EU to use QC as a response to Echelon
Ivan Krstic
ccikrs1 at cranbrook.edu
Tue May 18 01:20:07 EDT 2004
/. reports:
"An article on Security.ITWorld.com[1] seems to outline a coming
information arms race. The European Union has decided to respond to the
Echelon project [2] by funding research into supposedly unbreakable
quantum cryptography that will keep EU data out of Echelon's maw.
Leaving aside the question of whether such a thing is possible, the
political implications are troubling, indicating a widening rift within
the Western world. Interestingly, the UK is part of the EU, but its
intelligence services are among Echelon's sponsors."
[1] - http://security.itworld.com/4361/040517euechelon/page_1.html
[2] - http://www.echelonwatch.org/
This goes back to my discussion with Ian Grigg. Ian establishes:
"Effectively, if you can sell a solution to the finance industry,
you have it made. It doesn't matter what it is, only that it is a
solution." This hits home, as the ITWorld article states that "Banks,
insurance companies and law firms could be potential clients, Monyk
said, and a decision will have to be made as to whether and how a key
could be made available to law enforcement authorities under exceptional
circumstances."
So not only will they pour untold resources into something that they can
arguably accomplish today, and cheaply [3] -- but ironically, they'll
hand keys to authorities on request [4]. Brilliant - the bargain becomes
- hide from Echelon, and instead trust that its EU counterpart won't
look at your data. No, really, we promise.
In discussing QC, furthermore, Ian makes the following statement:
'Engineers want to deal in the technical realities, and marketing wants
to deal in the sellable properties, but there is no intersection between
these. The result is that you won't easily be able to put the engineer
and the marketeer together. One side or the other will win, and
you will get either an unsold crypto box, or a sold "solution" that
migrates out of the crypto field. The integrity of the marketeer and
the integrity of the crypto engineer have nought in common, and one must
give.'
I'm still not buying this. This is based on stereotypes, not unlike "all
computer experts wear thick glasses, play D&D, are asocial and mortally
afraid of women". Sure - some combination of small pieces of the
stereotype may apply to a large percentage of the affected population,
but the corollary to the stereotype is that in a 6bn people world, "a
large percentage of the population" still leaves you with many, many
people that fall generously outside of it. Someone like Prof. Rivest is
a good example - he certainly knows what he's talking about, and he's
"commercially active", be it with RSA Inc., or a venture (Peppercoin,
which he did with Micali if I'm not mistaken). Or this mailing list, for
instance: I'd say many members would have the knowledge and common sense
to start a company tomorrow where engineering and marketing work
together in a beneficial way, and where - in this particular case of QC
- good, reliable non-QC solutions could be designed, implemented, tested
and marketed reasonably quickly. Why hasn't it been done yet? What's the
wait?
Ian concludes shrewdly that "the countervailing factor to all the
above doom & gloom is that open source bypasses a lot of the marketing
and engineering dysfunctionalism, which is why probably most important
crypto in the future will be in software, in open source, and initially
crummy (a la skype, SSH, etc) only to be repaired and improved when the
demand has been shown." The 'initially crummy' status reminds me of
Peter Gutmann's not-so-old analysis of several vpn/encrypted tunneling
solutions which revealed large problems, and I'm sure many of the
programs involved are fixed (or are getting fixed, redesigned, etc) as a
result. I agree with Ian - OSS might prove to be a dominant driving
force to "get things right" when it comes to crypto, but it's important
to keep in mind that we're still years away from removing the "it must
be open because it's bad/worthless" stigma in the eyes of I/T
decisionmakers. That, however, is a story unto itself.
Finally, the appeal of QC is simply not very clear to me: expanding on
my previous post, I feel that the "QC as panacea to crypto ills"
approach is really just a very, very refined form of security through
obscurity. When you go deep down enough in physics, no one really
understands what's happening - so saying "QC is absolutely unbreakable"
amuounts to saying "QC is absolutely unbreakable with today's physics",
which I find no stronger an argument than "[insert algorithm here] is
exceedingly difficult to break with today's mathematics". The former,
however, involves much more money, and rests on a silly premise - that
when it comes to very strong crypto, someone wanting the data will
actually undertake an effort to break it. Guess what? Rubber-hose
cryptanalysis, extortion, or bribery are much more effective. I posit
that with the advent of anything stronger than XOR encryption, humans
became easier to break than the algorithms. If the NSA really cares what
the shiny new EU QC system hides, how long do you think it'll take them
to put one of their own into the key designation facility? Come on,
people - I understand that toys are cool; go and buy an iPod. There is
much more useful science to be conducted with these funds - and if you
can't think of any, there's always Oxfam.
Cheers,
Ivan.
[3] - This group has plenty of crypto experts, of which I am not one.
Will someone please tell me if I'm simply mistaken about this? Maybe I
have a horribly deluded understanding of reality here, but how is
well-done software crypto on a rotating key schedule worse than QC?
[4] - The article only says they're considering it, but I'll bet money
they will go forward with it.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list