HTTPS yolimba komanso yotetezeka ya quantum-safe

Koloko Ikuyenda Pakubisa Kwa Masiku Ano - Ndipo Mabizinesi Ambiri Alibe Lingaliro

Nthawi iliyonse kasitomala akatumiza ndalama, kusaina mu dashboard, kapena kutumiza uthenga kudzera papulatifomu yanu, HTTPS imayang'anira mwakachetechete datayo pogwiritsa ntchito ma cryptographic algorithms omwe akhala olimba kwazaka zambiri. Koma kusintha kwa chivomezi kuli mkati. Makompyuta a Quantum - makina omwe amagwiritsa ntchito sayansi yachilendo ya superposition and entanglement - akuyandikira mwachangu kutha kuphwanya maziko a masamu a RSA, ECDSA, ndi Diffie-Hellman key exchange. Chiwopsezochi sichabodzanso. Mu 2024, NIST inamaliza mfundo zake zitatu zoyambirira za post-quantum cryptography (PQC). Google, Cloudflare, ndi Apple ayamba kale kuyika ma algorithms osagwirizana ndi kuchuluka pakupanga. Pabizinesi iliyonse yomwe imatumiza zidziwitso zachinsinsi pa intaneti - yomwe ndi bizinesi iliyonse - kumvetsetsa HTTPS yotetezeka kwambiri sikulinso kosankha. Ndikofunikira kuti mugwiritse ntchito.

Chifukwa Chake HTTPS Yamakono Idzasweka Pakuukira kwa Quantum

Lero HTTPS imadalira TLS (Transport Layer Security), yomwe imagwiritsa ntchito asymmetric cryptography panthawi yakugwirana chanza kuti ikhazikitse chinsinsi chogawana pakati pa kasitomala ndi seva. Chitetezo cha kugwirana chanzaku chimadalira pamavuto a masamu omwe makompyuta akale sangathe kuwathetsa bwino: factoring large integers (RSA) kapena computing discrete logarithms on elliptic curves (ECDH). Kompyuta yamphamvu yokwanira yogwiritsira ntchito Shor's aligorivimu imatha kuthetsa zonse mu nthawi ya polynomial, kuchepetsa zomwe zingatenge kompyuta yapamwamba kwambiri zaka mamiliyoni ambiri kukhala maola kapena mphindi chabe.

Chochititsa mantha kwambiri ndi njira ya "kukolola tsopano, decrypt later" yomwe ikugwiritsidwa ntchito kale ndi ochita masewera a dziko. Adani akulemba ma encrypted traffic lero ndicholinga choti asinthe makompyuta akadzakula. Zolemba zachuma, deta yazaumoyo, nzeru, mauthenga aboma - chilichonse chomwe chimagwidwa paulendo tsopano chimakhala pachiwopsezo chobwereranso. Bungwe la National Security Agency lachenjeza kuti chiwopsezochi chikufikira ku data iliyonse yomwe iyenera kukhala yachinsinsi kwa zaka zoposa 10, zomwe zimaphatikizapo zambiri zokhudzana ndi bizinesi.

Kuyerekezera kumasiyana nthawi yomwe kompyuta yolumikizidwa yolumikizidwa ndi cryptographically (CRQC) ifika. IBM's roadmap targets 100,000+ qubits pofika 2033. Google inawonetsa quantum error correctness ndi chip chake cha Willow kumapeto kwa 2024. Ngakhale CRQC yomwe imatha kuswa 2048-bit RSA ikhoza kukhala zaka 10-15, kusamuka kupita ku quantum-protocol kuyenera kuyamba tsopano kuti amalize ntchito zonse zapadziko lonse lapansi.

Miyezo Yatsopano: ML-KEM, ML-DSA, ndi SLH-DSA

Pambuyo pa zaka zisanu ndi zitatu zowunikira zomwe zikukhudza zomwe anthu amalemba padziko lonse lapansi, NIST idasindikiza mfundo zitatu za post-quantum cryptographic mu Ogasiti 2024. Ma aligorivimuwa adapangidwa kuti azilimbana ndi ziwopsezo zochokera ku makompyuta amtundu uliwonse komanso akale, kuonetsetsa chitetezo chanthawi yayitali mosasamala kanthu kuti hardware ya quantum ikupita patsogolo mwachangu bwanji.

ML-KEM (Module-Lattice-Based Key Encapsulation Mechanism, yomwe kale inali CRYSTALS-Kyber) imayang'anira gawo lalikulu la kusinthana kwa TLS. Imalowa m'malo mwa ECDH pogwiritsa ntchito kuuma kwa masamu a zovuta za lattice, zomwe zimakhalabe zovuta ngakhale pamakompyuta a quantum. ML-KEM ndiyothandiza modabwitsa - makulidwe ake makiyi ndi akulu kuposa ECDH (pafupifupi 1,568 byte ya ML-KEM-768 motsutsana ndi 32 byte pa X25519), koma kuwerengera kwake kumakhala kochepa, nthawi zambiri kumakhala kothamanga kuposa ma curve achikhalidwe.

ML-DSA (Module-Lattice-Based Digital Signature Algorithm, yomwe kale inali CRYSTALS-Dilithium) ndi SLH-DSA (Stateless Hash-Based Digital Signature Algorithm, yomwe kale inali SPHINCS+) kutsimikizira adiresi - kutsimikizira kuti seva yomwe mukudzinenera kuti ikugwirizana nayo. ML-DSA imapereka siginecha zophatikizika zoyenera kugwiritsa ntchito nthawi zambiri, pomwe SLH-DSA imapereka kubweza kokhazikika kutengera magwiridwe antchito a hashi, kupereka chitetezo mozama ngati malingaliro ozikidwa pa lattice afooketsedwa.

Hybrid Mode: Njira ya Pragmatic kupita ku Quantum Safety

Palibe injiniya wodzitetezera yemwe akuganiza zosintha zinthu usiku wonse. M'malo mwake, makampaniwa adalumikizana panjira yosakanizidwayomwe imagwirizanitsa ndondomeko yachikale ndi ndondomeko ya post-quantum algorithm pakugwirana chanza kulikonse kwa TLS. Ngati post-quantum algorithm ikuwoneka kuti ili ndi chiwopsezo chosadziwika, algorithm yachikale imatetezabe kulumikizana. Ngati kompyuta ya quantum iphwanya algorithm yachikale, algorithm ya post-quantum imakhala ndi mzere. Mumataya chitetezo ngati zonse zasokonezedwa nthawi imodzi - zomwe sizikuwoneka ngati zakuthambo.

Chrome ndi Firefox zimathandizira kale makiyi a X25519Kyber768 wosakanizidwa mwachisawawa kuyambira koyambirira kwa 2025, kutanthauza kuti mamiliyoni olumikizirana ndi HTTPS tsiku lililonse ali kale otetezedwa ku mbali yofunika yosinthira. Cloudflare inanena kuti kupitilira 35% ya magalimoto ake a TLS 1.3 amagwiritsa ntchito mgwirizano waukulu wa post-quantum. AWS, Microsoft Azure, ndi Google Cloud onse abweretsa njira zotetezeka za TLS pazantchito zawo zoyendetsedwa. Kusinthaku kukuchitika mwachangu kuposa momwe mabizinesi ambiri amaganizira.

Mtengo wakusamuka kupita ku quantum-safe HTTPS imayesedwa ndi maola aumisiri ndi nthawi yoyesera. Mtengo wosasamuka umayesedwa ndi kusagwirizana kokhazikika kwa chinsinsi chilichonse chomwe bizinesi yanu idapereka. Kutumiza kophatikiza kumachotsa kufunikira kosankha pakati pa chitetezo ndi kusamala - mumapeza zonse.

Zowona Zakagwiridwe: Kuchedwa, Bandwidth, ndi Kugwirana Pamanja Kumutu

Chimodzi mwazinthu zodetsa nkhawa kwambiri za post-quantum cryptography chinali kuwonongeka kwa magwiridwe antchito. Makiyi akulu akulu ndi ma signature amatanthauza ma byte ambiri pawaya komanso kugwirana chanza pang'onopang'ono. Kutumiza kwapadziko lonse lapansi kwawonetsa kuti zovutazi zimatha kuthetsedwa, koma siziri zero.

Posinthana makiyi, ML-KEM-768 imawonjezera pafupifupi 1.1 KB pakugwirana chanza kwa TLS poyerekeza ndi X25519 yokha. Mu mtundu wosakanizidwa (X25519 + ML-KEM-768), mutu wonse wowonjezera ndi pafupifupi 1.2 KB. Pamanetiweki amakono, izi zikutanthawuza kuwonjezereka kosalekeza kwa latency - nthawi zambiri pansi pa 1 millisecond pamalumikizidwe a Broadband. Zopanga za Cloudflare sizinawonetse zotsatira zoyezetsa pa nthawi yodzaza masamba kwa ogwiritsa ntchito ambiri. Komabe, pamanetiweki otsekeka (maulumikizidwe a satelayiti, zida za IoT, madera omwe ali ndi bandwidth yochepa), pamwamba pake amatha kuchulukana, makamaka pamene maunyolo a satifiketi alinso ndi siginecha za post-quantum.

Masiginecha otsimikizira amapereka vuto lalikulu. Ma signature a ML-DSA-65 ali pafupifupi 3.3 KB poyerekeza ndi ma byte 64 a ECDSA-P256. Pamene satifiketi iliyonse mu unyolo imakhala ndi siginecha ya post-quantum, unyolo wa satifiketi zitatu ukhoza kuwonjezera 10 KB kapena kupitilira apo kugwirana chanza. Ichi ndichifukwa chake makampaniwa akuwunika njira monga kuponderezedwa kwa satifiketi, Merkle Tree Certificates, ndi kukhathamiritsa kwa mulingo wa TLS kuti kukula kwa kugwirana chanza kukhale kothandiza. Mabizinesi omwe ali ndi nsanja zokhala ndi ogwiritsa ntchito padziko lonse lapansi - makamaka omwe amathandizira ogwiritsa ntchito mafoni m'misika yomwe ikubwera - akuyenera kufananiza zotsatirazi mosamala.

Zomwe Mabizinesi Ayenera Kuchita Tsopano: Mndandanda Wothandiza Wosamuka

Kusamuka kotetezeka kwa Quantum si chochitika chimodzi koma ndondomeko yapang'onopang'ono. Mabungwe omwe ayamba kuwerengera zomwe amadalira masiku ano adzakhala bwino kwambiri kuposa omwe amadikirira kuti azilamulira. Nayi njira yothandiza yoyambira kusintha:

1. Chitani zinthu zachinsinsi. Dziwani zambiri za dongosolo, ndondomeko, ndi laibulale yomwe imagwiritsa ntchito RSA, ECDSA, ECDH, kapena Diffie-Hellman. Izi zikuphatikiza masinthidwe a TLS, zipata za API, VPNs, kusaina ma code, kubisa kwa database, ndi kuphatikiza kwa chipani chachitatu.
2. Ikani patsogolo potengera kukhudzidwa kwa data komanso moyo wautali. Makina ogwiritsira ntchito ndalama, zolemba zamankhwala, zolemba zamalamulo, kapena zambiri zaumwini zomwe ziyenera kukhala zachinsinsi kwa zaka ziyenera kusamuka kaye. "Kololani tsopano, sinthani nthawi ina" zimapangitsa zinsinsi zakale kukhala zofunika kwambiri.
3. Yambitsani hybrid post-quantum TLS pofikira anthu. Ngati zida zanu zikuyenda kumbuyo kwa Cloudflare, AWS CloudFront, kapena ma CDN ofanana, mutha kukhala kale ndi mwayi wosintha makiyi a quantum-safe. Yambitsani momveka bwino ndikutsimikizira ndi zida monga Qualys SSL Labs kapena pulogalamu yoyeserera ya Open Quantum Safe.
4. Sinthani malaibulale ojambulidwa. Onetsetsani kuti matekinoloje anu akugwiritsa ntchito malaibulale omwe ali ndi ML-KEM ndi ML-DSA — OpenSSL 3.5+, BoringSSL, liboqs, kapena AWS-LC. Tsimikizirani zomasulira zomwe zili ndi zomaliza za NIST, osati zosinthidwa.
5. Kuyesa ngati kugwilizana ndi kubweza kagwiridwe ka ntchito. Kugwirana chanza kwakukulu kumatha kugwirizana bwino ndi mabokosi apakati, ma firewall, ndi zolemetsa zolemetsa zomwe zimalepheretsa kukula kwa mauthenga a TLS ClientHello. Google idakumana ndi izi potulutsa Kyber koyambirira ndipo idayenera kukhazikitsa njira zogwirira ntchito.
6. Khalani njira ya crypto-agility. Pangani machitidwe kuti ma cryptographic algorithms athe kusinthana popanda kulembanso khodi yogwiritsira ntchito. Izi zikutanthawuza kusokoneza machitidwe a crypto kuseri kwa ma interfaces osinthika ndikupewa kusankha kokhazikika.

Kwa nsanja monga Mewayz yomwe imagwiritsa ntchito deta yodziwika bwino yabizinesi m'magawo 207 ophatikizika - kuchokera ku ma CRM rekodi ndi ma invoice kupita ku payroll, HR, ndi analytics - kuchuluka kwa kudalira kwachinsinsi ndikwambiri. Kuyimba kulikonse kwa API pakati pa ma module, ma webhook aliwonse kupita kuzinthu zina, gawo lililonse la ogwiritsa ntchito lomwe lili ndi data yazachuma kapena antchito limayimira malo obisala omwe pamapeto pake amayenera kusintha kukhala miyezo yotetezeka ya quantum. Mapulatifomu okhala ndi zomangira zachitetezo chapakati ali ndi mwayi pano: kukweza gawo lalikulu la TLS ndi malaibulale omwe amagawana nawo achinsinsi amatha kutsitsa chitetezo pama module onse nthawi imodzi, m'malo mofuna kukonzanso gawo ndi gawo.

Mawonekedwe Oyang'anira Akuyenda Bwino

Maboma sakudikirira kuti makompyuta achulukidwe abwere asanawauze zochita. United States 'National Security Memorandum NSM-10 (2022) idatsogolera mabungwe aboma kuti awerengere machitidwe awo a cryptographic ndikupanga mapulani osamukira. Quantum Computing Cybersecurity Preparedness Act imafuna kuti mabungwe aziyika patsogolo kukhazikitsidwa kwa post-quantum cryptography. Maupangiri okonzekera kuchuluka kwa CISA amalimbikitsa mwatsatanetsatane kutumizidwa kwa haibridi kuyambira nthawi yomweyo. European Union's cybersecurity certification framework ikuphatikiza zofunika pambuyo pa kuchuluka, ndipo owongolera zachuma kuphatikiza a Bank for International Settlements awonetsa chiwopsezo pakuwongolera kwawo.

Kwa mabizinesi omwe akugwira ntchito m'mafakitale oyendetsedwa ndi malamulo - zachuma, chisamaliro chaumoyo, makontrakitala aboma, SaaS yochulukirachulukira - nthawi yotsatirira ikukulirakulira. Makampani omwe amatenga HTTPS yotetezeka kwambiri amapewa kuthamangitsidwa pamene maudindo akuwonekera. Chofunika koposa, atha kuwonetsa kwa makasitomala ndi anzawo kuti mawonekedwe awo oteteza deta amayambitsa ziwopsezo zomwe zikubwera, osati zomwe zikuchitika. M'misika yampikisano komwe kukhulupilira kumakhala kosiyanitsa, chitetezo choyang'ana kutsogolochi chimakhala ndi mtengo weniweni wamalonda.

Kupanga Tsogolo Lolimba Kwambiri, Kugwirana Chanza Kumodzi Nthawi Imodzi

Kusintha kupita ku quantum-safe HTTPS ndiye kusamuka kwakukulu kwachinsinsi m'mbiri ya intaneti. Imakhudza seva iliyonse, msakatuli aliyense, pulogalamu iliyonse yam'manja, API iliyonse, ndi chipangizo chilichonse cha IoT chomwe chimalumikizana ndi TLS. Nkhani yabwino ndiyakuti miyezo yamalizidwa, kukhazikitsidwa kukukhwima, ndipo ntchito yopitilira muyeso ikuwoneka yotheka. Njira yosakanizidwa yotumizira imatanthawuza kuti mabizinesi atha kutengera kuchuluka kwa zinthu mochulukirachulukira, osasiya kutsata kapena kuchita chiwopsezo.

Chomwe chimalekanitsa mabungwe omwe aziyenda bwino pakusinthaku kuchokera kwa omwe adzavutike ndi pomwe ayamba. Kuthekera kwa Cryptographic - kuthekera kosintha mawonekedwe anu achitetezo ngati ziwopsezo ndi miyezo ikusintha - iyenera kukhala mfundo yopangira, osati kungoganizira. Kwa nsanja zamabizinesi omwe amayang'anira kuchuluka kwazinthu zonse zogwirira ntchito, kuyambira kulumikizana ndi makasitomala ndi zochitika zachuma kupita ku zolemba za ogwira ntchito ndi mapaipi owunikira, zowerengera zopeza ufuluwu sizingakhale zapamwamba. Tsogolo la quantum sizinthu zakutali. Ndi kusamuka kumene kumayamba ndi kutumizidwa kwina.

Mafunso Ofunsidwa Kawirikawiri

Kodi quantum-safe cryptography ndi chiyani?

Quantum-safe cryptography (yomwe imatchedwanso post-quantum cryptography kapena PQC) imatanthawuza njira zatsopano zachinsinsi zomwe zimapangidwa kuti zikhale zotetezedwa motsutsana ndi makompyuta akale komanso ochulukirapo. Mosiyana ndi miyezo yamakono monga RSA, yomwe imadalira mavuto a masamu omwe makompyuta amatha kuthetsa mosavuta, PQC imachokera ku zovuta zamasamu zomwe amakhulupirira kuti zimakhala zovuta kuti kompyuta iliyonse ithyoke. Kugwiritsa ntchito ma aligorivimuwa kumawonetsetsa kuti malumikizidwe anu a HTTPS azikhala otetezeka mpaka mtsogolo.

Kodi ndiyenera kuda nkhawa liti ndi kabisidwe kanga ka HTTPS?

Chiwopsezo chaposachedwa ndi "kukolola tsopano, kusokoneza pambuyo pake", pomwe adani amaba zidziwitso zobisika masiku ano kuti aswe pambuyo pake pakakhala kompyuta yamphamvu yochuluka. Ngakhale makompyuta akuluakulu a quantum sanapezeke, kusamukira ku miyezo yotetezeka ya quantum kumatenga nthawi. Kuyamba kusintha tsopano ndikofunikira kuti muteteze zinsinsi zanthawi yayitali. Kwa mabizinesi omwe akumanga machitidwe atsopano, Mewayz imapereka ma module opitilira 207 okhudzana ndi chitetezo chamtsogolo pa $19 yokha / mwezi.

Kodi ntchito ya NIST pa quantum-safe cryptography ndi yotani?

Bungwe la National Institute of Standards and Technology (NIST) lakhala likuyendetsa zaka zambiri kuti likhazikitse njira zotetezeka za cryptographic algorithms. Mu 2024, NIST inamaliza zisankho zake zoyamba, zomwe ndi sitepe yofunika kwambiri kwa ogulitsa ndi opanga mapulogalamu kuti ayambe kugwiritsa ntchito mfundo zatsopanozi mu mapulogalamu ndi hardware. Kukhazikika uku kumapangitsa kuti pakhale mgwirizano komanso kumapereka njira yomveka bwino, yotsimikiziridwa kuti mabungwe azitsatira pokweza chitetezo chawo.

Ndizovuta bwanji kukwezera ku quantum-safe HTTPS?

Kukwezaku ndi ntchito yofunika kwambiri yomwe ikukhudza kukonzanso ma seva, mapulogalamu a kasitomala, ndi ziphaso za digito. Sichinthu chosavuta kusintha; zimafunika kukonzekera ndi kuyesa kuti zitsimikizire kuti zikugwirizana. Komabe, kuyambitsa maphunziro a gulu lanu koyambirira kumathandizira kuti ntchitoyi ikhale yosavuta. Mapulatifomu ngati Mewayz amapereka njira zophunzirira zokhazikika zokhala ndi ma module 207, zomwe zimapangitsa kuti zikhale zotsika mtengo ($19/mwezi) kuti akuthandizeni kuti afulumizitse tsatanetsatane wa kukhazikitsa ndi machitidwe abwino.