From: Francois Grieu on 18 May 2010 04:08 According to this article http://www.technologyreview.com/blog/arxiv/25189/ and online paper http://arxiv.org/abs/1005.2376 the feasibility of an attack on a quantum key distribution system used in a commercial quantum crypto product has been demonstrated experimentally. Or something on that tune. I can't form an informed opinion on if the attack would break a commercially deployed quantum link, for I do not grasp the physic and math, and never saw a commercially deployed quantum link. However I have an opinion regarding the commercial interest of quantum cryptography, and it a low one. I think I correctly summarize the field by stating a quantum key distribution system aims to solve the problem that if Alice and Bob share an initial secret, then they can securely exchange more information through some link, in a way such that even if the initial secret leaks after that exchange, the secrecy of what was exchanged is not compromised; and do that demonstrably based on quantum physics assumptions. I see three issues with that: 1) At least once in the history of quantum cryptography, the quantum physics assumptions made have been accepted as correct, then shown to not match reality precisely enough, in a way such that these assumptions lead to a correct demonstration that the system is secure when in reality it is not. If the article is correct and the research original, we have another case of that. 2) Physical links known suitable for (at least the standard breed of) quantum crypto are direct optical paths, which precludes routers not designed specifically for quantum crypto, and is a formidable obstacle to long-distance communication; I am unaware of an alleged commercial solution. 3) Today's cryptography can solve a similar problem: use the initial secret as a key of a strong cryptosystem, then safely discard it after use; this is secure based on assumptions tested and refined by approximately 50 years of theoretical and experimental studies (which is fair in comparison to 1) and field deployment (which is great in comparison to 2). Is anyone here defending that within the next 20 years, quantum cryptography is going to be more than either one of - a nice academic subject, - a way to siphon money out of the gullible, - a cover for justifying the transfer of money? Francois Grieu
From: Mok-Kong Shen on 18 May 2010 05:04 Francois Grieu wrote: [snip] > However I have an opinion regarding the commercial interest of quantum > cryptography, and it a low one. [snip] > 1) At least once in the history of quantum cryptography, the quantum > physics assumptions made have been accepted as correct, then shown to > not match reality precisely enough, in a way such that these assumptions > lead to a correct demonstration that the system is secure when in > reality it is not. [snip] [OT] Things similar not seldom happened in other fields, I suppose. Black and Scholes got Nobel Prize in Economics with their celebrated formula. But I read the following in R. N. Mantegna, H. E. Stanley, An Introduction to Econophysics, Camb. U. Press, 2000, p.127-128: The Blank & Scholes model is one of the more successful idealized models currently in use. Since its introduction in 1973, a large amount of literature dealing with the extension of the Black & Scholes model has appeared. These extensions aim to relax assumptions that may not be realistic for real financial markets. ............ The elegance of the Black & Scholes solution is lost in real markets. I for one have little wonder about the current global financial crisis. M. K. Shen
From: Mike Amling on 18 May 2010 10:23 Francois Grieu wrote: > I think I correctly summarize the field by stating a quantum key > distribution system aims to solve the problem that if Alice and Bob > share an initial secret, then they can securely exchange more > information through some link, in a way such that even if the initial > secret leaks after that exchange, the secrecy of what was exchanged is > not compromised; and do that demonstrably based on quantum physics > assumptions. > > I see three issues with that: > > 1) At least once in the history of quantum cryptography, the quantum > physics assumptions made have been accepted as correct, then shown to > not match reality precisely enough, in a way such that these assumptions > lead to a correct demonstration that the system is secure when in > reality it is not. If the article is correct and the research original, > we have another case of that. There is much I have never seen explained about quantum crypto. E.g. if the system involves Alice sending single photons to Bob, how does Alice know when her device has emitted a photon? Photon emission is probabilistic AFAIK, not like pulling a trigger. And how does she know her device has not emitted two photons, one of which could be intercepted without her or Bob realizing it? --Mike Amling
From: Mok-Kong Shen on 18 May 2010 10:44 Mike Amling wrote: > There is much I have never seen explained about quantum crypto. E.g. if > the system involves Alice sending single photons to Bob, how does Alice > know when her device has emitted a photon? Photon emission is > probabilistic AFAIK, not like pulling a trigger. And how does she know > her device has not emitted two photons, one of which could be > intercepted without her or Bob realizing it? There is also something apparently relatively new in the field termed "location-based quantum cryptography". See http://www.technologyreview.com/blog/arxiv/25177/ However, the following quote from that webpage appears to be a bit less than very encouraging to the readers in my humble view: But the scheme will need some careful study. While the approach is relatively simple in conception, the proof of its security is complex and involved. And theoretical security is not the same as practical security which looks harder to verify. Chandran and cooffer one such scheme at the end of their paper but are unable to nail it. "Unfortunately we do not have a security proof, and we leave it as an open problem to find an attack or prove its security," they say. M. K. Shen
From: unruh on 18 May 2010 12:20 On 2010-05-18, Francois Grieu <fgrieu(a)gmail.com> wrote: > According to this article > http://www.technologyreview.com/blog/arxiv/25189/ > and online paper > http://arxiv.org/abs/1005.2376 > > the feasibility of an attack on a quantum key distribution system used > in a commercial quantum crypto product has been demonstrated > experimentally. Or something on that tune. Note that the attack is on a commercial realisation of the distribution system and is attacking features of that implimentation where it deviates from the assumptions that go into the proofs. Furthermore, it drops the error rate under eavesdropping ( which is what the system uses to detect evesdropping) from 20% to 19.7%, a pretty insignificant change. > > I can't form an informed opinion on if the attack would break a > commercially deployed quantum link, for I do not grasp the physic and > math, and never saw a commercially deployed quantum link. They are coming into use > > However I have an opinion regarding the commercial interest of quantum > cryptography, and it a low one. > > I think I correctly summarize the field by stating a quantum key > distribution system aims to solve the problem that if Alice and Bob > share an initial secret, then they can securely exchange more > information through some link, in a way such that even if the initial > secret leaks after that exchange, the secrecy of what was exchanged is > not compromised; and do that demonstrably based on quantum physics > assumptions. > > I see three issues with that: > > 1) At least once in the history of quantum cryptography, the quantum > physics assumptions made have been accepted as correct, then shown to > not match reality precisely enough, in a way such that these assumptions > lead to a correct demonstration that the system is secure when in > reality it is not. If the article is correct and the research original, > we have another case of that. The other case was? This is like saying "Henry ford promised us to be able drive these cars, and my tire went flat so I could not drive it. There is no commercial future to cars" > > 2) Physical links known suitable for (at least the standard breed of) > quantum crypto are direct optical paths, which precludes routers not > designed specifically for quantum crypto, and is a formidable obstacle > to long-distance communication; I am unaware of an alleged commercial > solution. Yes, quantum repeaters are a difficulty. Using error correction protocols from quantum computing one can imagine such quantum repeaters being made, but it will be a while. Ie, there ARE theoretical solutions. > > 3) Today's cryptography can solve a similar problem: use the initial > secret as a key of a strong cryptosystem, then safely discard it after > use; this is secure based on assumptions tested and refined by > approximately 50 years of theoretical and experimental studies (which is > fair in comparison to 1) and field deployment (which is great in > comparison to 2). Well, not really. If you have 10 bits of secret, the attacker can use exhaustive search to determine your complete expanded message. Ie, you cannot theoretically increase the "entropy" of your secret using classical means. Practically you may be able to (Ie your intital secret is so huge that it becomes infeasible to attack via that road). It may be that quantum exchange is like the OTP, theoretically invulnerable, but practically problematic, but it is very early days yet to be pronouncing on that. "Them cars will never catch on. Horses have had 2000 years of developement and field deployment, there is no way that cars will ever replace them" > > > Is anyone here defending that within the next 20 years, quantum > cryptography is going to be more than either one of > - a nice academic subject, > - a way to siphon money out of the gullible, > - a cover for justifying the transfer of money? > > Francois Grieu
|
Next
|
Last
Pages: 1 2 3 4 Prev: Call for papers: ISP-10, USA, July 2010 Next: On potential modern day usage of homophones |