A universal algorithm for homophonic coding
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
An information-theoretic treatment of homophonic substitution
EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Cryptography: Theory and Practice,Second Edition
Cryptography: Theory and Practice,Second Edition
Some attacks on quantum-based cryptographic protocols
Quantum Information & Computation
| Hi-index | 0.00 |
Lo and Ko in [1] have developed some attacks on the cryptosystem called αη [2], claimingthat these attacks undermine the security of αη for both direct encryption and keygeneration. In this paper, we show that their arguments fail in many different ways.In particular, the first attack in [1] requires channel loss or length of known-plaintextthat is exponential in the key length and is unrealistic even for moderate key lengths.The second attack is a Grover search attack based on 'asymptotic orthogonality' andwas not analyzed quantitatively in [1]. We explain why it is not logically possible to"pull back" an argument valid only at n = ∞ into a limit statement, let alone one validfor a finite number of transmissions n. We illustrate this by a 'proof' using a similarasymptotic orthogonality argument that coherent-state BB84 is insecure for any value ofloss. Even if a limit statement is true, this attack is a priori irrelevant as it requires anindefinitely large amount of known-plaintext, resources and processing. We also explainwhy the attacks in [1] on αη as a key-generation system are based on misinterpretations of[2]. Some misunderstandings in [1] regarding certain issues in cryptography and opticalcommunications are also pointed out. Short of providing a security proof for αη, weprovide a description of relevant results in standard cryptography and in the designof αη to put the above issues in the proper framework and to elucidate some securityfeatures of this new approach to quantum cryptography.