Cryptography Reference
In-Depth Information
Remark 8 (Definition of
q-AKE
).
The class
q-AKE
may contain protocols
obeying physical theories other than quantum theory.
Remark 9 (UKE implies AKE).
Note that if
π
is in
c-UKE
,then
π
naturally
gives rise to a protocol in
sc-AKE
when combined with a secure classical message-
authentication protocol. A similar statement holds for
q-UKE
and
q-AKE
.
We subdivide the classes
sc-AKE
and
q-AKE
by the type of initial keys—either
symmetric or public—used in the particular key establishment protocol, i.e., we
have the following disjoint unions
sc-AKE
=
sc-AKE
sym
∪
sc-AKE
pub
(10)
q-AKE
=
q-AKE
sym
∪
q-AKE
pub
.
(11)
Table 1 summarizes the different classes by the various categories.
Table 1.
The different classes of key establishment protocols
uke
ake
key pre-distribution
-
OOB
out-of-band
-
PGE
in-band
dynamic
-
wc-AKE
key establishment
c-UKE sc-AKE
q-UKE q-AKE
Apples and Oranges.
The class
OOB
is included in the above list (and in
the following analysis) largely for completeness; it is not technically considered
a key establishment protocol. Out-of-band protocols for key establishment need
not employ any fundamental cryptographic primitives and cannot provide the
same essential functionality that in-band protocols do, i.e., generating new secret
key in band. The generally accepted view is that out-of-band key establishment
is the most secure way to establish potentially very long secret keys, but that
well-implemented in-band protocols typically provide either a more feasible so-
lution in particular applications or a more cost-effective solution in the long
term. Because we are making the (reasonable) assumption that
qke
will be
cost-effective in the future, it reasonably follows that, in at least some cases, it
will also be more cost-effective than out-of-band key establishment in the fu-
ture. We mean to challenge here previous comments made by Bernstein [5], that
trusted couriers perform equally as well as
qke
systems insofar as their ability
to generate entropy in the cryptographic system (from Eve's point of view). The
distinction between in-band and out-of-band entropy generation is an important
one (cost-wise), and it is impossible to generate entropy in band using classical
cryptography alone.