Ian Grigg wrote: > If I understand this correctly, this is both > an eavesdropping scenario and an MITM scenario. > > In the above, Eve is acting as Mallory, as she > is by definition intercepting the bits and re- > sending them on? I think it is more a question of style - a classic "passive" Eve can't exist in terms of QC key exchange, as eve/mallory *must* read the photons or no interception at all can take place - therefore, even eve must generate a new photon to send to bob.
If the intercept agent is Eve, she will attempt to reproduce as nearly as possible the original photon to send to bob. she will get this wrong 25% of the time. if the intercept agent is Mallory, he will generate his own, known good photons to send to bob, unrelated to what he has detected. If Eve can intercept also the filter list from bob to april, she is now in a fix - she now knows which ones she got different to bob, but doesn't know how many bob got wrong. however, being eve she passes this on to april, and correctly relays the "bad bit" message back to bob. bob now has an approximately 25% error block which is detectable. Nothing changes if the two lists are out-of-band and therefore untouchable. If Mallory *can't* intercept the filter and bad bit lists he is in much more trouble - his photon list to bob bore no relation to alice's, so purely in terms of random chance he will have a 50% error block If Mallory *can* intercept the fillter and bad bit lists he is in an better situation - he can send his own filter list to alice, and negotiate a set of bits with her; by selectively causing "bad luck" for bob, he can tune the bad bit list(based on bob's filter list) to give an identical set of bits. As the mallory-bob filter match is approximately 50%, and bob will have to additionally "kill" a further 50% of the "correct" answers in order to make the two bitsets match, bob will have a filter match rate of about 25% which is again statistically significant If Mallory *can* intercept the filter/bad block conversation and *further* is sure he can intercept the message traffic too, he can simply negotiate a separate bit list with bob; statistically, the key exchange will look fine, but of course Mallory will also have to decode and re-encode the traffic between alice and bob, or it will all go horribly wrong. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]