[cryptography] Well, that's depressing. Now what?

Noon Silk noonslists at gmail.com
Tue Jan 31 01:59:23 EST 2012

Hi Jon,

    Thanks for your well thought out comments. I will respond to some
select quotes, inline.


    > For example, Vitamin C is not snake oil. But the claim
    > that Vitamin C will cure cancer is.

    I'll agree to this usage of snake oil.

    > Among the preposterous claims made about QKD, there are:
    > * QKD is perfect security. There is no such thing as perfect
    > security. Really, this just ought to QKD supporters blush. It's
    > shooting snakes in a barrel.

    So I suppose this is where my disagreements starts. Mainly that QKD
    *products* might claim this, but in at least the scientific papers
    proposing and discussing QKD that claims like this are true within
    the context that they are made.

    This is essentially my only complaint in the entire thread. I suppose
    it's perhaps a trivial complaint, but it bothers me a bit (clearly) to
    see what I consider to be a legitimate field of researched attacked
    because of how a small group of journalists/marketers discuss and promote
    products and papers. I suppose it's perhaps a trivial complaint, but it
    bothers me a bit (clearly).

    > [...]
    > A combination of ignorance and arrogance. QKD is so caught up in the
    > tech that it ignores the security. For example, the problem of denials of
    > service are elided away. The most magical thing about QKD is
that a potential
    > eavesdropper causes the bits to melt away like the smile of a
Cheshire Cat.
    > But what if your attacker thinks that disruption is good enough?

    Well, I don't think this issue is being ignored so much as purely not
    well-enough addressed. I mean, it's research right, so all we need
is someone to
    actually look into it. I don't believe there are researchers in
QKD field hoping
    you won't notice this problem; it's just that there may not be an obvious
    fix for it yet, or possible the fix is better implemented at a different
    level. And again, it shouldn't be necessary to have to present a complete
    system at the research stage, only at the product stage.

    But also it goes without saying (right?) that it only matters to
you if it matters
    to you, so perhaps it is possible that it doesn't matter in some
    (I think it's not unreasonable to claim that this is may be case).

    > QKD addresses only the problem of information in motion. It is only
    > communications security, not storage security. (Which is another
    > reason that the claim that QKD can replace math is so herpetoleogenous.)

    The fact that it's only in-motion is obviously true, no? It's in
the name. I don't
    believe any reasonable person would claim otherwise.

    And I note the 'will replace mathematical cryptography' comment
from before; I don't
    believe I've seen this explicitly, but I will admit that often
papers of this
    type do start with something like "while classical cryptography
relies on the
    hardness of the problem, ..."

    I mean, it's not unreasonable to state that this is indeed true
(the hardness
    comparison); but to claim that it then means the end of usefulness of all
    problems of that type I agree that that is inappropriate. But again I'll
    claim that I don't believe I've seen a claim of that exact form in
any of the
    papers I've read.

    > Even in COMSEC, there are difficulties of authenticity, group
    > routing, and so on. Cryptography is not just point-to-point
    > between trusted endpoints.


    > [...]
    > To repeat myself from my previous missive, QKD proponents well
seem to think
    > that disagreement means a lack of understanding, or hostility to
the proposition,
    > or perhaps even a hostility to the very idea of scientific
research. These a
    > themselves the speech patterns of proponents of snake oil and beyond into
    > things I'll just call "fringe" science. When people play gotcha
over language
    > and explain away experiments, it contributes to the funny smell.

    Indeed; I hope I didn't give that impression, I don't think I
commented at all
    on a lack of understanding, and I'll agree I wasted too many
emails talking specifically
    about the definition of snake oil. I just do think it's
appropriate that legitimate
    research is bundled into the same attacks that are lobbied against perhaps
    somewhat less legitimate products and marketing promises.

    > I hope this helps explain our harrumphing.

    Yes, and I hope I've clarified my position.

Noon Silk

Fancy a quantum lunch? https://sites.google.com/site/quantumlunch/

"Every morning when I wake up, I experience an exquisite joy — the joy
of being this signature."

More information about the cryptography mailing list