Quantum Cryptography

John Denker jsd at av8n.com
Tue Jun 26 15:31:13 EDT 2007 

On 06/25/2007 08:23 PM, Greg Troxel wrote:

 >  1) Do you believe the physics?  (Most people who know physics seem to.)

Well, I do happen to know a thing or two about physics.  I know
  -- there is quite a lot you can do with quantum physics, and
  -- there is quite a lot you cannot do with quantum physics.

I also know that snake-oil salesmen can lie about the physics
just as easily as they lie about anything else.

Since it's not clear what is meant by "THE" physics, it would
be more meaningful to ask more-specific questions, namely:
  -- Do I believe in real physics?  Yes.
  -- Do I believe in what Dr. Duck says about physics?  Usually not.

======================

One commonly-made claim about quantum cryptography is that
"it can detect eavesdropping".  I reckon that's narrowly
true as stated.  The problem is, I don't know why I should
care.  The history of cryptography for most of the last 2000
years has been a cat and mouse game between the code makers
and the code breakers.  The consensus is that right now the
code makers have the upper hand.  As a result, Eve can eavesdrop
all she wants, and it won't do her a bit of good.

To say the same thing:  It appears that in this respect, quantum
cryptography takes a well-solved problem and solves it another
way at higher cost and lower throughput.  The cost/benefit ratio
is exceedingly unfavorable, and seems likely to remain so.

Meanwhile, it takes some less-well-solved problems and makes
them worse.  Consider for example traffic analysis.  Since
quantum encryption requires a dedicated hardware link from end
to end, there is no hope of disguising who is communicating
with whom.

I am reminded of a slide that Whit Diffie used in one of his
talks.  It showed a house that was supposed to be protected
by a picket fence.  The problem was that the so-called fence
consisted of a single picket, 4 inches wide and a mile high,
while the other 99.9% of the perimeter was unprotected.  Yes
sirree, no eavesdropper is going to hop over that picket!

One sometimes hears even stronger claims, but they are even
more easily refuted.  I've reviewed papers that claim quantum
mechanics "solves the key distribution problem" but in fact
they were using classical techniques to deal with all the
hard parts of the problem.  It reminds me of stone soup: if
the ingredients include broth, meat, vegetables, seasoning,
and a stone, I don't see why the stone should get credit for
the resulting soup.  Likewise, since a quantum key distribution
system is in no ways better and in some ways worse than a
classical system, I don't see why quantum cryptography
should get credit for solving the problem.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list