> I would see one not so obvious problem (the same as with one time pads) > if the key is reused, since there is no 100% probability of detecting > every particle on the receiver's side. So Vladimir could "steal" (and > thereby destroy) a small percentage of particles and try his luck in > decrypting those. If the key is (very) short in comparison to the number > of stolen particles he might guess the key using a known plaintext type > of attack. > Can someone confirm or invalidate this idea?
You are correct, if the key is reused. However, you can use other quantum techniques (entangled particles) to multiply the length of a shared secret. In theory, it is possible to take two clients with a 128-bit shared secret and multiply that out to a 2048-bit shared secret with unbreakable security. With that capability, there is no need to reuse a secret. I don't think current implementations actually do this though. They effectively do re-use the shared secret. This creates a theoretical vulnerability where over multiple attempts, an attacker eventually guesses the key (during those attempts, the message is not received by the intended recipient). The attacker can then act as a MITM and basically do whatever he wants. There are great theoretical solutions to this that are not quite ready for prime time yet. The practical solution to this for now is to make sure the key is reasonably large compared to the number of times it will be used. IMO, quantum encryption is not really ready for prime time yet. However, it does provide capabilities today that cannot be obtained any other known way. DS
smime.p7s
Description: S/MIME cryptographic signature