On the security of $\alpha\eta$: response to 'some attacks on quantum-based cryptographic protocols'
Lo and Ko have developed some attacks on the cryptosystem called $\alpha \eta$}, claiming that these attacks undermine the security of $\alpha\eta$ for both direct encryption and key generation. In this paper, we show that their arguments fail in many different ways. In particular, the first attack in [1] requires channel loss or length of known-plaintext that is exponential in the key length and is unrealistic even for moderate key lengths. The second attack is a Grover search attack based on `asymptotic orthogonality' and was not analyzed quantitatively in [1]. We explain why it is not logically possible to "pull back'' an argument valid only at $n=\infty$ into a limit statement, let alone one valid for a finite number of transmissions n. We illustrate this by a `proof' using a similar asymptotic orthogonality argument that coherent-state BB84 is insecure for any value of loss. Even if a limit statement is true, this attack is a priori irrelevant as it requires an indefinitely large amount of known-plaintext, resources and processing. We also explain why the attacks in [1] on $\alpha\eta$ as a key-generation system are based on misinterpretations of [2]. Some misunderstandings in [1] regarding certain issues in cryptography and optical communications are also pointed out. Short of providing a security proof for $\alpha\eta$, we provide a description of relevant results in standard cryptography and in the design of $\alpha\eta$ to put the above issues in the proper framework and to elucidate some security features of this new approach to quantum cryptography.