QC is currently a one-time pad distribution mechanism - or at lower rates a
key establishment mechanism most suitable for symmetric algorithms.

You are correct that authentication is not inherent.  Then again, this is
also true for "classical" symmetric and PKI schemes.  To be usable, all
crypto requires some kind of authentication mechanism or scheme.

The QC community is well aware of this problem and is working on it.
Please don't give up yet !  In the mean time, manual establishment of an
authentication secret works as do physical means e.g., optical viewing of a
satellite from a ground station.

Please remember that it's early days yet; the problems are real and hard.
Come join the fun.
And watch out for snake oil from early attempts at commercialization  ;-)

PS: a small nit.  The quantum channel is tamper _detectable_.  There is no
claim to being "untamperable".  You can always detect tampering (and throw
away those bits) regardless of who you are talking to.  Multiple "reads" of
a photon (several approaches have been considered) is either equivalent to
tampering or yields no information.  Physics is fun !

On 9/16/03 16:03, "Hadmut Danisch" <[EMAIL PROTECTED]> wrote:

> On Sat, Sep 13, 2003 at 09:06:56PM +0000, David Wagner wrote:
>> You're absolutely right.  Quantum cryptography *assumes* that you
>> have an authentic, untamperable channel between sender and receiver.
> So as a result, Quantum cryptography depends on the known
> methods to provide authenticity and integrity. Thus it can not
> be any stronger than the known methods. Since the known methods
> are basically the same a for confidentiality (DLP, Factoring),
> and authentic channels can be turned into confidential channels
> by the same methods (e.g. DH), Quantum cryptography can not be
> stronger than known methods, I guess.
> On the other hand, quantum cryptography is based on several
> assumptions. Is there any proof that the polarisation of a
> photon can be read only once and only if you know how to turn
> your detector? 
> AFAIK quantum cryptography completey lacks the binding to
> an identity of the receiver. Even if it is true that just a single
> receiver can read the information, it is still unknown, _who_
> it is. All you know is that you send information which can be read
> by a single receiver only. And you hope that this receiver was the
> good guy.
> Hadmut
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to