Commercial quantum crypto product - news article
Arnold G. Reinhold
reinhold at world.std.com
Wed Jun 5 21:15:41 EDT 2002
At 5:23 PM -0400 5/31/02, Steven M. Bellovin wrote:
>In message <2F1A38DC0413D311A7310090273AD527042023F8 at dthrexch01>,
>"Kossmann, Bi
>ll" writes:
>>Anybody familiar with this product?
>>
>>
>>A Swiss company has announced the commercial availability of what it says
>>are the first IT products which exploit quantum effects rather than
>>conventional physics to achieve their goals. (05/31/2002)
> >http://itworld.ca/rpb.cfm?v=20021510001
>
>A fascinating article. It raises an interesting point: how does one
>validate such a system?
>
I think that is a very good question. All quantum crypto claims to do
is insure that someone who accesses the fiber optic cable between the
end points can't recover your secret data. You still have to verify
that the quantum transceivers are doing quantum crypto properly and
don't contain any malware that records and leaks keys.
According to the article, the Swiss vendor claims to be able to send
1000 bits of quantum secured info per second over short distances.
By contrast, a pair of ordinary CD-Rs filled with random bits can
supply 1000 unique bits/sec for over 20 years. The problem of getting
the duplicate disk to the other end point without being compromised
is no harder than the problem of getting the quantum transceivers to
the endpoints without being tampered with.
The quantum approach does offer forward security (assuming the
hardware can be trusted). This can also be done with CD-Rs by
shipping a box of them and destroying them as used. A one year supply
of weekly CDs (or 5 year supply of monthlies) fits in a shoe box.
Another approach is to xor the CD-R derived key with a nonce
exchanged using public key techniques, e.g. D-H. Then you are only
depending on PKC technology to provide forward security for a week or
month. One other advantage of the CD-R approach is that it is immune
to an obvious denial of service attack against the quantum method:
cutting the fiber optic cable.
Not only do random CD-Rs cost far less than laying a fiber optic
line, the process of creating them can be understood and implemented
by the organization that wishes secrecy using off the shelf hardware,
without reliance on outside vendors. In cryptography, complexity only
multiplies risk.
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list