chrodinger's Encryption: What The CISO Needs To Know About Quantum Cybersecurity
There's a brilliant Dilbert cartoon where the pointy-haired boss asks Wally how his quantum computer project is doing and whether he can observe it, to which Wally replies 'that's a tricky question.' The pointy-haired boss could just as easily have been asking about quantum key distribution (QKD) and the answer would have been the same.
在超讚的《呆伯特》(Dilbert)系列漫畫中,尖發造型的老闆曾詢問沃利關於量子計算項目的進展並要求查看,沃利回答:「這是個棘手的問題(你是來搞笑的嗎?)」這位尖發老闆也許還會問關於量子密鑰分配(QKD)的問題,但答案是一樣的。
Cybersecurity is constantly evolving, and the role of the Chief Information Security Officer (CISO) has to evolve in parallel. The job description for most CISO positions doesn't currently require a physics degree, but could that all be about to change? Quantum cybersecurity is already becoming a thing, and the CISO needs to get a handle on the quantum threats and opportunities of tomorrow made possible by the paradox of Schrodinger's cat.
網絡安全處在不斷進化的過程中,因而首席信息安全官(CISO)的角色必須同步進化。大多數CISO的職位描述目前沒有對物理學位作要求,但這一現狀會改變嗎?量子網絡安全已然成型,而CISO則需要駕馭由「薛丁格的貓」悖論所帶來的未來量子威脅和機遇。
That paradox, devised by the Austrian physicist Erwin Schrodinger in 1935 and grotesquely simplified by me in 2018, says that if a cat and a device that could or could not kill the cat with equal probability are locked in a box you wouldn't know if the cat were dead or alive until you opened it. The cat is, therefore, both dead and alive simultaneously while the box remains sealed. It is in two states at the same time, and that's where the quantum cryptography bit kicks in: it's all about superposition, the ability of a photon in the case of QKD, which uses an optical channel, to exist in two states simultaneously. Until, that is, you observe it as this act of measuring the state removes the superposition ambiguity. In other words, the very act of observing effectively changes the state of the quantum particle. If that weren't mind-boggling enough, there's also entanglement to take into consideration.
這個悖論由奧地利物理學家埃爾溫·薛丁格(Erwin Schrodinger)在1935年提出,本文作者在2018年對其進行了簡化:如果將一隻貓和一個殺死貓的裝置(能與不能殺死貓的概率皆為50%)鎖在同個盒子裡,你是不會知道貓的死活的,直到打開盒子。因此,在盒子密封的情況下,這隻貓同時存在於死和活的狀態。同一時間下同處於兩種狀態,這就是量子密碼學的切入點:疊加——一種光子在量子密鑰分配的情況下,利用光通道以兩種狀態同時存在的能力。也就是說,「觀測」——這種衡量狀態的行為,消除了疊加不確定性。換句話說,觀測的行為能有效地改變量子粒子的狀態。如果這還不夠讓人難以置信的話,還要考慮到量子糾纏問題。
Einstein infamously brushed off the idea of quantum entanglement as being "spooky action at a distance." However, Einstein was wrong for a change and it turns out that the state of entangled quantum particles can be thought of as an inseparably connected whole: observe one and you observe the other, no matter how far apart they might be. Throw this pair of quantum concepts into the QKD mix and you have the ability to securely distribute cryptography keys. Or, rather, you have the ability to know if that transmission is being monitored and so no longer secure. This remains true whether the threat actor were to hack into the QKD channel or to replicate it, the act of observation will result in no key being created.
愛因斯坦對量子糾纏這個概念不屑一顧,認為它是「一種遠距離的幽靈行為」。然而,愛因斯坦的想法是錯誤的,分別觀測糾纏量子的二者,不管它們相距有多遠,結果都證明糾纏量子粒子的狀態可以被認為是一個不可分離的整體。將概念上「一對」的糾纏量子放入量子密鑰分配組合中,你就能安全地分發加密密鑰。或者,更確切地說,你就知道了傳輸是否因監視變得不安全。不管威脅行動者是侵入量子密鑰分配頻道還是複製它,觀測的行為都不會產生密鑰。
QKD systems are already up and running, both in research labs and to a limited degree in commercial applications, yet it's all too easy to get caught up in the fantastical physics at play here and forget about all those things that don't require a brain the size of a watermelon. A good cybersecurity practitioner, like a 'good' cybercriminal, knows that the security basics are where the biggest gains are to be found. So, in the case of a QKD-protected network, you need to look further than the optical fibers which are transmitting the key data.
目前,量子密鑰分發系統已經啟動並運行,無論在實驗室還是在有限的商業應用中,它仍然容易陷入臆想物理的狀態,從而忘記那些根本不需要西瓜大小的大腦。一個優秀的網絡安全從業者,就像一個「優秀的」黑客一樣,知道安全基礎是最大的收益所在。所以,在量子密鑰分配保護的網絡中,你的前瞻要比傳輸關鍵數據的光纖更遠才行。
Instead, think about potential weak points such as optical fiber termination points and the switches and connections that follow. As well as the human factor of course, given how susceptible to social engineering most of us can be. I'm less worried about the distributed keys themselves being susceptible to brute-forcing to be honest. As long as the block size is big enough, AES with a 256-bit key for example, then breaking that key would be beyond the realm of current technology. Wikipedia suggests that assuming the threat actor had access to fifty supercomputers capable of checking a billion billion keys per second, then it would take approximately three times 10 to the power of 51 years to exhaust the AES-256 key space. That's roughly three sextillion years, or three followed by 21 zeros if you prefer.
相反地,要考慮一些潛在的弱點,比如光纖終止點以及接下來的交換器和連接等。當然還有人為因素,因為大多數人都容易受到社會工程的影響。老實說,我並不擔心分布式密鑰本身會受到強制執行的影響。只要塊的大小足夠大,例如,AES(高級加密標準,英語:Advanced Encryption Standard,縮寫:AES)有一個256位的密鑰,那麼要打破這個密鑰就超出了當前技術的範圍。維基百科認為,假設威脅行動者能夠訪問50臺每秒能檢查10億個密鑰的超級計算機,那麼耗盡AES的256密鑰空間大約需要3乘以10的51次方年的時間。大概是30萬億億年,3的後面跟了21個0。
Of course, as the National Institute of Standards and Technology (NIST) Report on Post-Quantum Cryptography pointed out in 2016 "In recent years, there has been a substantial amount of research on quantum computers - machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use." This is more likely to be the case with regards to public-key cryptography thanks to Peter Shor.
當然,2016年國家標準與技術研究所(NIST)後量子密碼報告曾指出,「近年來,已經有大量研究致力於量子計算機——一種利用量子力學現象來解決傳統計算機難以解決的數學問題的機器。如果大規模的量子計算機被製造出來,他們將足以破解當前正在使用的多數公鑰加密系統。」在公鑰加密方面這種情況則更有可能發生,這都多虧了Peter Shor(美國科學家,曾提出了量子分解算法,是迄今量子計算領域最著名的算法)。
A professor of applied mathematics at MIT, Shor produced his algorithm back in 1994 to more efficiently calculate the prime factors of a large number. Couple this algorithm with a large enough quantum computer and public-key cryptography could easily be quantum-breakable. Symmetrical encryption algorithms such as AES, however, are thought to be quantum-resilient as they do not rely upon integer factorization to work. While Shor's algorithm wouldn't impact AES, Grover's might do when it comes to AES-128. Grover's algorithm reduces the amount of time taken to brute-force a symmetric cipher, but it's generally accepted that doubling the minimum recommended key size from 128-bit to 256-bit would be sufficient to secure AES against a quantum computer attack.
Shor是麻省理工學院應用數學教授,他在1994年提出了一種算法,以更有效地計算大量的質數因子。將這種算法與足夠大的量子計算機和公鑰加密相結合可以輕而易舉地實現量子突破。然而,像AES這樣的對稱加密算法,被認為具有量子彈性,因為它們不依賴於因數分解來工作。雖然Shor的算法不會影響AES,但Grover算法在AES-128中可能有效。Grover算法大大減少了強制執行對稱密碼所需的時間,但人們普遍認為,將最小推薦密鑰大小從128位翻倍增至256位就足以保證AES免受量子計算機的攻擊。
Then there are the researchers from the Victoria University of Wellington in New Zealand who think they may have found a way to create a quantum blockchain. Best known for helping Bitcoin to spearhead the cryptocurrency revolution, blockchain technology is also being applied to everything from distributed cloud storage to voter authentication and plenty more besides. All of which are threatened by quantum computing that could, in theory, unlock the encryption that holds the decentralized and transparent ledger at the heart of blockchain together.
紐西蘭惠靈頓維多利亞大學(Victoria University of Wellington)的研究人員認為,他們可能已經找到了創建量子區塊鏈的方法。區塊鏈技術以幫助比特幣引領加密貨幣革命而聞名,現在也被應用於分布式雲存儲、投票人身份驗證等諸多領域。所有這些都受到量子計算的威脅,從理論上講,量子計算可以解碼加密數據,將分散透明的分類帳集中在區塊鏈中心。
In their paper Quantum Blockchain using entanglement in time the researchers, Del Rajan and Matt Visser, propose a conceptual design for a quantum blockchain to resolve this threat. The idea is to take the notion of photon entanglement in space, as used by the QKD systems mentioned previously, but advance this by using entanglement in time to encode the blockchain. A traditional, if I can apply that description to something so cutting edge, QKD deployment would invalidate the entire current blockchain if a threat actor were to attempt to tamper with it, rather than just invalidating future blocks of the tampered with chain. What the new concept suggests is a system whereby threat actors wouldn't be able to access previous photons in an attempt at tampering, as they would no longer exist. "They can at best try to tamper with the last remaining photon" the paper states "which would invalidate the full state."
研究人員Del Rajan和Matt Visser在他們的論文《Quantum Blockchain using entanglement in time》中提出了量子區塊鏈的概念性設計來解決這個威脅。這個想法是採用光子在空間中的糾纏,正如前面提到的量子密鑰分配系統所使用的那樣,但是要通過利用光子糾纏及時編碼區塊鏈來推進。傳統的方法是,如果我能將該描述應用到前沿技術上,那麼一旦威脅行為者試圖篡改,量子密鑰分配部署將使當前的整個區塊鏈失效,而非被篡改鏈的未來塊失效。這個新概念所暗示的是一個系統,在這個系統中,威脅行為者將無法訪問先前的光子,以試圖篡改它們,因為它們將不復存在。「他們充其量只能試圖篡改最後的剩餘光子,」論文稱,「這將使整個區塊鏈失效。」
Even if you don't buy the hyperbole of describing the resulting decentralized quantum blockchain in the paper as a "quantum networked time machine" there's no doubt it's an interesting theory on how quantum methodologies may be applied to existing technologies. At the very least, it should give the switched on CISO some serious food for thought. After all, with the likes of Google, IBM and Microsoft investing heavily in research, a cryptographically efficient and commercially available quantum machine could be less than 20 years away. Possibly a lot less given how quickly that research is progressing.
即使你不相信這篇論文中把分散的量子區塊鏈描述為「量子網絡時間機器」這種誇張說法,但毫無疑問的是,這是一個關於量子方法如何應用於現有技術的有趣理論。至少,它應該給首席信息安全官的人帶來一些嚴肅的思考。畢竟,在谷歌、IBM和微軟等公司大舉投資於研究的情況下,要想研製出一種高效的、商用的加密量子機器,可能還需要不到20年的時間。考慮到這項研究進展的速度之快,可能所花時間會更短。
To borrow from Schrodinger, currently quantum computing is both a threat and a cybersecurity opportunity simultaneously. The time for the CISO to 'open the box' and start planning for a quantum-resilient security posture is now...
借用薛丁格的話說,目前量子計算既是一種威脅,同時也是一個網絡安全機遇。現在是時候讓首席信息安全官們「打開盒子」了,開始為量子彈性安全態勢做準備……
註:原標題為「薛丁格的加密:關於量子網絡安全,首席信息安全官需要知道的所有」
End
本文首發於微信公眾號:數據觀。文章內容屬作者個人觀點,不代表和訊網立場。投資者據此操作,風險請自擔。
(責任編輯:季麗亞 HN003)