[cryptography] abstract: Air to Ground Quantum Key Distribution
D. J. Bernstein
djb at cr.yp.to
Thu Sep 20 16:39:57 PDT 2012
Zack Weinberg writes:
> I've seen claims that quantum key agreement lets both parties detect a
> man in the middle with no prior communication and no trusted third party.
Nope. The security of QKE relies on the parties both knowing a shared
secret key to authenticate messages. This begs the questions of
(1) how the parties communicated this secret---this doesn't have to
be a _prior_ secure channel but it does have to be a separate
secure channel;
(2) why the parties are bothering to use QKE to generate randomness
when they can much more cheaply generate local randomness and
send it through the separate secure channel; and
(3) why the parties are bothering to generate so much randomness in
the first place when they can much more cheaply use the key as an
AES key to encrypt and authenticate messages.
See http://cr.yp.to/talks/2009.10.06/slides2.pdf for a more detailed
cost-benefit analysis.
---D. J. Bernstein
Research Professor, Computer Science, University of Illinois at Chicago
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list