Quantum Cryptography

[Ivan Krstić]

On Jun 29, 2007, at 10:44 AM, Steven M. Bellovin wrote:
> It's very valid to criticize today's products, and it's almost
> obligatory to criticize over-hyped marketing.  As I said, I don't  
> think
> today's products are useful anywhere, and the comparisons vendors draw
> to conventional cryptography are at best misleading.  But let's not
> throw the baby out with the bathwater.

The problem I have with QC is that, as others have amply pointed out,  
there is a lot of bathwater but not much of a baby to speak of. If  
someone created a protocol that does a DH exchange at the beginning  
and then throws away the secret and performs the rest of the  
communication in plaintext, we'd hardly call the resulting system a  
"cryptographic protocol". Really, we'd be hesitant to use any form of  
the word cryptography in the description.

"QC", however, does something exactly analogous: it performs a  
quantum key exchange and then falls back on classical primitives.  
It's at best confusing, fallacious and disingenuous to refer to such  
setups as quantum cryptography, though I understand "classical  
encryption with quantum key exchange" has less of a marketable ring  
to it.

So, by all means, let the QKD and related research continue. It's  
interesting, it's cool, it's *important* work. But when the folks  
behind it are talking to those of us who understand and work with  
cryptography every day, they need to do a much better job at not  
letting their own imprecise and almost deceitful terminology paint  
themselves in a corner and trigger our snakeoil detectors. I deeply  
support Jon's proposal of renaming the whole thing "quantum secrecy",  
in which case I'd get off my snark horse and show more respect for  
the whole thing.

--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | GPG: 0x147C722D

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com