[18527] in cryptography@c2.net mail archive
[dave@farber.net: [IP] more on  ARMSTRONG LECTURE on Quantum Crypto and Optical Networks (Forwarded)]]
daemon@ATHENA.MIT.EDU (Eugen Leitl)
Tue Sep 20 17:30:22 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 20 Sep 2005 10:25:11 +0200
From: Eugen Leitl <eugen@leitl.org>
To: Cryptography List <cryptography@metzdowd.com>
--IF6ZtRt8ewx116b4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
----- Forwarded message from David Farber <dave@farber.net> -----
=46rom: David Farber <dave@farber.net>
Date: Mon, 19 Sep 2005 20:30:36 -0400
To: Ip Ip <ip@v2.listbox.com>
Subject: [IP] more on  ARMSTRONG LECTURE on Quantum Crypto and Optical Netw=
orks (Forwarded)]
X-Mailer: Apple Mail (2.734)
Reply-To: dave@farber.net
Begin forwarded message:
=46rom: Rod Van Meter <rdv@tera.ics.keio.ac.jp>
Date: September 19, 2005 7:25:19 PM EDT
To: Joe Touch <touch@ISI.EDU>, dave@farber.net
Cc: smb@cs.columbia.edu, David Wagner <daw@cs.berkeley.edu>
Subject: Re: [Fwd: Re: [IP] ARMSTRONG LECTURE on Quantum Crypto and =20
Optical Networks (Forwarded)]
Reply-To: rdv@tera.ics.keio.ac.jp
[Dave, for IP, if you wish...]
I generally agree with Dave Wagner's response, but a few thoughts...
The physicists are indeed working on quantum repeaters, capable of doing
QKD over long distances.  The trouble is, you have to trust every one of
the repeaters.
I wouldn't phrase the "fiber security" issue quite the same way.  As
others have said, what you need is access to an authenticated channel,
then you're set (but that's a non-trivial problem!).  It's important to
note that a) QKD does NOT solve what Shor's factoring algorithm broke,
and b) key exchange/distribution is not the biggest security problem we
have on the net (it might not even make the top ten).
The one possibly interesting use of QKD is for the super-paranoid: those
who believe their traffic is being snooped today, and don't want it
decrypted fifty years from now when theoretical and technological
advances render all classical cryptography breakable (!?!).
But in order for that to work, you have to use the QKD-generated random
bit string as a one-time pad, not just a seed or key for classical
encryption.  That means you need very high QKD bit-generation rates, and
most are still in the kilobits/second.  Some experiments have been done
in the low megabits/sec., but that's pre-filtering, I believe, which
costs you at least one order of magnitude in performance.
If you do it right, then, authentication that is good enough TODAY, plus
QKD to generate a random one-time pad, can make your data secure FOREVER
(modulo breakins/breakdowns at the endpoints).  Even if your
authentication is broken later, since it's not used in the actual data
exchange, the attacker gains no data.  This is covered in Paterson et
al.'s paper.
I arrived at the party a little late to get in on the recent thread at
Dave Bacon's Quantum Pontiff blog, but I did throw in my two cents
anyway:
http://dabacon.org/pontiff/?p=3D1049#comments
Dave's blog is an excellent source for current news and gossip, and is
read (and commented on) by many of the best names in the biz.
btw, Steve, not sure if you're aware of it or not, but Al Aho's student
Krysta Svore is doing quantum stuff for her thesis.  She just spent a
year in Cambridge working with Ike Chuang, but is back at Columbia, I
understand.  She's pretty sharp.
        --Rod
-------------------------------------
You are subscribed as eugen@leitl.org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=3Dip
Archives at: http://www.interesting-people.org/archives/interesting-people/
----- End forwarded message -----
--=20
Eugen* Leitl <a href=3D"http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
--IF6ZtRt8ewx116b4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDL8dndbAkQ4sp9r4RAs5VAJ9a2GEER0yPgP2htNkc7zGOAwRqvQCbBFku
IsZ3tyITALtt5izrXYgWLAE=
=VT53
-----END PGP SIGNATURE-----
--IF6ZtRt8ewx116b4--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com