Bruce Schneier has a commentary up at Wired about quantum cryptography. There are a lot of good points about the article, but it left me kind of scratching my head. As far as I can tell Bruce Schneier believes that you should not worry about any cryptographic system currently in use ever being broken. I didn’t think cryptographers were allowed to have so little paranoia.
Schneier begins by explaining quantum cryptography and quantum computing. The former is a method for taking a small shared private key (needed for authentication) and boosting it up into a shared secret key of greater length such that if someone is eavesdropping on the line you can detect this eavesdropping due to the properties of quantum theory. The later is a method for building computers which, among its other traits, could be used to break many modern cryptographic systems. (See here for a discussion of quantum cryptography and quantum computing and how the former doesn’t fix all that the later breaks.)
After explaining all this, Schneier says
While I like the science of quantum cryptography — my undergraduate degree was in physics — I don’t see any commercial value in it. I don’t believe it solves any security problem that needs solving. I don’t believe that it’s worth paying for, and I can’t imagine anyone but a few technophiles buying and deploying it. Systems that use it don’t magically become unbreakable, because the quantum part doesn’t address the weak points of the system.
Security is a chain; it’s as strong as the weakest link. Mathematical cryptography, as bad as it sometimes is, is the strongest link in most security chains. Our symmetric and public-key algorithms are pretty good, even though they’re not based on much rigorous mathematical theory. The real problems are elsewhere: computer security, network security, user interface and so on.
Now let me get this straight: I have no doubt that there are many greater worries in security than “mathematical crypography.” But does this justify totally ignoring the possibility that a cryptographic system might possibly be breakable? I mean maybe I’m influenced by this in the fact that I’ve been sitting in on a cryptanalysis course and I just met a graduate student who broke a cryptographic pseudorandom number generator, but really what kind of an argument is this? “Um, well, sometimes our cryptographic systems have been broken, but that’s nothing to worry about, because, you know, everything is kosher with the systems we are using.” Should the author of such claims at least make some attempt at figuring out what the probability that the current infrastructure is actually secure, or will remain secure (not everyone needs security that expires at the end of a session)? Certainly when you get to twenty years out, I’m going to put a lot less faith in much of our public key system cryptography because of the fact that quantum computers can break most of these systems.
It is interesting to think about the competitiveness of quantum cryptography with the infrastructure it would replace. But to ignore it straightaway seems to me, well very very anti-security.
Now why can’t I get the Nirvana line “Just because you’re not paranoid, don’t mean they’re not after you” out of my head?