Schrodinger's Encryption: What The CISO Needs To Know About Quantum Cybersecurity
There's a brilliant Dilbert cartoon where the pointy-haired boss asks Wally how his quantum computer project is doing and whether he can observe it, to which Wally replies 'that's a tricky question.' The pointy-haired boss could just as easily have been asking about quantum key distribution (QKD) and the answer would have been the same.
Cybersecurity is constantly evolving, and the role of the Chief Information Security Officer (CISO) has to evolve in parallel. The job description for most CISO positions doesn't currently require a physics degree, but could that all be about to change? Quantum cybersecurity is already becoming a thing, and the CISO needs to get a handle on the quantum threats and opportunities of tomorrow made possible by the paradox of Schrodinger's cat.
That paradox, devised by the Austrian physicist Erwin Schrodinger in 1935 and grotesquely simplified by me in 2018, says that if a cat and a device that could or could not kill the cat with equal probability are locked in a box you wouldn't know if the cat were dead or alive until you opened it. The cat is, therefore, both dead and alive simultaneously while the box remains sealed. It is in two states at the same time, and that's where the quantum cryptography bit kicks in: it's all about superposition, the ability of a photon in the case of QKD, which uses an optical channel, to exist in two states simultaneously. Until, that is, you observe it as this act of measuring the state removes the superposition ambiguity. In other words, the very act of observing effectively changes the state of the quantum particle. If that weren't mind-boggling enough, there's also entanglement to take into consideration.
Einstein infamously brushed off the idea of quantum entanglement as being "spooky action at a distance." However, Einstein was wrong for a change and it turns out that the state of entangled quantum particles can be thought of as an inseparably connected whole: observe one and you observe the other, no matter how far apart they might be. Throw this pair of quantum concepts into the QKD mix and you have the ability to securely distribute cryptography keys. Or, rather, you have the ability to know if that transmission is being monitored and so no longer secure. This remains true whether the threat actor were to hack into the QKD channel or to replicate it, the act of observation will result in no key being created.
QKD systems are already up and running, both in research labs and to a limited degree in commercial applications, yet it's all too easy to get caught up in the fantastical physics at play here and forget about all those things that don't require a brain the size of a watermelon. A good cybersecurity practitioner, like a 'good' cybercriminal, knows that the security basics are where the biggest gains are to be found. So, in the case of a QKD-protected network, you need to look further than the optical fibers which are transmitting the key data.
Instead, think about potential weak points such as optical fiber termination points and the switches and connections that follow. As well as the human factor of course, given how susceptible to social engineering most of us can be. I'm less worried about the distributed keys themselves being susceptible to brute-forcing to be honest. As long as the block size is big enough, AES with a 256-bit key for example, then breaking that key would be beyond the realm of current technology. Wikipedia suggests that assuming the threat actor had access to fifty supercomputers capable of checking a billion billion keys per second, then it would take approximately three times 10 to the power of 51 years to exhaust the AES-256 key space. That's roughly three sextillion years, or three followed by 21 zeros if you prefer.
相反地，要考虑一些潜在的弱点，比如光纤终止点以及接下来的交换器和连接等。当然还有人为因素，因为大多数人都容易受到社会工程的影响。老实说，我并不担心分布式密钥本身会受到强制执行的影响。只要块的大小足够大，例如，AES(高级加密标准，英语:Advanced Encryption Standard，缩写:AES)有一个256位的密钥，那么要打破这个密钥就超出了当前技术的范围。维基百科认为，假设威胁行动者能够访问50台每秒能检查10亿个密钥的超级计算机，那么耗尽AES的256密钥空间大约需要3乘以10的51次方年的时间。大概是30万亿亿年，3的后面跟了21个0。
Of course, as the National Institute of Standards and Technology (NIST) Report on Post-Quantum Cryptography pointed out in 2016 "In recent years, there has been a substantial amount of research on quantum computers - machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use." This is more likely to be the case with regards to public-key cryptography thanks to Peter Shor.
A professor of applied mathematics at MIT, Shor produced his algorithm back in 1994 to more efficiently calculate the prime factors of a large number. Couple this algorithm with a large enough quantum computer and public-key cryptography could easily be quantum-breakable. Symmetrical encryption algorithms such as AES, however, are thought to be quantum-resilient as they do not rely upon integer factorization to work. While Shor's algorithm wouldn't impact AES, Grover's might do when it comes to AES-128. Grover's algorithm reduces the amount of time taken to brute-force a symmetric cipher, but it's generally accepted that doubling the minimum recommended key size from 128-bit to 256-bit would be sufficient to secure AES against a quantum computer attack.
Then there are the researchers from the Victoria University of Wellington in New Zealand who think they may have found a way to create a quantum blockchain. Best known for helping Bitcoin to spearhead the cryptocurrency revolution, blockchain technology is also being applied to everything from distributed cloud storage to voter authentication and plenty more besides. All of which are threatened by quantum computing that could, in theory, unlock the encryption that holds the decentralized and transparent ledger at the heart of blockchain together.
新西兰惠灵顿维多利亚大学(Victoria University of Wellington)的研究人员认为，他们可能已经找到了创建量子区块链的方法。区块链技术以帮助比特币引领加密货币革命而闻名，现在也被应用于分布式云存储、投票人身份验证等诸多领域。所有这些都受到量子计算的威胁，从理论上讲，量子计算可以解码加密数据，将分散透明的分类帐集中在区块链中心。
In their paper Quantum Blockchain using entanglement in time the researchers, Del Rajan and Matt Visser, propose a conceptual design for a quantum blockchain to resolve this threat. The idea is to take the notion of photon entanglement in space, as used by the QKD systems mentioned previously, but advance this by using entanglement in time to encode the blockchain. A traditional, if I can apply that description to something so cutting edge, QKD deployment would invalidate the entire current blockchain if a threat actor were to attempt to tamper with it, rather than just invalidating future blocks of the tampered with chain. What the new concept suggests is a system whereby threat actors wouldn't be able to access previous photons in an attempt at tampering, as they would no longer exist. "They can at best try to tamper with the last remaining photon" the paper states "which would invalidate the full state."
研究人员Del Rajan和Matt Visser在他们的论文《Quantum Blockchain using entanglement in time》中提出了量子区块链的概念性设计来解决这个威胁。这个想法是采用光子在空间中的纠缠，正如前面提到的量子密钥分配系统所使用的那样，但是要通过利用光子纠缠及时编码区块链来推进。传统的方法是，如果我能将该描述应用到前沿技术上，那么一旦威胁行为者试图篡改，量子密钥分配部署将使当前的整个区块链失效，而非被篡改链的未来块失效。这个新概念所暗示的是一个系统，在这个系统中，威胁行为者将无法访问先前的光子，以试图篡改它们，因为它们将不复存在。“他们充其量只能试图篡改最后的剩余光子，”论文称，“这将使整个区块链失效。”
Even if you don't buy the hyperbole of describing the resulting decentralized quantum blockchain in the paper as a "quantum networked time machine" there's no doubt it's an interesting theory on how quantum methodologies may be applied to existing technologies. At the very least, it should give the switched on CISO some serious food for thought. After all, with the likes of Google, IBM and Microsoft investing heavily in research, a cryptographically efficient and commercially available quantum machine could be less than 20 years away. Possibly a lot less given how quickly that research is progressing.
To borrow from Schrodinger, currently quantum computing is both a threat and a cybersecurity opportunity simultaneously. The time for the CISO to 'open the box' and start planning for a quantum-resilient security posture is now...