I-HTTPS eqinile futhi ephumelelayo ye-quantum-safe

Iwashi Liyahambisana Ekubetheni Kwanamuhla — Futhi Amabhizinisi amaningi Awanalo Icebo

Njalo lapho ikhasimende lithumela inkokhelo, lisayina kudeshibhodi, noma lithumela umlayezo ngenkundla yakho, i-HTTPS ibulisa buthule leyo datha isebenzisa ama-cryptographic algorithms abambelele amashumi eminyaka. Kodwa ushintsho lokuzamazama komhlaba luyaqhubeka. Amakhompiyutha e-Quantum - imishini exhaphaza i-physics eyinqaba ye-superposition kanye nokubambeka - asondela ngokushesha emandleni okuhlakaza izisekelo zezibalo ze-RSA, ECDSA, kanye ne-Diffie-Hellman yokushintshisana ngokhiye. Ukusongela akuseyona ithiyori. Ngo-2024, i-NIST yaphothula izindinganiso zayo zokuqala ezintathu ze-post-quantum cryptography (PQC). I-Google, i-Cloudflare, ne-Apple isivele iqalile ukusebenzisa ama-algorithms amelana ne-quantum ekukhiqizeni. Kunoma yiliphi ibhizinisi elidlulisela idatha ebucayi nge-inthanethi - okuyilo lonke ibhizinisi - ukuqonda i-quantum-safe HTTPS akusakhetheki. Kuyisibopho sokusebenza.

Kungani I-HTTPS Yamanje Izogqashuka Ngaphansi Kokuhlasela Kwe-Quantum

I-HTTPS yanamuhla incike ku-TLS (I-Transport Layer Security), esebenzisa i-cryptography engalingani ngesikhathi sesigaba sokuxhawula ukuze kusungulwe imfihlo eyabiwe phakathi kweklayenti neseva. Ukuvikeleka kwalokhu kuxhawula kuncike ezinkingeni zezibalo amakhompyutha wakudala angakwazi ukuzixazulula kahle: ukufaka ama-factoring integers (RSA) noma ukwenza ikhompuyutha ama-logarithm ahlukene kumajika ama-elliptic (ECDH). Ikhompuyutha ye-quantum enamandla ngokwanele esebenzisa i-algorithm ye-Shor ingaxazulula kokubili ngesikhathi se-polynomial, yehlise lokho okungathatha i-supercomputer yakudala izigidi zeminyaka kuya emahoreni noma imizuzu nje.

Ubukhulu obuthusa kakhulu isu "lokuvuna manje, susa ukubethela kamuva" elivele liqashwe abalingisi bezwe. Izitha ziqopha ithrafikhi ebethelwe namuhla ngenhloso yokuyisusa uma amakhompyutha e-quantum esevuthiwe. Amarekhodi ezezimali, idatha yokunakekelwa kwezempilo, impahla eqanjiwe, ukuxhumana kukahulumeni - noma yini ethwetshulwa ngesikhathi sokuthutha manje iba sengozini ngokubuyisela emuva. I-National Security Agency ixwayise ngokuthi lolu songo ludlulela kunoma iyiphi idatha okufanele ihlale iyimfihlo iminyaka engaphezu kweyi-10, ehlanganisa ulwazi olubaluleke kakhulu lwebhizinisi.

Izilinganiso ziyahlukahluka ngokuthi izofika nini i-cryptographically relevant quantum computer (CRQC). Umephu womgwaqo we-IBM uqondise ama-qubits angu-100,000+ ngo-2033. I-Google ibonise izinyathelo zokulungisa iphutha le-quantum nge-chip yayo ye-Willow ngasekupheleni kuka-2024. Nakuba i-CRQC ekwazi ukwephula i-2048-bit RSA ingase ibe iminyaka engu-10-15, ukuthuthela ku-cryptographicly protocol manje kufanele kuqale ukuguqulwa kwe-cryptographicly okuningi ukuqedela ingqalasizinda yomhlaba wonke.

Amazinga Amasha: ML-KEM, ML-DSA, kanye ne-SLH-DSA

Ngemuva kwenqubo yokuhlola yeminyaka eyisishiyagalombili ehlanganisa ukuthunyelwa okuvela kubadwebi be-cryptographer emhlabeni wonke, i-NIST ishicilele izindinganiso ezintathu ze-cryptographic zangemuva kwe-quantum ngo-Agasti 2024. Lawa ma-algorithms aklanyelwe ukumelana nokuhlaselwa okuvela kukho kokubili amakhompyutha e-quantum nawe-classical, okuqinisekisa ukuphepha kwesikhathi eside kungakhathaliseki ukuthi i-quantum hardware ithuthuka ngokushesha kangakanani.

ML-KEM (I-Module-Lattice-Based Key Encapsulation Mechanism, ngaphambili eyayikade i-CRYSTALS-Kyber) iphethe ingxenye yokushintshana eyinhloko yokuxhawula isandla kwe-TLS. Ingena esikhundleni se-ECDH ngokusebenzisa ubulukhuni bezibalo bezinkinga ze-lattice ezihlelekile, ezihlala zingenakunqandeka ngisho nakukhompyutha ye-quantum. I-ML-KEM isebenza ngendlela emangalisayo — osayizi bayo abakhulu bamakhulu kune-ECDH (cishe amabhayithi angu-1,568 e-ML-KEM-768 uma iqhathaniswa namabhayithi angu-32 we-X25519), kodwa i-overhead yokubala incane, ivamise ukushesha kunokusebenza kwejika elivamile eliyi-elliptic.

ML-DSA (I-algorithm Yesiginesha Yesiginesha Yemojuli-Lattice, phambilini ebikade ingu-CRYSTALS-Dilithium) kanye ne-SLH-DSA (I-algorithm ye-Stateless Hash-Based Digital Signature, ngaphambilini ebikade iyi-SPHINCS+) — okufakazela ukuthi iseva osuke uxhuma kuyo ukuthi uxhumeke kuyo ngempela. I-ML-DSA inikeza amasiginesha ahlangene afanele izinhlelo zokusebenza eziningi, kuyilapho i-SLH-DSA ihlinzeka ngokubuyela emuva okulandelanayo okusekelwe kuphela ekusebenzeni kwe-hashi, enikeza ukuzivikela ngokujulile uma ukuqagela okusekelwe ku-lattice kwenzeka kuba buthaka.

Imodi yeHybrid: Indlela Ye-Pragmatic eya Ekuphepheni kwe-Quantum

Akekho unjiniyela wezokuphepha ophakamisa ukushintsha ubusuku bonke. Esikhundleni salokho, imboni ihlangane ngendlela eyingxube ehlanganisa i-algorithm yakudala ne-post-quantum algorithm kukho konke ukuxhawulana kwe-TLS. Uma i-algorithm ye-post-quantum iphenduka ibe sengozini engatholakali, i-algorithm yakudala isavikela ukuxhumana. Uma ikhompuyutha ye-quantum iphula i-algorithm yakudala, i-post-quantum algorithm ibamba umugqa. Ulahlekelwa ukuvikeleka kuphela uma kokubili kufakwa engcupheni kanyekanye — isimo esingenakwenzeka ngokwesayensi yezinkanyezi.

I-Chrome neFirefox sezivele zisekela ukushintshanisa kokhiye oyingxubevange we-X25519Kyber768 ngokuzenzakalela kusukela ekuqaleni kuka-2025, okusho ukuthi izigidi zokuxhumeka kwe-HTTPS nsuku zonke sezivele ziphephile kakhulu ohlangothini oluyinhloko lokushintshisana. I-Cloudflare ibike ukuthi ngaphezu kwe-35% yethrafikhi yayo ye-TLS 1.3 isebenzisa isivumelwano esibalulekile se-post-quantum. I-AWS, iMicrosoft Azure, ne-Google Cloud zonke zethule izinketho ze-quantum-safe TLS ngezinsizakalo zazo eziphethwe. Ushintsho lwenzeka ngokushesha kunalokho amabhizinisi amaningi acabanga ngakho.

Izindleko zokuthuthela ku-quantum-safe HTTPS zikalwa ngamahora wobunjiniyela nemijikelezo yokuhlola. Izindleko zokungathuthi zikalwa ekwehleni unomphela kuyo yonke imfihlo ibhizinisi lakho elake layidlulisela. Ukuthunyelwa kweHybrid kuqeda isidingo sokukhetha phakathi kokuphepha nokuqapha — uthola kokubili.

Amaqiniso Okusebenza: Ukubambezeleka, Umkhawulokudonsa, Nokuxhawula Ngokungaphezulu

Okunye ukukhathazeka kwasekuqaleni mayelana ne-post-quantum cryptography kwaba ukuwohloka kokusebenza. Osayizi abakhulu abakhulu namasiginesha asho amabhayithi amaningi ocingweni kanye nokuxhawula izandla okungase kube nokunensa. Ukuthunyelwa komhlaba wangempela kubonise ukuthi lokhu kukhathazeka kuyalawuleka kakhulu, kodwa akuwona uziro.

Ngokushintshisana ngokhiye, i-ML-KEM-768 yengeza cishe u-1.1 KB ekuxhawulaneni kwe-TLS uma kuqhathaniswa ne-X25519 iyodwa. Kumodi ye-hybrid (X25519 + ML-KEM-768), ingqikithi eyengeziwe eyengeziwe ilinganiselwa ku-1.2 KB. Kumanethiwekhi esimanjemanje, lokhu kuhumushela ekukhuleni kokubambezeleka okungenamsebenzi - ngokuvamile ngaphansi kwe-millisecond engu-1 ekuxhumekeni kwe-broadband. Idatha yokukhiqiza ye-Cloudflare ayizange ibonise umthelela olinganisekayo ezikhathini zokulayisha ikhasi kuningi labasebenzisi. Kodwa-ke, kumanethiwekhi abambekile (izixhumanisi zesathelayithi, amadivayisi we-IoT, izifunda ezinomkhawulokudonsa olinganiselwe), i-overhead ingahlanganisa, ikakhulukazi uma amaketango ezitifiketi ephethe amasignesha e-post-quantum.

Amasiginesha okuqinisekisa aletha inselele enkulu. Amasiginesha e-ML-DSA-65 acishe abe ngu-3.3 KB uma kuqhathaniswa namabhayithi angu-64 we-ECDSA-P256. Uma sonke isitifiketi ochungechungeni siphethe isignesha ye-post-quantum, iketango elijwayelekile lezitifiketi ezintathu lingangeza u-10 KB noma ngaphezulu ekuxhawulaneni. Yingakho imboni ihlola amasu afana nokucindezelwa kwesitifiketi, izitifiketi ze-Merkle Tree, kanye nokuthuthukiswa kweleveli ye-TLS ukuze kugcinwe osayizi bokuxhawulana besebenza. Amabhizinisi asebenzisa izinkundla ezinezisekelo zabasebenzisi bomhlaba - ikakhulukazi lawo asebenzela abasebenzisi beselula ezimakethe ezisafufusa - kufanele alinganise le mithelela ngokucophelela.

Lokho Amabhizinisi Okufanele Akwenze Manje: Uhlu Lokuhlola Ukuthutha Olungokoqobo

Ukufuduka kwe-Quantum-safe akuwona umcimbi owodwa kodwa inqubo enezigaba. Izinhlangano eziqala ukusungula uhlu lokuncika kwazo nge-cryptographic namuhla zizobekwa kangcono kunalezo ezilinda iziyalezo zokulawula. Nali uhlaka olusebenzayo lokuqala inguquko:

1. Yenza i-cryptographic inventory. Thola yonke isistimu, iphrothokholi, nomtapo wolwazi esebenzisa i-RSA, ECDSA, ECDH, noma i-Diffie-Hellman. Lokhu kuhlanganisa ukucushwa kwe-TLS, amasango e-API, ama-VPN, ukusayinda amakhodi, ukubethela kwesizindalwazi, nokuhlanganiswa okuvela eceleni.
2. Beka phambili ngokuzwela kwedatha nempilo ende. Amasistimu aphatha idatha yezezimali, amarekhodi okunakekelwa kwezempilo, amadokhumenti omthetho, noma ulwazi lomuntu siqu okufanele luhlale luyimfihlo iminyaka kufanele lufuduke kuqala. "Vuna manje, susa ukubethela kamuva" kwenza izimfihlo ezihlala isikhathi eside zize kuqala.
3. Nika amandla i-hybrid post-quantum TLS ezindaweni zokugcina ezibheke esidlangalaleni. Uma ingqalasizinda yakho isebenza ngemuva kwe-Cloudflare, i-AWS CloudFront, noma ama-CDN afanayo, kungenzeka ukuthi usuvele unokufinyelela ku-quantum-safe key exchange. Inike amandla ngokusobala futhi uqinisekise ngamathuluzi afana ne-Qualys SSL Labs noma i-Open Quantum Safe project's test suite.
4. Buyekeza amalabhulali e-cryptographic. Qinisekisa ukuthi isitaki sakho sobuchwepheshe sisebenzisa amalabhulali asekela i-ML-KEM ne-ML-DSA — OpenSSL 3.5+, BoringSSL, liboqs, noma i-AWS-LC. Phina ezinguqulweni ezifaka ukusetshenziswa kokugcina kwe-NIST, hhayi izinguqulo ezisalungiswa.
5. Hlola ukuhambisana nokuhlehla kokusebenza. Ukuxhawula izandla okukhudlwana kungase kuhlanganyele kabi nama-middleboxes, ama-firewall, nezilinganisi zomthwalo wefa ezibeka imikhawulo yosayizi kumilayezo ye-TLS ClientHello. I-Google ihlangabezane nalokhu ngesikhathi sokukhishwa kwe-Kyber futhi kudingeke ukuthi isebenzise ama-workaround.
6. Sungula isu le-crypto-agility. Dizayina amasistimu ukuze ama-cryptographic algorithms ashintshwe ngaphandle kokubhala kabusha ikhodi yohlelo lokusebenza. Lokhu kusho ukukhipha imisebenzi ye-crypto ngemuva kwezindawo ezilungisekayo nokugwema ukukhetha okunekhodi eqinile ye-algorithm.

Ezinkundla ezifana ne-Mewayz eziphatha idatha yebhizinisi ebucayi kuwo wonke amamojula ahlanganisiwe angu-207 — kusukela kumarekhodi e-CRM nama-invoyisi kuya kwabakhokhelwayo, i-HR, nezibalo — ububanzi bokuncika kwe-cryptographic bukhulu. Yonke ikholi ye-API phakathi kwamamojula, yonke i-webhook eya kumasevisi ezinkampani zangaphandle, yonke iseshini yomsebenzisi ephethe idatha yezezimali noma yesisebenzi imelela indawo yokubethela okumele ekugcineni ishintshele kumazinga aphephile we-quantum. Izingxenyekazi ezinokwakheka kwezokuphepha ezimaphakathi zinenzuzo lapha: ukuthuthukisa isendlalelo esiwumongo we-TLS nemitapo yolwazi eyimfihlo eyabiwe kungasakaza ukuvikela kuwo wonke amamojula ngesikhathi esisodwa, kunokuba kudinge ukulungiswa kwemojula nemojuli.

Indawo Elawulayo Iyakhula

Ohulumeni abalindile ukuthi kufike amakhompuyutha e-quantum ngaphambi kokuyala ukuba kwenziwe okuthile. Imemorandamu Yokuphepha Kazwelonke Yase-United States i-NSM-10 (2022) yaqondisa izinhlangano zikahulumeni ukuthi zibhale amasistimu wazo we-cryptographic futhi zithuthukise izinhlelo zokufuduka. I-Quantum Computing Cybersecurity Preparedness Act idinga ukuthi ama-ejensi abeke eqhulwini ukwamukelwa kwe-post-quantum cryptography. Imihlahlandlela ye-CISA yokulungela i-quantum incoma ngokusobala ukuthunyelwa kwe-hybrid kuqale ngokushesha. Uhlaka lwesitifiketi se-cybersecurity lwe-European Union luhlanganisa izidingo ze-post-quantum, futhi abalawuli bezezimali kuhlanganisa ne-Bank for International Settlements bamake ubungozi be-quantum ekuqondisweni kwabo kokuqondisa.

Kumabhizinisi asebenza ezimbonini ezilawulwayo - ezezimali, ukunakekelwa kwezempilo, izinkontileka zikahulumeni, i-SaaS edinga idatha - izikhathi zokuthobela ziyaqina. Izinkampani ezisebenzisa ngokuqhubekayo i-quantum-safe HTTPS zizogwema ukuklwebheka lapho iziyalezo ziba sobala. Okubaluleke nakakhulu, bazokwazi ukubonisa kumakhasimende nozakwethu ukuthi ukuma kwabo kokuvikela idatha kubangelwa izinsongo ezivelayo, hhayi ezamanje kuphela. Ezimakethe ezincintisanayo lapho ukwethembana kuwumahluko, lesi simo sokuvikeleka esibheke phambili sinenani langempela lezentengiso.

Ukwakha Ikusasa Eliqinile Eliqinile, Ukuxhawula Okukodwa Ngesikhathi

Ukushintshela ku-quantum-safe HTTPS ukufuduka okukhulu kwe-cryptographic emlandweni we-inthanethi. Ithinta zonke iziphakeli, zonke iziphequluli, zonke izinhlelo zokusebenza zeselula, yonke i-API, nayo yonke idivayisi ye-IoT exhumana nge-TLS. Izindaba ezinhle ukuthi amazinga ayaphothulwa, ukusetshenziswa kuyavuthwa, futhi i-overhead yokusebenza ibonakala iyalawuleka. Imodeli yokuphakelwa okuyingxubevange isho ukuthi amabhizinisi angakwazi ukumelana ne-quantum ngokwandayo, ngaphandle kokudela ukuhambisana noma ukuthatha ubungozi obungadingekile.

Okwehlukanisa izinhlangano ezizozulazula lolu shintsho ngokushelela kulezo ezizoklolodela kulapho ziqala khona. I-Cryptographic agility - ikhono lokushintsha ukuma kwakho kokuphepha njengezinsongo namazinga ashintsha - kufanele kube umgomo wokuklama, hhayi umcabango olandelayo. Ezinkundleni zebhizinisi eziphethe i-spectrum egcwele yedatha yokusebenza, kusukela kothintana nabo amakhasimende kanye nemisebenzi yezezimali ukuya kumarekhodi ezisebenzi namapayipi okuhlaziya, iziteki zokuthola leli lungelo azikwazanga ukuba phezulu. Ikusasa le-quantum aliyona i-abstraction ekude. Ukufuduka okuqala ngokusetshenziswa kwakho okulandelayo.

Imibuzo Evame Ukubuzwa

Iyini i-quantum-safe cryptography?

I-Quantum-safe cryptography (ephinde ibizwe ngokuthi i-post-quantum cryptography noma i-PQC) isho ama-cryptographic algorithms amasha aklanyelwe ukuvikela ekuhlaselweni okuvela kukho kokubili amakhompuyutha e-classical kanye ne-quantum. Ngokungafani nezindinganiso zamanje njenge-RSA, ethembele ezinkingeni zezibalo ezingaxazululwa kalula, i-PQC isekelwe ezinseleleni zezibalo eziyinkimbinkimbi okukholakala ukuthi zinzima kunoma iyiphi ikhompuyutha ukuthi iphuke. Ukwamukela lawa ma-algorithms kuqinisekisa ukuthi ukuxhumana kwakho kwe-HTTPS kuhlala kuvikelekile esikhathini esizayo.

Kunini lapho ngidinga ukukhathazeka khona mayelana nokubethela kwami ​​kwamanje kwe-HTTPS?

Ingozi esheshayo iwukuhlasela kokuthi "vuna manje, susa ukubethela kamuva", lapho izitha zintshontsha idatha ebethelwe namuhla ukuze bayiphule kamuva uma kukhona ikhompuyutha ye-quantum enamandla. Ngenkathi amakhompyutha e-quantum enkulu engakafiki, ukuthuthela ezindinganisweni zokuphepha kwe-quantum kuthatha isikhathi. Ukuqala inguquko manje kubalulekile ekuvikeleni ubumfihlo bedatha besikhathi eside. Emabhizinisini akha amasistimu amasha, i-Mewayz inikeza amamojula okuqeqesha angaphezu kuka-207 ekuvikelekeni kobufakazi besikhathi esizayo ngo-$19 kuphela ngenyanga.

Iyini indima ye-NIST ekubhalweni kwemfihlo kwe-quantum-safe?

I-National Institute of Standards and Technology (NIST) ibiqhuba inqubo yeminyaka eminingi ukuze ifane i-quantum-safe cryptographic algorithms. Ngo-2024, i-NIST yaphothula ukukhetha kwayo kokuqala, okuyisinyathelo esibalulekile kubathengisi nabathuthukisi ukuthi baqale ukusebenzisa la mazinga amasha abe yisoftware nehardware. Lokhu kumiswa kuqinisekisa ukusebenzisana futhi kunikeza indlela ecacile, ehloliwe ukuze izinhlangano ziyilandele lapho zithuthukisa ukuphepha kwazo.

Kunzima kangakanani ukuthuthukela ku-quantum-safe HTTPS?

Ukuthuthukiswa kuwumsebenzi obalulekile obandakanya ukubuyekeza amaseva ewebhu, isofthiwe yeklayenti, nezitifiketi zedijithali. Akukona nje ukushintshwa okulula; kudinga ukuhlela nokuhlolwa ukuze kuqinisekiswe ukuhambisana. Nokho, ukuqala imfundo yeqembu lakho kusenesikhathi kwenza inqubo ibe lula. Amapulatifomu afana ne-Mewayz ahlinzeka ngezindlela zokufunda ezihlelekile ngamamojula angu-207, akwenze kufinyeleleke ($19/ngenyanga) ukuze wenze onjiniyela bakho basheshe ngemininingwane yokusetshenziswa nezinqubo ezingcono kakhulu.