On Jun 22, 2007, at 11:04 AM, Perry E. Metzger wrote:
This brings up another issue. Quantum crypto is exceptionally
expensive, and is virtually undeployable. To provide security that, in
a practical sense, is no better than what you can get from high key
length conventional ciphers, you spend vast amounts on end system
equipment, rent a dedicated dark fiber link between two locations that
can't be arbitrarily far apart, and in the end, you have two machines
that can talk securely in a world where one needs thousands or
millions of machines to talk securely to any one of the other
machines.
I wrote a reply agreeing violently with your sentiments, and then
realized I sent the same e-mail to this list two years ago:
"I have to agree with Perry on this one: I simply can't see a compelling
reason for the push currently being given to ridiculously overpriced
implementations of what started off as a lab toy, and what offers - in
all seriousness - almost no practical benefits over the proper use of
conventional techniques. Besides, any of the ultrasecret applications
that *might* (I remain very skeptical) call for such a level of
confidentiality - things like military communication or diplomatic
message exchange between a country and its ambassadors - are all too
likely to be out of the range currently offered by these QC setups (last
I read, if I'm not mistaken, it was about 50 km or ~30 miles). Fine, the
range might improve - but I doubt that the amount of money and hassle
required to set these up will."
-- from http://permalink.gmane.org/gmane.comp.encryption.general/4526
Later in the thread, I opined that:
"[t]he way I see this is that there are two options: consumers can
entrust
the security of their data to physics they don't understand, or
mathematics they don't understand. One of the fundamental differences is
that the former *no one* understands, and its price reflects that. With
the latter, well - quite a few people understand the math behind crypto,
and silicon is cheap these days. So what are people waiting for? Why
doesn't everyone concerned for their link security have a pair of cheap
strong crypto devices at both ends?"
I can't say I understand this fascination with photons for any
practical cryptographic purpose any better now than I did back then,
but I'm certainly more amused by it. May I coin "quantum
craptography" as a better expansion of the abbreviation QC?
--
Ivan Krstić <[EMAIL PROTECTED]> | GPG: 0x147C722D
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]