Quantum Cryptography

Victor Duchovni Victor.Duchovni at MorganStanley.com
Fri Jun 22 12:07:51 EDT 2007 

On Fri, Jun 22, 2007 at 11:33:38AM -0400, Leichter, Jerry wrote:

> | Secure in what sense? Did I miss reading about the part of QKD that
> | addresses MITM (just as plausible IMHO with fixed circuits as passive
> | eavesdropping)?
> | 
> | Once QKD is augmented with authentication to address MITM, the "Q"
> | seems entirely irrelevant.
>
> The unique thing the "Q" provides is the ability to detect eaves-
> dropping.

If I want to encrypt a fixed circuit, I assume that eavesdropping is
omni-present, and furthermore don't want to be constrained to transmit
only when the eavesdroppers have chosen to take a lunch break.

> One can argue about what this adds.

"Warm fuzzies"?

> The current approach of the QKD efforts is to assume that physical
> constraints are sufficient to block MITM.

An interesting assumption.

> It does move the center of the problem, however - and into a region
> (physical protection) in which there is much more experience and perhaps
> some better intuition. 

I would conjecture that a lot more people grasp undergraduate mathematics
than undergraduate quantum mechanics...

> Valid or not, it certainly is easier to give people the warm fuzzies by
> talking about physical protection than by talking about math....

"Warm fuzzies" is not in conflict with "fiction".

> In the other direction, whether the ability to detect eavesdropping lets
> you do anything interesting is, I think, an open question.  I wouldn't
> dismiss it out of hand.  There's an old paper that posits related
> primitive, Verify Once Memory:  Present it with a set of bits, and it
> answers either Yes, that's the value stored in me or No, wrong value.

Suppose I install a fake subway entrace, and MITM all the interactions
between the victim's card and the real turnstile where I have a card that
proxies the victims interactions with the fake terminal. Is the system
still secure? Likely not, I would bet The threat model was card forgery,
not MITM.

-- 

 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list