Quantum Algorithms
Friday, June 10, 2005
 
Weakest Link in First Generation Quantum Cryptographic Systems
Peter Rohde accurately points out that the first generation quantum cryptographic systems do not exchange one time pads, as he assumed, but instead exchange keys for protocols such as triple-DES and AES. According to him, "Of course this completely undermines the security of QKD, since QKD inherently derives its security from the fact that the one-time pad is the only completely secure cipher."

Peter goes on to say: "My take on all this is that customers of current QKD systems are paying hundreds of thousands of dollars for cryptosystems no more secure than freely available software packages like PGP."

[Updated 2005-06-11] I responded to this in the comments section of his blog, which you can see along with Peter's response here (below the posting).

While the original designers of QKD might have had a one-time pad in mind for the key, current technology is not quite up to snuff to support the data rates one-time pad exchange would require for encrypting realistic amounts of data. So what's the point of QKD at all until the technology gets faster?

The benefit of today's QKD, which refreshes keys at the rate of 4 to 100 per second (depending on which company and press release you pay attention to) is a significant improvement over the classical alternative of today. Why? Well as engineers know, you never want a single point of failure in a system. But today's widely-used encryption protocols rely on just that -- a master key (usually an RSA private key) to exchange all the other keys. If that master key is ever stolen or deduced, than every transmission is compromised, until a new master key is issued.

In QKD, the master key is theoretically completely secure, so the weakest link of the system are the 4-100 keys that are exchanged every second. If someone was capturing all the data encrypted this way, they would need to break each key to see all the data being transmitted. Not theoretically impossible, but no more single point of failure either.

This might not sound great to some, but others are willing to pay tens of thousands of dollars to get top notch security, even if it isn't perfect. Those in the industry know that security is a relative concept.

This all gave me the idea for a feature that today's systems may be able to support: ability to send short one-time pads. If a brief, highly sensitive message needs to be sent, a few thousand bits of one-time pad could be distributed, before switching to back to triple-DES/AES mode for regular transmission.
[Updated 2005-06-11] (According to Peter, this already exists in some systems)

[Updated 2005-06-11] In a comment below his posting, Peter writes "Another point, which I didn’t mention, is that commercial QKD systems don’t actually implement ‘true’ BB84, since they don’t have true single photon sources. Instead they use attenuated coherent states which, at least in principle, introduces some room for intercept attacks." This is a good point, which actually makes it pretty difficult to truly compare first generation crypto systems with classical alternatives. A recent breakthrough will eventually fix this problem, but not for 2-3 years, according to the article, until it's commercially available.
Comments:
If you keep your private key on your local machine then compromising the key should be as hard as compromising the software running on your computer. So I don't see why PGP should be any less secure than QKD (assuming factoring is hard).

If someone can compromise my computer's private key, then presumably they could compromise other things, like the communications software or the root password.
 
If someone compromises your local machine, with something like PGP you'd need to immediately generate a new key pair and distribute the public key to everyone you talk to. With QKD, you could resume transmission immediately after expunging the hacker.

Also, factoring is hard, but not impossible, and PGP relies on a single hard-to-crack key, while QKD uses thousands of keys per minute. That's a pretty substantial difference, although both do have non-infinite levels of security.

And who knows, the super paranoid might be afraid a working 1000 qubit quantum computer secretly exists already, or will very shortly. A hundred thousand dollar investment might be worth it as an insurance policy against that very unlikely possibility.
 
Why can't you generate a new PGP key 4-100 times per second?

It seems like the only cost to doing so is authentication, either using private randomness or a trusted server. Either way, it's a) fewer resources than QKD and b) QKD also needs to authenticate its classical messages to avoid man-in-the-middle attacks.
 
This suggests that it's good to keep some shared private key in a place where they can't be easily compromised, like a flash drive. This way, you can restart communication (with PGP, QKD, or whatever else) after your machine has been compromised, without needing to meet in person again.
 
This comment has been removed by a blog administrator.
 
This comment has been removed by a blog administrator.
 
Yo, you have a Terrific blog here! Lots of content means more readers,more readers means more Sales!
I'm definitely going to bookmark you!
I have a computer faster speedup.com tweak tweak window xp xp xp xp site/blog. It pretty much covers ##KEYWORD## related stuff.
We are just a Click Away ! :-)
 
I found a free based business business home home idea opportunity work resource blog/site that really helped me
get a handle on based business business home home idea opportunity work.

I thought your posters might find this based business business home home idea opportunity work resource useful.

based business business home home idea opportunity work

Check it out if you get time:-)
 
This comment has been removed by a blog administrator.
 
This comment has been removed by a blog administrator.
 
This comment has been removed by a blog administrator.
 
This comment has been removed by a blog administrator.
 
This comment has been removed by the author.
 
This comment has been removed by the author.
 
Post a Comment

<< Home

Powered by Blogger