http://www.technologyreview.com/blog/arxiv/25189/
Not at all to my surprise, they broke it by exploiting a difference between a
theoretical system and a real-world implementation.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
http://www.kurzweilai.net/news/frame.html?main=/news/news_single.html?id%3D8471
Quantum cryptography broken
KurzweilAI.net, April 20, 2008
Two Swedish scientsts, Jorgen Cederlof, now of Google, and Jan-Ake
Larsson of Link In a paper published in IEEE Trans. Inf Theory, 54:
1735-1741 (2008
carry,
... and not vice versa.
By that I mean:
-- the integrity of DH depends fundamentally on the algorithm, so you
should verify the algorithmic theory, and then verify that the box
implements the algorithm correctly; while
-- in the simple case, the integrity of quantum cryptography
At 5:11 PM -0400 7/2/07, John Denker wrote:
By that I mean:
-- the integrity of DH depends fundamentally on the algorithm, so you
should verify the algorithmic theory, and then verify that the box
implements the algorithm correctly; while
-- in the simple case, the integrity of quantum
Alexander Klimov [EMAIL PROTECTED] writes:
So what kind of threat models does it address, and what does that say about
the kinds of customers who'd want it?
One threat model (or at least failure mode) that's always concerned me deeply
about QC is that you have absolutely no way of checking
At 08:51 AM 6/28/2007, Alexander Klimov wrote:
I suspect there are two reasons for QKD to be still alive.
First of all, the cost difference between quantum and normal
approaches is so enormous that a lot of ignorant decision makers
actually believe that they get something extra for this money.
a
quantum key exchange and then falls back on classical primitives.
It's at best confusing, fallacious and disingenuous to refer to such
setups as quantum cryptography, though I understand classical
encryption with quantum key exchange has less of a marketable ring
to it.
So, by all means
I'm unhappy with the tone of the discussion thus far. It's gone far
beyond critiquing current products and is instead attacking the very
concept.
Today's cryptography is largely based on certain assumptions. You
can't even call them axioms; they're far too weak. Let's consider
RSA. We *know*
I suspect there are two reasons for QKD to be still alive.
First of all, the cost difference between quantum and normal
approaches is so enormous that a lot of ignorant decision makers
actually believe that they get something extra for this money.
If you tell a lie big enough and keep repeating
On Jun 26, 2007, at 10:10 AM, Nicolas Williams wrote:
This too is a *fundamental* difference between QKD and classical
cryptography.
What does this classical word mean? Is it the Quantum way to say
real? I know we're in violent agreement, but why are we letting
them play language games?
On 6/25/07, Greg Troxel [EMAIL PROTECTED] wrote:
1) Do you believe the physics? (Most people who know physics seem to.)
For those who would like to know a little more about the physics, see:
http://www.icfo.es/images/publications/J05-055.pdf, Quantum Cloning,
Valerio Scarani, Sofyan
On Tue, Jun 26, 2007 at 02:03:29PM -0700, Jon Callas wrote:
On Jun 26, 2007, at 10:10 AM, Nicolas Williams wrote:
This too is a *fundamental* difference between QKD and classical
cryptography.
What does this classical word mean? Is it the Quantum way to say
real? I know we're in violent
Victor Duchovni [EMAIL PROTECTED] writes:
Secure in what sense? Did I miss reading about the part of QKD that
addresses MITM (just as plausible IMHO with fixed circuits as passive
eavesdropping)?
It would be good to read the QKD literature before claiming that QKD is
always unauthenticated.
On Fri, Jun 22, 2007 at 08:21:25PM -0400, Leichter, Jerry wrote:
BTW, on the quantum subway tokens business: In more modern terms,
what this was providing was unlinkable, untraceable e-coins which
could be spent exactly once, with *no* central database to check
against and none of this well,
On Mon, Jun 25, 2007 at 08:23:14PM -0400, Greg Troxel wrote:
1) Do you believe the physics? (Most people who know physics seem to.)
Yes.
2) Does the equipment in your lab correspond to the idealized models
with which the proofs for (1) were done. (Not even close.)
Does QKD address a
mechanism, and get
PFS against an attacker who records all the traffic and breaks DH later.
The end-to-end across middle boxes issue kills this argument about
protection against speculative brokenness of public key cryptography.
All but the smallest networks depend on middle boxes.
Quantum
in what Dr. Duck says about physics? Usually not.
==
One commonly-made claim about quantum cryptography is that
it can detect eavesdropping. I reckon that's narrowly
true as stated. The problem is, I don't know why I should
care. The history of cryptography for most
. It
is only useful in key distribution.
Let me create an aphorism to sum up what Paul, Perry, and others have
said in detail before I address your comment:
If Quantum Cryptography does what is claims, then it is
strengthening the strongest link in the chain of security.
Now to your
Victor Duchovni wrote:
Quantum Cryptography or Quantum Computing (i.e. cryptanysis)?
- Quantum Cryptography is fiction (strictly claims that it solves
an applied problem are fiction, indisputably interesting Physics).
I do not really agree on this statement. There are ongoing
- Quantum Cryptography is fiction (strictly claims that it solves
an applied problem are fiction, indisputably interesting Physics).
Well that is a broad (and maybe unfair) statement.
Quantum Key Distribution (QKD) solves an applied problem of secure key
distribution. It may
On Thu, Jun 21, 2007 at 01:20:35PM -0400, Victor Duchovni wrote:
Quantum Cryptography or Quantum Computing (i.e. cryptanysis)?
- Quantum Cryptography is fiction (strictly claims that it solves
an applied problem are fiction, indisputably interesting Physics).
- Quantum
On Thu, Jun 21, 2007 at 10:59:14AM -0700, Ali, Saqib wrote:
- Quantum Cryptography is fiction (strictly claims that it solves
an applied problem are fiction, indisputably interesting Physics).
Well that is a broad (and maybe unfair) statement.
Quantum Key Distribution (QKD
Massimiliano Pala [EMAIL PROTECTED] writes:
Victor Duchovni wrote:
Quantum Cryptography or Quantum Computing (i.e. cryptanysis)?
- Quantum Cryptography is fiction (strictly claims that it
solves
an applied problem are fiction, indisputably interesting Physics).
I do not really
| - Quantum Cryptography is fiction (strictly claims that it solves
|an applied problem are fiction, indisputably interesting Physics).
|
| Well that is a broad (and maybe unfair) statement.
|
| Quantum Key Distribution (QKD) solves an applied problem of secure key
At 10:59 AM -0700 6/21/07, Ali, Saqib wrote:
- Quantum Cryptography is fiction (strictly claims that it solves
an applied problem are fiction, indisputably interesting Physics).
Well that is a broad (and maybe unfair) statement.
Quantum Key Distribution (QKD) solves an applied
On Fri, Jun 22, 2007 at 11:33:38AM -0400, Leichter, Jerry wrote:
| Secure in what sense? Did I miss reading about the part of QKD that
| addresses MITM (just as plausible IMHO with fixed circuits as passive
| eavesdropping)?
|
| Once QKD is augmented with authentication to address MITM, the
Leichter, Jerry [EMAIL PROTECTED] writes:
| - Quantum Cryptography is fiction (strictly claims that it solves
|an applied problem are fiction, indisputably interesting Physics).
|
| Well that is a broad (and maybe unfair) statement.
|
| Quantum Key Distribution (QKD
...whereas the key distribution systems we have aren't affected by
eavesdropping unless the attacker has the ability to perform 2^128 or
more operations, which he doesn't.
Paul: Here you are assuming that key exchange has already taken place.
But key exchange is the toughest part. That is where
At 10:44 AM -0700 6/22/07, Ali, Saqib wrote:
...whereas the key distribution systems we have aren't affected by
eavesdropping unless the attacker has the ability to perform 2^128 or
more operations, which he doesn't.
Paul: Here you are assuming that key exchange has already taken place.
No,
On Fri, Jun 22, 2007 at 10:44:41AM -0700, Ali, Saqib wrote:
Paul: Here you are assuming that key exchange has already taken place.
But key exchange is the toughest part. That is where Quantum Key
Distribution QKD comes in the picture. Once the keys are exchanged
using QKD, you have to rely on
At 10:44 -0700 2007/06/22, Ali, Saqib wrote:
...whereas the key distribution systems we have aren't affected by
eavesdropping unless the attacker has the ability to perform 2^128 or
more operations, which he doesn't.
Paul: Here you are assuming that key exchange has already taken place.
But
Ali, Saqib [EMAIL PROTECTED] writes:
...whereas the key distribution systems we have aren't affected by
eavesdropping unless the attacker has the ability to perform 2^128 or
more operations, which he doesn't.
Paul: Here you are assuming that key exchange has already taken place.
But key
Hi Folks,
On a legal mailing list I'm on there is a bunch of emails on the
perceived effects of quantum cryptography. Is there any authoritative
literature/links that can help clear the confusion?
Thanks in advance,
Aram Perez
On Tue, Jun 19, 2007 at 09:10:12PM -0700, Aram Perez wrote:
On a legal mailing list I'm on there is a bunch of emails on the
perceived effects of quantum cryptography. Is there any authoritative
literature/links that can help clear the confusion?
Quantum Cryptography or Quantum Computing
http://www.zdnet.co.uk/print/?TYPE=storyAT=39181033-39020357t-1013c
Toshiba shows practical quantum cryptography
Rupert Goodwins
ZDNet UK
December 13, 2004, 18:15 GMT
Toshiba Research Europe demonstrated last week what it claims is the
world's first reliable automated quantum cryptography
On Wed, 2004-10-06 at 06:27, Dave Howe wrote:
I have yet to see an advantage to QKE that even mildly justifies the
limitations and cost over anything more than a trivial link (two
buildings within easy walking distance, sending high volumes of
extremely sensitive material between them)
But
Dave Howe wrote:
I think this is part of the
purpose behind the following paper:
http://eprint.iacr.org/2004/229.pdf
which I am currently trying to understand and failing miserably at *sigh*
Nope, finally strugged to the end to find a section pointing out that it
does *not* prevent mitm attacks.
http://www.computerworld.com/printthis/2004/0,4814,96111,00.html
- Computerworld
Quantum cryptography gets practical
Opinion by Bob Gelfond, MagiQ Technologies Inc.
SEPTEMBER 30, 2004 (COMPUTERWORLD) - In theory and in labs, quantum
cryptography -- cryptography based
http://www.infoworld.com/article/04/07/23/HNquantumcrypto_1.html
InfoWorld
U. of Tokyo, Fujitsu advance towards quantum cryptography
Project succeeds in generating single photo needed for securely sharing
keys across telecom networks
By Martyn Williams, IDG News Service
July 23, 2004
Technologies Unveils World's First Quantum Cryptography Network
back
Quantum Cryptography Breakthrough Delivers Absolute Security
Based on Laws of Physics
CAMBRIDGE, Mass., June 3 /PRNewswire/ -- BBN Technologies announced today
that it has built
http://www.nwfusion.com/news/2004/0517euseeks.html
Network World Fusion
EU seeks quantum cryptography response to Echelon
By Philip Willan
IDG News Service, 05/17/04
The European Union is to invest ¤11 million ($13 million) over the next
four years to develop a secure communication system
Tom Shaddack wrote:
On Tue, 18 May 2004, Tyler Durden wrote:
Monyk believes there will be a global market of several
million users once
a workable solution has been developed. A political
decision will have to
be taken as to who those users will be in order to prevent
terrorists
advantage of the completely secure communication
network, he said.
Silliness itself, at this point. Practical quantum cryptography at this
point is limited to transmission. The moment it goes O/E, it's as vulnerable
as any other data. And terrorists aren't going to bother splicing fiber.
Of course
Sigh...
The old hype-meter pegs so much the needle's bent...
Cheers,
RAH
http://www.quantenkryptographie.at/rathaus_press.html
Quantum Cryptography live
World Premiere: Bank Transfer via Quantum Cryptography Based on Entangled
Photons
Press conference and demonstration of the ground
R. A. Hettinga wrote:
http://www.net-security.org/news.php?id=3583
Quantum cryptography finally commercialized?
Posted by Mirko Zorz - LogError
Tuesday, 16 September 2003, 1:23 PM CET
For the onlookers, this article is misinformed and should
not be relied upon for evaluating quantum
http://www.net-security.org/news.php?id=3583
Help Net Security -
Quantum cryptography finally commercialized?
Posted by Mirko Zorz - LogError
Tuesday, 16 September 2003, 1:23 PM CET
Start-up MagiQ Technologies, from Somerville, Massachusetts, has released
the first commercial implementation
46 matches
Mail list logo