On Fri, Jan 27, 2012 at 3:49 PM, Sven Moritz Hallberg <pe...@khjk.org> wrote: > On Fri, 27 Jan 2012 13:39:44 -0500, Warren Kumari <war...@kumari.net> wrote: >> Surely I am missing something here? Or is that really the news? > > I thought the same thing and skimmed (very incompletely) through the > paper. They do talk about how to hide the saved bits in later sessions > of particular QKD protocols, so maybe there is something inherent there > that would make such an attack, say, especially hard to detect in the > QKD setting?
Well, if there were covert, deniable, quantum side-channels in QKD that the vendor could exploit practically undetectably, then yes, QKD would suddenly become not just snake oil but poisonous snake oil. OTOH, if this is just a worry that QKD devices might be compromised (whether purposefully by the vendor or unwittingly), then this is nothing new, and QKD remains snake oil. Quantum authentication that scales (as opposed to requiring pair-wise physical exchange of entangled particle pairs) would be a neat trick -perhaps applying Needham-Schoeder?- but it'd still be a novelty/curiosity IMO. The idea that QKD is in use by the military gives me pause, unless it's either completely redundant and classical crypto is still used (wasteful, yes, but that's a lesser concern), or the military using QKD is an enemy of the cause of liberty (in which case never mind and keep at it boys!). Nico -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography