bill.stewart at pobox.com
Fri Jun 29 23:52:17 EDT 2007
At 08:51 AM 6/28/2007, Alexander Klimov wrote:
>I suspect there are two reasons for QKD to be still alive.
>First of all, the cost difference between quantum and normal
>approaches is so enormous that a lot of ignorant decision makers
>actually believe that they get something extra for this money.
> If you tell a lie big enough and keep repeating it, people
> will eventually come to believe it.
>The second reason is ``rollback'' (is it right term?): you pay
"Kickbacks" would be the usual American term.
>$100000 from your company funds to a QKD vendor, and they
>covertly give $50000 back to you.
"Never attribute to malice what can be adequately explained by incompetence."
Quantum Crypto is shiny new technology, complete with dancing pigs.
And once you've invested the research and development costs into building it,
of course you want to sell it to anybody who could use it.
So what kind of threat models does it address, and what does that
say about the kinds of customers who'd want it?
- It doesn't protect against traffic analysis,
because the eavesdropper can follow the fiber routes
and see who you're connected to.
- It potentially provides perfect forward secrecy a long time
into the future against attackers who can eavesdrop on you now
and save all the bits they want.
That's mainly useful for military applications - most commercial
applications don't require secrecy for more than a few years,
and most criminal activities can't use it because of the
traffic analysis threat. Maybe banks?
- It doesn't protect against Auditors getting your data.
So maybe it's not useful for banks.
That's really too bad, because except for the military,
the main kinds of customers that need to spend lots of money
on extra-shiny security equipment are doing so to distract Auditors,
but it does let you tell the auditors you'd done everything you could.
- The Quantum Key Distribution versions only protect keys, not data,
so it doesn't protect you against cracking symmetric-key algorithms.
It does provide some protection against Zero-Day attacks on
public-key crypto-systems, but wrapping your key exchange
in a layer of symmetric-key crypto can do that also.
And if you're the military, you can revert to the traditional
armed couriers with briefcases handcuffed to their arms method.
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography