薛定谔的加密：关于量子网络安全，首席信息安全官需要知道的所有

Schrodinger's Encryption: What The CISO Needs To Know About Quantum Cybersecurity

薛定谔的加密:

关于量子网络安全，首席信息安全官需要知道的所有

编译：数据观|黄玉叶

There's a brilliant Dilbert cartoon where the pointy-haired boss asks Wally how his quantum computer project is doing and whether he can observe it, to which Wally replies 'that's a tricky question.' The pointy-haired boss could just as easily have been asking about quantum key distribution (QKD) and the answer would have been the same.

在超赞的《呆伯特》(Dilbert)系列漫画中，尖发造型的老板曾询问沃利关于量子计算项目的进展并要求查看，沃利回答：“这是个棘手的问题(你是来搞笑的吗?)”这位尖发老板也许还会问关于量子密钥分配(QKD)的问题，但答案是一样的。

Cybersecurity is constantly evolving, and the role of the Chief Information Security Officer (CISO) has to evolve in parallel. The job description for most CISO positions doesn't currently require a physics degree, but could that all be about to change? Quantum cybersecurity is already becoming a thing, and the CISO needs to get a handle on the quantum threats and opportunities of tomorrow made possible by the paradox of Schrodinger's cat.

　　网络安全处在不断进化的过程中，因而首席信息安全官(CISO)的角色必须同步进化。大多数CISO的职位描述目前没有对物理学位作要求，但这一现状会改变吗?量子网络安全已然成型，而CISO则需要驾驭由“薛定谔的猫”悖论所带来的未来量子 威胁 和 机遇 。

That paradox, devised by the Austrian physicist Erwin Schrodinger in 1935 and grotesquely simplified by me in 2018, says that if a cat and a device that could or could not kill the cat with equal probability are locked in a box you wouldn't know if the cat were dead or alive until you opened it. The cat is, therefore, both dead and alive simultaneously while the box remains sealed. It is in two states at the same time, and that's where the quantum cryptography bit kicks in: it's all about superposition, the ability of a photon in the case of QKD, which uses an optical channel, to exist in two states simultaneously. Until, that is, you observe it as this act of measuring the state removes the superposition ambiguity. In other words, the very act of observing effectively changes the state of the quantum particle. If that weren't mind-boggling enough, there's also entanglement to take into consideration.

　　这个悖论由奥地利物理学家埃尔温·薛定谔(Erwin Schrodinger)在1935年提出，本文作者在2018年对其进行了简化： 如果将一只猫和一个杀死猫的装置(能与不能杀死猫的概率皆为50%)锁在同个盒子里，你是不会知道猫的死活的，直到打开盒子。因此，在盒子密封的情况下，这只猫同时存在于死和活的状态。 同一时间下同处于两种状态，这就是量子密码学的切入点： 叠加——一种光子在量子密钥分配的情况下，利用光通道以两种状态同时存在的能力。 也就是说，“观测”——这种衡量状态的行为，消除了叠加不确定性。换句话说，观测的行为能有效地改变量子粒子的状态。如果这还不够让人难以置信的话，还要考虑到 量子纠缠 问题。

Einstein infamously brushed off the idea of quantum entanglement as being "spooky action at a distance." However, Einstein was wrong for a change and it turns out that the state of entangled quantum particles can be thought of as an inseparably connected whole: observe one and you observe the other, no matter how far apart they might be. Throw this pair of quantum concepts into the QKD mix and you have the ability to securely distribute cryptography keys. Or, rather, you have the ability to know if that transmission is being monitored and so no longer secure. This remains true whether the threat actor were to hack into the QKD channel or to replicate it, the act of observation will result in no key being created.

　　爱因斯坦对 量子纠缠 这个概念不屑一顾，认为它是“ 一种远距离的幽灵行为 ”。然而，爱因斯坦的想法是错误的，分别观测纠缠量子的二者，不管它们相距有多远，结果都证明纠缠量子粒子的状态可以被认为是一个不可分离的整体。将概念上“一对”的纠缠量子放入量子密钥分配组合中，你就能安全地分发加密密钥。或者，更确切地说，你就知道了传输是否因监视变得不安全。不管威胁行动者是侵入量子密钥分配频道还是复制它，观测的行为都不会产生密钥。

QKD systems are already up and running, both in research labs and to a limited degree in commercial applications, yet it's all too easy to get caught up in the fantastical physics at play here and forget about all those things that don't require a brain the size of a watermelon. A good cybersecurity practitioner, like a 'good' cybercriminal, knows that the security basics are where the biggest gains are to be found. So, in the case of a QKD-protected network, you need to look further than the optical fibers which are transmitting the key data.

目前，量子密钥分发系统已经启动并运行，无论在实验室还是在有限的商业应用中，它仍然容易陷入臆想物理的状态，从而忘记那些根本不需要西瓜大小的大脑。一个优秀的网络安全从业者，就像一个“优秀的”黑客一样，知道安全基础是最大的收益所在。所以，在量子密钥分配保护的网络中，你的前瞻要比传输关键数据的光纤更远才行。

Instead, think about potential weak points such as optical fiber termination points and the switches and connections that follow. As well as the human factor of course, given how susceptible to social engineering most of us can be. I'm less worried about the distributed keys themselves being susceptible to brute-forcing to be honest. As long as the block size is big enough, AES with a 256-bit key for example, then breaking that key would be beyond the realm of current technology. Wikipedia suggests that assuming the threat actor had access to fifty supercomputers capable of checking a billion billion keys per second, then it would take approximately three times 10 to the power of 51 years to exhaust the AES-256 key space. That's roughly three sextillion years, or three followed by 21 zeros if you prefer.

相反地，要考虑一些潜在的弱点，比如光纤终止点以及接下来的交换器和连接等。当然还有人为因素，因为大多数人都容易受到社会工程的影响。老实说，我并不担心分布式密钥本身会受到强制执行的影响。只要块的大小足够大，例如，AES(高级加密标准，英语:Advanced Encryption Standard，缩写:AES)有一个256位的密钥，那么要打破这个密钥就超出了当前技术的范围。维基百科认为，假设威胁行动者能够访问50台每秒能检查10亿个密钥的超级计算机，那么耗尽AES的256密钥空间大约需要3乘以10的51次方年的时间。大概是30万亿亿年，3的后面跟了21个0。

Of course, as the National Institute of Standards and Technology (NIST) Report on Post-Quantum Cryptography pointed out in 2016 "In recent years, there has been a substantial amount of research on quantum computers - machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use." This is more likely to be the case with regards to public-key cryptography thanks to Peter Shor.

　　当然，2016年国家标准与技术研究所(NIST)后量子密码报告曾指出，“近年来，已经有大量研究致力于 量子计算机——一种利用量子力学现象来解决传统计算机难以解决的数学问题的机器。 如果大规模的量子计算机被制造出来，他们将足以破解当前正在使用的多数公钥加密系统。”在公钥加密方面这种情况则更有可能发生，这都多亏了Peter Shor(美国科学家，曾提出了 量子分解算法 ，是迄今量子计算领域最著名的算法)。

A professor of applied mathematics at MIT, Shor produced his algorithm back in 1994 to more efficiently calculate the prime factors of a large number. Couple this algorithm with a large enough quantum computer and public-key cryptography could easily be quantum-breakable. Symmetrical encryption algorithms such as AES, however, are thought to be quantum-resilient as they do not rely upon integer factorization to work. While Shor's algorithm wouldn't impact AES, Grover's might do when it comes to AES-128. Grover's algorithm reduces the amount of time taken to brute-force a symmetric cipher, but it's generally accepted that doubling the minimum recommended key size from 128-bit to 256-bit would be sufficient to secure AES against a quantum computer attack.

　　Shor是麻省理工学院应用数学教授，他在1994年提出了一种算法，以更有效地计算大量的质数因子。将这种算法与足够大的量子计算机和公钥加密相结合可以轻而易举地实现量子突破。然而， 像AES这样的对称加密算法，被认为具有量子弹性，因为它们不依赖于因数分解来工作。 虽然Shor的算法不会影响AES，但Grover算法在AES-128中可能有效。Grover算法大大减少了强制执行对称密码所需的时间，但人们普遍认为，将最小推荐密钥大小从128位翻倍增至256位就足以保证AES免受量子计算机的攻击。

Then there are the researchers from the Victoria University of Wellington in New Zealand who think they may have found a way to create a quantum blockchain. Best known for helping Bitcoin to spearhead the cryptocurrency revolution, blockchain technology is also being applied to everything from distributed cloud storage to voter authentication and plenty more besides. All of which are threatened by quantum computing that could, in theory, unlock the encryption that holds the decentralized and transparent ledger at the heart of blockchain together.

　　新西兰惠灵顿维多利亚大学(Victoria University of Wellington)的研究人员认为，他们可能已经找到了创建 量子区块链 的方法。区块链技术以帮助比特币引领加密货币革命而闻名，现在也被应用于分布式云存储、投票人身份验证等诸多领域。所有这些都受到量子计算的威胁，从理论上讲， 量子计算可以解码加密数据，将分散透明的分类帐集中在区块链中心。

In their paper Quantum Blockchain using entanglement in time the researchers, Del Rajan and Matt Visser, propose a conceptual design for a quantum blockchain to resolve this threat. The idea is to take the notion of photon entanglement in space, as used by the QKD systems mentioned previously, but advance this by using entanglement in time to encode the blockchain. A traditional, if I can apply that description to something so cutting edge, QKD deployment would invalidate the entire current blockchain if a threat actor were to attempt to tamper with it, rather than just invalidating future blocks of the tampered with chain. What the new concept suggests is a system whereby threat actors wouldn't be able to access previous photons in an attempt at tampering, as they would no longer exist. "They can at best try to tamper with the last remaining photon" the paper states "which would invalidate the full state."

　　研究人员Del Rajan和Matt Visser在他们的论文《 Quantum Blockchain using entanglement in time 》中提出了量子区块链的概念性设计来解决这个威胁。这个想法是采用光子在空间中的纠缠，正如前面提到的量子密钥分配系统所使用的那样，但是要通过利用光子纠缠及时编码区块链来推进。传统的方法是，如果我能将该描述应用到前沿技术上，那么 一旦威胁行为者试图篡改，量子密钥分配部署将使当前的整个区块链失效，而非被篡改链的未来块失效。 这个新概念所暗示的是一个系统，在这个系统中，威胁行为者将无法访问先前的光子，以试图篡改它们，因为它们将不复存在。“他们充其量只能试图篡改最后的剩余光子，”论文称，“这将使整个区块链失效。”

Even if you don't buy the hyperbole of describing the resulting decentralized quantum blockchain in the paper as a "quantum networked time machine" there's no doubt it's an interesting theory on how quantum methodologies may be applied to existing technologies. At the very least, it should give the switched on CISO some serious food for thought. After all, with the likes of Google, IBM and Microsoft investing heavily in research, a cryptographically efficient and commercially available quantum machine could be less than 20 years away. Possibly a lot less given how quickly that research is progressing.

　　即使你不相信这篇论文中把分散的量子区块链描述为“ 量子网络时间机器 ”这种夸张说法，但毫无疑问的是，这是一个关于量子方法如何应用于现有技术的有趣理论。至少，它应该给首席信息安全官的人带来一些严肃的思考。毕竟，在谷歌、IBM和微软等公司大举投资于研究的情况下，要想研制出一种高效的、商用的加密量子机器，可能还需要不到20年的时间。考虑到这项研究进展的速度之快，可能所花时间会更短。

To borrow from Schrodinger, currently quantum computing is both a threat and a cybersecurity opportunity simultaneously. The time for the CISO to 'open the box' and start planning for a quantum-resilient security posture is now...

　　借用薛定谔的话说， 目前量子计算既是一种威胁，同时也是一个网络安全机遇。 现在是时候让首席信息安全官们“打开盒子”了，开始为量子弹性安全态势做准备……

责任编辑：黄玉叶