CardLab Aps 探索量子運算的風險和有助於維護線上安全的永續解決方案

量子計算不再是遙不可及的事；它正在迅速演變為現實，並有可能徹底改變許多領域。特別值得關注的一個領域是量子運算對線上安全的影響。

Quantum computing is rapidly becoming a reality, and its potential impact on various sectors, including online security, is a subject of great concern. Quantum computers, capable of solving complex problems exponentially faster than classical computers, could easily break existing cryptographic algorithms, rendering current digital infrastructure vulnerable.

量子計算正在迅速成為現實，其對包括線上安全在內的各個領域的潛在影響引起了人們的高度關注。量子電腦能夠以比傳統電腦更快的速度解決複雜問題，很容易破壞現有的加密演算法，使目前的數位基礎設施變得脆弱。

In this article, CardLab explores the risks posed by quantum computing and discusses effective strategies to mitigate these threats. We will specifically highlight the role of offline biometric authentication devices in providing a convenient and sustainable solution for secure identity verification and data transmission.

在本文中，CardLab 探討了量子運算帶來的風險，並討論了緩解這些威脅的有效策略。我們將特別強調離線生物辨識設備在為安全身份驗證和資料傳輸提供便利且可持續的解決方案方面的作用。

The threat of quantum computing to current cryptography

量子計算對當前密碼學的威脅

Cryptography, the science of securing information, relies on the difficulty of certain mathematical problems, such as prime factorisation, to protect data. Today’s most common cryptographic algorithms, RSA and ECC (elliptic curve cryptography), assume that solving these problems would take any classical computer an impractically long time.

密碼學是保護資訊安全的科學，它依賴某些數學問題（例如質因數分解）的難度來保護資料。當今最常見的加密演算法 RSA 和 ECC（橢圓曲線加密）假設解決這些問題將花費任何經典電腦不切實際的長時間。

However, quantum algorithms, like Shor’s algorithm, could break these cryptosystems by drastically reducing the time required to solve these problems. In practical terms, this means that RSA encryption keys could be cracked by quantum computers in mere minutes or even seconds—potentially exposing sensitive information, such as financial transactions, classified data, and personal identities, or enabling account takeover or infrastructure control by malicious actors.

然而，像肖爾演算法這樣的量子演算法可以透過大幅減少解決這些問題所需的時間來破解這些密碼系統。實際上，這意味著RSA 加密金鑰可以在短短幾分鐘甚至幾秒鐘內被量子電腦破解，從而可能暴露敏感訊息，例如金融交易、機密資料和個人身份，或導致惡意行為者接管帳戶或基礎設施控制。

State actors and quantum computing

國家行為者與量子計算

While private enterprises and academic institutions are largely responsible for quantum research, state actors pose the most significant threat when exploiting quantum technology for cyberwarfare. Once mature, quantum computers could give governments the ability to break virtually any encryption currently in use, exposing everything from military secrets to citizens’ sensitive personal information.

雖然私人企業和學術機構主要負責量子研究，但國家行為者在利用量子技術進行網路戰時構成了最重大的威脅。一旦成熟，量子電腦可以讓政府有能力破解目前使用的幾乎所有加密技術，從而暴露從軍事機密到公民敏感個人資訊的一切。

State-sponsored hacking campaigns have become more common in recent years, with governments targeting other nations’ infrastructure, intellectual property, and sensitive data. With the advent of quantum computing, the capabilities of state actors will be exponentially magnified.

近年來，國家資助的駭客活動變得越來越普遍，政府針對其他國家的基礎設施、智慧財產權和敏感資料。隨著量子運算的出現，國家行為者的能力將會呈指數級放大。

These governments, with almost unlimited resources, will have the power to compromise communications, financial systems, and energy grids and even manipulate elections or launch misinformation campaigns. Any organisation still relying on traditional cryptographic methods will face severe vulnerabilities.

這些政府擁有幾乎無限的資源，將有能力破壞通訊、金融系統和能源網絡，甚至操縱選舉或發起錯誤訊息宣傳活動。任何仍依賴傳統加密方法的組織都將面臨嚴重的漏洞。

Post-quantum cryptography: Preparing for the threat

後量子密碼學：為威脅做好準備

In response to this looming threat, researchers are actively working on post-quantum cryptography (PQC), which involves algorithms designed to resist quantum attacks. PQC operates on mathematical problems that even quantum computers cannot easily solve.

為了應對這種迫在眉睫的威脅，研究人員正在積極研究後量子密碼學（PQC），其中涉及旨在抵抗量子攻擊的演算法。 PQC 處理的是即使量子計算機也無法輕鬆解決的數學問題。

However, as cryptography is built on logic chains, it can also be broken by logic, and it will be a continuous race against hackers and machine learning tools.

然而，由於密碼學是建立在邏輯鏈上的，它也可以被邏輯打破，這將是一場與駭客和機器學習工具的持續競賽。

Organisations such as the National Institute of Standards and Technology (NIST) have been in charge of standardising these algorithms.

美國國家標準與技術研究所 (NIST) 等組織一直負責這些演算法的標準化。

Yet, widespread implementation of post-quantum cryptography is still years away, meaning organisations need solutions today to secure their systems while these technologies mature. As CardLab has assessed, this interim period will also mean hacker skills and tools get better and faster, which could create a status quo situation once quantum cryptography has matured.

然而，後量子密碼技術的廣泛實施還需要數年時間，這意味著組織現在需要解決方案來在這些技術成熟的同時保護其係統。正如 CardLab 評估的那樣，這個過渡時期也意味著駭客技能和工具會變得更好更快，一旦量子密碼學成熟，這可能會造成現狀。

The role of offline biometric authentication devices

離線生物特徵認證設備的作用

At CardLab, we see a critical, sustainable solution to quantum threats in the use of offline biometric authentication devices and identity tokenisation.

在 CardLab，我們看到了使用離線生物辨識設備和身分標記化來應對量子威脅的關鍵、永續的解決方案。

These devices are designed to secure user identities and communications without relying on vulnerable network-based cryptographic protocols. They can provide offline tokenisation, adding an unknown element to the encrypted information, making hacking almost impossible.

這些設備旨在保護用戶身份和通信，而不依賴易受攻擊的基於網路的加密協議。它們可以提供離線標記化，在加密資訊中添加未知元素，使駭客攻擊幾乎不可能。

How offline biometric devices work

離線生物辨識設備的工作原理

An offline biometric authentication device operates in a secure, isolated environment, reducing the risk of network-based attacks, including those posed by quantum computers. Here’s a breakdown of how these devices work:

離線生物辨識設備在安全、隔離的環境中運行，降低了基於網路的攻擊的風險，包括量子電腦造成的攻擊。以下是這些設備如何運作的詳細說明：

Advantages of biometric authentication in a quantum era

量子時代生物特徵認證的優勢

The importance of strong fingerprint verification

強大的指紋驗證的重要性

The best solution is only as strong as the weakest link, and it has taught CardLab and our partner Fingerprints AB that there are key concerns to consider when the biometric sensor for offline verification is selected. The following needs to be considered:

最好的解決方案取決於最薄弱的環節，它告訴 CardLab 和我們的合作夥伴 Fingerprints AB 在選擇用於離線驗證的生物辨識感測器時需要考慮一些關鍵問題。需要考慮以下因素：

Biometric algorithms

生物辨識演算法

The ANSI/ISO standards for fingerprint representation consist of features that were described in the late 19th century. These features are often referred to as ‘minutiae’, which can be located manually in a fingerprint and replicated. The density of these in a fingerprint is such that for achieving good matching performance, quite a large area of skin needs to be imaged, but it also makes it possible to extract these features from other objects the user has touched or shown their fingerprint to.

指紋表示的 ANSI/ISO 標準包含 19 世紀末所描述的功能。這些特徵通常被稱為“細節”，可以在指紋中手動定位並複製。指紋中這些特徵的密度如此之高，以至於為了實現良好的匹配性能，需要對相當大的皮膚區域進行成像，但這也使得從用戶觸摸或展示其指紋的其他物體中提取這些特徵成為可能。

To enable sensors of suitable sizes that are both low in cost and can fit into all manner of devices, a much denser feature set is required. Therefore, the standardised minutiae-based feature set is augmented by complex, more mathematical features. This enables these small sensors to achieve outstanding performance that is well suited for 1:1 verification on offline objects such as biometric cards. ‘Minutia only’ based algorithms should never be used in small-size verification devices.

為了使感測器具有合適的尺寸，既成本低，又可以適合各種類型的設備，需要更密集的功能集。因此，基於標準化細節的特徵集被複雜的、更數學化的特徵所增強。這使得這些小型感測器能夠實現出色的性能，非常適合對生物識別卡等離線物件進行 1:1 驗證。基於「僅細節」的演算法絕不應在小尺寸驗證設備中使用。

Presentation Attach Detection

簡報附加檢測

Algorithms for protection against fake fingerprints or Presentation Attack Detection (PAD) leverage state-of-the-art machine learning methods to analyse the fingerprint image for evidence of it being of a fake finger rather than a real one. These classifiers have

防止假指紋或示範攻擊偵測 (PAD) 的演算法利用最先進的機器學習方法來分析指紋影像，以尋找假手指而非真手指的證據。這些分類器有