[cryptography] Well, that's depressing. Now what?

Noon Silk noonslists at gmail.com
Sat Jan 28 21:54:15 EST 2012

On Sun, Jan 29, 2012 at 1:03 PM, ianG <iang at iang.org> wrote:
> [...]
>> Obviously, only a product can cost a business money; research
>> performed at universities doesn't (directly) cost money. So that is to
>> say, the claim that QKD as a field is snake oil is just nonsense. If
>> you want to say "Stop funding QKD research because I personally feel
>> that it's useless", then do it; maybe people will be interested
>> (probably not, unless you are specific in your problems, with
>> reference to exact protocols). If you want to say "QKD is snake oil
>> because XYZ product has ABC flaws" then do it; but I can't see how
>> general comments about "QKD" are helpful, because they are useless
>> without referring to something specific.
> It seems to me that you are resting on a sort of philosophical assumption
> that pure research is pure, neither good nor bad.  If that is the case, the
> problem with this assumption is that QKD is not pure, it's applied.  We know
> precisely where we (as society) are going to apply the results to, it's in
> the title:  Key Distribution.

I don't know what you mean by applied and pure research here. That is
to say, you claim it's "applied" purely because it's used for some
problem you know about? Or because it's a problem that already has a
solution proposed? Because it seems like any research falls under that
categorisation ..., I mean there is "pure" maths and "applied" maths,
pure maths doesn't mean it's not applied to problems.

> In this context, applied research is simply another product, or more
> properly, it's another component in the product-life-cycle.
> Sure, pure research isn't a product in the markets sense because we don't
> know what we get out of it.  So good, bad, snake oil labels don't apply.  We
> could say that astronomy can't be snake oil because we might get some new
> wisdom out of listening to quasars that one day could turn into
> applications.
> But QKD is very very applied.
> And, your claim that research at Universities doesn't cost money is specious
> and naive.  If you look at the way grants are funded, channeled, marketed,
> politicised and manipulated, you'll find out that it's a market / business
> process, just like anything else.  Grants are typically full of snake-oil
> claims.

Note that I didn't say research doesn't cost money; I said it doesn't
cost "businesses" *directly*. That is, if I publish some paper on a
protocol, you can't call it snake oil because I'm not selling it to
you! You can, of course, claim it doesn't consider implementation
requirements (maybe it doesn't) and you can claim that it doesn't work
(maybe it doesn't), but in that case my response to you is "cool,
thanks, somehow I missed that, let's keep working on it!", not "ah,
you got me, was hoping you wouldn't see that", which is what you're
implying (with the "snake oil" claim).

>> I mean, look at this argument we've gotten ourselves into ... it's
>> also completely useless. If you don't want to buy a QKD product, then
>> fine; so be it, I'm not trying to convince you otherwise (and I
>> certainly don't work for anyone who sells them; I'm just a student).
> It's not useless.  9 out of 10 people with a long term background in
> security advise not to invest a dime in QKD.  If they're right, that means
> the money is saved for something worthwhile.

You mean QKD *products*.  So be it (as I said), I'm not going to argue
about that (like I said, I don't know about them in detail to argue,

I've tried really hard to state that I don't see a problem with
complaining about specific implementations of a QKD protocol.

>> All I'm saying is QKD is an interesting field of research, and it
>> seems a little bizarre to claim "snake oil!" while it's still being
>> developed.
> Sure.  But not wrong.  Big difference between applied and pure research.
>  Think of it this way:  a company shouldn't in general do pure research,
> because it cannot show the benefit to shareholders, therefore it is not
> meeting its mandate.  It can do applied research, and does, because the line
> is very clear in claims from expenditure to future revenues.
> Then, from that point, it is easy to see that applied research is just
> another product-life-cycle issue.  So yes, it can be labelled with
> 'snake-oil' or other like opinions, because we know where that product is
> heading.

It's like claiming hashing is "snake oil" because MD5 is dead. That
would sound equally wrong, no? Hashing seems to me like a
fundamentally valid field. QKD also seems this way. Can you explain
why you don't think QKD is valid, at a fundamental level? Some fact
that will hold forever? It doesn't seem obvious to me that there is
such a fundamental issue (of course, the very paper that sparked this
discussion presents a serious problem,  but it doesn't seem clear to
me that this rules it out in principle).

> Of course we could be wrong in the call.  But we're not wrong to make the
> call.
> iang

I think we should probably bring this to an end. I think I've said all
I can. You can have the last word, but my central point is: Let's
judge QKD protocols on a case-by-case basis, and not rule out the
whole field until such time as it is obvious that no QKD protocol can
ever work, fundamentally.

Noon Silk

Fancy a quantum lunch? https://sites.google.com/site/quantumlunch/

"Every morning when I wake up, I experience an exquisite joy — the joy
of being this signature."

More information about the cryptography mailing list