Re: Fwd: Re: Quantum Computing Puts Encrypted Messages at Risk

2002-07-22 Thread Jaap-Henk Hoepman

On Sun, 14 Jul 2002 15:24:48 +0200 Amir Herzberg <[EMAIL PROTECTED]> writes:
> >1. Quantum key encryption seems to require huge amounts of truly random
> >bits at both sender and receiver. This seems impractical as (almost) truly 
> >random bits are hard to produce (especially at high speeds). Is there a fix?

All practical proposals for QKD are photon based. The biggest practical problem
so far with these systems is the generation of a single photon at high enough
rates. It's this problem that makes the bitrate of QKD so low. The number of
random bits required is proportional to the length of the key to be
established, but depends on the amount of eavesdropping taking place. From
memory, without eavesdropping, you need ~4 random bits for each bit of shared
key established. This is not much more than the number of random bits required
for a one-time pad of the same length.

> >2. After the transmission, the receiver is supposed to tell the sender how 
> >it set its polarization; how is this authenticated? If it isn't we are 
> >obviously susceptible to man in the middle attack.

Yes. QKD does not solve the authentication problem. It merely establishes a
shared key between two parties.

> >3. It seems the quantum link must connect directly from sender to 
> >receiver. How can this help provide end to end security on the Internet? 
> >Or are we back to private networks?

Yes, photon polarisation based QKD systems by definition require a direct link
between sender and receiver (a repeater would be an all-catching eavesdropper
;-). I do believe that QKD systems based on entanglement and teleportation
allow for repeaters; but i havent studied these systems so far.

> >4. As to quantum computation signalling the end of `crypto as we know 
> >it`... Is it fair to say this may end only the mechanisms built on 
> >discrete log and/or factoring, but not shared key algorithms like AES and 
> >some of the other public key algorithms?

Grover's search techniques will reduce the effective bit-length of symmetric
key systems by a factor 2. All known quantum computing algorithms that are
truly more efficient (giving exponential or subexponential speedup) than known
classical solutions for the same problem appear to be based on being able to do
fast fourier transforms efficiently. Factoring and discrete log can be solved
faster using this. It is unclear whether other systems will ever be affected.

The interesting question to me is whether quantum computing can be used to
_construct_ efficient yet more secure public key cryptosystems.

> In particular I'm considering whether I should and can 
> cover this area in my book. 

In my opinion, it would be a valuable addition if you did (although to do this
subject justice, you would have to include a substantial amount of background
material concerning physics and quantum computing basics).


Jaap-Henk Hoepman | Come sail your ships around me
Dept. of Computer Science | And burn your bridges down
University of Twente  |   Nick Cave - "Ship Song"
Phone: +31 53 4893795 === Secr: +31 53 4893770 === Fax: +31 53 4894590
PGP ID: 0xF52E26DD  Fingerprint: 1AED DDEB C7F1 DBB3  0556 4732 4217 ABEF

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Fwd: Re: Quantum Computing Puts Encrypted Messages at Risk

2002-07-14 Thread Amir Herzberg

>At 20:50 11/07/2002, Ian wrote:
>>When I first read The Code Book (Simon Singh), I drooled endlessly at
>>the idea of Unbreakable Encryption, until I became a little more
>>cynical. I questioned Dr Singh on this when he came and gave a lecture
>>in Cheltenham UK recently, and his best answer was that QKD is so secure
>>because "its a different kind of system. Its not like conventional
>>encryption." [synopsis - not direct quotation]. I'm not thorougly
>>Can anyone (politely) prove this mere outsider wrong?
>I am also not a physicist. So I share your skepticism about relying for 
>security on physic theories which I don't understand, and furthermore 
>which may evolve and refine over time.
>However, as many people are excited about Quantum crypto, I really would 
>like to put my skepticism aside and understand what is its cryptographic 
>significance, say if we accept the physics as valid (for ever or at least 
>`long enough`). In particular I'm considering whether I should and can 
>cover this area in my book. I must admit I haven't yet studied this area 
>carefully, so my questions may be naive, if so please excuse me (and your 
>answer will be doubly appreciated). Some questions:
>1. Quantum key encryption seems to require huge amounts of truly random 
>bits at both sender and receiver. This seems impractical as (almost) truly 
>random bits are hard to produce (especially at high speeds). Is there a fix?
>2. After the transmission, the receiver is supposed to tell the sender how 
>it set its polarization; how is this authenticated? If it isn't we are 
>obviously susceptible to man in the middle attack.
>3. It seems the quantum link must connect directly from sender to 
>receiver. How can this help provide end to end security on the Internet? 
>Or are we back to private networks?
>4. As to quantum computation signalling the end of `crypto as we know 
>it`... Is it fair to say this may end only the mechanisms built on 
>discrete log and/or factoring, but not shared key algorithms like AES and 
>some of the other public key algorithms?
>Best, Amir Herzberg

Amir Herzberg
See for draft chapters from 
`Introduction to Cryptography,
Secure Communication and Commerce`, and link to lectures. Comments 

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]