[cryptography] Well, that's depressing. Now what?
noonslists at gmail.com
Tue Jan 31 01:59:23 EST 2012
Thanks for your well thought out comments. I will respond to some
select quotes, inline.
> For example, Vitamin C is not snake oil. But the claim
> that Vitamin C will cure cancer is.
I'll agree to this usage of snake oil.
> Among the preposterous claims made about QKD, there are:
> * QKD is perfect security. There is no such thing as perfect
> security. Really, this just ought to QKD supporters blush. It's
> shooting snakes in a barrel.
So I suppose this is where my disagreements starts. Mainly that QKD
*products* might claim this, but in at least the scientific papers
proposing and discussing QKD that claims like this are true within
the context that they are made.
This is essentially my only complaint in the entire thread. I suppose
it's perhaps a trivial complaint, but it bothers me a bit (clearly) to
see what I consider to be a legitimate field of researched attacked
because of how a small group of journalists/marketers discuss and promote
products and papers. I suppose it's perhaps a trivial complaint, but it
bothers me a bit (clearly).
> A combination of ignorance and arrogance. QKD is so caught up in the
> tech that it ignores the security. For example, the problem of denials of
> service are elided away. The most magical thing about QKD is
that a potential
> eavesdropper causes the bits to melt away like the smile of a
> But what if your attacker thinks that disruption is good enough?
Well, I don't think this issue is being ignored so much as purely not
well-enough addressed. I mean, it's research right, so all we need
is someone to
actually look into it. I don't believe there are researchers in
QKD field hoping
you won't notice this problem; it's just that there may not be an obvious
fix for it yet, or possible the fix is better implemented at a different
level. And again, it shouldn't be necessary to have to present a complete
system at the research stage, only at the product stage.
But also it goes without saying (right?) that it only matters to
you if it matters
to you, so perhaps it is possible that it doesn't matter in some
(I think it's not unreasonable to claim that this is may be case).
> QKD addresses only the problem of information in motion. It is only
> communications security, not storage security. (Which is another
> reason that the claim that QKD can replace math is so herpetoleogenous.)
The fact that it's only in-motion is obviously true, no? It's in
the name. I don't
believe any reasonable person would claim otherwise.
And I note the 'will replace mathematical cryptography' comment
from before; I don't
believe I've seen this explicitly, but I will admit that often
papers of this
type do start with something like "while classical cryptography
relies on the
hardness of the problem, ..."
I mean, it's not unreasonable to state that this is indeed true
comparison); but to claim that it then means the end of usefulness of all
problems of that type I agree that that is inappropriate. But again I'll
claim that I don't believe I've seen a claim of that exact form in
any of the
papers I've read.
> Even in COMSEC, there are difficulties of authenticity, group
> routing, and so on. Cryptography is not just point-to-point
> between trusted endpoints.
> To repeat myself from my previous missive, QKD proponents well
seem to think
> that disagreement means a lack of understanding, or hostility to
> or perhaps even a hostility to the very idea of scientific
research. These a
> themselves the speech patterns of proponents of snake oil and beyond into
> things I'll just call "fringe" science. When people play gotcha
> and explain away experiments, it contributes to the funny smell.
Indeed; I hope I didn't give that impression, I don't think I
commented at all
on a lack of understanding, and I'll agree I wasted too many
emails talking specifically
about the definition of snake oil. I just do think it's
appropriate that legitimate
research is bundled into the same attacks that are lobbied against perhaps
somewhat less legitimate products and marketing promises.
> I hope this helps explain our harrumphing.
Yes, and I hope I've clarified my position.
Fancy a quantum lunch? https://sites.google.com/site/quantumlunch/
"Every morning when I wake up, I experience an exquisite joy — the joy
of being this signature."
More information about the cryptography