|
From a security perspective (and not a science perspective) we need to be able to make assertions about the security of a scheme, and provide some kind of evident proof for it. The entire history of cryptography is literally the story of persuading people they are protected by something they don't understand and can't reason about, and then having a backdoor into it. Popular science articles aren't sufficient to reason about the science - but they are at least as rigorous as the product spec sheets people will make their security decisions on, so I'd propose pop articles are admissable in discussing the security of the scheme. It's not on the consumer to understand, but on the producer to demonstrate. The issue with QKD right now is that the risk/benefit isn't there from a security product perspective. If I have something that needs quantum security, I necessarily don't trust a bunch of people who say, "trust me, it's science," as I am looking at where the risk goes. If I'm using crypto on classical computers, most of my risk gets diffused through standards bodies (NIST, essentially), and then my vendors, banks, insurers, etc. QKD and PUFs have the same problem, which is snakeoil risk. The information theoretic security (as a function of entropy) of an algorithm is scientifically interesting, but when it comes to applying it to risk management (e.g. distributing accountability), there is a ceiling on that. Measuring security based on work or operations over a classical compute cost / complexity class, I agree, is an orthogonal concern with QKD, but security as defined by where the risk goes needs a definition it can reason about. I agree it (the analysis) will look different, and if I were to equip my fellow security analysts with a tool, it would be to not be persuaded that their lack of a quantum physics background disqualifies them from interrogating the real security benefits of QKD proposals. |