Prev: Call for papers: ISP-10, USA, July 2010
Next: On potential modern day usage of homophones
From: Francois Grieu on 18 May 2010 04:08
According to this article
http://www.technologyreview.com/blog/arxiv/25189/
and online paper
http://arxiv.org/abs/1005.2376

the feasibility of an attack on a quantum key distribution system used
in a commercial quantum crypto product has been demonstrated
experimentally. Or something on that tune.

I can't form an informed opinion on if the attack would break a
commercially deployed quantum link, for I do not grasp the physic and
math, and never saw a commercially deployed quantum link.

However I have an opinion regarding the commercial interest of quantum
cryptography, and it a low one.

I think I correctly summarize the field by stating a quantum key
distribution system aims to solve the problem that if Alice and Bob
share an initial secret, then they can securely exchange more
information through some link, in a way such that even if the initial
secret leaks after that exchange, the secrecy of what was exchanged is
not compromised; and do that demonstrably based on quantum physics
assumptions.

I see three issues with that:

1) At least once in the history of quantum cryptography, the quantum
physics assumptions made have been accepted as correct, then shown to
not match reality precisely enough, in a way such that these assumptions
lead to a correct demonstration that the system is secure when in
reality it is not. If the article is correct and the research original,
we have another case of that.

2) Physical links known suitable for (at least the standard breed of)
quantum crypto are direct optical paths, which precludes routers not
designed specifically for quantum crypto, and is a formidable obstacle
to long-distance communication; I am unaware of an alleged commercial
solution.

3) Today's cryptography can solve a similar problem: use the initial
secret as a key of a strong cryptosystem, then safely discard it after
use; this is secure based on assumptions tested and refined by
approximately 50 years of theoretical and experimental studies (which is
fair in comparison to 1) and field deployment (which is great in
comparison to 2).


Is anyone here defending that within the next 20 years, quantum
cryptography is going to be more than either one of
- a nice academic subject,
- a way to siphon money out of the gullible,
- a cover for justifying the transfer of money?

Francois Grieu
From: Mok-Kong Shen on 18 May 2010 05:04
Francois Grieu wrote:
[snip]

> However I have an opinion regarding the commercial interest of quantum
> cryptography, and it a low one. [snip]

> 1) At least once in the history of quantum cryptography, the quantum
> physics assumptions made have been accepted as correct, then shown to
> not match reality precisely enough, in a way such that these assumptions
> lead to a correct demonstration that the system is secure when in
> reality it is not. [snip]

[OT] Things similar not seldom happened in other fields, I suppose.
Black and Scholes got Nobel Prize in Economics with their celebrated
formula. But I read the following in R. N. Mantegna, H. E. Stanley,
An Introduction to Econophysics, Camb. U. Press, 2000, p.127-128:

The Blank & Scholes model is one of the more successful idealized
models currently in use. Since its introduction in 1973, a large
amount of literature dealing with the extension of the Black &
Scholes model has appeared. These extensions aim to relax assumptions
that may not be realistic for real financial markets. ............
The elegance of the Black & Scholes solution is lost in real markets.

I for one have little wonder about the current global financial crisis.

M. K. Shen
From: Mike Amling on 18 May 2010 10:23
Francois Grieu wrote:
> I think I correctly summarize the field by stating a quantum key
> distribution system aims to solve the problem that if Alice and Bob
> share an initial secret, then they can securely exchange more
> information through some link, in a way such that even if the initial
> secret leaks after that exchange, the secrecy of what was exchanged is
> not compromised; and do that demonstrably based on quantum physics
> assumptions.
>
> I see three issues with that:
>
> 1) At least once in the history of quantum cryptography, the quantum
> physics assumptions made have been accepted as correct, then shown to
> not match reality precisely enough, in a way such that these assumptions
> lead to a correct demonstration that the system is secure when in
> reality it is not. If the article is correct and the research original,
> we have another case of that.

There is much I have never seen explained about quantum crypto. E.g.
if the system involves Alice sending single photons to Bob, how does
Alice know when her device has emitted a photon? Photon emission is
probabilistic AFAIK, not like pulling a trigger. And how does she know
her device has not emitted two photons, one of which could be
intercepted without her or Bob realizing it?

--Mike Amling
From: Mok-Kong Shen on 18 May 2010 10:44
Mike Amling wrote:

> There is much I have never seen explained about quantum crypto. E.g. if
> the system involves Alice sending single photons to Bob, how does Alice
> know when her device has emitted a photon? Photon emission is
> probabilistic AFAIK, not like pulling a trigger. And how does she know
> her device has not emitted two photons, one of which could be
> intercepted without her or Bob realizing it?

There is also something apparently relatively new in the field termed
"location-based quantum cryptography". See
http://www.technologyreview.com/blog/arxiv/25177/

However, the following quote from that webpage appears to be a bit less
than very encouraging to the readers in my humble view:

But the scheme will need some careful study. While the approach is
relatively simple in conception, the proof of its security is
complex and involved. And theoretical security is not the same as
practical security which looks harder to verify. Chandran and
cooffer one such scheme at the end of their paper but are unable to
nail it. "Unfortunately we do not have a security proof, and we
leave it as an open problem to find an attack or prove its
security," they say.

M. K. Shen

From: unruh on 18 May 2010 12:20
On 2010-05-18, Francois Grieu <fgrieu(a)gmail.com> wrote:
> According to this article
> http://www.technologyreview.com/blog/arxiv/25189/
> and online paper
> http://arxiv.org/abs/1005.2376
>
> the feasibility of an attack on a quantum key distribution system used
> in a commercial quantum crypto product has been demonstrated
> experimentally. Or something on that tune.

Note that the attack is on a commercial realisation of the distribution
system and is attacking features of that implimentation where it
deviates from the assumptions that go into the proofs. Furthermore, it
drops the error rate under eavesdropping ( which is what the system uses
to detect evesdropping) from 20% to 19.7%, a pretty insignificant
change.

>
> I can't form an informed opinion on if the attack would break a
> commercially deployed quantum link, for I do not grasp the physic and
> math, and never saw a commercially deployed quantum link.

They are coming into use

>
> However I have an opinion regarding the commercial interest of quantum
> cryptography, and it a low one.
>
> I think I correctly summarize the field by stating a quantum key
> distribution system aims to solve the problem that if Alice and Bob
> share an initial secret, then they can securely exchange more
> information through some link, in a way such that even if the initial
> secret leaks after that exchange, the secrecy of what was exchanged is
> not compromised; and do that demonstrably based on quantum physics
> assumptions.
>
> I see three issues with that:
>
> 1) At least once in the history of quantum cryptography, the quantum
> physics assumptions made have been accepted as correct, then shown to
> not match reality precisely enough, in a way such that these assumptions
> lead to a correct demonstration that the system is secure when in
> reality it is not. If the article is correct and the research original,
> we have another case of that.

The other case was? This is like saying "Henry ford promised us to be
able drive these cars, and my tire went flat so I could not drive it.
There is no commercial future to cars"

>
> 2) Physical links known suitable for (at least the standard breed of)
> quantum crypto are direct optical paths, which precludes routers not
> designed specifically for quantum crypto, and is a formidable obstacle
> to long-distance communication; I am unaware of an alleged commercial
> solution.

Yes, quantum repeaters are a difficulty. Using error correction
protocols from quantum computing one can imagine such quantum repeaters
being made, but it will be a while. Ie, there ARE theoretical solutions.


>
> 3) Today's cryptography can solve a similar problem: use the initial
> secret as a key of a strong cryptosystem, then safely discard it after
> use; this is secure based on assumptions tested and refined by
> approximately 50 years of theoretical and experimental studies (which is
> fair in comparison to 1) and field deployment (which is great in
> comparison to 2).

Well, not really. If you have 10 bits of secret, the attacker can use
exhaustive search to determine your complete expanded message. Ie, you
cannot theoretically increase the "entropy" of your secret using
classical means. Practically you may be able to (Ie your intital secret
is so huge that it becomes infeasible to attack via that road). It may
be that quantum exchange is like the OTP, theoretically invulnerable,
but practically problematic, but it is very early days yet to be
pronouncing on that. "Them cars will never catch on. Horses have had
2000 years of developement and field deployment, there is no way that
cars will ever replace them"

>
>
> Is anyone here defending that within the next 20 years, quantum
> cryptography is going to be more than either one of
> - a nice academic subject,
> - a way to siphon money out of the gullible,
> - a cover for justifying the transfer of money?
>
> Francois Grieu
 |  Next  |  Last
Pages: 1 2 3 4
Prev: Call for papers: ISP-10, USA, July 2010
Next: On potential modern day usage of homophones