Can Eve repeat?

Ivan Krstic ccikrs1 at cranbrook.edu
Mon Sep 29 00:44:07 EDT 2003 

On Fri, 26 Sep 2003 09:10:05 -0400, Greg Troxel <gdt at ir.bbn.com> wrote:
[snip]
> The current canoncial
> paper on how to calculate the number of bits that must be hashed away
> due to detected eavesdropping and the inferred amount of undetected
> eavesdropping is "Defense frontier analysis of quantum cryptographic
> systems" by Slutsky et al:
>
>   http://topaz.ucsd.edu/papers/defense.pdf

Up-front disclaimer: I haven't had time to study this paper with the level 
of attention it likely deserves, so I apologize if the following contains 
incorrect logic. However, from glancing over it, it appears the 
assumptions on which the entire paper rests are undermined by work such as 
that of Elitzur and Vaidman (see the article I linked previously). 
Specifically, note the following:

"This security is derived from encoding the data on nonorthogonal quantum 
states of a physical carrier particle. Since such quantum states cannot be 
duplicated or analyzed in transit without disturbing them, any attempt to 
interfere with the particle introduces transmission errors and thereby 
reveals itself to Alice and Bob."

And:
"They [Alice and Bob] then assume that all errors are eavesdropping 
induced and estimate Eve's potential knowledge of their data in this 
worst-case situation."

If we do away with the idea that there are no interaction-free 
measurements (which was, at least to me, convincingly shown by the Quantum 
seeing in the dark article), this paper becomes considerably less useful; 
the first claim's validity is completely nullified (no longer does 
interference with particles necessarily introduce transmission errors), 
while the effect on the second statement is evil: employing the proposed 
key distillation techniques, the user might be given a (very) false sense 
of security, as only a small percentage of the particles that Eve observes 
register as transmission errors (<=15%, according to the LANL figure).

Best regards,
Ivan Krstic

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list