Quantum Key Distribution: the bad idea that won't die...
michaelslists at gmail.com
Wed Apr 21 22:25:38 EDT 2010
On Thu, Apr 22, 2010 at 12:04 PM, Perry E. Metzger <perry at piermont.com> wrote:
> > > No one is doing that, though. People are working on things like faster
> > > bit rates, as though the basic reasons the whole thing is useless were
> > > solved.
> > I don't think you can legitimately speak for the entire community as
> > to what or not they may be doing.
> I think I can, actually. I know of very few people in computer security
> who take QKD seriously. I feel pretty safe making these sorts of
But QKD is more about Physics than computer security. Anyway, it seems
there is little purpose in continuing the discussion.
>>>> Importantly, however, is that if a classical system is used to do
>>>> authentication, then the resulting QKD stream is *stronger* than the
>>>> classically-encrypted scheme.
>>> Nope. It isn't. The system is only as strong as the classical system. If
>>> the classical system is broken, you lose any assurance that you aren't
>>> being man-in-the-middled.
>> No, it's not only as strong as the classical; it gets stronger if the
>> classical component works. Quoting from:
>> http://arxiv.org/abs/0902.2839v2 - The Case for Quantum Key
>> "If authentication is unbroken during the first round of QKD, even if
>> it is only computationally secure, then subsequent rounds of QKD will
>> be information-theoretically secure."
> Read what you just wrote.
> IF THE AUTHENTICATION IS UNBROKEN. That is, the system is only secure if
> the conventional cryptosystem is not broken -- that is, it is only as
> secure as the conventional system in use. Break the conventional system
> and you've broken the whole thing.
Yes, I never stated the opposite (quote tree left intact). You were
saying that it is only as "strong" as the classical system. It is
clearly shown that the security of a QKD system *after* authentication
is *stronger* than classical, due to the OTP.
If what you meant to say was "it is broken if authentication is
broken" then the answer is obviously "yes". But the strength, in
cryptographic terms, is clearly better.
> Perry E. Metzger perry at piermont.com
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography