Quantum Key Distribution: the bad idea that won't die...

Perry E. Metzger perry at piermont.com
Wed Apr 21 09:19:36 EDT 2010

silky <michaelslists at gmail.com> writes:
> On Wed, Apr 21, 2010 at 1:31 AM, Perry E. Metzger <perry at piermont.com> wrote:
>> Via /., I saw the following article on ever higher speed QKD:
>> http://www.wired.co.uk/news/archive/2010-04/19/super-secure-data-encryption-gets-faster.aspx
>> Very interesting physics, but quite useless in the real world.
> Useless now maybe, but it's preparing for a world where RSA is broken
> (i.e. quantum computers) and it doesn't require quantum computers; so
> it's quite practical, in that sense.

No, it isn't. QKD is useless three different ways.

First, AES and other such systems are fine, and the way people break
reasonably designed security systems (i.e. not WEP or what have you) is
not by attacking the crypto.

Second, you can't use QKD on a computer network. It is strictly point to
point. Want 200 nodes to talk to each other? Then you need 40,000
fibers, without repeaters, in between the nodes, each with a $10,000 or
more piece of equipment at each of the endpoints, for a total cost of
hundreds of millions of dollars to do a task ethernet would do for a
couple thousand dollars.

Third, QKD provides no real security because there is no actual
authentication. If someone wants to play man in the middle, nothing
stops them. If someone wants to cut the fiber and speak QKD to one
endpoint, telling it false information, nothing stops them. You can
speak the QKD protocol to both endpoints and no one will be the
wiser. So, you need some way of providing privacy and
authentication... perhaps a conventional cryptosystem. So, what did QKD
provide you with again?

There is no point to QKD at all.

Perry E. Metzger		perry at piermont.com

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list