The National Institute of Science and Technology (NIST) says that public-key encryption, digital signatures, and secure key exchange “are the heart and blood” of digital identity and trust. These support numerous online applications and services critical to our economy, safety, and way of life.
美国国家科学技术研究院表示公钥加密,数字签名和安全密钥交换是数字认证和信任的“心脏和血液”。这表明众多网络应用和服务对我们经济,安全和生活方式的重要性。
Public-key cryptography performs two essential functions:
公钥加密存在两个重要功能:
- Establishment of an agreed, shared cryptographic key to secure online communications.
建立一个商定的共享加密密钥,以确保在线通信的安全 - Implementation of digital signatures to validate the identity of communicating parties, building, thus, trust over an open network.
实现数字签名来认证加密方的身份,组织由此建立开放网络间的信任。
The strength of today’s cryptographic algorithms relies on the difficulty of solving the mathematical problems of integer factorization and calculating discrete logarithms. These problems have been extensively studied for decades, and when properly configured, provide long-term security against traditional computers.
现在加密算法的优势依赖于解决整数因子化和计算离散对数数学问题的困难性。这些问题被研究了数十年,并在妥善配置后,在与传统计算机对抗的过程中保证了长期安全。
The quantum threat to cryptography
对密码学的量子威胁
However, researchers have demonstrated that large, general-purpose quantum computers can exploit the quantum mechanical phenomena. Meaning, they will solve mathematical problems computationally infeasible for today’s conventional computers.
然而,研究人员已经证明,大型通用量子计算机可以利用量子机械现象。这意味着,他们将解决对于现在的传统计算机而言无法解决的数学问题。
When large-scale quantum computers become mainstream, many of the existing public-key cryptographic algorithms will become obsolete. Broken cryptography can result in unauthorized access to sensitive information, lack of control over connected devices, and potentially overthrowing the global status quo.
当大型量子计算机成为主流,许多现存的公钥加密算法将过时。密码学的中断将导致对敏感信息的未授权访问,失去对连接设备的控制以及可能颠覆全球现状。
In contrast with public-key encryption, the good news is that quantum computers do not significantly impact the security of symmetric cryptography. Existing symmetric algorithms – such as AES – can continue to be used with suitable key sizes. The following table, taken from NIST IR 8105 “Report on Post-Quantum Cryptography,” summarizes the impact of quantum computing on public-key and symmetric cryptography.
与公钥加密相比,好消息是量子计算机不会对对称加密的安全性产生重大影响。现有的对称算法 (如 AES) 可以继续使用合适的密钥大小。下表取自NIST IR 8105"量子后密码学报告",总结了量子计算对公钥和对称密码学的影响。
What is quantum-safe cryptography?
何为量子安全加密?
NIST defines the goal of quantum-safe cryptography as the development of “cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks.”
NIST将量子安全加密的目标定义为开发"对量子计算机和经典计算机都安全且可与现有通信协议和网络互操作的加密系统"。
In 2017, NIST launched a competition to design, analyze and choose a set of quantum-safe algorithms for public-key cryptography. The contest is known as the Post Quantum Cryptography (PQC) Standardization Challenge. The contest states that selected quantum-safe public-key cryptography standards will specify an additional digital signature, public-key encryption, and key-establishment algorithms to augment the following publications and standards:
2017 年,NIST 发起了一项竞赛,旨在设计、分析和选择一套用于公钥加密的量子安全算法。本次比赛被称为后量子密码学(PQC)标准化挑战赛。竞赛指出,选定的量子安全公钥加密标准将指定额外的数字签名、公钥加密和密钥建立算法,以增强以下出版物和标准:
- FIPS 186-4, “Digital Signature Standard (DSS)” .
- NIST SP 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography.”
- NIST SP 800-56B Revision 2, “Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization.”
The quantum-safe competition intends to develop cryptographic algorithms that will protect sensitive information even after the advent of quantum computers. In July 2020, NIST announced candidates for the third round of submissions based on lattices, codes, multivariate polynomials, and hash-based signatures.
量子安全竞赛旨在开发加密算法,即使在量子计算机出现之后,该算法也会保护敏感信息。2020 年 7 月,NIST 宣布了基于格密码、代码、多变体多面体和基于哈希的签名的第三轮提交候选人。
-
Lattice-based cryptography is the foundation of applications such as fully homomorphic encryption, code obfuscation, and attribute-based encryption. Lattice-based cryptography relies on solving lattice problems in linear algebra, which are more complex and time-consuming than factoring prime numbers.
基于莱迪思的加密技术是完全同质加密、代码混淆和基于属性的加密等应用的基础。基于莱迪思的加密技术依赖于解决线性代数中的格子问题,这比考虑质数更复杂、更耗时。 -
Code-based cryptography is based on the McEliece cryptosystem, first proposed in 1978, and has not been broken since.
基于代码的加密基于McEliece 加密系统,该加密系统于 1978 年首次提出,此后一直没有被破坏。 -
Multivariate polynomial cryptography relies on the difficulty of solving systems of multivariate polynomials over finite fields and has been proved to be a successful approach to digital signatures.
多变异多名制加密依赖于在有限字段上解决多变体多名词系统的困难,并已被证明是数字签名的成功方法. -
Hash-based signatures are developed using hash functions and leveraging pseudorandom hashing strong enough to resist sophisticated attacks.
基于哈希的签名使用哈希功能开发,并利用伪多功能哈希足够强大,足以抵御复杂的攻击。
What quantum-safe cryptography is not
量子安全密码学不是
Quantum-safe encryption is implemented mostly the same way current public-key cryptography is implemented. However, there will not be a “one-size-fits-all” algorithm, like RSA or ECC.
量子安全加密的实现方式与当前公钥加密的实现方式大体相同。但是,不会有"一刀切"算法,如 RSA 或 ECC。
Why? Because post-quantum algorithms are based on different areas of mathematics and have distinct properties, features, and advantages.
为什么?因为量子后算法基于数学的不同领域,具有独特的特性、特征和优势。
For this reason, there is a large variation in performance characteristics between different algorithms. Some algorithms will be more suited to some use-cases than others. Let’s also consider the ever-expanding requirements for cryptography, including the proliferation of constrained connected IoT devices. It will seem unlikely there will be a single algorithm suitable for all applications.
因此,不同算法之间的性能特征存在较大差异。有些算法将比其他算法更适合某些用例。让我们也考虑加密技术的不断扩大的需求,包括受限互联物联网设备的激增。似乎不太可能有适合所有应用程序的单一算法。
Another reason for developing algorithms from multiple areas of mathematics is resilience. If someone finds a vulnerability in one algorithm, it will not threaten the whole post-quantum cryptography ecosystem. Developers can even use a combination of algorithms to create stronger public-keys using hybrid cryptographic approaches.
从数学的多个领域开发算法的另一个原因是复原力。如果有人在一个算法中发现漏洞,它不会威胁整个量子后密码学生态系统。开发人员甚至可以使用算法组合,使用混合加密方法创建更强大的公钥。
Why it is essential to prioritize crypto-agility
为什么必须优先考虑加密敏捷性
What should organizations do until quantum-safe cryptographic algorithms are standardized? The answer is crypto-agility.
在量子安全加密算法标准化之前,组织应该怎么做?答案是加密敏捷性。
The UK’s National Cyber Security Centre (NCSC) states that:
英国国家密码中心指出
“Organizations that manage their own cryptographic infrastructure should factor quantum-safe transition into their long-term plans and conduct investigatory work to identify which of their systems will be high priority for transition.”
管理自身加密基础设施的组织应将量子安全过渡纳入其长期计划,并开展调查工作,以确定哪些系统将是过渡的重中之重。
At the same time, the European Telecommunications Standards Institute (ETSI) has developed a report that detail steps organizations should take to enable a smooth migration to a quantum-safe cryptographic state.
与此同时,欧洲电信标准研究所(ETSI)编写了一份报告,详细说明了组织应采取的步骤,以便顺利迁移到量子安全加密状态。
“What we lay out in the migration report is getting the role of cryptography and the depth of its integration in a business better understood. We need to increase cryptography awareness so that people send out encrypted data keeping in mind that it may be commercially sensitive years later when attacks are possible. This helps counter harvesting attacks,” says Scott Cadzow, the Rapporteur of the Technical Report in the ETSI QSC group.
我们在迁移报告中阐述的内容是让加密技术的作用及其在企业中的集成深度得到更好的理解。我们需要提高加密意识,以便人们发送加密数据,记住,当攻击可能发生时,它可能在多年后对商业敏感。这有助于反击收获攻击,"ETSI QSC 小组技术报告员斯科特·卡佐夫说。
There are many approaches to deploying post-quantum cryptography while ensuring crypto-agility. For example, enhanced X.509 digital certificates simultaneously contain two sets of public-keys and signatures, traditional and quantum-safe. These enhanced certificates are compliant with industry standards and enable enterprises to gradually transition their infrastructures and systems to a quantum-safe state while maintaining backward compatibility with legacy systems.
有许多方法可以部署后量子密码学,同时确保加密敏捷性。例如,增强型X.509 数字证书同时包含两套公钥和签名,即传统和量子安全。这些增强的证书符合行业标准,使企业能够逐步将其基础设施和系统过渡到量子安全状态,同时保持与旧系统的落后兼容性。
The goal is to reap the benefits of quantum-safe technology without compromising data and system security. The NIST National Cybersecurity Center of Excellence (NCCoE) recommends several practices “to ease the migration from the current set of public-key cryptographic algorithms to replacement algorithms that are resistant to quantum computer-based attacks.”
目标是在不影响数据和系统安全的情况下,从量子安全技术中获益。NIST 国家网络安全卓越中心 (NCCOE)建议采用多种做法,"以缓解从当前一组公钥加密算法迁移到对量子计算机攻击具有抵抗力的替换算法的迁移。
A proactive approach to planning and preparing for the post-quantum era is needed to establish and enforce crypto-agile solutions. Teams must be ready to mitigate the threat of quantum computers and safeguard their sensitive corporate data and encryption keys and algorithms.
需要积极主动地规划和准备后量子时代,以建立和执行加密敏捷解决方案。团队必须准备好减轻量子计算机的威胁,并保护其敏感的公司数据、加密密钥和算法。
473
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
