Back to the main page

Mailing List Logs for ShadowRN

Message no. 1
From: Adam Getchell <acgetche@****.UCDAVIS.EDU>
Subject: Quantum cryptography - Implications (Short!)
Date: Tue, 9 Aug 1994 14:15:24 -0700
So, if you waded through the technical discussion (and even if
you didn't), QC works like this:

First, you bit-bash together a key, which is a random sequence of
digits to be used in your Vernam cipher.
Next, you send your key via a fiber optic line, using Quantum
Cryptography.
Then, you compare errors, toss out incorrect measurements, and
from assumed eavesdroppers you distill a shorter key that is completely
secure.
Finally, you use this key in a Vernam cipher to send your message
out using public means.

The cipher is unbreakable, the channel is untappable (or at
least, the parts that were tapped weren't used), leaving the only angle
of attack in the key storage.
The EPR effect can be used as in QC to ensure that a stolen key
will be detected, but it's unwieldy and impractical. Hence, corporations
will probably rely on site security to maintain the key security, since
all other angles of attack are covered.
That means to only way to break someone's code and listen in on
their transmissions is to hire shadowrunners to do the key extraction.
Or use your own assets, but then the other side might figure out
you're gunning for their codes to use in those negotiations next week.

+-------------+---------------------------------------------------------------+
|Adam Getchell|acgetche@****.engr.ucdavis.edu | ez000270@*******.ucdavis.edu |
| acgetchell |"Invincibility is in oneself, vulnerability is in the opponent"|
+-------------+---------------------------------------------------------------+
Message no. 2
From: Stainless Steel Rat <ratinox@***.NEU.EDU>
Subject: Re: Quantum cryptography - Implications (Short!)
Date: Tue, 9 Aug 1994 20:21:09 -0400
>>>>> "Adam" == Adam Getchell <acgetche@****.UCDAVIS.EDU>
writes:

Just some comments I'd like to make, being the crypto-weenie that I am... :)

Adam> First, you bit-bash together a key, which is a random
Adam> sequence of digits to be used in your Vernam cipher.

Ok so far.

Adam> Next, you send your key via a fiber optic line, using Quantum
Adam> Cryptography.

To where? Who's recieving that key? Are you sending it to yourself? I'm
assuming so, and that you mean you repeatedly perform this operation to
collect data for the next step.

Adam> Then, you compare errors, toss out incorrect measurements,
Adam> and from assumed eavesdroppers you distill a shorter key that is
Adam> completely secure.

Uh, the real world doesn't work quite like that. The shorter the key the
easier it is to crack. And as I keep harping on, no encryption system is
completely secure; "reasonably" secure yes, "completely" no.

Adam> Finally, you use this key in a Vernam cipher to send your
Adam> message out using public means.

Ok, so how do you plan on geting that key to me?

If you're using a single key encryption scheme, like DES, you have a single
key used to encrypt and decrypt. You have to get that key to me. You can't
send it encrypted because I've nothing to decrypt it with. You can't use
your fibre link to me because it might be tapped and the key intercepted.

If you're using a PK encryption scheme then the "quantum checksum"
(cryptography is incorrect when used in this context because it's not an
encryption scheme, it's a checksum algorithm) is just a lot of extra work
because PK is designed to be used over insecure communication channels.

Adam> The cipher

Encryption scheme, not cipher. Look up the difference in a good book on
cryptography and cryptanalysis, because they are /not/ the same thing.

Adam> is unbreakable,

No scheme is unbreakable; this is a fact. Just because it hasn't been
broken yet doesn't mean it never will. Always assume that your scheme can
be broken, because if someone wants to do so and has the resources, he
will. The point to cryptography is to make it cost that someone more to
decrypt the message than the contents are worth.

Adam> the channel is untappable (or at least, the parts that were tapped
Adam> weren't used), leaving the only angle of attack in the key storage.

Or brute force, or potentially by conventional cryptanalysis. If your
encrypton algorithm is weak it doesn't matter what checksumming you add,
it's still weak, and that means easy to crack. Or if you use weak, easilly
guessable keys; same thing.

--
Rat <ratinox@***.neu.edu> |"When sub-culture becomes pop-culture, it's
http://www.ccs.neu.edu/home/ratinox|time to move on to something new."
PGP Public Key: Ask for one today! |--Dana Carvey
Message no. 3
From: Adam Getchell <acgetche@****.UCDAVIS.EDU>
Subject: Re: Quantum cryptography - Implications (Short!)
Date: Tue, 9 Aug 1994 17:28:43 -0700
On Tue, 9 Aug 1994, Stainless Steel Rat wrote:

> To where? Who's recieving that key? Are you sending it to yourself? I'm
> assuming so, and that you mean you repeatedly perform this operation to
> collect data for the next step.

To the person you will be exchanging messages with via PKC.

> Uh, the real world doesn't work quite like that. The shorter the key the
> easier it is to crack. And as I keep harping on, no encryption system is

The Vernan cipher is mathematically unbreakable. The length of
the key to the Vernan cipher will determine how long a message you can
send with complete confidence in it's unbreakability.

> Ok, so how do you plan on geting that key to me?

Through the quantum channel.

> No scheme is unbreakable; this is a fact. Just because it hasn't been

Repeat: The Vernan cipher was proven to be mathematically
unbreakable in the early 40's by Claude E. Shannon. It's just no one
really cared because, until now, it wasn't very useful.

> Rat <ratinox@***.neu.edu> |"When sub-culture becomes pop-culture,
it's

+-------------+---------------------------------------------------------------+
|Adam Getchell|acgetche@****.engr.ucdavis.edu | ez000270@*******.ucdavis.edu |
| acgetchell |"Invincibility is in oneself, vulnerability is in the opponent"|
+-------------+---------------------------------------------------------------+
Message no. 4
From: Gian-Paolo Musumeci <musumeci@***.LIS.UIUC.EDU>
Subject: Re: Quantum cryptography - Implications (Short!)
Date: Tue, 9 Aug 1994 20:58:43 -0500
I agree with Rat. Just because you can't figure out a way doesn't mean NSA or
some other organization can't.
Message no. 5
From: Adam Getchell <acgetche@****.UCDAVIS.EDU>
Subject: Re: Quantum cryptography - Implications (Short!)
Date: Wed, 10 Aug 1994 09:24:27 -0700
On Tue, 9 Aug 1994, Gian-Paolo Musumeci wrote:

> I agree with Rat. Just because you can't figure out a way doesn't mean NSA or
> some other organization can't.

Sir, you lack relevant references to back up this claim, whereas
I have provided ample references to the contrary.
The Vernan cipher is unbreakable, provided you use random
numbers, a weakness which Rat has pointed out. However, as Janne Jalken
has suggested, filling a CD full of data from the observation of random
events such as radioactive decay or sun spots would give you a
significant list of random number to work with. And this can be done
repetitively to generate more random numbers.
The weakness in the Vernan cipher involves distributing the key.
As the article has amply shown, distribution of the key over a quantum
channel will make it attack-proof. Thereafter, the only remaining line
of attack lies in key storage. Even this can be overcome in principle
using the famous Einstein-Podolsky-Rosen effect, but this method requires
long term storage of photons and isn't immediately practical. So, plain
site security remains the best defense against this option.
Do you have evidence or references that contradict the above
statements?

+-------------+---------------------------------------------------------------+
|Adam Getchell|acgetche@****.engr.ucdavis.edu | ez000270@*******.ucdavis.edu |
| acgetchell |"Invincibility is in oneself, vulnerability is in the opponent"|
+-------------+---------------------------------------------------------------+
Message no. 6
From: Gian-Paolo Musumeci <musumeci@***.LIS.UIUC.EDU>
Subject: Re: Quantum cryptography - Implications (Short!)
Date: Wed, 10 Aug 1994 11:48:11 -0500
I am quite simply stating that just because you cannot see a way around it,
that does not mean someone else could not find out a way to do it. End of
discussion for myself.
Message no. 7
From: Adam Getchell <acgetche@****.UCDAVIS.EDU>
Subject: Re: Quantum cryptography - Implications (Short!)
Date: Wed, 10 Aug 1994 10:07:40 -0700
On Wed, 10 Aug 1994, Gian-Paolo Musumeci wrote:

> I am quite simply stating that just because you cannot see a way around it,
> that does not mean someone else could not find out a way to do it. End of
> discussion for myself.

You lack proof to make such a statement. In this case, opinions
are irrelevant -- facts are what matter.

+-------------+---------------------------------------------------------------+
|Adam Getchell|acgetche@****.engr.ucdavis.edu | ez000270@*******.ucdavis.edu |
| acgetchell |"Invincibility is in oneself, vulnerability is in the opponent"|
+-------------+---------------------------------------------------------------+
Message no. 8
From: Damion Milliken <u9467882@******.UOW.EDU.AU>
Subject: Re: Quantum cryptography - Implications (Short!)
Date: Thu, 11 Aug 1994 20:13:56 +0000
Adam writes:

> > I am quite simply stating that just because you cannot see a way around it,
> > that does not mean someone else could not find out a way to do it. End of
> > discussion for myself.
>
> You lack proof to make such a statement. In this case, opinions
> are irrelevant -- facts are what matter.

I'm sure many great theories were hypothisised (SP?) before they were proven.
If some one had actually attempted to produce Leonardo D'v... (You know the
guy) design for a helocopter (I think it was this), then he would have been
disproven. It would not have worked. However, in modern times (mainly due to
new materials) helecopters work. Everyone disbeleived Columbus (I think - I'm
no historian, so if I get the people and events mixed up don't get cross) when
he propsed the world was round, but it was still true [unless all we know is
some big lie fed to us by Big Brother - Imagine that, nothing in history
really happened, all we learn is false]. It just had to be proven. There is
some mathemitican (or was, rather) who supposedly proved there was a formula
to find the roots of polynomials of degree greater than two (if that is
technically incorrect [as in degree is used in the wrong sense] what I mean
is cubic and quartic equations), but he didn't actually prove it. It seems
to be thought that he was correct (supposedly he proved heaps of other stuff),
but no one sinse has been able to do it. This does not make it incorrect.

In the case of an actual proof that it _cannot_ be done, then I concede the
point, that is correct, but if it is just the case that nobody has yet to do
it, then you cannot actually say it can't be done.

--
Damion Milliken University of Wollongong E-Mail: u9467882@******.uow.edu.au

(Geek Code 2.1) GE d@ H s++:-- !g p? !au a18 w+ v C+ U P? !L !3 E? N K- W+ M
!V po@ Y t(+) !5 !j r+(++) G(+) !tv(--) b++ D+ B? e+ u@ h+(*)
f+@ !r n--(----)@ !y+
Message no. 9
From: Stainless Steel Rat <ratinox@***.NEU.EDU>
Subject: Re: Quantum cryptography - Implications (Short!)
Date: Thu, 11 Aug 1994 10:30:20 -0400
>>>>> "Damion" == Damion Milliken
<u9467882@******.UOW.EDU.AU> writes:

Damion> In the case of an actual proof that it _cannot_ be done, then I
Damion> concede the point, that is correct, but if it is just the case that
Damion> nobody has yet to do it, then you cannot actually say it can't be
Damion> done.

It cannot be done; this has been mathematically proven. OTP ciphers, who's
"key length" is equivalent to the length of the message being sent, cannnot
be broken by mathematical attack, nor by conventional cryptanalysis. The
reason is simple: both forms of attack build patterns out of the ciphertext
and cleartext, but because the OTP pads are random there are no patterns in
the ciphertext to work with. The only brute force attack that can be used
is to attempt to recreate the stream of random numbers used to originally
encipher the message. You can't use a differential or factorial analysis
because there are no patterns or primes directly involved with key
generation.

There are two weaknesses of one time pads. If the pads are not truely
random then patterns will develop; when patterns develop your ciphertext
becomes vulnerable to analysis. And key distribution and security is a
royal pain.

--
Rat <ratinox@***.neu.edu> |...kcab nrut ,kcab nrut ,kcab nruT .ton si
http://www.ccs.neu.edu/home/ratinox|emit tub elbisrever si cisum ehT "hgiH nO
PGP Public Key: Ask for one today! |eriF" ,OLE--
Message no. 10
From: "C. Paul Douglas" <granite@*****.NET>
Subject: Re: Quantum cryptography - Implications (Short!)
Date: Thu, 11 Aug 1994 12:15:06 -0400
On Wed, 10 Aug 1994, Adam Getchell wrote:

> On Wed, 10 Aug 1994, Gian-Paolo Musumeci wrote:
>
> > I am quite simply stating that just because you cannot see a way around it,
> > that does not mean someone else could not find out a way to do it. End of
> > discussion for myself.
>
> You lack proof to make such a statement. In this case, opinions
> are irrelevant -- facts are what matter.
>
The fact of the matter is that I have failed to see the relevance of this
argument for several days....
-----------------------------GRANITE
Message no. 11
From: Stainless Steel Rat <ratinox@***.NEU.EDU>
Subject: Re: Quantum cryptography - Implications (Short!)
Date: Thu, 11 Aug 1994 13:42:41 -0400
>>>>> "C" == C Paul Douglas <granite@*****.NET> writes:

C> The fact of the matter is that I have failed to see the relevance of
C> this argument for several days....

Secure communications is relevant in any information-based society, whether
it be in 1994 or 2054.

But I agree, we are digressing quite a bit here.

--
Rat <ratinox@***.neu.edu> |It turns out that the technical term for
http://www.ccs.neu.edu/home/ratinox|the space between donughnut holes is
PGP Public Key: Ask for one today! |"urlap".
Message no. 12
From: Adam Getchell <acgetche@****.UCDAVIS.EDU>
Subject: Re: Quantum cryptography - Implications (Short!)
Date: Thu, 11 Aug 1994 11:01:27 -0700
On Thu, 11 Aug 1994, Damion Milliken wrote:

> In the case of an actual proof that it _cannot_ be done, then I concede the
> point, that is correct, but if it is just the case that nobody has yet to do

The actual proof by Claude E. Shannon says the Vernan cipher
cannot be cracked if the key is random and used once.

> Damion Milliken University of Wollongong E-Mail: u9467882@******.uow.edu.au

+-------------+---------------------------------------------------------------+
|Adam Getchell|acgetche@****.engr.ucdavis.edu | ez000270@*******.ucdavis.edu |
| acgetchell |"Invincibility is in oneself, vulnerability is in the opponent"|
+-------------+---------------------------------------------------------------+
Message no. 13
From: Adam Getchell <acgetche@****.UCDAVIS.EDU>
Subject: Re: Quantum cryptography - Implications (Short!)
Date: Thu, 11 Aug 1994 11:06:01 -0700
On Thu, 11 Aug 1994, Stainless Steel Rat wrote:

> the ciphertext to work with. The only brute force attack that can be used
> is to attempt to recreate the stream of random numbers used to originally
> encipher the message. You can't use a differential or factorial analysis
> because there are no patterns or primes directly involved with key
> generation.

Very interesting. So how do the prime numbers get in the
picture? I've heard of codes/ciphers based on the 1E21-1 Prime, etc.
etc. but what does this mean exactly?

> Rat <ratinox@***.neu.edu> |...kcab nrut ,kcab nrut ,kcab nruT .ton si

+-------------+---------------------------------------------------------------+
|Adam Getchell|acgetche@****.engr.ucdavis.edu | ez000270@*******.ucdavis.edu |
| acgetchell |"Invincibility is in oneself, vulnerability is in the opponent"|
+-------------+---------------------------------------------------------------+
Message no. 14
From: Stainless Steel Rat <ratinox@***.NEU.EDU>
Subject: Re: Quantum cryptography - Implications (Short!)
Date: Thu, 11 Aug 1994 20:21:08 -0400
>>>>> "Adam" == Adam Getchell <acgetche@****.UCDAVIS.EDU>
writes:

Adam> Very interesting. So how do the prime numbers get in the picture?

They don't, that's why a differential attack won't work. Encryption
algorithms such as the DES and IDEA use large prime numbers and factorial
combinations of these primes in the generation of the encrypted text.
"Smart" brute force attacks against such an algorithm works by cycling
through prime numbers and repeatedly performing analyses in an attempt to
get a match. A differential attack adds a few mathematical shortcuts to
reduce the number of iterations required to obtain a match. This is how
single-DES was cracked in a couple of hours (anybody using DES uses
tripple-DES anyway).

Because one time pads don't use large prime numbers, you can't use such
attacks against the ciphertext.

--
Rat <ratinox@***.neu.edu> |Don't anybody try this at home. I'm a
http://www.ccs.neu.edu/home/ratinox|licensed doctor an' a trained psychotic.
PGP Public Key: Ask for one today! |--Ron Post
Message no. 15
From: Damion Milliken <u9467882@******.UOW.EDU.AU>
Subject: Re: Quantum cryptography - Implications (Short!)
Date: Fri, 12 Aug 1994 11:21:19 +0000
Rat writes:

> It cannot be done; this has been mathematically proven. OTP ciphers, who's

Well in that case, as I said, I concede the point. (Not that I was really
arguing it anyhow) :-)

--
Damion Milliken University of Wollongong E-Mail: u9467882@******.uow.edu.au

(Geek Code 2.1) GE d@ H s++:-- !g p? !au a18 w+ v C+ U P? !L !3 E? N K- W+ M
!V po@ Y t(+) !5 !j r+(++) G(+) !tv(--) b++ D+ B? e+ u@ h+(*)
f+@ !r n--(----)@ !y+

Further Reading

If you enjoyed reading about Quantum cryptography - Implications (Short!), you may also be interested in:

Disclaimer

These messages were posted a long time ago on a mailing list far, far away. The copyright to their contents probably lies with the original authors of the individual messages, but since they were published in an electronic forum that anyone could subscribe to, and the logs were available to subscribers and most likely non-subscribers as well, it's felt that re-publishing them here is a kind of public service.

Thwap!