Quantum Cryptography pointless?

I always laugh when I see headlines like this on BBC websites:

"Unbreakable' encryption unveiled"

and even more so when I realize it is talking about "Quantum Cryptography". The idea is that you send data down a fibre optic cable and if anyone views it before you do it changes the photons used to send the data, so you can tell someone is watching. This does not really ensure confidentiality though as the data has been viewed, so you still need to encrypt the data using traditional cryptography.

So what does this really gain us? Well not much is the truth. We can share data and detect when some else sees it, but if they see it we lost already. So we encrypt the data and now we know if someone has seen the encrypted data, but again having encrypted it we should not care if it is seen. Not really that useful. Well in fact it is useful in one way, we use it to send the symmetric encryption keys to the other party. If the key is viewed we try again, if not we use it knowing no one else knows it. Wonderful a secure unbreakable way of exchanging keys.

Only we already have good ways of exchanging keys. It is called PKI, or asymetric encryption. In fact Quantum key exchange does have a slight problem in that I could perform a denial of service attack by watching every photon on the fibre. Thus a symmetric key can never be exchanged. This can be got around by using PKI, but now what is the point of doing this?

Well this has been my thinking on the subject for a while, so I was pleasently surprised to read Bruce Schneier's take on the subject today.



