Quantum Cryptography

Jon Callas jon at callas.org
Fri Jun 22 16:17:10 EDT 2007 

On Jun 22, 2007, at 10:44 AM, Ali, Saqib wrote:

>> ...whereas the key distribution systems we have aren't affected by
>> eavesdropping unless the attacker has the ability to perform 2^128 or
>> more operations, which he doesn't.
>
> Paul: Here you are assuming that key exchange has already taken place.
> But key exchange is the toughest part. That is where Quantum Key
> Distribution QKD comes in the picture. Once the keys are exchanged
> using QKD, you have to rely on conventional cryptography to do bulk
> encryption using symmetric crypto.
>
> Using Quantum Crypto to do bulk encryption doesn't make any sense. It
> is only useful in key distribution.

Let me create an aphorism to sum up what Paul, Perry, and others have  
said in detail before I address your comment:

     If Quantum Cryptography does what is claims, then it is
     strengthening the strongest link in the chain of security.

Now to your comment.

If you do a 3000 bit Diffie-Hellman exchange, you have a key exchange  
with 2^128 security, to the best of our knowledge, assuming this and  
that, blah, blah, blah. If you don't like 3000 bit integers, go to  
elliptic curve.

I have in some of my talks, renamed Quantum Cryptography to Quantum  
Secrecy. If the QC people would stop calling it cryptography, a good  
deal of the hostility you find among us crypto people would evaporate.

Let me give an analogy. I will posit Quantum Message Teleportation.  
Using QMT, Alice can write her message on a piece of paper, close her  
eyes, and it will disappear from her hand and appear in Bob's hand.

This is cool. This is useful. It is amazing. It is also not  
cryptography.

It also has all the problems that Perry points out in QC, like a lack  
of authentication and so on. Like QC, adding cryptography to it makes  
it even more useful.

The QC people should change their song to QS, and stop bashing the  
mathematicians with arguments we can show are somewhere between  
incomplete and fallacious. Then they might find us drift over to  
supporting them because while Quantum Secrecy is not practical, it is  
very cool.

	Jon

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list