Re: Quantum Computing Puts Encrypted Messages at Risk
On Thu, Jul 11, 2002 at 07:50:30PM +0100, Ian Hill wrote: > > > > Hammond said that his company, scheduled for a public launch this > > September, will have a "commercially available solution" in 2003. The > > Somerville, Massachusetts-based company is developing a prototype > > quantum cryptographic device that can be used on telecom fiber and is > > immune to eavesdropping, or so the company claims. > > > > The device is also "future-proof" because, according to MagiQ > > Technologies, it is invulnerable to advances in algorithms and > > computing technology. > Now I'm neither a professional cryptographer or professional quantum > physicist, so any of the above could be incorrect. I'd love to be proven > wrong - I fancy the idea of unbreakable encrption as much as the next > man, but surely the way mankind has broken cipher after cipher, and > challenged theorum after theorum should have made people a little > dubious when the word "unbreakable" is bounded around. Besides, we all > know the devil is in the implementation. Even if QKD is unbreakable on > paper, an engineer is sure to break it ;-) > > When I first read The Code Book (Simon Singh), I drooled endlessly at > the idea of Unbreakable Encryption, until I became a little more > cynical. I questioned Dr Singh on this when he came and gave a lecture > in Cheltenham UK recently, and his best answer was that QKD is so secure > because "its a different kind of system. Its not like conventional > encryption." [synopsis - not direct quotation]. I'm not thorougly > convinced. > > Can anyone (politely) prove this mere outsider wrong? QKD is a way to prevent a possible eavesdropper to listen to the Key Distribution System. In classical encryption the fist step is always to intercept the encrypted message - this is where QC starts. The key, which is later used as a classical One-Time-Pad, is distributed in a way a eavesdropper can be detected, it can not be prevented though. This opens the doors for DoS attacks. But: If the key has been transmitted without an eavesdropper, than we have a 100% truly random one-time pad which has been prooven to be unbreakable. An eavesdropper can be detected by the amount of Quantum Noise he introduces in the Quantum channel. Since a Qubit (Qutrit or Qunit) can not be cloned perfectly every attempt to listen to the Quantum Channel introduces some noise. This noise is added to the noise already present on the Quantum channel. If the Quantum noise reaches a certain theoretical ratio, we know that someone listens to the channel. One word on cloning: Yes, cloning is possible ! No, it does not break QKD ! Copying of quantum states is possible, but not in a deterministic fashion. The maximum (theoretical) probability to get an identical copy of a qubit is 5/6. This has been demonstrated already experimentaly. Since there is a functonal dependence between noise and extracted information, this is just an additional factor. It just reduces the distances we can reach, and the bitrates we can achieve. (It can be shown that perfect quantum cloning is not possible for what type of cloning mechanism whatsoever - AND (independently of the proof): if it would be possible, we could communicate with speeds faster than that of light and therefore it would also violat special relativity) What we have here is a theory which is almost as old as the special theory of relativity and has not yet prooven wrong. This theory tells us that there is no way whatever, that a possible eavesdropper can listen to the key exchange. It also tells us that if we use either a Quantum random number generator or an entangled photon QKD system, that we get absolutly random numbers. I recomend everyone who is interested in QKD to read an introduction to quantum theory. Everything QKD is about is just plain vector multiplication. It is a beautiful (=simple) theory. Okay. If you have questions, please feel free to drop me an email. I am currently in my final year of graduate studies in physics. For my diploma thesis, I am working on a project in the field of Experimental Quantum Information. So hopfully I might be able to answer some of your questions :-) http://www.quantum.univie.ac.at/research/crypto/index.html BTW: there are already comercial QKD systems available Hannes -- - Hannes R. Boehm - Institute of Experimental Physics University of Vienna Boltzmanngasse 5 1090 Wien Austria web : http://www.quantum.univie.ac.at/ email: [EMAIL PROTECTED] - email: [EMAIL PROTECTED] web : http://hannes.boehm.org msg02349/pgp0.pgp Description: PGP signature
Re: IP: SSL Certificate "Monopoly" Bears Financial Fruit
- Original Message - From: "Lucky Green" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, July 14, 2002 11:55 AM Subject: RE: IP: SSL Certificate "Monopoly" Bears Financial Fruit > > The cert shows that it's issued by Equifax, however. > > The cert shows as being issued by Equifax because Geotrust purchased > Equifax's root embedded in major browsers since MSIE 5 on the secondary > market. (Geotrust purchased more than just the root). This raises an interesting legal issue. Should any loss from a mis-issued cert arise to a party who trusted the "Equifax" brand name shown in the cert chain, but doesn't know (or want to know) anything about Geotrust, who would be liable? (Yeah, I know, any liability is usually disclaimed away, but I mean: which one of the two is supposed to represent the "trusted" thirt party?) Enzo - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Fwd: Re: Quantum Computing Puts Encrypted Messages at Risk
>At 20:50 11/07/2002, Ian wrote: >>When I first read The Code Book (Simon Singh), I drooled endlessly at >>the idea of Unbreakable Encryption, until I became a little more >>cynical. I questioned Dr Singh on this when he came and gave a lecture >>in Cheltenham UK recently, and his best answer was that QKD is so secure >>because "its a different kind of system. Its not like conventional >>encryption." [synopsis - not direct quotation]. I'm not thorougly >>convinced. >> >>Can anyone (politely) prove this mere outsider wrong? > >I am also not a physicist. So I share your skepticism about relying for >security on physic theories which I don't understand, and furthermore >which may evolve and refine over time. > >However, as many people are excited about Quantum crypto, I really would >like to put my skepticism aside and understand what is its cryptographic >significance, say if we accept the physics as valid (for ever or at least >`long enough`). In particular I'm considering whether I should and can >cover this area in my book. I must admit I haven't yet studied this area >carefully, so my questions may be naive, if so please excuse me (and your >answer will be doubly appreciated). Some questions: > >1. Quantum key encryption seems to require huge amounts of truly random >bits at both sender and receiver. This seems impractical as (almost) truly >random bits are hard to produce (especially at high speeds). Is there a fix? >2. After the transmission, the receiver is supposed to tell the sender how >it set its polarization; how is this authenticated? If it isn't we are >obviously susceptible to man in the middle attack. >3. It seems the quantum link must connect directly from sender to >receiver. How can this help provide end to end security on the Internet? >Or are we back to private networks? >4. As to quantum computation signalling the end of `crypto as we know >it`... Is it fair to say this may end only the mechanisms built on >discrete log and/or factoring, but not shared key algorithms like AES and >some of the other public key algorithms? > >Best, Amir Herzberg Amir Herzberg See http://amir.herzberg.name/book.html for draft chapters from `Introduction to Cryptography, Secure Communication and Commerce`, and link to lectures. Comments appreciated. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: IP: SSL Certificate "Monopoly" Bears Financial Fruit
RJ Harvey wrote: > Thanks for the tip! I just got a new cert from Geotrust, > and it was such an amazing contrast to those I've gotten > from Verisign and Thawte! They apparently take the > verification info from the whois data on the site, and you > really can do the process from start to finish in 10 minutes or so. I believe that Geotrust has come up with an excellent new model to make money out of the CA business with minimum hassle to the customer while reducing Geotrust's vetting costs down to next to zero. Their introduction of this new model was one of the more interesting news at this year's otherwise rather bland RSA Conference. > The cert shows that it's issued by Equifax, however. The cert shows as being issued by Equifax because Geotrust purchased Equifax's root embedded in major browsers since MSIE 5 on the secondary market. (Geotrust purchased more than just the root). --Lucky Green - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
