Re: Crypto Mini-FAQ
From: David Wagner (daw_at_mozart.cs.berkeley.edu)
Date: 08/30/03
- Next message: David Wagner: "Re: Crypto Mini-FAQ"
- Previous message: David Wagner: "Re: Crypto Mini-FAQ"
- In reply to: Douglas A. Gwyn: "Re: Crypto Mini-FAQ"
- Next in thread: Mark Wooding: "Re: Crypto Mini-FAQ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 30 Aug 2003 20:30:04 +0000 (UTC)
Douglas A. Gwyn wrote:
>David Wagner wrote:
>> I don't follow. How does quantum crypto prevent man-in-the-middle
>> attacks? As far as I know, all quantum key-exchange protocols that I
>> can think of assume you have authenticated channels. These protocols
>> require authenticated channels because without them they are insecure.
>
>Since interception destroys coherence, using enough
>redundancy it is possible to detect interception (to
>any desired likelihood threshold). If you know that
>there cannot be undetected interception then protocols
>can be made very much simpler.
That's not the kind of attack I'm thinking about. I'm thinking about
an attack where I sit in the middle between Alice and Bob. I intercept
Alice's transmission, play the role of the receiver (hence Bob never
sees Alice's transmission), and then I transmit a whole new coherent
communication to Bob. Note that Bob has no opportunity to detect the
loss of coherence, between I never allow him to see the signal from Alice;
he sees only the signal from me.
In effect, I play the role of "Bob's secretary". How can Alice tell
the difference between Bob and Bob's secretary, if she doesn't have any
pre-shared secrets with Bob or an authenticated channel to Bob?
- Next message: David Wagner: "Re: Crypto Mini-FAQ"
- Previous message: David Wagner: "Re: Crypto Mini-FAQ"
- In reply to: Douglas A. Gwyn: "Re: Crypto Mini-FAQ"
- Next in thread: Mark Wooding: "Re: Crypto Mini-FAQ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
