Ian Grigg wrote:
> If I understand this correctly, this is both
> an eavesdropping scenario and an MITM scenario.
> In the above, Eve is acting as Mallory, as she
> is by definition intercepting the bits and re-
> sending them on?
I think it is more a question of style - a classic "passive" Eve can't
exist in terms of QC key exchange, as eve/mallory *must* read the photons
or no interception at all can take place - therefore, even eve must
generate a new photon to send to bob.

If the intercept agent is Eve, she will attempt to reproduce as nearly as
possible the original photon to send to bob. she will get this wrong 25%
of the time.
if the intercept agent is Mallory, he will generate his own, known good
photons to send to bob, unrelated to what he has detected.

If Eve can intercept also the filter list from bob to april, she is now in
a fix - she now knows which ones she got different to bob, but doesn't
know how many bob got wrong. however, being eve she passes this on to
april, and correctly relays the "bad bit" message back to bob. bob now has
an approximately 25% error block which is detectable. Nothing changes if
the two lists are out-of-band and therefore untouchable.

If Mallory *can't* intercept the filter and bad bit lists he is in much
more trouble - his photon list to bob bore no relation to alice's, so
purely in terms of random chance he will have a 50% error block
If Mallory *can* intercept the fillter and bad bit lists he is in an
better situation - he can send his own filter list to alice, and negotiate
a set of bits with her; by selectively causing "bad luck" for bob, he can
tune the bad bit list(based on bob's filter list) to give an identical set
of bits. As the mallory-bob filter match is approximately 50%, and bob
will have to additionally "kill" a further 50% of the "correct" answers in
order to make the two bitsets match, bob will have a filter match rate of
about 25% which is again statistically significant
If Mallory *can* intercept the filter/bad block conversation and *further*
is sure he can intercept the message traffic too, he can simply negotiate
a separate bit list with bob; statistically, the key exchange will look
fine, but of course Mallory will also have to decode and re-encode the
traffic between alice and bob, or it will all go horribly wrong.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to