Quantum Cryptography
Paul Hoffman
paul.hoffman at vpnc.org
Tue Jul 3 12:13:10 EDT 2007
At 5:11 PM -0400 7/2/07, John Denker wrote:
>By that I mean:
> -- the integrity of DH depends fundamentally on the algorithm, so you
> should verify the algorithmic theory, and then verify that the box
> implements the algorithm correctly; while
> -- in the simple case, the integrity of quantum cryptography depends
> fundamentally on the physics, so you should verify the physics
> theoretically and then verify that the box implements the physics
> correctly,
> ... and not vice versa.
This is a nice, calm analogy, and I think it is useful. But it misses
the point of the snake oil entirely.
The fact that there is some good quantum crypto theory doesn't mean
that there is any application in the real world. For the real world,
you need key distribution. For the cost of a quantum crypto box (even
after cost reductions after years of successful deployment), you
could put a hardware crypto accelerator that could do 10,000-bit DH.
Going back to the theory, the only way that quantum crypto will be
more valuable than DH (much less ECDH!) is if DH is broken *at all
key lengths*. If it is not, then the balance point for cost will be
when the end boxes for quantum crypto equals the cost of the end
boxes for still-useful DH.
Oh, and all the above is ignoring that DH works over multiple hops of
different media, and quantum crypto doesn't (yet, maybe ever).
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list