你会学到什么:
- 后量子密码术的基础知识。
- Why we need post-quantum cryptography (PQC).
- What’s being done to develop it before quantum computers arrive.
术语计算术语沿线带来了未来派超级计算机的图像星际迷航。Quantum computing is still in its infancy, but it’s growing rapidly and the implications of its capabilities is significant especially in the realm of security.
To get more insight to this space, I talked with Helena Handschuh, a Fellow atRambus安全。
什么是量子计算?
Today’s computers run on bits of data: either a 1 or a 0. Quantum computers use qubits, which can be in a quantum superposition of both states—meaning they can simultaneously be both a 1 and a 0. Quantum computers have many entangled qubits, and these lead to massive, exponential leaps in processing power, depending on how many qubits are in the computer. What this boils down to is that the encryption that once took computers over a human lifetime to break will be broken in mere days by quantum computers, due to the vast increase in processing speed.
So, will quantum computing defeat all current cryptography?
不完全是。加密有两种主要类型。对称密钥加密(例如AES(高级加密标准),将能够抵抗量子攻击,但这种密码学具有局限性。它要求两个端点提前共享密钥。例如,当用户需要从浏览器到电子商务站点的安全连接时,这不是这种情况。
RSA(RIVEST-SHAMIR-ADLEMAN)和ECC(椭圆形曲线加密)等公钥加密,建立在“难以解决”的数学问题上。对于上下文,传统的计算需要数百或数千年来解决这些问题,有效地使它们“不可破坏”。但这些不足以保护量子时代中的数据和设备。当量子计算机完全开发时,使用Shor算法的计算机,多项式量子计算机算法为整数分解,将能够破解2048位RSA实现,也许只需几天。
We expect quantum computing to reach its fully developed state within the next decade, by 2030. Since there are none in the field today, it’s difficult to predict what a quantum computer’s capabilities will be, so it’s important to develop a variety of post-quantum cryptography standards so that if one fails, the industry has additional standards to use.
什么是Quantum加密(PQC),为什么它很重要?
后压加密以算法以算法为中心,该算法旨在确保量子计算时代及更远的数据。它是我们开发这些加密算法和专用硬件加密引擎的关键,因为某些高吞吐量网络设备的软件中的这些算法可能太慢。新算法可能比我们现有的标准更加重要,包括RSA和ECC,特别是如果需要防止侧通道攻击。
What are some of the challenges being faced in developing post-quantum security algorithms?
这些后量子加密算法比我们当前的算法更复杂,我们在Rambus认为需要这些现有算法的革命,而不是进化。
主要挑战之一是钥匙本身的大小。电流加密和签名算法具有几百或数千位长的键。一些提议的后量子算法有时会产生几十只千字节的关键尺寸。这意味着我们需要能够有效地存储这些键。
当公钥用于公钥基础架构证书(PKIS)并且需要在终端设备上本地传送或存储时,这也会花费更多的带宽和内存。使用具有大尺寸密文的这些方案时,带宽要求可能会增加。
IOT中将看到另一个主要挑战,其中端点设备已经具有有限的计算和处理能力。AS Edge Computing和IoT继续变得更加泛滥,这将重要的是这些设备受到保护免受量子攻击。Rambus认为,处理加密算法的ONU将落在硬件上,因为软件可能没有容量,并且不太安全。
另一个主要挑战是能够评估这些新算法的安全性对抗经典和量子攻击。底层新的数学原语尚未研究,尚未得到很好的研究,并且知道这些所提出的算法所在的安全性如何安全。
What work is being done to ensure that our devices and data remain secured?
The National Institute of Standards and Technology (NIST) is sponsoring a竞赛要查找,评估和标准化将支持量子计算机构成的挑战的公钥加密算法(或算法)。第二轮26名参赛者缩小了最近宣布第三轮决赛选手还有交替,最终的投资组合预计将在2022年的某些时候公布。
我们非常自豪地,兰姆斯在第二轮中有一个名为“三只熊”的条目,这是由我们的最佳安全工程师之一Mike Hamburg开发的“三只熊”。可悲的是,“三只熊”并没有继续到第三轮,但我们很高兴成为这一联盟的技术创新的一部分。
如果我们仍然离Quantum Computers是一个现实,为什么现在有这样的紧迫感是为了实现这一目标?
测试并确定算法是否能够承受量子计算机攻击力的时间需要时间。此外,设计人员需要时间将所选算法标准实施到其产品中,并且该交货时间可以为新产品和网络基础设施和网络协议提供多达10年的多年。
它还需要多年才能升级和部署广泛的现有计算和网络硬件。安全端点(具有网络连接的所有内容)都需要升级,在某些情况下可能意味着新硬件,因为软件不会快速或足够安全地处理这些新算法。
The impact on network architecture and infrastructure will be significant, due to the larger keys and cypher text, so these may also require upgrades or replacements.
Quantum Computing是如此新的,我们如何预测安全算法应该是什么,以防止量子计算机的攻击?
The NIST competition includes rigorous testing processes to weed out those algorithms that will not be able to withstand a quantum-computer attack. This is why the contest spans such a long period of time, as each round includes an evaluation period for the cryptography community to analyze each candidate’s performance. This allows for the committee to collect data on how each algorithm may perform in the real world.
NIST指出,由于量子计算机的设计依赖于不同的科学概念,而不是我们的传统计算机,后量子算法也必须基于不同的数学工具来抵抗传统和量子攻击。这是每个人,设计师和分析师的绿色领域。
When will these algorithms be ready for deployment?
我们希望一个赢家(s)将和决定standardized by 2022, after which designers can begin to implement the selected winning algorithms into their devices. These algorithms will be available to just about anyone, as they are public algorithms, but some countries may choose to create variants on it to keep their algorithms unique.
However, these variants on the standard will need to interconnect with others, so that each country will potentially submit their own version to the governing standards body, for example, to ETSI, the European telecommunication industry standards body. In turn, it will become part of the portfolio of available algorithms.
What other measures can be taken now to strengthen our current devices’ security?
At Rambus, we recommend building security into devices’ hardware with secure root of trust and other embedded security solutions to safeguard against software attacks. Devices can also utilize secure provisioning and cloud-based device key management solutions to protect their data against attacks.
