First quantum crypto bank transfer

Florian Weimer fw at deneb.enyo.de
Sun Aug 22 10:16:40 EDT 2004 

* Jerrold Leichter:

> | Not quite correct, the first bank transfer occurred earlier this year,
> | in a PR event arranged by the same group:
> |
> |   <http://www.quantenkryptographie.at/rathaus_press.html>
> |
> | However, I still don't believe that quantum cryptography can buy you
> | anything but research funding (and probably easier lawful intercept
> | because end-to-end encryption is so much harder).

> Not to attack you personally - I've heard the same comments from many other
> people - but this is a remarkably parochial attitude.

I'm the last person to argue against basic research, but I'm really
against presenting it as if had direct practical relevance.  Basic
research such receive government funding, but not based on the false
claim that it can secure bank transfers.

> Quantum crypto raises fundamental issues in physics.  The interaction of
> information and QM is complex and very poorly understood.  No one really knows
> what's possible.  This is neat stuff, and really nice research.  New results
> are appearing at a rapid pace.

I fully agree.  Experimental quantum physics *is* important, but much
more from a physics point of view than from a cryptography point of
view.

> Will this end up producing something new and useful?  Who can say?  Right now,
> we're seeing the classic uses for a new technique or technology:  Solving the
> old problems in ways that are probably no better than the old solutions.

My trouble with quantum key distribution is that at the current stage,
the experiments are stunning, but it's snake oil from a cryptography
perspective.

Have you actually at some of the quantum key distribution papers?  The
ones I examined even lack such a simple thing as a threat model, and
as a result, the authors completely miss man-in-the-middle attacks
where the attacker splits the fiber into two pieces, runs two
instances of the QKD protocol, and reencrypts the communication after
key distribution.

> Alternatively, how anyone can have absolute confidence in conventional crypto
> in a week when a surprise attack appears against a widely-fielded primitive
> like MD5 is beyond me.  Is our certainty about AES's security really any
> better today than was our certainty about RIPEM - or even SHA-0 - was three
> weeks ago?

If we postulate that man-in-the-middle attacks are non-existent,
convential cryptography is suddenly much stronger, too. 8-)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list