Sorry for the late reply:
> Quantum Cryptography vs the "man-in-the-middle" attack
>
> The recent availability of commercial products for quantum
> cryptography has generated much press attention, however,
> any putative value-add for these products escapes this
> author. Given the traditional "man in the middle" attack
> where Vladimir imposes a pair of transceivers between Alice
> and Bob:
>
> +-------+ +----+ +------------+ +----+ +-----+
> | Alice +----+ XC +--+ Vladimir's +--+ XC +----+ Bob |
> +-------+ +----+ | Laptop | +----+ +-----+
> +------------+
>
> Quantum cryptography on these links does not seem to
> provide any additional protection.
What?!
> Under the customary
> and usual assumptions that Vladimir has access to fully
> functional transceiver equipment and has full knowledge
> of all communications protocols in use, it just plain
> not possible for Alice to know she is talking to Bob
> (and not Vladimir) or for Bob to know he is talking to
> Alice.
What?! How can Vladimir receive the signal if he doesn't know the key?
> So, if we need either a shared secret or a Public Key
> Infrastructure to protect against man in the middle
> attacks anyway, what is the value add of using quantum
> encryption on the link?
The value add is that quantum encryption protects against a man in the
middle attack by using a shared secret. This protection is fundamental, in
the sense that even if the man in the middle happens to guess the shared
secret, he *still* cannot decrypt the signal (unless the correct answer is
his one and only guess at the time the signal is sent, and if he guesses
wrong, he is detected).
> The theory is advanced that quantum encryption would
> provide some protection against the forthcoming quantum
> computers, but again, this author is not persuaded.
> Yes, a quantum computer could be used to attack either
> scheme described, but then we lose, because it is now
> possible to conduct a man in the middle attack,
> even though the links themselves are quantum encrypted.
Huh? It seems to me to be very clear you have no idea what you're
talking
about. The problem is that future quantum computers may process information
much faster than current ones, and thus may break keys that we consider safe
today. However, no amount of computing power can break quantum encryption.
> In summary, any putative value-add for the use of
> quantum encryption completely escapes this author,
> in either the absence or presence of the availability
> of quantum computers as attack tools.
I think you just don't understand how quantum encryption works. The idea
with quantum encryption is that you need the key to receive the signal at
all, and only one recipient can possibly receive the signal. Thus, without
the key at the time of transmission, a MITM cannot rebroadcast the
transmission, thus it is impossible for both a MITM and the intended
recipient to receive the tranmission.
This is a capability that no other form of encryption can provide
today. It
has the benefit that no conceivable future improvements in computing power
can compromise today's communications.
To help those not familiar wrap their brains around quantum encryption,
imagine if we encode our data as a stream of particles. We have four types
of particles we can put in each timeslot, A+, A-, B+, and B-. The stream of
particles can strike two types of detectors, an A detector and a B detector
(the recipient must put a detector in the path of the particles for each
time slot to detect the particle).
If an A+ particle strikes an A detector, the detector indicates a +. If
an
A- particle strikes an A detector, the detector indicates a -. If a B+
particle strikes a B detector, a + is indicated. If a B- particle strikes a
B detector, a - is indicated.
The cool part is that if an A+ or A- particle strikes a B detector, the
indication is random, could be + or -. If a B+ or B- particle strikes an A
detector, the indication is random, could be + or -.
The data is whether the particles used are + or -. The key is the
sequence
of A or B particles *and* detectors used. It is impossible in principle to
detect whether the particle is + or - without first knowing if it is A or B.
A MITM will not know which detectors to use on which particles, so if he
intercepts any particles, he will hopelessly lose the data (whether those
particles were + or -). Thus not only will he be detected (because he cannot
retransmit) but he will not get the right data (because he will not know
which detectors to use).
This is a simplified analogy of what quantum encryption does; however,
it
should be just enough to show that:
1) No conceivable advances in computing power will break today's quantum
communications.
2) Quantum encryption provides defenses against a MITM (or any kind of
unauthorized reception) that are ironclad.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
