speak the QKD protocol to both endpoints and no one will be the
> wiser. So, you need some way of providing privacy and
> authentication... perhaps a conventional cryptosystem.
I agree this is an issue, and from my reading it doesn't seem
completely resolved, but again I think it's reasonable to continue
researching into solutions. Importantly, however, is that if a
classical system is used to do authentication, then the resulting QKD
stream is *stronger* than the classically-encrypted scheme.
> So, what did QKD
> provide you with again?
>
> There is no point to QKD at all.
I disagree.
> Perry
> --
> Perry E. Metzger =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0perry@piermont.com
--=20
silky
http://www.programmingbranch.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
