> I would see one not so obvious problem (the same as with one time pads) > if the key is reused, since there is no 100% probability of detecting > every particle on the receiver's side. So Vladimir could "steal" (and > thereby destroy) a small percentage of particles and try his luck in > decrypting those. If the key is (very) short in comparison to the number > of stolen particles he might guess the key using a known plaintext type > of attack. > Can someone confirm or invalidate this idea?
You are correct, if the key is reused. However, you can use other
quantum
techniques (entangled particles) to multiply the length of a shared
secret. In theory, it is possible to take two clients with a 128-bit
shared secret and multiply that out to a 2048-bit shared secret with
unbreakable security. With that capability, there is no need to reuse a
secret.
I don't think current implementations actually do this though. They
effectively do re-use the shared secret. This creates a theoretical
vulnerability where over multiple attempts, an attacker eventually guesses
the key (during those attempts, the message is not received by the
intended recipient). The attacker can then act as a MITM and basically do
whatever he wants.
There are great theoretical solutions to this that are not quite ready
for prime time yet. The practical solution to this for now is to make sure
the key is reasonably large compared to the number of times it will be
used.
IMO, quantum encryption is not really ready for prime time yet. However,
it does provide capabilities today that cannot be obtained any other known
way.
DS
smime.p7s
Description: S/MIME cryptographic signature
