[cryptography] Well, that's depressing. Now what?

Noon Silk noonslists at gmail.com
Fri Jan 27 23:53:11 EST 2012

On Sat, Jan 28, 2012 at 3:23 PM, Paul Hoffman <paul.hoffman at vpnc.org> wrote:
> On Jan 27, 2012, at 6:43 PM, Noon Silk wrote:
>> I think it's important to note that it's obviously completely wrong to
>> say "QKD is snake-oil",
> Some of us would disagree with that statement. Historically in the U.S., snake oil was
> something that promised a benefit over other remedies. QKD says it is "more secure"
> than current key establishment systems, however it is only practical in a very limited
> number of environments where those other key establishment systems would be just
> as secure.

There are two problems with this statement, the first is you're
supposing QKD is one single proposal; of course it isn't, there are
several protocols for it. It may be that companies (as I mentioned
above), claim their *implementations* are more secure, but I addressed
that above.

The second problem is that the whole game of cryptography research is
surely to propose a system, comment on the areas you believe it is
strong, and see if anyone finds side-channel attacks, or points out
flaws in your thinking. And why should QKD be different here? Do you
also complain on the hash-forum list that hash functions that don't
make the cut are snake-oil? It seems to me that the above issue (as
with most others) tend to be side-channel attacks. And as SMB says,
absolutely no-one is surprised by this, but that doesn't mean it
shouldn't be interesting when it happens. To call and end to QKD every
time it does, though, seems a little over-the-top ...

>> what you *can* say is that someone *selling*
>> *any* demonstratably-insecure crypto device as a secure one, is snake
>> oil. So, that is to say, you can only claim snake-oil in reference to
>> a vendor and a device, not a field of research.
> Again, we disagree. There are many fields of research that market themselves as useful when
> compared to other fields, and QKD is one of those.

You're supposing that they're marketed *commercially* though; as I
said  above then it's legitimate to be annoyed if they don't deliver,
but you can't step into a researchers office and yell at her for
getting funding to try and pursue ideas in this field, claiming that
it is snake-oil based on the research by *those same researchers*
(i.e. the original article in this thread).

> --Paul Hoffman

Noon Silk

Fancy a quantum lunch? https://sites.google.com/site/quantumlunch/

"Every morning when I wake up, I experience an exquisite joy — the joy
of being this signature."

More information about the cryptography mailing list