实现以太坊向后量子安全的平滑迁移

IoTeX 密码学负责人范欣欣博士最近与他人共同撰写了一篇研究论文，题为“实现以太坊后量子安全的平滑迁移”。

Dr. XinXin Fan, head of cryptography at IoTeX, recently co-authored a research paper titled Enabling a Smooth Migration Towards Post-Quantum Security for Ethereum. The paper, which received a Best Paper award from the 2024 International Conference for Blockchain, argues that hash-based zero-knowledge technology is the most user-friendly way to quantum-proof the Ethereum network and other similar cryptographic systems.

IoTeX 密码学负责人范欣欣博士最近与人合着了一篇研究论文，题为“实现以太坊后量子安全的平滑迁移”。这篇获得 2024 年区块链国际会议最佳论文奖的论文认为，基于哈希的零知识技术是对以太坊网络和其他类似密码系统进行量子证明的最用户友好的方式。

In an interview with Cointelegraph, Dr. Fan explained that the elliptical curve digital signature algorithms (ECDSA) used in current blockchain systems to sign transactions are quantum-vulnerable. However, this vulnerability can be addressed by attaching a hash-based zero-knowledge proof — such as a zero-knowledge scalable transparent argument of knowledge (ZK-Stark) — to each transaction. The researcher said this method also ensures the smoothest transition for users — avoiding the complexity of other proposed quantum-resistance methods.

在接受 Cointelegraph 采访时，范博士解释说，当前区块链系统中用于签署交易的椭圆曲线数字签名算法（ECDSA）是量子脆弱的。然而，可以通过将基于哈希的零知识证明（例如零知识可扩展透明知识论证（ZK-Stark））附加到每笔交易来解决此漏洞。研究人员表示，这种方法还可以确保用户最平滑的过渡，避免其他提出的量子电阻方法的复杂性。

“The way we are implementing this allows the user to use their current wallet, but we attach each transaction with a zero-knowledge proof that is quantum-safe,” Dr. Fan said.

“我们实现这一点的方式允许用户使用他们当前的钱包，但我们为每笔交易附加一个量子安全的零知识证明，”范博士说。

“We need to consider both the security aspect and also the usability aspect,” Dr. Fan continued. The researcher stressed that balancing user experience with security needs was key to ensuring a timely migration to post-quantum standards.

“我们需要同时考虑安全性和可用性，”范博士继续说道。研究人员强调，平衡用户体验与安全需求是确保及时迁移到后量子标准的关键。

A model of a ZK-proving service outlined in Dr. Fan’s paper. Source: Springer Nature

Fan 博士论文中概述的 ZK 证明服务模型。资料来源：施普林格自然

The quantum scare of 2024

2024 年的量子恐慌

A smooth transition to post-quantum security for end users is paramount, as the National Institute of Standards and Technology (NIST) recently published the first hard deadline for legacy systems to migrate to post-quantum signature standards — advising institutions to adopt quantum-resistant measures before 2035.

对于最终用户而言，向后量子安全的平稳过渡至关重要，因为美国国家标准与技术研究所 (NIST) 最近发布了遗留系统迁移到后量子签名标准的第一个硬性期限——建议机构采用抗量子签名2035 年之前的措施。

In Oct. 2024, a report from the South Morning China Post claimed that researchers at Shanghai University successfully breached cryptographic algorithms using a quantum computer.

2024年10月，《南早报》报道称，上海大学研究人员利用量子计算机成功破解了密码算法。

However, an analysis by YouTuber “Mental Outlaw” later revealed that the quantum computer used in the experiment only broke a 22-bit key. For context, modern encryption standards use keys between 2048 and 4096 bits — meaning that quantum computers have not yet cracked encryption standards.

不过，YouTuber“Mental Outlaw”随后的分析显示，实验中使用的量子计算机仅破解了一个 22 位密钥。就上下文而言，现代加密标准使用 2048 到 4096 位之间的密钥，这意味着量子计算机尚未破解加密标准。

Other researchers also agreed the threat posed by quantum computers is exaggerated at this point due to the stark divergence between the current ability of quantum computers to factor numbers and the length of modern encryption keys.

其他研究人员也同意，由于量子计算机当前分解数字的能力与现代加密密钥的长度之间存在明显差异，量子计算机构成的威胁在这一点上被夸大了。