[IP] more on ARMSTRONG LECTURE on Quantum Crypto and Optical Networks (Forwarded)
Begin forwarded message:
From: David Wagner <daw@xxxxxxxxxxxxxxx>
Date: September 19, 2005 6:22:10 PM EDT
To: touch@xxxxxxx
Cc: dave@xxxxxxxxxx, smb@xxxxxxxxxxxxxxx
Subject: [IP] more on ARMSTRONG LECTURE on Quantum Crypto and Optical
Networks (Forwarded)
The real problem with QKE is that it solves a non-problem, and it does
so poorly.
QKE is as good as the security of the optical fiber link you have.
If that fiber isn't tampered with, and is a straight shot from the
sender
to the receiver, then QKE is secure, and you don't need any pre-shared
authentication keys. So far, so good.
The first problem with QKE is that, as you notice, the above scenario
can only be applied to point-to-point links. You can't have routers,
switches, bridges, repeaters, etc., because they violate the security
requirements (roughly, they are indistinguishable from eavesdroppers).
If you have a group of n people who might want to communicate
amongst themselves, you need n^2 links, which isn't really workable.
Consequently, you can only use QKE for a few point-to-point links.
(If you want to avoid point-to-point links, you can try to play these
games with pre-shared authentication keys, but then the QKE is
pointless.
If you had pre-shared keys, you wouldn't need QKE; you'd just use
classical cryptography and be done with it.)
The other problem with QKE is that it is solving a non-existent problem.
Today's VPNs are perfectly good solutions to the problem of securing a
point-to-point link. You don't need a $50,000 QKE box; a secure tunnel
using classical cryptography (IPSec, TLS, whatever) is perfectly
adequate,
and you can get such products for free or for much more cheaply than
QKE.
The classical crypto is almost never the weakest point in the system,
so even if QKE were more secure than classical crypto, who cares?
Basically, today's QKE products are a bad joke. As far as I can tell,
they are a way to hoodwink companies with too much money into paying
$50k or $100k for a box that doesn't solve a problem they don't have.
-- David Wagner
In article <6D9F6BAA-0B2E-4FDE-BC73-C84EBE1EAEC1@xxxxxxxxxx> you write:
Begin forwarded message:
From: Joe Touch <touch@xxxxxxx>
Date: September 19, 2005 1:53:41 PM EDT
To: dave@xxxxxxxxxx
Cc: smb@xxxxxxxxxxxxxxx
Subject: Re: [IP] ARMSTRONG LECTURE on Quantum Crypto and Optical
Networks (Forwarded)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dave and Steve,
So far I've been very curious about all the assertions about quantum
comm. supporting key distribution, since quantum comm presumes
pre-distributed keys for state verification, at least as a bootstrap.
See:
Why Quantum Cryptography?
Kenneth G. Paterson, Fred Piper, Ruediger Schack (Royal
Holloway, University of London
in Quantum Physics e-print archive, June 2004
Abstract:
Quantum Key Exchange (QKE, also known as Quantum Key Distribution or
QKD) allows communicating parties to securely establish cryptographic
keys. It is a well-established fact that all QKE protocols require
that
the parties have access to an authentic channel. Without this
authenticated link, QKE is vulnerable to man-in-the-middle attacks.
Unfortunately this fact is frequently overlooked, resulting in
exaggerated claims and/or false expectations about the potential
impact
of QKE. In this paper we present a systematic comparison of QKE with
traditional key exchange protocols in realistic secure communication
systems.
http://arXiv.org/abs/quant-ph/0406147
I've heard various assertions about 'key amplification', 'pad
regeneration', etc., but at the end of the day it seems that the
quantum
system is only as good as the conventional authentication key it
started
with, AFAICT.
I'd be interested if any others on IP have thoughts on this...
Joe
David Farber wrote:
is it webcast?
Begin forwarded message:
From: "Steven M. Bellovin" <smb@xxxxxxxxxxxxxxx>
Date: September 14, 2005 6:35:23 PM EDT
To: cryptography@xxxxxxxxxxxx
Subject: [Colloquium] ARMSTRONG LECTURE on Quantum Crypto and Optical
Networks (Forwarded)
Date: Wed, 14 Sep 2005 18:30:22 -0400 (EDT)
From: Dan Rubenstein <danr@xxxxxxxxxxxxxxx>
To: colloquium@xxxxxxxxxxxxxxx
The Department of Electrical Engineering at Columbia University
invites
you
to attend
THE ARMSTRONG MEMORIAL LECTURE
Monday, September 19 - 3:00pm
Davis Auditorium (Schapiro/Host)
Host: Professor Osgood
"Unbreakable Secret Key Distribution?
Quantum Cryptography and Optical Networks"
by
Matthew S. Goodman, Ph.D.,
Chief Scientist and Telcordia Fellow, Telcordia Technologies &
Laboratory
for Telecommunications Sciences Red Bank, NJ and Adelphi, MD
Abstract:
Manifestly quantum mechanical behavior has had tremendously important
implications for the development of modern technology. In this
talk we
explore the impact of recent ideas and new approaches that quantum
information is having on future secure communications for high
performance
optical networks. The talk will concentrate on quantum
cryptography, which
offers the promise of unconditional security for communications, and
complements existing mathematically based cryptography, which is
applied at
higher networking levels. The talk will review the rapid progress
in this
field as well as some very recent experimental results from the
Telcordia
research group and its collaborations. We will describe the impact
that
this work is having on optical networking research and some early
commercial activities and will speculate on its broader commercial
implications.
Light refreshments will be served. We look forward to seeing you
there!
_______________________________________________
Colloquium mailing list
Colloquium@xxxxxxxxxxxxxxx
http://lists.cs.columbia.edu/mailman/listinfo/colloquium
----------
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
majordomo@xxxxxxxxxxxx
-------------------------------------
You are subscribed as touch@xxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-
people/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDLvslE5f5cImnZrsRAjJMAJ44OoJaeo1QQvSOrM+YWKdUcj66YwCeMk30
VTRSVKoHV86zz5Ob4at5YPE=
=/quq
-----END PGP SIGNATURE-----
-------------------------------------
You are subscribed as interesting-people-gate@xxxxxxxxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-
people/
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/