Quantum Cryptography
Perry E. Metzger
perry at piermont.com
Fri Jun 22 16:13:25 EDT 2007
"Ali, Saqib" <docbook.xml at gmail.com> writes:
>> ...whereas the key distribution systems we have aren't affected by
>> eavesdropping unless the attacker has the ability to perform 2^128 or
>> more operations, which he doesn't.
>
> Paul: Here you are assuming that key exchange has already taken place.
> But key exchange is the toughest part.
Key exchange is not "the toughest part" or even tough at
all. Algorithms like Diffie-Hellman and variants on the theme work
just fine. Authenticated protocols based on these algorithms are well
understood and have been studied for defects for many years.
The STS protocol and variants on it like the ones used in TLS are
fine, and if you feel that they're "not secure enough" with the number
of bits commonly used, you can crank up the dial for a lot less than
the cost of one of these mind-bogglingly expensive boxes from MagiQ
(not to mention the price of dedicated dark fiber between the
endpoints.)
> That is where Quantum Key Distribution QKD comes in the
> picture. Once the keys are exchanged using QKD, you have to rely on
> conventional cryptography to do bulk encryption using symmetric
> crypto.
I don't believe that any of the commercial units work that way, but if
they do, my opinion of them has dropped even further, and it was
already about as low as I thought was possible. Using QKD only for key
exchange and using a conventional crypto system for the bulk of the
data completely eliminates any conceivable benefits over more
conventional techniques.
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list