On 06/25/2007 08:23 PM, Greg Troxel wrote: > 1) Do you believe the physics? (Most people who know physics seem to.)
Well, I do happen to know a thing or two about physics. I know -- there is quite a lot you can do with quantum physics, and -- there is quite a lot you cannot do with quantum physics. I also know that snake-oil salesmen can lie about the physics just as easily as they lie about anything else. Since it's not clear what is meant by "THE" physics, it would be more meaningful to ask more-specific questions, namely: -- Do I believe in real physics? Yes. -- Do I believe in what Dr. Duck says about physics? Usually not. ====================== One commonly-made claim about quantum cryptography is that "it can detect eavesdropping". I reckon that's narrowly true as stated. The problem is, I don't know why I should care. The history of cryptography for most of the last 2000 years has been a cat and mouse game between the code makers and the code breakers. The consensus is that right now the code makers have the upper hand. As a result, Eve can eavesdrop all she wants, and it won't do her a bit of good. To say the same thing: It appears that in this respect, quantum cryptography takes a well-solved problem and solves it another way at higher cost and lower throughput. The cost/benefit ratio is exceedingly unfavorable, and seems likely to remain so. Meanwhile, it takes some less-well-solved problems and makes them worse. Consider for example traffic analysis. Since quantum encryption requires a dedicated hardware link from end to end, there is no hope of disguising who is communicating with whom. I am reminded of a slide that Whit Diffie used in one of his talks. It showed a house that was supposed to be protected by a picket fence. The problem was that the so-called fence consisted of a single picket, 4 inches wide and a mile high, while the other 99.9% of the perimeter was unprotected. Yes sirree, no eavesdropper is going to hop over that picket! One sometimes hears even stronger claims, but they are even more easily refuted. I've reviewed papers that claim quantum mechanics "solves the key distribution problem" but in fact they were using classical techniques to deal with all the hard parts of the problem. It reminds me of stone soup: if the ingredients include broth, meat, vegetables, seasoning, and a stone, I don't see why the stone should get credit for the resulting soup. Likewise, since a quantum key distribution system is in no ways better and in some ways worse than a classical system, I don't see why quantum cryptography should get credit for solving the problem. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]