Sorry about all the confusion Dave, the scheme described on page 80 of the January 2005 Scientific American is a key distribution scheme that, at least as far as I can tell from a quick re-read, IS vulnerable to a man-in-the-middle attack. Perhaps there is some defense that was simplified out of the article. In contrast, the scheme that you described at the end of your Jan 4 email looks much more solid, though it does depend on a pre-distributed key. I have dim memories of an older article that explicitly described selecting which of the two filters to detect with based on a bit from a pre existing shared secret, but I must have forgotten it until actually re-reading your first email. I should have picked this up when I first read it, however, hence the apology.
Unless there is indeed some defense that was simplified out of the Scientific American article (such as xoring the output of the described algorithm with some shared secret before using it as a key in conventional encryption, for example), I cannot imagine why one would want to buy this kind of hardware???
I think I was analyzing a system that does not exist?
David Schwartz wrote:
3. QE and man in the middle
NOW we are in a position to see how the combination of QE and key mixing can actually buy us something! Consider the plight of the man in the middle when both are being used. She cannot passively eavesdrop and record for further analysis because of the nature of the quantum transmission. She cannot actively eavesdrop (by doing the above and recording the raw data for further analysis) because she does not currently have the shared key so she cannot mix out and mix in the link key information as described above.
Pretty subtle, eh?
So long as they don't have the key, they can neither passively nor actively eavesdrop a quantum encryption link. So what does the mixing buy you?
It's interesting that it is the only-one-listener nature of the quantum encryption process that forces the distinction between "passive eavesdropping" (just listening to the wire) and "passive man-in-the-middle" which involves copying the data from A to B and from B to A without trying to understand what it all means until a later analysis time.
True. But so long as you can't passively eavesdrop, you can't actively eavesdrop. So what does the mixing buy you that you didn't already have?
DS
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
-- "An Internet-connected Windows machine is tantamount to a toddler carrying a baggie of $100 bills down a city street..."
Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
