quantum hype
David Wagner
daw at mozart.cs.berkeley.edu
Sun Sep 14 13:54:14 EDT 2003
Arnold G. Reinhold wrote:
>I think there is another problem with quantum cryptography. Putting
>aside the question of the physical channel, there is the black box at
>either end that does all this magical quantum stuff. One has to trust
>that black box.
>
>- Its design has to thoroughly audited and the integrity of each unit verified
>- It has to be shipped securely from some factory or depot to each end point
>- It has to be continuously protected from tampering.
Yes. Several years ago, Adi Shamir presented some fascinating
attacks on the implementation of such black boxes at Cryptrec, so
it is not something that should be taken for granted.
>It seems to me one could just as well ship a 160 GB hard drive filled
>with random keying material to each endpoint.
Well, I agree. If we get to use complexity-based crypto that is
not proven secure, like AES, RSA, or the like, then we can do much
better than quantum crypto. The only real attraction of quantum crypto
that I can see is that its security does not rely on unproven
complexity-theoretic conjectures.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list