# Quantum Cryptography

Jon Callas jon at callas.org
Fri Jun 22 16:17:10 EDT 2007

```On Jun 22, 2007, at 10:44 AM, Ali, Saqib wrote:

>> ...whereas the key distribution systems we have aren't affected by
>> eavesdropping unless the attacker has the ability to perform 2^128 or
>> more operations, which he doesn't.
>
> Paul: Here you are assuming that key exchange has already taken place.
> But key exchange is the toughest part. That is where Quantum Key
> Distribution QKD comes in the picture. Once the keys are exchanged
> using QKD, you have to rely on conventional cryptography to do bulk
> encryption using symmetric crypto.
>
> Using Quantum Crypto to do bulk encryption doesn't make any sense. It
> is only useful in key distribution.

Let me create an aphorism to sum up what Paul, Perry, and others have

If Quantum Cryptography does what is claims, then it is
strengthening the strongest link in the chain of security.

If you do a 3000 bit Diffie-Hellman exchange, you have a key exchange
with 2^128 security, to the best of our knowledge, assuming this and
that, blah, blah, blah. If you don't like 3000 bit integers, go to
elliptic curve.

I have in some of my talks, renamed Quantum Cryptography to Quantum
Secrecy. If the QC people would stop calling it cryptography, a good
deal of the hostility you find among us crypto people would evaporate.

Let me give an analogy. I will posit Quantum Message Teleportation.
Using QMT, Alice can write her message on a piece of paper, close her
eyes, and it will disappear from her hand and appear in Bob's hand.

This is cool. This is useful. It is amazing. It is also not
cryptography.

It also has all the problems that Perry points out in QC, like a lack
of authentication and so on. Like QC, adding cryptography to it makes
it even more useful.

The QC people should change their song to QS, and stop bashing the
mathematicians with arguments we can show are somewhere between
incomplete and fallacious. Then they might find us drift over to
supporting them because while Quantum Secrecy is not practical, it is
very cool.

Jon

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

```