There are lots of types of QC. I'll just mention two. In "classic" QC Alice generates polarised photons at randomly chosen either "+" or "x" polarisations. Bob measures the received photons using a randomly chosen polarisation, and tells Alice whether the measurement polarisation he chose was "+" or "x", on a authenticated but non-secret channel. Alice replies with a list of correct choices, and the shared secret is calculated according as to whether the "+" polarisations are horizontal or vertical, similar for the "slant" polarisations.
If the channel is authentic then a MitM is hard - but not impossible. The "no-cloning" theorem is all very well, but physics actually allows imperfect cloning of up to 5/6 of the photons while retaining polarisation, and this should be allowed for as well as the noise calculations. I don't know of any existing OTS equipment that does that. A lasing medium can in theory clone photons with up to 5/6 of them retaining enough polarisation data to use as above, though in practice the noise is usually high. There is also another less noisy cloning technique which has recently been done in laboratories, though it doubles the photon's wavelength, which would be noticeable, and I can't see ofhand how in practice to half the wavelength again without losing polarisation (except perhaps using changing gravitational fields and the like); but there is no theory that says that that can't be done. In another type of QC Alice and Bob agree on the measurement angles (any angles, not just multiples of 45 deg) they will use, and Alice generates a pair of entangled photons, sending one to Bob. Both measure the individual photons at that angle, and the shared secret is generated according to whether the photons pass the filter. If the agreed-on measurement angles are kept secret, and noise bounds etc are obeyed, then a MitM is hard as before except the theoretical maximum ratio of "clonable" photons is lower - but it isn't much use, except as an "otp key multiplier". There are a zillion variations on these themes, and other types of QC. For instance Alice can send Bob data rather than generating a random shared secret, and without a separate channel, if she generates the quantum string using a preshared secret. Mallory can get 1/2 of the bits, but AONT's can defend against that, and if properly implemented no MitM is possible. And so on. -- Peter Fairbrother --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]