I wrote: >> >> *) In each block, Mallory has a 50/50 chance of being able to >> copy a bit without being detected.

On 09/18/2003 12:02 PM, martin f krafft wrote: > > This is what I don't buy. If Mallory sees the data, it must be > detected, because otherwise the approach is flawed. But in any case > does Mallory have the means to completely DoS any attempt of > communication between the parties, simply by reading along, unless > there is a dedicated channel between Alice and Bob. In which case, > why is there a need for quantum cryptography in the first place?

Yes, Mallory can DoS the setup by reading (and thereby trashing) every bit. But Mallory can DoS the setup by chopping out a piece of the cable. The two are equally effective and equally detectable. Chopping is cheaper and easier.

Other key-exchange methods such as DH are comparably incapable of solving the DoS problem. So why bring up the issue?

`>>There is only one chance in 2^-C that Mallory knows this bit.`

> One chance in 2^C, otherwise it would be deadly, no? But in any > case, Reasonable keysized DH exchanges give me the same security > with a lot more flexibility, and a lot less chance for DoS. I still > don't buy it.

The claim that DH is "secure" rests on certain assumptions about which computational operations are easy and which are not. These assumptions are open to question to some degree. Numbers that some people considered hopelessly difficult to factor a few years ago have been factored. One can imagine a world where factoring is computationally easy; it wouldn't be the end of the world. If you can _prove_ DH is secure, please let us know immediately.

The security of the quantum algorithms rests on entirely different foundations. Nobody has been able to even imagine a world where quanta are copyable, without contradicting well-observed physical facts. People have tried. Seriously. If you have a consistent theory of physics that repeals the uncertainty principle, please let us know immediately.

> How can you check for tampering without reading the data off the > channel? Checksums?

I spelled this out in my previous email. It's a standard quality-assurance check using sampling.

> why do I need QC then if I have > a dedicated channel anyhow?

Suppose I *wish* to set up a dedicated channel. Dedicated means nobody but me is using it. Wishing doesn't suffice. I went through the motions of setting it up, and maybe I was the only person hooked onto it yesterday, but how do I know it hasn't been tapped sometime since then? Quantum key-exchange provides powerful assurance that the wished-for property is actually achieved.

--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]