Commercial quantum crypto product - news article CORRECTED

Thu Jun 6 09:31:49 EDT 2002

[Moderator: Please replace my earlier posting on this topic with this 
one. My concept was ok but my calculations were way off. Shouldn't 
hit send late at night! -- agr]

At 5:23 PM -0400 5/31/02, Steven M. Bellovin wrote:
>In message <2F1A38DC0413D311A7310090273AD527042023F8 at dthrexch01>, 
>"Kossmann, Bi
>ll" writes:
>>Anybody familiar with this product?
>>
>>
>>A Swiss company has announced the commercial availability of what it says
>>are the first IT products which exploit quantum effects rather than
>>conventional physics to achieve their goals. (05/31/2002)
> >http://itworld.ca/rpb.cfm?v=20021510001
>
>A fascinating article.  It raises an interesting point:  how does one
>validate such a system?
>

I think that is a very good question. All quantum crypto claims to do 
is insure that someone who accesses the fiber optic cable between the 
end points can't recover your secret data. You still have to verify 
that the quantum transceivers are doing quantum crypto properly and 
don't contain any malware that records and leaks keys.

According to the article, the Swiss vendor claims to be able to send 
60 bits of quantum secured info per second over a 67 km path.  By 
contrast, an ordinary 100 GB hard disk filled with random bits can 
supply 60 unique bits/sec for over 50 years. The problem of getting 
duplicate disks to the end points without being compromised is no 
harder than the problem of getting the quantum transceivers to the 
endpoints without being tampered with.

The quantum approach does offer forward security (assuming the 
hardware can be trusted). But this can also be achieved by shipping a 
box of CD-Rs and destroying them as used. One CD-R will hold four 
months of data at 60 bits/sec. At the higher speed of 1000 bits/sec 
for short paths, mentioned in the article, one CD-R will hold a 
week's worth.  A one year supply of weekly CDs (or a 5 year supply of 
monthlies) fits in a shoe box.  If you combine the disk derived key 
with a nonce exchanged using public key techniques, then you are only 
depending on PKC technology to provide forward security for a week or 
month.

You can ship random data disks periodically using a variety of means 
(courier, FedEx,  business travelers...) and combine them with 
earlier disks (xor or, better, addition) so the an attacker has to 
intercept all the disks to keep up.  Of course there is no limit on 
how far you can send the random data disks and the disk approach is 
immune to an obvious denial of service attack against the quantum 
method: cutting the fiber optic cable.

Not only do random data disks cost far less than laying a fiber optic 
line, the process of creating them can be understood and implemented 
by the organization that wishes secrecy, using off the shelf 
hardware, and without reliance on outside vendors. In cryptography, 
complexity only multiplies risk.

Arnold Reinhold

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com