Quantum Cryptography
Nicolas Williams
Nicolas.Williams at sun.com
Tue Jun 26 13:10:03 EDT 2007
On Fri, Jun 22, 2007 at 08:21:25PM -0400, Leichter, Jerry wrote:
> BTW, on the quantum subway tokens business: In more modern terms,
> what this was providing was unlinkable, untraceable e-coins which
> could be spent exactly once, with *no* central database to check
> against and none of this "well, we can't stop you from spending it
> more than once, but if we ever notice, we'll learn all kinds of
> nasty things about you". (The coins were unlinkable and untraceable
> because, in fact, they were *identical*.) Now, of course, they
> were also physical objects, not just collections of bits. The same
> is true of the photons used in quantum key exchange. Otherwise,
> it wouldn't work. We're inherently dealing with a different model
> here. Where it ends up is anyone's guess at this point.
This relates back to the inutility of QKD as follows: when physical
exchanges are required you cannot run such exchanges end-to-end over an
Internet -- the middle boxes (routers, etc...) get in the way of the
physical exchange.
This too is a *fundamental* difference between QKD and classical
cryptography.
That difference makes QKD useless in *today's* Internet.
IF we had a quantum authentication facility then we could build
hop-by-hop authentication to build an Internet out of QKD and QA
(quantum authentication). That's a *big* condition, and the change in
security models is tremendous, and for the worse: since the trust chains
get enormously enlarged.
IMO, QKD's ability to discover passive eavesdroppers is not even
interesting (except from an intellectual p.o.v.) given: its inability to
detect MITMs, its inability to operate end-to-end across across middle
boxes, while classical crypto provides protection against eavesdroppers
*and* MITMs both *and* supports end-to-end operation across middle
boxes.
Nico
--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list