[cryptography] Well, that's depressing. Now what?

ianG iang at iang.org
Tue Jan 31 06:21:07 EST 2012

On 29/01/12 13:54 PM, Noon Silk wrote:
> On Sun, Jan 29, 2012 at 1:03 PM, ianG<iang at iang.org>  wrote:
>> [...]

>> It seems to me that you are resting on a sort of philosophical assumption
>> that pure research is pure, neither good nor bad.  If that is the case, the
>> problem with this assumption is that QKD is not pure, it's applied.  We know
>> precisely where we (as society) are going to apply the results to, it's in
>> the title:  Key Distribution.
> I don't know what you mean by applied and pure research here. That is
> to say, you claim it's "applied" purely because it's used for some
> problem you know about?

Yes, applied.  The research is applied to a problem that we in society 
have faced and want solved, for direct economic improvement.

> Or because it's a problem that already has a
> solution proposed? Because it seems like any research falls under that
> categorisation ..., I mean there is "pure" maths and "applied" maths,
> pure maths doesn't mean it's not applied to problems.

Maths is value-free, this is research, which costs money.  Research is 
typically paid for by grants.  The grant requests will specify in one 
way or another whether the research is directed to a specific field. 
That is, applied, or pure.

In this case, it's in the title.  All grants for this area will raise 
the impression that this leads to the successful creation of a new and 
important market in QKD devices.  If you're unsure on this point, ask 
your profs for some grant applications.

Our point here is that such an impression is false.  From everything we 
know, a proper market will not exist.  We can predict this from 
economic, marketing, scientific and end-customer-demand bases.

What we can't do is rule out a market based on falsity.  That's quite 
possible.  We have many of those in the field.  For those, we tend to 
slap on the term snake-oil.

(One thing should be noted however that snake-oil itself isn't really 
defined.  Often, it is used in reverse.  For example, I think there is a 
major software product that still calls self-signed certificates 
"snake-oil" certificates.  Which is upside down, the use of the term 
itself can be snake-oil recursively.  So really, it is not good to get 
too bent up about the term.)

> Note that I didn't say research doesn't cost money; I said it doesn't
> cost "businesses" *directly*. That is, if I publish some paper on a
> protocol, you can't call it snake oil because I'm not selling it to
> you!

Ha.  Snake oil refers to its marketing claims, not to who's buying.

You are selling your paper to someone.  In this case, QKD is being sold, 
as a field of endeavour, to: your professor, your academic peers, your 
grant funders, your university as employer, venture capitalists, 
politicians, the military, etc etc.

In the academic world, the currency of choice is published papers and 
citations.  Which means, a published paper is selling its authors.  Who 
are earning from its success.  Grants, promotions, tenure, etc.

> You can, of course, claim it doesn't consider implementation
> requirements (maybe it doesn't) and you can claim that it doesn't work
> (maybe it doesn't), but in that case my response to you is "cool,
> thanks, somehow I missed that, let's keep working on it!", not "ah,
> you got me, was hoping you wouldn't see that", which is what you're
> implying (with the "snake oil" claim).

Yeah, it's fine.  Just take KD out of the title (and the grant 
applications) and we're all cool :)

>>> I mean, look at this argument we've gotten ourselves into ... it's
>>> also completely useless. If you don't want to buy a QKD product, then
>>> fine; so be it, I'm not trying to convince you otherwise (and I
>>> certainly don't work for anyone who sells them; I'm just a student).
>> It's not useless.  9 out of 10 people with a long term background in
>> security advise not to invest a dime in QKD.  If they're right, that means
>> the money is saved for something worthwhile.
> You mean QKD *products*.

No, I mean research. Sure, invest in Quantum, it's great, as the comic 
says, it's what transistors do :)  But forget the KD, there are many 
many reasons why this isn't going to work.  It's like alchemy, which is 
research in how to turn lead into gold.  Sure you can do the research, 
but it seems that historically this didn't work out.

> So be it (as I said), I'm not going to argue
> about that (like I said, I don't know about them in detail to argue,
> specifically).

As someone who has studied marketing at an advanced level, I can suggest 
that applied research is part of the product.  Strange as it may seem.

> I've tried really hard to state that I don't see a problem with
> complaining about specific implementations of a QKD protocol.

Yeah, we get it.  But this is a slippery slope.  You say you're 
promoting QKD protocols not products.  But the only way to do that is to 
promise product.  In the grant request.

Try this experiment.  Write two grant requests.  One which talks about 
the quantum properties at a pure level, and one which promises to bring 
us closer to key distribution mechanisms.  See which gets funded...

>>> All I'm saying is QKD is an interesting field of research, and it
>>> seems a little bizarre to claim "snake oil!" while it's still being
>>> developed.
>> Sure.  But not wrong.  Big difference between applied and pure research.
>>   Think of it this way:  a company shouldn't in general do pure research,
>> because it cannot show the benefit to shareholders, therefore it is not
>> meeting its mandate.  It can do applied research, and does, because the line
>> is very clear in claims from expenditure to future revenues.
>> Then, from that point, it is easy to see that applied research is just
>> another product-life-cycle issue.  So yes, it can be labelled with
>> 'snake-oil' or other like opinions, because we know where that product is
>> heading.
> It's like claiming hashing is "snake oil" because MD5 is dead.

No, it's like claiming hashing is "snake oil" because we know another 
way to do all of the benefits of hashing, at much cheaper cost.

> That
> would sound equally wrong, no? Hashing seems to me like a
> fundamentally valid field. QKD also seems this way.

Well, hashing delivers something that is far better than the next 
alternative.  QKD, not.

> Can you explain
> why you don't think QKD is valid, at a fundamental level? Some fact
> that will hold forever?

Yes, easy.  QKD requires hardware.  A laser+receiver at each end fiber 
in the middle.  Software techniques don't impose any hardware costs.

QKD is only ever point to point.  It can never be end to end.  We now 
have a 1.5 decade experiment that tells us that point to point security 
is pretty much ... cosmetic for serious purposes.

QKD apparently requires one photon at a time ... so it will always be at 
odds with the principle of redundancy.  Which happens to be prevalent 
and solidly necessary up and down the stack, and so dominates real 
engineering that imposing a non-redundant "one photon is all you can 
afford" restriction that you'll run into strange and molasses-like 

> It doesn't seem obvious to me that there is
> such a fundamental issue (of course, the very paper that sparked this
> discussion presents a serious problem,  but it doesn't seem clear to
> me that this rules it out in principle).

It's like this:  in principle, it is possible to imagine a "perfect" 
link between those two boxes.  But, those two boxes aren't customer 
applications.  Pretty much all customer applications are more complex 
than two end-points and a piece of string between.  So, whatever 
happens, we still have the problem that the hardware has to interface to 
something else.  At this point lies not just the weakness identified, 
but a whole host of other weaknesses.

>> Of course we could be wrong in the call.  But we're not wrong to make the
>> call.
>> iang
> I think we should probably bring this to an end. I think I've said all
> I can. You can have the last word, but my central point is: Let's
> judge QKD protocols on a case-by-case basis, and not rule out the
> whole field until such time as it is obvious that no QKD protocol can
> ever work, fundamentally.

Well.  To get QKD to work, in concept, means we have to unwind quite a 
lot of what we know about security in practice.

Try this thought experiment:  get QKD to work with Skype....


More information about the cryptography mailing list