Well, I think I agree with everything David said, and given his assumptions I believe he is correct. However, it appears that he did NOT carefully read what I had posted. He is assuming the existance of "the key" (see his first interjection) while my argument was in two parts:
If there is NO key then a man in the middle attack succeeds. No matter WHAT medium the transmission is on.
If there IS a key then quantum encryption provides no additional protection above and beyond conventional encryption using that key.
I can split the second case into two parts:
If there IS a key AND there are NO quantum computers then the key provides adequate protection
If there IS a key AND there ARE quantum computers then there is no protection against a man in the middle attack (I guess other than making the key have more bits than the largest known quantum computer).
In NONE of these three cases does the addition of quantum encryption increase the security.
In short, David did not understand my argument. I EXPLICITLY mentioned both the private key concept he assumes AND a PKI-based system, and acknowleged that in the case of the former there is a key transportation problem, while in the latter case you need to have a PKI in place.
David, perhaps you could explain to me what, in absence of any prearranged shared secret, the legitimate recipient could POSSIBLY do that an interceptor cannot do, given that they have the same level of functionality in their equipment and the same knowlege of the protocols in use.
I think my argument is a little deeper than you first might have realized, and while I'd be glad to acknowlege that you are right if indeed you are right, I don't even have the basic glimmering of an idea how I might be mistaken???
===
David Schwartz wrote:
Sorry for the late reply:
Quantum Cryptography vs the "man-in-the-middle" attack
The recent availability of commercial products for quantum cryptography has generated much press attention, however, any putative value-add for these products escapes this author. Given the traditional "man in the middle" attack where Vladimir imposes a pair of transceivers between Alice and Bob:
+-------+ +----+ +------------+ +----+ +-----+ | Alice +----+ XC +--+ Vladimir's +--+ XC +----+ Bob | +-------+ +----+ | Laptop | +----+ +-----+ +------------+
Quantum cryptography on these links does not seem to provide any additional protection.
What?!
Under the customary and usual assumptions that Vladimir has access to fully functional transceiver equipment and has full knowledge of all communications protocols in use, it just plain not possible for Alice to know she is talking to Bob (and not Vladimir) or for Bob to know he is talking to Alice.
What?! How can Vladimir receive the signal if he doesn't know the key?
So, if we need either a shared secret or a Public Key Infrastructure to protect against man in the middle attacks anyway, what is the value add of using quantum encryption on the link?
The value add is that quantum encryption protects against a man in the middle attack by using a shared secret. This protection is fundamental, in the sense that even if the man in the middle happens to guess the shared secret, he *still* cannot decrypt the signal (unless the correct answer is his one and only guess at the time the signal is sent, and if he guesses wrong, he is detected).
The theory is advanced that quantum encryption would provide some protection against the forthcoming quantum computers, but again, this author is not persuaded. Yes, a quantum computer could be used to attack either scheme described, but then we lose, because it is now possible to conduct a man in the middle attack, even though the links themselves are quantum encrypted.
Huh? It seems to me to be very clear you have no idea what you're talking about. The problem is that future quantum computers may process information much faster than current ones, and thus may break keys that we consider safe today. However, no amount of computing power can break quantum encryption.
In summary, any putative value-add for the use of quantum encryption completely escapes this author, in either the absence or presence of the availability of quantum computers as attack tools.
I think you just don't understand how quantum encryption works. The idea with quantum encryption is that you need the key to receive the signal at all, and only one recipient can possibly receive the signal. Thus, without the key at the time of transmission, a MITM cannot rebroadcast the transmission, thus it is impossible for both a MITM and the intended recipient to receive the tranmission.
This is a capability that no other form of encryption can provide today. It has the benefit that no conceivable future improvements in computing power can compromise today's communications.
To help those not familiar wrap their brains around quantum encryption, imagine if we encode our data as a stream of particles. We have four types of particles we can put in each timeslot, A+, A-, B+, and B-. The stream of particles can strike two types of detectors, an A detector and a B detector (the recipient must put a detector in the path of the particles for each time slot to detect the particle).
If an A+ particle strikes an A detector, the detector indicates a +. If an A- particle strikes an A detector, the detector indicates a -. If a B+ particle strikes a B detector, a + is indicated. If a B- particle strikes a B detector, a - is indicated.
The cool part is that if an A+ or A- particle strikes a B detector, the indication is random, could be + or -. If a B+ or B- particle strikes an A detector, the indication is random, could be + or -.
The data is whether the particles used are + or -. The key is the sequence of A or B particles *and* detectors used. It is impossible in principle to detect whether the particle is + or - without first knowing if it is A or B.
A MITM will not know which detectors to use on which particles, so if he intercepts any particles, he will hopelessly lose the data (whether those particles were + or -). Thus not only will he be detected (because he cannot retransmit) but he will not get the right data (because he will not know which detectors to use).
This is a simplified analogy of what quantum encryption does; however, it should be just enough to show that:
1) No conceivable advances in computing power will break today's quantum communications.
2) Quantum encryption provides defenses against a MITM (or any kind of unauthorized reception) that are ironclad.
DS
-- "An Internet-connected Windows machine is tantamount to a toddler carrying a baggie of $100 bills down a city street..."
Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
