On Fri, Jun 22, 2007 at 11:33:38AM -0400, Leichter, Jerry wrote: > | Secure in what sense? Did I miss reading about the part of QKD that > | addresses MITM (just as plausible IMHO with fixed circuits as passive > | eavesdropping)? > | > | Once QKD is augmented with authentication to address MITM, the "Q" > | seems entirely irrelevant. > > The unique thing the "Q" provides is the ability to detect eaves- > dropping.
If I want to encrypt a fixed circuit, I assume that eavesdropping is omni-present, and furthermore don't want to be constrained to transmit only when the eavesdroppers have chosen to take a lunch break. > One can argue about what this adds. "Warm fuzzies"? > The current approach of the QKD efforts is to assume that physical > constraints are sufficient to block MITM. An interesting assumption. > It does move the center of the problem, however - and into a region > (physical protection) in which there is much more experience and perhaps > some better intuition. I would conjecture that a lot more people grasp undergraduate mathematics than undergraduate quantum mechanics... > Valid or not, it certainly is easier to give people the warm fuzzies by > talking about physical protection than by talking about math.... "Warm fuzzies" is not in conflict with "fiction". > In the other direction, whether the ability to detect eavesdropping lets > you do anything interesting is, I think, an open question. I wouldn't > dismiss it out of hand. There's an old paper that posits related > primitive, Verify Once Memory: Present it with a set of bits, and it > answers either Yes, that's the value stored in me or No, wrong value. Suppose I install a fake subway entrace, and MITM all the interactions between the victim's card and the real turnstile where I have a card that proxies the victims interactions with the fake terminal. Is the system still secure? Likely not, I would bet The threat model was card forgery, not MITM. -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAIL Morgan Stanley confidentiality or privilege, and use is prohibited. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]