[cryptography] Well, that's depressing. Now what?

Noon Silk noonslists at gmail.com
Sat Jan 28 19:50:15 EST 2012


On Sun, Jan 29, 2012 at 11:31 AM, ianG <iang at iang.org> wrote:
> On 29/01/12 10:45 AM, Noon Silk wrote:
>>  ... it's not sensible to say "QKD is snake
>>
>> oil", without direct reference to something.
>
>
> Well, if you don't like the conclusion, there are books written on how to
> attack it :) that doesn't mean much tho.
>
> QKD is snake oil because it achieves a benefit over other techniques that is
> marginal, unreliable, unproven, and costs a hell of a lot of money.
>
> The notion that you can spot someone fiddling with your packets is marketing
> blather, in the scheme of things.  In the real world, this will generally be
> interpreted as faulty equipment (insert some bayesian statistics here) so
> you can't rely on it being a feature that delivers value.  If you want more,
> think about an aggressive attacker ... all he's got to do is put a wiretap
> on the fibre, futze with the packets enough until you get sick of it, and
> then you'll change it all because you can't deal with it.
>
> And, as the existing product out there provides pretty solid key exchange
> for zero cost, relatively speaking, what's the point in paying megabucks for
> it?  QKD has to do something pretty remarkable make it worth all those
> dollars, and what it does isn't nearly interesting enough.
>
> It's straight forward economics, really.

With respect, you are (as I've seen happen on this list many many
times) responding to straw man arguments you're inventing. My comment
to Nico was:

> I think it's important to note that it's obviously completely wrong to
> say "QKD is snake-oil", what you *can* say is that someone *selling*
> *any* demonstratably-insecure crypto device as a secure one, is snake
> oil. So, that is to say, you can only claim snake-oil in reference to
> a vendor and a device, not a field of research.

Obviously, only a product can cost a business money; research
performed at universities doesn't (directly) cost money. So that is to
say, the claim that QKD as a field is snake oil is just nonsense. If
you want to say "Stop funding QKD research because I personally feel
that it's useless", then do it; maybe people will be interested
(probably not, unless you are specific in your problems, with
reference to exact protocols). If you want to say "QKD is snake oil
because XYZ product has ABC flaws" then do it; but I can't see how
general comments about "QKD" are helpful, because they are useless
without referring to something specific.

I mean, look at this argument we've gotten ourselves into ... it's
also completely useless. If you don't want to buy a QKD product, then
fine; so be it, I'm not trying to convince you otherwise (and I
certainly don't work for anyone who sells them; I'm just a student).

All I'm saying is QKD is an interesting field of research, and it
seems a little bizarre to claim "snake oil!" while it's still being
developed.


> iang

-- 
Noon Silk

Fancy a quantum lunch? https://sites.google.com/site/quantumlunch/

"Every morning when I wake up, I experience an exquisite joy — the joy
of being this signature."



More information about the cryptography mailing list