Commercial quantum crypto product - news article CORRECTED
Arnold G. Reinhold
reinhold at world.std.com
Thu Jun 6 09:31:49 EDT 2002
[Moderator: Please replace my earlier posting on this topic with this
one. My concept was ok but my calculations were way off. Shouldn't
hit send late at night! -- agr]
At 5:23 PM -0400 5/31/02, Steven M. Bellovin wrote:
>In message <2F1A38DC0413D311A7310090273AD527042023F8 at dthrexch01>,
>"Kossmann, Bi
>ll" writes:
>>Anybody familiar with this product?
>>
>>
>>A Swiss company has announced the commercial availability of what it says
>>are the first IT products which exploit quantum effects rather than
>>conventional physics to achieve their goals. (05/31/2002)
> >http://itworld.ca/rpb.cfm?v=20021510001
>
>A fascinating article. It raises an interesting point: how does one
>validate such a system?
>
I think that is a very good question. All quantum crypto claims to do
is insure that someone who accesses the fiber optic cable between the
end points can't recover your secret data. You still have to verify
that the quantum transceivers are doing quantum crypto properly and
don't contain any malware that records and leaks keys.
According to the article, the Swiss vendor claims to be able to send
60 bits of quantum secured info per second over a 67 km path. By
contrast, an ordinary 100 GB hard disk filled with random bits can
supply 60 unique bits/sec for over 50 years. The problem of getting
duplicate disks to the end points without being compromised is no
harder than the problem of getting the quantum transceivers to the
endpoints without being tampered with.
The quantum approach does offer forward security (assuming the
hardware can be trusted). But this can also be achieved by shipping a
box of CD-Rs and destroying them as used. One CD-R will hold four
months of data at 60 bits/sec. At the higher speed of 1000 bits/sec
for short paths, mentioned in the article, one CD-R will hold a
week's worth. A one year supply of weekly CDs (or a 5 year supply of
monthlies) fits in a shoe box. If you combine the disk derived key
with a nonce exchanged using public key techniques, then you are only
depending on PKC technology to provide forward security for a week or
month.
You can ship random data disks periodically using a variety of means
(courier, FedEx, business travelers...) and combine them with
earlier disks (xor or, better, addition) so the an attacker has to
intercept all the disks to keep up. Of course there is no limit on
how far you can send the random data disks and the disk approach is
immune to an obvious denial of service attack against the quantum
method: cutting the fiber optic cable.
Not only do random data disks cost far less than laying a fiber optic
line, the process of creating them can be understood and implemented
by the organization that wishes secrecy, using off the shelf
hardware, and without reliance on outside vendors. In cryptography,
complexity only multiplies risk.
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list