EU to use QC as a response to Echelon

[Ivan Krstic]

/. reports:
"An article on Security.ITWorld.com[1] seems to outline a coming 
information arms race. The European Union has decided to respond to the 
Echelon project [2] by funding research into supposedly unbreakable 
quantum cryptography that will keep EU data out of Echelon's maw. 
Leaving aside the question of whether such a thing is possible, the 
political implications are troubling, indicating a widening rift within 
the Western world. Interestingly, the UK is part of the EU, but its 
intelligence services are among Echelon's sponsors."

[1] - http://security.itworld.com/4361/040517euechelon/page_1.html
[2] - http://www.echelonwatch.org/

This goes back to my discussion with Ian Grigg. Ian establishes:
"Effectively, if you can sell a solution to the finance industry,
you have it made.  It doesn't matter what it is, only that it is a 
solution." This hits home, as the ITWorld article states that "Banks, 
insurance companies and law firms could be potential clients, Monyk 
said, and a decision will have to be made as to whether and how a key 
could be made available to law enforcement authorities under exceptional 
circumstances."

So not only will they pour untold resources into something that they can 
arguably accomplish today, and cheaply [3] -- but ironically, they'll 
hand keys to authorities on request [4]. Brilliant - the bargain becomes 
- hide from Echelon, and instead trust that its EU counterpart won't 
look at your data. No, really, we promise.

In discussing QC, furthermore, Ian makes the following statement:
'Engineers want to deal in the technical realities, and marketing wants 
to deal in the sellable properties, but there is no intersection between
these.  The result is that you won't easily be able to put the engineer 
and the marketeer together.  One side or the other will win, and
you will get either an unsold crypto box, or a sold "solution" that 
migrates out of the crypto field.  The integrity of the marketeer and 
the integrity of the crypto engineer have nought in common, and one must 
give.'

I'm still not buying this. This is based on stereotypes, not unlike "all 
computer experts wear thick glasses, play D&D, are asocial and mortally 
afraid of women". Sure - some combination of small pieces of the 
stereotype may apply to a large percentage of the affected population, 
but the corollary to the stereotype is that in a 6bn people world, "a 
large percentage of the population" still leaves you with many, many 
people that fall generously outside of it. Someone like Prof. Rivest is 
a good example - he certainly knows what he's talking about, and he's 
"commercially active", be it with RSA Inc., or a venture (Peppercoin, 
which he did with Micali if I'm not mistaken). Or this mailing list, for 
instance: I'd say many members would have the knowledge and common sense 
to start a company tomorrow where engineering and marketing work 
together in a beneficial way, and where - in this particular case of QC 
- good, reliable non-QC solutions could be designed, implemented, tested 
and marketed reasonably quickly. Why hasn't it been done yet? What's the 
wait?

Ian concludes shrewdly that "the countervailing factor to all the
above doom & gloom is that open source bypasses a lot of the marketing 
and engineering dysfunctionalism, which is why probably most important 
crypto in the future will be in software, in open source, and initially 
crummy (a la skype, SSH, etc) only to be repaired and improved when the
demand has been shown." The 'initially crummy' status reminds me of 
Peter Gutmann's not-so-old analysis of several vpn/encrypted tunneling 
solutions which revealed large problems, and I'm sure many of the 
programs involved are fixed (or are getting fixed, redesigned, etc) as a 
result. I agree with Ian - OSS might prove to be a dominant driving 
force to "get things right" when it comes to crypto, but it's important 
to keep in mind that we're still years away from removing the "it must 
be open because it's bad/worthless" stigma in the eyes of I/T 
decisionmakers. That, however, is a story unto itself.

Finally, the appeal of QC is simply not very clear to me: expanding on 
my previous post, I feel that the "QC as panacea to crypto ills" 
approach is really just a very, very refined form of security through 
obscurity. When you go deep down enough in physics, no one really 
understands what's happening - so saying "QC is absolutely unbreakable" 
amuounts to saying "QC is absolutely unbreakable with today's physics", 
which I find no stronger an argument than "[insert algorithm here] is 
exceedingly difficult to break with today's mathematics". The former, 
however, involves much more money, and rests on a silly premise - that 
when it comes to very strong crypto, someone wanting the data will 
actually undertake an effort to break it. Guess what? Rubber-hose 
cryptanalysis, extortion, or bribery are much more effective. I posit 
that with the advent of anything stronger than XOR encryption, humans 
became easier to break than the algorithms. If the NSA really cares what 
the shiny new EU QC system hides, how long do you think it'll take them 
to put one of their own into the key designation facility? Come on, 
people - I understand that toys are cool; go and buy an iPod. There is 
much more useful science to be conducted with these funds - and if you 
can't think of any, there's always Oxfam.

Cheers,
Ivan.

[3] - This group has plenty of crypto experts, of which I am not one. 
Will someone please tell me if I'm simply mistaken about this? Maybe I 
have a horribly deluded understanding of reality here, but how is 
well-done software crypto on a rotating key schedule worse than QC?
[4] - The article only says they're considering it, but I'll bet money 
they will go forward with it.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com