Donate for the Cryptome archive of files from June 1996 to the present

21 September 2012

Daniel Bernstein on Quantum Key Encryption

Date: 20 Sep 2012 23:39:57 -0000
From: "D. J. Bernstein" <djb[at]>
To: cryptography[at]
Subject: Re: [cryptography] abstract: Air to Ground Quantum Key Distribution

Zack Weinberg writes:

> I've seen claims that quantum key agreement lets both parties detect a
> man in the middle with no prior communication and no trusted third party.

Nope. The security of QKE relies on the parties both knowing a shared secret key to authenticate messages. This begs the questions of

(1) how the parties communicated this secret---this doesn't have to be a _prior_ secure channel but it does have to be a separate secure channel;

(2) why the parties are bothering to use QKE to generate randomness when they can much more cheaply generate local randomness and send it through the separate secure channel; and

(3) why the parties are bothering to generate so much randomness in the first place when they can much more cheaply use the key as an AES key to encrypt and authenticate messages.

See for a more detailed cost-benefit analysis.

---D. J. Bernstein

Research Professor, Computer Science, University of Illinois at Chicago


cryptography mailing list