Re: Can Eve repeat?
I'm not an expert on this stuff, but I'm interested enough to chase a few references... Ivan Krstic [EMAIL PROTECTED] writes: The idea that observing modifies state is something to be approached with caution. Read-only does make sense in quantum world; implementations of early theoretical work by Elitzur and Vaidman achieved roughly 50% success on interaction-free measurements. Careful there--EV interaction-free measurements do *not* read the internal state of the system measured. The trick to the EV IFM is that it determines the location (or existence) of a system without interacting with the internal state of that system; a corollary is that it derives no information about the internal state. The meaning of the EV IFM is that if an object changes its internal state [...] due to the radiation, then the method allows detection of the location of the object without any change in its internal state. [...] We should mention that the interaction-free measurements do not have vanishing interaction Hamiltonian. [...] the IFM can change very significantly the quantum state of the observed object and we still name it interaction free. Lev Vaidman, Are Interaction-free Measurements Interaction Free?, http://arxiv.org/abs/quant-ph/0006077 Intercepting QC is all about determining the internal state (e.g. photon polarization), and AFAIK that requires becoming entangled with the state of the particle. EV IFM doesn't appear to provide a way around this. and later... On Fri, 26 Sep 2003 09:10:05 -0400, Greg Troxel [EMAIL PROTECTED] wrote: The current canoncial paper on how to calculate the number of bits that must be hashed away due to detected eavesdropping and the inferred amount of undetected eavesdropping is Defense frontier analysis of quantum cryptographic systems by Slutsky et al: http://topaz.ucsd.edu/papers/defense.pdf Up-front disclaimer: I haven't had time to study this paper with the level of attention it likely deserves, so I apologize if the following contains incorrect logic. However, from glancing over it, it appears the assumptions on which the entire paper rests are undermined by work such as that of Elitzur and Vaidman (see the article I linked previously). Specifically, note the following: [...] If we do away with the idea that there are no interaction-free measurements (which was, at least to me, convincingly shown by the Quantum seeing in the dark article), this paper becomes considerably less useful; the first claim's validity is completely nullified (no longer does interference with particles necessarily introduce transmission errors), If Eve can measure the state of a particle without altering its state at all, 100% of the time, then QC is dead--the defense function becomes infinite. But AFAICT the EV IFM techniques do not provide this ability. while the effect on the second statement is evil: employing the proposed key distillation techniques, the user might be given a (very) false sense of security, as only a small percentage of the particles that Eve observes register as transmission errors (=15%, according to the LANL figure). Err...I think you've missed the point of the paper. What they're doing is deriving how many extra bits Alice and Bob have to transmit given that Eve is intercepting their transmission, and only some fraction (dependent on the interception technique) of those interceptions are detectable. They do not assume that all interceptions appear as errors; they (initially) assume that all errors are due to interceptions (they deal with the case of noisy channels later in the paper). -dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Can Eve repeat?
On Fri, 26 Sep 2003 09:10:05 -0400, Greg Troxel [EMAIL PROTECTED] wrote: [snip] The current canoncial paper on how to calculate the number of bits that must be hashed away due to detected eavesdropping and the inferred amount of undetected eavesdropping is Defense frontier analysis of quantum cryptographic systems by Slutsky et al: http://topaz.ucsd.edu/papers/defense.pdf Up-front disclaimer: I haven't had time to study this paper with the level of attention it likely deserves, so I apologize if the following contains incorrect logic. However, from glancing over it, it appears the assumptions on which the entire paper rests are undermined by work such as that of Elitzur and Vaidman (see the article I linked previously). Specifically, note the following: This security is derived from encoding the data on nonorthogonal quantum states of a physical carrier particle. Since such quantum states cannot be duplicated or analyzed in transit without disturbing them, any attempt to interfere with the particle introduces transmission errors and thereby reveals itself to Alice and Bob. And: They [Alice and Bob] then assume that all errors are eavesdropping induced and estimate Eve's potential knowledge of their data in this worst-case situation. If we do away with the idea that there are no interaction-free measurements (which was, at least to me, convincingly shown by the Quantum seeing in the dark article), this paper becomes considerably less useful; the first claim's validity is completely nullified (no longer does interference with particles necessarily introduce transmission errors), while the effect on the second statement is evil: employing the proposed key distillation techniques, the user might be given a (very) false sense of security, as only a small percentage of the particles that Eve observes register as transmission errors (=15%, according to the LANL figure). Best regards, Ivan Krstic - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Can Eve repeat?
That's pretty much what I was talking about when I said that it may be possible to clone an arbitrarily large proportion of photons - and that Quantum Cryptography may not actually be secure. A key point is the probability that the measurement/cloning operation has of disturbing the original state. Errors at the receiver are assumed to be the result of eavesdropping. The current canoncial paper on how to calculate the number of bits that must be hashed away due to detected eavesdropping and the inferred amount of undetected eavesdropping is Defense frontier analysis of quantum cryptographic systems by Slutsky et al: http://topaz.ucsd.edu/papers/defense.pdf (I don't want to take a position on whether cloning is or isn't possible - that's way out of my area of expertise!) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Can Eve repeat?
On 24 Sep 2003 08:34:57 -0400, Greg Troxel [EMAIL PROTECTED] wrote: [snip] In Quantum Cryptography, Eve is allowed to not only observe, but also transmit (in the quantum world observing modifies state, so the notion of read only doesn't make sense). Also, Eve is typically accorded unlimited computational power. [snip] The idea that observing modifies state is something to be approached with caution. Read-only does make sense in quantum world; implementations of early theoretical work by Elitzur and Vaidman achieved roughly 50% success on interaction-free measurements. Later work, relying on the quantum Zeno effect, raised the success rate significantly: Preliminary results from new experiments at Los Alamos National Laboratory have demonstrated that up to 70 percent of measurements could be interaction-free. We soon hope to increase that figure to 85 percent. The quote comes from a article by Kwiat, Weinfurter and Zeilinger published in SciAm, November 1996 -- if they were getting success rates like these back then, I wonder what the current status is. The article is well worth a read. There's a copy online at: http://www.fortunecity.com/emachines/e11/86/seedark.html Best regards, Ivan Krstic - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Can Eve repeat?
At 08:34 AM 9/24/03 -0400, Greg Troxel wrote: A consequence of the infinite CPU assumption is that ciphers like AES, hash functions like SHA-1, etc. are all considered useless by the purist QC community. Thus, people talk about doing authentication with families of universal hash functions. This has the practical problem that the original (courier-transported) secret keying material for authentication is used up, and the typical scheme talked about is using some of the agreed-upon QKD bits to replenish the authentication keying material. This does not seem very robust. Those couriers are carrying one-time pad CDs, in a QC world. Do not try to pet their dogs, BTW. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]