CardLab Aps 探索量子计算的风险和有助于维护在线安全的可持续解决方案

量子计算不再是遥不可及的事情；它正在迅速演变为现实，并有可能彻底改变许多领域。特别值得关注的一个领域是量子计算对在线安全的影响。

Quantum computing is rapidly becoming a reality, and its potential impact on various sectors, including online security, is a subject of great concern. Quantum computers, capable of solving complex problems exponentially faster than classical computers, could easily break existing cryptographic algorithms, rendering current digital infrastructure vulnerable.

量子计算正在迅速成为现实，其对包括在线安全在内的各个领域的潜在影响引起了人们的高度关注。量子计算机能够以比传统计算机更快的速度解决复杂问题，很容易破坏现有的加密算法，使当前的数字基础设施变得脆弱。

In this article, CardLab explores the risks posed by quantum computing and discusses effective strategies to mitigate these threats. We will specifically highlight the role of offline biometric authentication devices in providing a convenient and sustainable solution for secure identity verification and data transmission.

在本文中，CardLab 探讨了量子计算带来的风险，并讨论了缓解这些威胁的有效策略。我们将特别强调离线生物识别设备在为安全身份验证和数据传输提供便捷且可持续的解决方案方面的作用。

The threat of quantum computing to current cryptography

量子计算对当前密码学的威胁

Cryptography, the science of securing information, relies on the difficulty of certain mathematical problems, such as prime factorisation, to protect data. Today’s most common cryptographic algorithms, RSA and ECC (elliptic curve cryptography), assume that solving these problems would take any classical computer an impractically long time.

密码学是保护信息安全的科学，它依赖于某些数学问题（例如质因数分解）的难度来保护数据。当今最常见的加密算法 RSA 和 ECC（椭圆曲线加密）假设解决这些问题将花费任何经典计算机不切实际的长时间。

However, quantum algorithms, like Shor’s algorithm, could break these cryptosystems by drastically reducing the time required to solve these problems. In practical terms, this means that RSA encryption keys could be cracked by quantum computers in mere minutes or even seconds—potentially exposing sensitive information, such as financial transactions, classified data, and personal identities, or enabling account takeover or infrastructure control by malicious actors.

然而，像肖尔算法这样的量子算法可以通过大幅减少解决这些问题所需的时间来破解这些密码系统。实际上，这意味着 RSA 加密密钥可以在短短几分钟甚至几秒钟内被量子计算机破解，从而可能暴露敏感信息，例如金融交易、机密数据和个人身份，或者导致恶意行为者接管账户或基础设施控制。

State actors and quantum computing

国家行为者和量子计算

While private enterprises and academic institutions are largely responsible for quantum research, state actors pose the most significant threat when exploiting quantum technology for cyberwarfare. Once mature, quantum computers could give governments the ability to break virtually any encryption currently in use, exposing everything from military secrets to citizens’ sensitive personal information.

虽然私营企业和学术机构主要负责量子研究，但国家行为者在利用量子技术进行网络战时构成了最重大的威胁。一旦成熟，量子计算机可以让政府有能力破解目前使用的几乎所有加密技术，从而暴露从军事机密到公民敏感个人信息的一切内容。

State-sponsored hacking campaigns have become more common in recent years, with governments targeting other nations’ infrastructure, intellectual property, and sensitive data. With the advent of quantum computing, the capabilities of state actors will be exponentially magnified.

近年来，国家资助的黑客活动变得越来越普遍，政府针对其他国家的基础设施、知识产权和敏感数据。随着量子计算的出现，国家行为者的能力将呈指数级放大。

These governments, with almost unlimited resources, will have the power to compromise communications, financial systems, and energy grids and even manipulate elections or launch misinformation campaigns. Any organisation still relying on traditional cryptographic methods will face severe vulnerabilities.

这些政府拥有几乎无限的资源，将有能力破坏通信、金融系统和能源网络，甚至操纵选举或发起错误信息宣传活动。任何仍然依赖传统加密方法的组织都将面临严重的漏洞。

Post-quantum cryptography: Preparing for the threat

后量子密码学：为威胁做好准备

In response to this looming threat, researchers are actively working on post-quantum cryptography (PQC), which involves algorithms designed to resist quantum attacks. PQC operates on mathematical problems that even quantum computers cannot easily solve.

为了应对这种迫在眉睫的威胁，研究人员正在积极研究后量子密码学（PQC），其中涉及旨在抵抗量子攻击的算法。 PQC 处理的是即使量子计算机也无法轻松解决的数学问题。

However, as cryptography is built on logic chains, it can also be broken by logic, and it will be a continuous race against hackers and machine learning tools.

然而，由于密码学是建立在逻辑链上的，它也可以被逻辑打破，这将是一场与黑客和机器学习工具的持续竞赛。

Organisations such as the National Institute of Standards and Technology (NIST) have been in charge of standardising these algorithms.

美国国家标准与技术研究所 (NIST) 等组织一直负责这些算法的标准化。

Yet, widespread implementation of post-quantum cryptography is still years away, meaning organisations need solutions today to secure their systems while these technologies mature. As CardLab has assessed, this interim period will also mean hacker skills and tools get better and faster, which could create a status quo situation once quantum cryptography has matured.

然而，后量子密码技术的广泛实施还需要数年时间，这意味着组织现在需要解决方案来在这些技术成熟的同时保护其系统。正如 CardLab 评估的那样，这个过渡时期也意味着黑客技能和工具会变得更好更快，一旦量子密码学成熟，这可能会造成现状。

The role of offline biometric authentication devices

离线生物特征认证设备的作用

At CardLab, we see a critical, sustainable solution to quantum threats in the use of offline biometric authentication devices and identity tokenisation.

在 CardLab，我们看到了使用离线生物识别设备和身份标记化来应对量子威胁的关键、可持续的解决方案。

These devices are designed to secure user identities and communications without relying on vulnerable network-based cryptographic protocols. They can provide offline tokenisation, adding an unknown element to the encrypted information, making hacking almost impossible.

这些设备旨在保护用户身份和通信，而不依赖于易受攻击的基于网络的加密协议。它们可以提供离线标记化，在加密信息中添加未知元素，使黑客攻击几乎不可能。

How offline biometric devices work

离线生物识别设备的工作原理

An offline biometric authentication device operates in a secure, isolated environment, reducing the risk of network-based attacks, including those posed by quantum computers. Here’s a breakdown of how these devices work:

离线生物识别设备在安全、隔离的环境中运行，降低了基于网络的攻击的风险，包括量子计算机造成的攻击。以下是这些设备如何工作的详细说明：

Advantages of biometric authentication in a quantum era

量子时代生物特征认证的优势

The importance of strong fingerprint verification

强大的指纹验证的重要性

The best solution is only as strong as the weakest link, and it has taught CardLab and our partner Fingerprints AB that there are key concerns to consider when the biometric sensor for offline verification is selected. The following needs to be considered:

最好的解决方案取决于最薄弱的环节，它告诉 CardLab 和我们的合作伙伴 Fingerprints AB 在选择用于离线验证的生物识别传感器时需要考虑一些关键问题。需要考虑以下因素：

Biometric algorithms

生物识别算法

The ANSI/ISO standards for fingerprint representation consist of features that were described in the late 19th century. These features are often referred to as ‘minutiae’, which can be located manually in a fingerprint and replicated. The density of these in a fingerprint is such that for achieving good matching performance, quite a large area of skin needs to be imaged, but it also makes it possible to extract these features from other objects the user has touched or shown their fingerprint to.

指纹表示的 ANSI/ISO 标准包含 19 世纪末描述的功能。这些特征通常被称为“细节”，可以在指纹中手动定位并复制。指纹中这些特征的密度如此之高，以至于为了实现良好的匹配性能，需要对相当大的皮肤区域进行成像，但这也使得从用户触摸或展示其指纹的其他物体中提取这些特征成为可能。

To enable sensors of suitable sizes that are both low in cost and can fit into all manner of devices, a much denser feature set is required. Therefore, the standardised minutiae-based feature set is augmented by complex, more mathematical features. This enables these small sensors to achieve outstanding performance that is well suited for 1:1 verification on offline objects such as biometric cards. ‘Minutia only’ based algorithms should never be used in small-size verification devices.

为了使传感器具有合适的尺寸，既成本低，又可以适合各种类型的设备，需要更密集的功能集。因此，基于标准化细节的特征集被复杂的、更数学化的特征所增强。这使得这些小型传感器能够实现出色的性能，非常适合对生物识别卡等离线对象进行 1:1 验证。基于“仅细节”的算法绝不应在小尺寸验证设备中使用。

Presentation Attach Detection

演示文稿附加检测

Algorithms for protection against fake fingerprints or Presentation Attack Detection (PAD) leverage state-of-the-art machine learning methods to analyse the fingerprint image for evidence of it being of a fake finger rather than a real one. These classifiers have

防止假指纹或演示攻击检测 (PAD) 的算法利用最先进的机器学习方法来分析指纹图像，以寻找假手指而非真手指的证据。这些分类器有