[Cryptography] QM giveth, QM taketh away

John-Mark Gurney jmg at funkthat.com
Tue Feb 16 23:35:33 EST 2021 

Jerry Leichter wrote this message on Tue, Feb 16, 2021 at 22:12 -0500:
> >> 2. Quantum key distribution supposedly enables guaranteed
> >> private distribution of OTP keys.
> > 
> > Kinda surprised no one mentioned this, but QKD requires a shared key
> > material (either symetric or asymetric) to be distributed to the end
> > points first before you can start passing keys...  You need both the
> > quantum channel, but also a way to securely transmit the states that
> > were observed to the other party, and agree what those states mean...
> > 
> > QKD still uses a lot of traditional crypto to carry out it's operation,
> > so it's not as pure as some people think..
> Eh?  I suppose there may be variations that work that way, but it's certainly not the basic algorithm.

[description that isn't related to the comment]

> So:  No cryptography, no pre-exchanged values.  Besides a source of paired particles, the parties need a shared, public channel to reveal their choices and the "burned" check bits; and they need a lot of real randomness - but QM provides that.  The real difficulties in realization come about from such details as:  How do Alice and Bob know which particle is which?  If you send them slowly enough, this is easy because you can count time fairly inaccurately and still know which particle that Alice receives goes with which particle Bob receives.  But that kills your data rate.  If you send quickly, keeping the ends sufficiently synchronized becomes difficult - and the particles themselves provide no help.  More fundamentally, you don't get nice clean numbers like 50/50 distributions and 100% or 0% correlation.  You get something  complicated, and you have to work out all the math to make sure that you get enough good bits while at the same time that you stand a good chance of correctly identifying Mallory.

And how do the two parties verify that the shared public channel is
not controlled by an attacker?

Even wikipedia agrees that classic crypto is required:
The main drawback of Quantum Key Distribution is that it usually relies on having an authenticated classical channel of communications. In modern cryptography, having an authenticated classical channel means that one has either already exchanged a symmetric key of sufficient length or public keys of sufficient security level.

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."

More information about the cryptography mailing list