Quantum Cryptography

Victor Duchovni Victor.Duchovni at MorganStanley.com
Fri Jun 22 12:07:51 EDT 2007

On Fri, Jun 22, 2007 at 11:33:38AM -0400, Leichter, Jerry wrote:

> | Secure in what sense? Did I miss reading about the part of QKD that
> | addresses MITM (just as plausible IMHO with fixed circuits as passive
> | eavesdropping)?
> | 
> | Once QKD is augmented with authentication to address MITM, the "Q"
> | seems entirely irrelevant.
> The unique thing the "Q" provides is the ability to detect eaves-
> dropping.

If I want to encrypt a fixed circuit, I assume that eavesdropping is
omni-present, and furthermore don't want to be constrained to transmit
only when the eavesdroppers have chosen to take a lunch break.

> One can argue about what this adds.

"Warm fuzzies"?

> The current approach of the QKD efforts is to assume that physical
> constraints are sufficient to block MITM.

An interesting assumption.

> It does move the center of the problem, however - and into a region
> (physical protection) in which there is much more experience and perhaps
> some better intuition. 

I would conjecture that a lot more people grasp undergraduate mathematics
than undergraduate quantum mechanics...

> Valid or not, it certainly is easier to give people the warm fuzzies by
> talking about physical protection than by talking about math....

"Warm fuzzies" is not in conflict with "fiction".

> In the other direction, whether the ability to detect eavesdropping lets
> you do anything interesting is, I think, an open question.  I wouldn't
> dismiss it out of hand.  There's an old paper that posits related
> primitive, Verify Once Memory:  Present it with a set of bits, and it
> answers either Yes, that's the value stored in me or No, wrong value.

Suppose I install a fake subway entrace, and MITM all the interactions
between the victim's card and the real turnstile where I have a card that
proxies the victims interactions with the fake terminal. Is the system
still secure? Likely not, I would bet The threat model was card forgery,
not MITM.


 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list