Re: Quantum Cryptography

At 5:11 PM -0400 7/2/07, John Denker wrote: By that I mean: -- the integrity of DH depends fundamentally on the algorithm, so you should verify the algorithmic theory, and then verify that the box implements the algorithm correctly; while -- in the simple case, the integrity of quantum cryp

Re: Quantum Cryptography

On 07/01/2007 05:55 AM, Peter Gutmann wrote: One threat model (or at least failure mode) that's always concerned me deeply about QC is that you have absolutely no way of checking whether it's working as required. With any other mechanism you can run test vectors through it, run ongoing/continuo

Re: Quantum Cryptography

Alexander Klimov <[EMAIL PROTECTED]> writes: >So what kind of threat models does it address, and what does that say about >the kinds of customers who'd want it? One threat model (or at least failure mode) that's always concerned me deeply about QC is that you have absolutely no way of checking wh

Re: Quantum Cryptography

Steven M. Bellovin wrote: > To me, QKD is indeed a very valid area for research. It's a very > different approach; ultimately, it may prove to be useful, at least in > some circumstances. As a physicist, with a doctorate in quantum optics, I want to add my agreement to Steve's comment. And extend

Re: Quantum Cryptography

On Jun 29, 2007, at 10:44 AM, Steven M. Bellovin wrote: It's very valid to criticize today's products, and it's almost obligatory to criticize over-hyped marketing. As I said, I don't think today's products are useful anywhere, and the comparisons vendors draw to conventional cryptography are

Re: Quantum Cryptography

At 08:51 AM 6/28/2007, Alexander Klimov wrote: I suspect there are two reasons for QKD to be still alive. First of all, the cost difference between quantum and normal approaches is so enormous that a lot of ignorant decision makers actually believe that they get something extra for this money.

Re: Quantum Cryptography

I'm unhappy with the tone of the discussion thus far. It's gone far beyond critiquing current products and is instead attacking the very concept. Today's cryptography is largely based on certain assumptions. You can't even call them axioms; they're far too weak. Let's consider RSA. We *know* t

Re: Quantum Cryptography

On Jun 22, 2007, at 11:04 AM, Perry E. Metzger wrote: This brings up another issue. Quantum crypto is exceptionally expensive, and is virtually undeployable. To provide security that, in a practical sense, is no better than what you can get from high key length conventional ciphers, you spend va

Re: Quantum Cryptography

I suspect there are two reasons for QKD to be still alive. First of all, the cost difference between quantum and normal approaches is so enormous that a lot of ignorant decision makers actually believe that they get something extra for this money. If you tell a lie big enough and keep repeating

Re: Quantum Cryptography

On Tue, Jun 26, 2007 at 02:03:29PM -0700, Jon Callas wrote: > On Jun 26, 2007, at 10:10 AM, Nicolas Williams wrote: > >This too is a *fundamental* difference between QKD and classical > >cryptography. > > What does this "classical" word mean? Is it the Quantum way to say > "real"? I know we're i

Re: Quantum Cryptography

On 6/25/07, Greg Troxel <[EMAIL PROTECTED]> wrote: 1) Do you believe the physics? (Most people who know physics seem to.) For those who would like to know a little more about the physics, see: , "Quantum Cloning", Valerio Scarani, Sofyan I

Re: Quantum Cryptography

On Jun 26, 2007, at 10:10 AM, Nicolas Williams wrote: This too is a *fundamental* difference between QKD and classical cryptography. What does this "classical" word mean? Is it the Quantum way to say "real"? I know we're in violent agreement, but why are we letting them play language game

Re: Quantum Cryptography

On 06/25/2007 08:23 PM, Greg Troxel wrote: > 1) Do you believe the physics? (Most people who know physics seem to.) Well, I do happen to know a thing or two about physics. I know -- there is quite a lot you can do with quantum physics, and -- there is quite a lot you cannot do with quantum

Re: Quantum Cryptography

On Mon, Jun 25, 2007 at 08:23:14PM -0400, Greg Troxel wrote: > Victor Duchovni <[EMAIL PROTECTED]> writes: > > Secure in what sense? Did I miss reading about the part of QKD that > > addresses MITM (just as plausible IMHO with fixed circuits as passive > > eavesdropping)? > > It would be good to r

Re: Quantum Cryptography

On Mon, Jun 25, 2007 at 08:23:14PM -0400, Greg Troxel wrote: > 1) Do you believe the physics? (Most people who know physics seem to.) Yes. > 2) Does the equipment in your lab correspond to the idealized models > with which the proofs for (1) were done. (Not even close.) Does QKD address

Re: Quantum Cryptography

On Fri, Jun 22, 2007 at 08:21:25PM -0400, Leichter, Jerry wrote: > BTW, on the quantum subway tokens business: In more modern terms, > what this was providing was unlinkable, untraceable e-coins which > could be spent exactly once, with *no* central database to check > against and none of this "we

Re: Quantum Cryptography

Victor Duchovni <[EMAIL PROTECTED]> writes: > Secure in what sense? Did I miss reading about the part of QKD that > addresses MITM (just as plausible IMHO with fixed circuits as passive > eavesdropping)? It would be good to read the QKD literature before claiming that QKD is always unauthenticat

Re: Quantum Cryptography

My previous message was not an attempt to defend the companies that are out there trying to sell quantum cryptography. They're clearly way out ahead of any reasonable theory and are following in a great tradition of offering crypto snake oil. That some of them are doing it on *my* money - i.e., b

Re: Quantum Cryptography

On Jun 22, 2007, at 10:44 AM, Ali, Saqib wrote: ...whereas the key distribution systems we have aren't affected by eavesdropping unless the attacker has the ability to perform 2^128 or more operations, which he doesn't. Paul: Here you are assuming that key exchange has already taken place. Bu

Re: Quantum Cryptography

"Ali, Saqib" <[EMAIL PROTECTED]> writes: >> ...whereas the key distribution systems we have aren't affected by >> eavesdropping unless the attacker has the ability to perform 2^128 or >> more operations, which he doesn't. > > Paul: Here you are assuming that key exchange has already taken place. >

Re: Quantum Cryptography

At 10:44 -0700 2007/06/22, Ali, Saqib wrote: ...whereas the key distribution systems we have aren't affected by eavesdropping unless the attacker has the ability to perform 2^128 or more operations, which he doesn't. Paul: Here you are assuming that key exchange has already taken place. But ke

Re: Quantum Cryptography

On Fri, Jun 22, 2007 at 10:44:41AM -0700, Ali, Saqib wrote: > Paul: Here you are assuming that key exchange has already taken place. > But key exchange is the toughest part. That is where Quantum Key > Distribution QKD comes in the picture. Once the keys are exchanged > using QKD, you have to rely

Re: Quantum Cryptography

At 10:44 AM -0700 6/22/07, Ali, Saqib wrote: ...whereas the key distribution systems we have aren't affected by eavesdropping unless the attacker has the ability to perform 2^128 or more operations, which he doesn't. Paul: Here you are assuming that key exchange has already taken place. No, I

Re: Quantum Cryptography

...whereas the key distribution systems we have aren't affected by eavesdropping unless the attacker has the ability to perform 2^128 or more operations, which he doesn't. Paul: Here you are assuming that key exchange has already taken place. But key exchange is the toughest part. That is where

Re: Quantum Cryptography

"Leichter, Jerry" <[EMAIL PROTECTED]> writes: > | > >- Quantum Cryptography is "fiction" (strictly claims that it solves > | > > an applied problem are fiction, indisputably interesting Physics). > | > > | > Well that is a broad (and maybe unfair) statement. > | > > | > Quantum Key Dist

Re: Quantum Cryptography

On Fri, Jun 22, 2007 at 11:33:38AM -0400, Leichter, Jerry wrote: > | Secure in what sense? Did I miss reading about the part of QKD that > | addresses MITM (just as plausible IMHO with fixed circuits as passive > | eavesdropping)? > | > | Once QKD is augmented with authentication to address MITM,

Re: Quantum Cryptography

At 10:59 AM -0700 6/21/07, Ali, Saqib wrote: - Quantum Cryptography is "fiction" (strictly claims that it solves an applied problem are fiction, indisputably interesting Physics). Well that is a broad (and maybe unfair) statement. Quantum Key Distribution (QKD) solves an applied prob

Re: Quantum Cryptography

| > >- Quantum Cryptography is "fiction" (strictly claims that it solves | > > an applied problem are fiction, indisputably interesting Physics). | > | > Well that is a broad (and maybe unfair) statement. | > | > Quantum Key Distribution (QKD) solves an applied problem of secure key | >

Re: Quantum Cryptography

Massimiliano Pala <[EMAIL PROTECTED]> writes: > Victor Duchovni wrote: >> Quantum Cryptography or Quantum Computing (i.e. cryptanysis)? >> - Quantum Cryptography is "fiction" (strictly claims that it >> solves >> an applied problem are fiction, indisputably interesting Physics). > > I do

Re: Quantum Cryptography

On Thu, Jun 21, 2007 at 10:59:14AM -0700, Ali, Saqib wrote: > >- Quantum Cryptography is "fiction" (strictly claims that it solves > > an applied problem are fiction, indisputably interesting Physics). > > Well that is a broad (and maybe unfair) statement. > > Quantum Key Distribution (

Re: Quantum Cryptography

On Thu, Jun 21, 2007 at 01:20:35PM -0400, Victor Duchovni wrote: > Quantum Cryptography or Quantum Computing (i.e. cryptanysis)? > > - Quantum Cryptography is "fiction" (strictly claims that it solves > an applied problem are fiction, indisputably interesting Physics). > > - Quantu

Re: Quantum Cryptography

Victor Duchovni wrote: Quantum Cryptography or Quantum Computing (i.e. cryptanysis)? - Quantum Cryptography is "fiction" (strictly claims that it solves an applied problem are fiction, indisputably interesting Physics). I do not really agree on this statement. There are ongoing proje

Re: Quantum Cryptography

- Quantum Cryptography is "fiction" (strictly claims that it solves an applied problem are fiction, indisputably interesting Physics). Well that is a broad (and maybe unfair) statement. Quantum Key Distribution (QKD) solves an applied problem of secure key distribution. It may not be

Re: Quantum Cryptography

On Tue, Jun 19, 2007 at 09:10:12PM -0700, Aram Perez wrote: > On a legal mailing list I'm on there is a bunch of emails on the > perceived effects of quantum cryptography. Is there any authoritative > literature/links that can help clear the confusion? Quantum Cryptography or Quantum Computin

Re: Quantum cryptography gets "practical"

On Wed, 2004-10-06 at 06:27, Dave Howe wrote: > I have yet to see an advantage to QKE that even mildly justifies the > limitations and cost over anything more than a trivial link (two > buildings within easy walking distance, sending high volumes of > extremely sensitive material between them) But

Re: Quantum cryptography gets "practical"

Dave Howe wrote: I think this is part of the purpose behind the following paper: http://eprint.iacr.org/2004/229.pdf which I am currently trying to understand and failing miserably at *sigh* Nope, finally strugged to the end to find a section pointing out that it does *not* prevent mitm attacks.

Re: Quantum cryptography finally commercialized?

R. A. Hettinga wrote: > > >Quantum cryptography finally commercialized? >Posted by Mirko Zorz - LogError >Tuesday, 16 September 2003, 1:23 PM CET For the onlookers, this article is misinformed and should not be relied upon for evaluating quantum crypt