Quantum computing
Werner Koch
wk at gnupg.org
Fri Apr 20 09:56:03 CEST 2007
On Fri, 20 Apr 2007 09:09, skrewz at skrewz.dk said:
> This is in contrast to quantum cryptography, which, IINM, is provably
> uninterceptable (but, unlike traditional cryptography, has many
> weaknesses beyond the purely theoretical ones).
While you mention this, I can't resist to forward Perry E. Metzger's
comments:
To: cryptography at metzdowd
Subject: my periodic rant on quantum crypto
From: "Perry E. Metzger"
Date: Mon, 12 Apr 2004 15:37:33 -0400
/. is running yet another story on quantum cryptography today, with
the usual breathless hype:
http://science.slashdot.org/article.pl?sid=04/04/12/133623
I'm especially unimpressed with the "Does this spell the
end of the field of cryptography?" comment.
For those who don't know much about what it is, "Quantum Cryptography"
is a very expensive way of producing an unauthenticated link
encryption device. It is useless for any application other than link
encryption over a short distance and requires a dedicated optical
fiber to work.
QC has no properties that render it especially better for link
encryption than, say, a box from one of several vendors running AES on
the link instead. It is perhaps theoretically safer, but in practice
no one is going to break AES either -- they're going to bribe the
minimum wage guard at your colo to have 20 minutes alone with your box
while they install a tap on the clear side of it (or worse, they'll
slip in while the guard is asleep at his desk.)
QC still requires link authentication (lest someone else other than
the people you think you're talking to terminate your fiber
instead). As a result of this, you can't really get rid of key
management, so QC isn't going to buy you freedom from that.
QC can only run over a dedicated fiber over a short run, where more
normal mechanisms can work fine over any sort of medium -- copper, the
PSTN, the internet, etc, and can operate without distance limitation.
QC is fiendishly costly -- orders of magnitude more expensive than an
AES based link encryption box.
QC is extremely hard to test to assure there are no hardware or other
failures -- given the key in use, I can use intercepted traffic to
assure my AES link encryption box is working correctly, but I have no
such mechanism for a QC box.
On top of all of this, the real problems in computer security these
days have nothing to do with stuff like how your link encryption box
works and everything to do with stuff like buffer overflows, bad
network architecture, etc.
Given that what we're dealing with is a very limited technology that
for a very high price will render you security that is at best not
particularly better than what much more economical solutions will
yield, why do people keep hyping this? Indeed, why do people buy these
boxes, if indeed anyone is buying them?
It is stunning that a lab curiosity continues to be mentioned over
and over again, not to mention to see venture capitalists dump money
after it.
BTW, none of this has anything to do with "Quantum Computing", which
may indeed yield breakthroughs someday in areas such as factoring but
which is totally unrelated...
Perry
Salam-Shalom,
Werner
More information about the Gnupg-users
mailing list