On Fri, Jun 22, 2007 at 10:44:41AM -0700, Ali, Saqib wrote: > Paul: Here you are assuming that key exchange has already taken place. > But key exchange is the toughest part. That is where Quantum Key > Distribution QKD comes in the picture. Once the keys are exchanged > using QKD, you have to rely on conventional cryptography to do bulk > encryption using symmetric crypto.
QKD fails to "come into the picture", because its key exchange is unauthenticated. I can do secure unauthenticated key exchange at zero cost using EECDH with no special quantum hardware. If the link is MITM-proof, I am done. > Using Quantum Crypto to do bulk encryption doesn't make any sense. It > is only useful in key distribution. What bulk-encryption system am I going to use that is usefully stronger than EECDH over secp384r1 (or tinfoil hat secp521r1). It is also not useful for key distribution. It remains (charitably) "fiction". -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAIL Morgan Stanley confidentiality or privilege, and use is prohibited. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]