I wrote:
>>  *) In each block, Mallory has a 50/50 chance of being able to
>>  copy a bit without being detected.

On 09/18/2003 12:02 PM, martin f krafft wrote:
> This is what I don't buy. If Mallory sees the data, it must be
> detected, because otherwise the approach is flawed. But in any case
> does Mallory have the means to completely DoS any attempt of
> communication between the parties, simply by reading along, unless
> there is a dedicated channel between Alice and Bob. In which case,
> why is there a need for quantum cryptography in the first place?

Yes, Mallory can DoS the setup by reading (and thereby
trashing) every bit.  But Mallory can DoS the setup by
chopping out a piece of the cable.  The two are equally
effective and equally detectable.  Chopping is cheaper and

Other key-exchange methods such as DH are comparably
incapable of solving the DoS problem.  So why bring up
the issue?

>>There is only one chance in 2^-C that Mallory knows this bit.

> One chance in 2^C, otherwise it would be deadly, no? But in any
> case, Reasonable keysized DH exchanges give me the same security
> with a lot more flexibility, and a lot less chance for DoS. I still
> don't buy it.

The claim that DH is "secure" rests on certain assumptions
about which computational operations are easy and which
are not.  These assumptions are open to question to some
degree.  Numbers that some people considered hopelessly
difficult to factor a few years ago have been factored.
One can imagine a world where factoring is computationally
easy;  it wouldn't be the end of the world.  If you can
_prove_ DH is secure, please let us know immediately.

The security of the quantum algorithms rests on entirely
different foundations.  Nobody has been able to even
imagine a world where quanta are copyable, without
contradicting well-observed physical facts.  People
have tried.  Seriously.  If you have a consistent theory
of physics that repeals the uncertainty principle, please
let us know immediately.

> How can you check for tampering without reading the data off the
> channel? Checksums?

I spelled this out in my previous email.  It's a
standard quality-assurance check using sampling.

> why do I need QC then if I have
> a dedicated channel anyhow?

Suppose I *wish* to set up a dedicated channel.  Dedicated
means nobody but me is using it.  Wishing doesn't suffice.
I went through the motions of setting it up, and maybe I
was the only person hooked onto it yesterday, but how do
I know it hasn't been tapped sometime since then?  Quantum
key-exchange provides powerful assurance that the wished-for
property is actually achieved.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to