QM, randomness, ignornace (Re:Atmospheric noise & fair coin flipping) x-post

Major Variola (ret) mv at cdc.gov
Fri Jul 19 11:13:56 PDT 2002 

This just showed up on _cryptography_ and illuminates the point various
nyms were making
here about QM, randomness, and ignorance.  Reproduced without
permission.


Hannes said,

> What we have here is a theory which is almost as old as the
> special theory of relativity and has not yet prooven wrong.
> This theory tells us that there is no way whatever, that a
> possible eavesdropper can listen to the key exchange.

I appreciate your statement and I am sure you have the experise in the
area.
However, to rely on a security/crypto mechanism, I must see a proof I
understand, and I _never_ rely on `proof by intimidation`.

In this case, I'll like a proof showing reduction from a specific
theorem
which is backed by many years of concentrated effort to break it. I am
not
cynical, really. I will really appreciate if you provide me/us with
(reference) to
(a) historical evidence of a precise theorem/conjecture which withstood
many
years of substantial scurtiny, and
(b) precise proof, with sufficient details for someone (like me) whose
physics is rusty (many years since my engineering school days...),
showing
the reduction from the specific claims to the long-lived theorem.

> It also > tells us that if we
> use either a Quantum random number generator or an entangled
> photon QKD system, that
> we get absolutly random numbers.

Can you generate truly random numbers? Cool! Indeed, this is something
which
in a sense is to be expected, based on the uncertainty principle. Of
course,
for a complete QKD system this may be a small part; but this part could
be
useful for many crypto systems, if it is really secure - and practical
(cost, size, etc.). Can you provide details on this?

As an aside note, the uncertainty principle may be an example of
physical
theory which have withstood many years, but I doubt that it was really
tested using crypto principles. I mean, couldn't it just turn out that
all
of the randomization in physics will some day turn out to be
pseudo-random??? After all, detecting the difference could be fairly
difficult, even if and when we learn the details of this supposed
pseudo-random generator, assuming it is a non-trivial one (after all
even
the congruential generator was only fairly recently shown insecure!).

Regards, Amir Herzberg
See http://amir.herzberg.name/book.html  for lectures and draft-chapters

from book-in-progress, `Introduction to Cryptography, Secure
Communication
and Commerce`; feedback appreciated!

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
majordomo at wasabisystems.com

More information about the cypherpunks-legacy mailing list