實現以太坊向後量子安全的平滑遷移

IoTeX 密碼學負責人范欣欣博士最近與他人共同撰寫了一篇研究論文，題為「實現以太坊後量子安全的平滑遷移」。

Dr. XinXin Fan, head of cryptography at IoTeX, recently co-authored a research paper titled Enabling a Smooth Migration Towards Post-Quantum Security for Ethereum. The paper, which received a Best Paper award from the 2024 International Conference for Blockchain, argues that hash-based zero-knowledge technology is the most user-friendly way to quantum-proof the Ethereum network and other similar cryptographic systems.

IoTeX 密碼學負責人范欣欣博士最近與人合著了一篇研究論文，題為「實現以太坊後量子安全的平滑遷移」。這篇獲得 2024 年區塊鏈國際會議最佳論文獎的論文認為，基於哈希的零知識技術是對以太坊網路和其他類似密碼系統進行量子證明的最用戶友好的方式。

In an interview with Cointelegraph, Dr. Fan explained that the elliptical curve digital signature algorithms (ECDSA) used in current blockchain systems to sign transactions are quantum-vulnerable. However, this vulnerability can be addressed by attaching a hash-based zero-knowledge proof — such as a zero-knowledge scalable transparent argument of knowledge (ZK-Stark) — to each transaction. The researcher said this method also ensures the smoothest transition for users — avoiding the complexity of other proposed quantum-resistance methods.

在接受 Cointelegraph 採訪時，範博士解釋說，目前區塊鏈系統中用於簽署交易的橢圓曲線數位簽章演算法（ECDSA）是量子脆弱的。然而，可以透過將基於雜湊的零知識證明（例如零知識可擴展透明知識論證（ZK-Stark））附加到每筆交易來解決此漏洞。研究人員表示，這種方法還可以確保使用者最平滑的過渡，避免其他提出的量子電阻方法的複雜性。

“The way we are implementing this allows the user to use their current wallet, but we attach each transaction with a zero-knowledge proof that is quantum-safe,” Dr. Fan said.

「我們實現這一點的方式允許用戶使用他們目前的錢包，但我們為每筆交易附加一個量子安全的零知識證明，」範博士說。

“We need to consider both the security aspect and also the usability aspect,” Dr. Fan continued. The researcher stressed that balancing user experience with security needs was key to ensuring a timely migration to post-quantum standards.

「我們需要同時考慮安全性和可用性，」范博士繼續說道。研究人員強調，平衡使用者體驗與安全需求是確保及時遷移到後量子標準的關鍵。

A model of a ZK-proving service outlined in Dr. Fan’s paper. Source: Springer Nature

Fan 博士論文中概述的 ZK 證明服務模型。來源：施普林格自然

The quantum scare of 2024

2024 年的量子恐慌

A smooth transition to post-quantum security for end users is paramount, as the National Institute of Standards and Technology (NIST) recently published the first hard deadline for legacy systems to migrate to post-quantum signature standards — advising institutions to adopt quantum-resistant measures before 2035.

對於最終用戶而言，向後量子安全的平穩過渡至關重要，因為美國國家標準與技術研究所(NIST) 最近發布了遺留系統遷移到後量子簽名標準的第一個硬性期限——建議機構採用抗量子簽名2035 年之前的措施。

In Oct. 2024, a report from the South Morning China Post claimed that researchers at Shanghai University successfully breached cryptographic algorithms using a quantum computer.

2024年10月，《南早報》報道稱，上海大學研究人員利用量子電腦成功破解了密碼演算法。

However, an analysis by YouTuber “Mental Outlaw” later revealed that the quantum computer used in the experiment only broke a 22-bit key. For context, modern encryption standards use keys between 2048 and 4096 bits — meaning that quantum computers have not yet cracked encryption standards.

然而，YouTuber「Mental Outlaw」隨後的分析顯示，實驗中使用的量子電腦僅破解了一個 22 位元金鑰。就上下文而言，現代加密標準使用 2048 到 4096 位元之間的金鑰，這意味著量子電腦尚未破解加密標準。

Other researchers also agreed the threat posed by quantum computers is exaggerated at this point due to the stark divergence between the current ability of quantum computers to factor numbers and the length of modern encryption keys.

其他研究人員也同意，由於量子電腦目前分解數字的能力與現代加密金鑰的長度之間存在明顯差異，量子電腦構成的威脅在這一點上被誇大了。