[cryptography] Well, that's depressing. Now what?

Nico Williams nico at cryptonector.com
Fri Jan 27 20:37:00 EST 2012

On Fri, Jan 27, 2012 at 3:49 PM, Sven Moritz Hallberg <pesco at khjk.org> wrote:
> On Fri, 27 Jan 2012 13:39:44 -0500, Warren Kumari <warren at kumari.net> wrote:
>> Surely I am missing something here? Or is that really the news?
> I thought the same thing and skimmed (very incompletely) through the
> paper. They do talk about how to hide the saved bits in later sessions
> of particular QKD protocols, so maybe there is something inherent there
> that would make such an attack, say, especially hard to detect in the
> QKD setting?

Well, if there were covert, deniable, quantum side-channels in QKD
that the vendor could exploit practically undetectably, then yes, QKD
would suddenly become not just snake oil but poisonous snake oil.
OTOH, if this is just a worry that QKD devices might be compromised
(whether purposefully by the vendor or unwittingly), then this is
nothing new, and QKD remains snake oil.  Quantum authentication that
scales (as opposed to requiring pair-wise physical exchange of
entangled particle pairs) would be a neat trick -perhaps applying
Needham-Schoeder?- but it'd still be a novelty/curiosity IMO.

The idea that QKD is in use by the military gives me pause, unless
it's either completely redundant and classical crypto is still used
(wasteful, yes, but that's a lesser concern), or the military using
QKD is an enemy of the cause of liberty (in which case never mind and
keep at it boys!).


More information about the cryptography mailing list