"An article on Security.ITWorld.com[1] seems to outline a coming information arms race. The European Union has decided to respond to the Echelon project [2] by funding research into supposedly unbreakable quantum cryptography that will keep EU data out of Echelon's maw. Leaving aside the question of whether such a thing is possible, the political implications are troubling, indicating a widening rift within the Western world. Interestingly, the UK is part of the EU, but its intelligence services are among Echelon's sponsors."
[1] - http://security.itworld.com/4361/040517euechelon/page_1.html [2] - http://www.echelonwatch.org/
This goes back to my discussion with Ian Grigg. Ian establishes:
"Effectively, if you can sell a solution to the finance industry,
you have it made. It doesn't matter what it is, only that it is a solution." This hits home, as the ITWorld article states that "Banks, insurance companies and law firms could be potential clients, Monyk said, and a decision will have to be made as to whether and how a key could be made available to law enforcement authorities under exceptional circumstances."
So not only will they pour untold resources into something that they can arguably accomplish today, and cheaply [3] -- but ironically, they'll hand keys to authorities on request [4]. Brilliant - the bargain becomes - hide from Echelon, and instead trust that its EU counterpart won't look at your data. No, really, we promise.
In discussing QC, furthermore, Ian makes the following statement:
'Engineers want to deal in the technical realities, and marketing wants to deal in the sellable properties, but there is no intersection between
these. The result is that you won't easily be able to put the engineer and the marketeer together. One side or the other will win, and
you will get either an unsold crypto box, or a sold "solution" that migrates out of the crypto field. The integrity of the marketeer and the integrity of the crypto engineer have nought in common, and one must give.'
I'm still not buying this. This is based on stereotypes, not unlike "all computer experts wear thick glasses, play D&D, are asocial and mortally afraid of women". Sure - some combination of small pieces of the stereotype may apply to a large percentage of the affected population, but the corollary to the stereotype is that in a 6bn people world, "a large percentage of the population" still leaves you with many, many people that fall generously outside of it. Someone like Prof. Rivest is a good example - he certainly knows what he's talking about, and he's "commercially active", be it with RSA Inc., or a venture (Peppercoin, which he did with Micali if I'm not mistaken). Or this mailing list, for instance: I'd say many members would have the knowledge and common sense to start a company tomorrow where engineering and marketing work together in a beneficial way, and where - in this particular case of QC - good, reliable non-QC solutions could be designed, implemented, tested and marketed reasonably quickly. Why hasn't it been done yet? What's the wait?
Ian concludes shrewdly that "the countervailing factor to all the
above doom & gloom is that open source bypasses a lot of the marketing and engineering dysfunctionalism, which is why probably most important crypto in the future will be in software, in open source, and initially crummy (a la skype, SSH, etc) only to be repaired and improved when the
demand has been shown." The 'initially crummy' status reminds me of Peter Gutmann's not-so-old analysis of several vpn/encrypted tunneling solutions which revealed large problems, and I'm sure many of the programs involved are fixed (or are getting fixed, redesigned, etc) as a result. I agree with Ian - OSS might prove to be a dominant driving force to "get things right" when it comes to crypto, but it's important to keep in mind that we're still years away from removing the "it must be open because it's bad/worthless" stigma in the eyes of I/T decisionmakers. That, however, is a story unto itself.
Finally, the appeal of QC is simply not very clear to me: expanding on my previous post, I feel that the "QC as panacea to crypto ills" approach is really just a very, very refined form of security through obscurity. When you go deep down enough in physics, no one really understands what's happening - so saying "QC is absolutely unbreakable" amuounts to saying "QC is absolutely unbreakable with today's physics", which I find no stronger an argument than "[insert algorithm here] is exceedingly difficult to break with today's mathematics". The former, however, involves much more money, and rests on a silly premise - that when it comes to very strong crypto, someone wanting the data will actually undertake an effort to break it. Guess what? Rubber-hose cryptanalysis, extortion, or bribery are much more effective. I posit that with the advent of anything stronger than XOR encryption, humans became easier to break than the algorithms. If the NSA really cares what the shiny new EU QC system hides, how long do you think it'll take them to put one of their own into the key designation facility? Come on, people - I understand that toys are cool; go and buy an iPod. There is much more useful science to be conducted with these funds - and if you can't think of any, there's always Oxfam.
Cheers, Ivan.
[3] - This group has plenty of crypto experts, of which I am not one. Will someone please tell me if I'm simply mistaken about this? Maybe I have a horribly deluded understanding of reality here, but how is well-done software crypto on a rotating key schedule worse than QC?
[4] - The article only says they're considering it, but I'll bet money they will go forward with it.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
