On Mon, 30 Jun 2003 02:41:37 PDT, NM Research <nm_research@yahoo.com> said: > (1) QC assumes that most of the photons from the transmitter of a > "quantum" message, reach the receiver. This assumption is therefore used to > errorneously deduce that the communicating parties will therefore be > able to detect interception or interference. > Problem(a): This is not true for blue laser transceiver technology, > as the receiver of a "quantum" message in this case needs far less than > 0.0001% of photons routed through blue laser routing satelittes, to receive a > message. > Problem(b): Optical fibre losses an appreciable amount of photons which > can be "tapped" non-intrusively. You're missing the point. You can tap the cable, but you can't actually peek at the photons as they go by without tipping off that you're peeking *at those particular photons*. > (2) Traditional intelligence gathering can be used to intercept or > reveal quantum cryptography keys and settings - e.g. the tapping of computer > monitor radiation, or intrusion into a network via weaknesses in > wireless security or simply by way of deployment of corrupt practices. Marcus Ranum coined the phrase "Rubber Hose Cryptography" for this. No amount of 1024-versus-2048 bit key arguing is going to matter if The Bad Guys tell you "Give us the key or we'll beat the snot out of you" (not that such people are ready available to most criminal organizations and governments), and it's long been known that most off-the-shelf crypto's biggest weakness is deployment by stupid users.... > (3) Quantum cryptographic communications is based on monoplex and not > the duplex model of channel usage - I stand to be corrected. Ever actually *looked* at the average GBIC? There's a send side and a receive side, just because it's easier to build a fiber *pair* of unidirectional links.... > (4) Intrusive penetration into a quantum cryptography secured network > causes inteference which results into the jamming or shutdown of the system, > while intrusive penetration into a "standard code" network will not result in > the stoppage of communications. > Note : Those who intercept or retrieve standard code security > information, I many cases never get to interprete it. The intentions of a hacker > may simply be to interfere - DoS ( Denial of Service ). Actually, no. Most QC implementations are *poor* at transmitting data - they're only good for giving both participants the same truly random unsnoopable session key. So for any *practical* use, you'd use QC to exchange the session key and then some other scheme to encrypt the session using the key. Such hybrid operations are standard practice in practical cryptography - for instance, RSA is very nice but takes an inordinate amount of time to do a "real" amount of data (for instance, a 10K E-mail) as you have to treat that 10K as an 80,000 bit integer and do math on it. So what PGP (for instance) does is use RSA to secure a very much smaller session key (256 or so bits), and then use that key to initialize some symmetric cypher such as IDEA. Remember that this has to be discussed in the context of threat models. The people likely to be deploying QC anytime soon are *ALSO* the people who worry about things like the physical diversity of their network, so a motivated attacker can't cut them off the network by hitting one target. I'm *NOT* going to say much on this topic, other that to mention "Just how many ways *are* there to run a fiber path into Manhattan?" Sure, a dedicated hacker could disrupt my QC. On the other hand, I have to do my day-to-day work in a Real World where a credible estimate has 3 million compromised machines (http://www.vnunet.com/News/1141901) - and it probably would not take more than a few thousand to totally DDoS our 2xOC12. Of course, our net is engineered to give 2xOC12 reliably, and hacker resilience is just a by product. If our goal had been to resist intrusions and we cared enough to deploy QC, you can be *sure* that our network design would be hardened against other attacks as well.... ;) > (5) Commercially available Quantum Cryptography technology is only > optical fibre based, and cannot secure satelitte based blue laser quantum > communications technology. Comment 1: New technology, it's not surprising that it's not available in every flavor yet. How many colors were cars available in when the Model T came out? ;) Comment 2: Is there a *market* for satellite based blue laser? Seems to me that the first heavy rainstorm would cause packet loss unless you had enough power budget to punch through - in which case it's not a comm device, it's a weapon.
Attachment:
pgp00281.pgp
Description: PGP signature