[cryptography] Well, that's depressing. Now what?

Jon Callas jon at callas.org
Mon Jan 30 23:40:42 EST 2012


Noon, 

When we say something is snake oil, it is a colloquialism that means not that the technology is unworkable, but that the claims are unjustified. 

For example, Vitamin C is not snake oil. But the claim that Vitamin C will cure cancer is. 

I agree with you that QKD -- and all Quantum Information Science -- is an exciting area of research. I in no way think that research money should be denied to them and I hope they come up with something cool and practical. 

But the answer to your question asking for QKD products that are not snake oil is the null set. There aren't any. 

This isn't because the theory or technology is crap. On the contrary, there are a number of interesting QKD systems built and deployed. They are snake oil because of the absurd claims that the cheerleaders make. They are doing something not unlike dropping some cancer cells into a test tube of ascorbic acid and then saying that someday soon Vitamin C will replace all cancer drugs. 

Among the preposterous claims made about QKD, there are:

* QKD is perfect security. There is no such thing as perfect security. Really, this just ought to QKD supporters blush. It's shooting snakes in a barrel. 

There are some practical aspects of this obviousness that are perhaps a bit in-obvious. Even assuming theoretic correctness of QKD, there is essentially no engineering knowledge of how to assure classes of systems have no practical problems, let alone manufacturing flaws in samples. We don't now how to test a deployment nor verify that a running system is running correctly. In contrast, we actually know a lot about the warts in a mathematical crypto system. The pissing and moaning that folks like us regularly give about crypto is an indication that the discipline is reasonably well-defined. We know enough to know a lot about what we don't know. 

* QKD will replace mathematical cryptography. Even backing this off to "could" as we've all pointed out, the economics of the situation will always favor the math. Take the very same dedicated glass fiber they put the QKD system on and replace it with an IPSec tunnel. It's cheaper. Ian makes this economic argument quite strongly. It is hard to see the circumstance when one would use QKD even working as advertised. I think this drives some of the absurd claims I mention above, and that itself tends towards snake oil. 

* A combination of ignorance and arrogance. QKD is so caught up in the tech that it ignores the security. For example, the problem of denials of service are elided away. The most magical thing about QKD is that a potential eavesdropper causes the bits to melt away like the smile of a Cheshire Cat. But what if your attacker thinks that disruption is good enough? 

QKD addresses only the problem of information in motion. It is only communications security, not storage security. (Which is another reason that the claim that QKD can replace math is so herpetoleogenous.) Even in COMSEC, there are difficulties of authenticity, group communications, routing, and so on. Cryptography is not just point-to-point communications between trusted endpoints. 

Compare this with what's going on in particle physics and cosmology, such as the search for the Higgs Boson and (separately) dark matter. There is excitement and drama that one only sees a few times a century. Last month supersymmetry seems on the outs, this month its back in again, depending on what the data says. The quest for dark matter is so all over the place that you know this is real science. 

To repeat myself from my previous missive, QKD proponents well seem to think that disagreement means a lack of understanding, or hostility to the proposition, or perhaps even a hostility to the very idea of scientific research. These a themselves the speech patterns of proponents of snake oil and beyond into things I'll just call "fringe" science. When people play gotcha over language and explain away experiments, it contributes to the funny smell. 

I hope this helps explain our harrumphing. 

Jon 



More information about the cryptography mailing list