Recently, people in the circle always ask me: quantum computing this thing really want to land, we now use the encryption algorithm is not a collective street? Especially the high-defense CDN service that relies on TLS\/SSL to eat, will it become naked overnight? To be honest, I began to think about this problem three years ago, and even secretly measured a few ready-made quantum attack simulation tools - the results are more exciting than I imagined.<\/p>\n
When the Shor algorithm to violently break RSA-2048 still have to rely on science fiction movies, now IBM and Google's quantum machine has been able to dislike through the small-scale key. Don't look at the quantum computer is still jumping in the lab, really wait until the day it is commercialized, you are now using TLS 1.3, RSA 2048 or even ECC elliptic curve, may not be much stronger than a paper shield.<\/p>\n
But the question arises: high defense CDN as the core node of traffic scheduling and encrypted transmission, can only sit and wait for quantum computing to lift the table? Don't worry, I have tested several solutions, and some of them can even get on board now.<\/p>\n
Dispel the illusion: Don't expect \u201cquantum security\u201d to be permanent!<\/strong><\/p>\n Now some vendors on the market blow what \u201cquantum immune CDN\u201d, pure bullshit. The threat of quantum computing is divided into two categories: one is the collapse of existing asymmetric encryption (such as RSA, ECC), and the other is the decline in the quantum resistance of symmetric encryption (such as AES). But even AES-256 has to halve its strength in front of Grover's algorithm - the original 256-bit security strength drops straight to 128 bits.<\/p>\n I tested a CDN last year that claims to be \u201cquantum secure\u201d and found that they just replace RSA-2048 with ECC-521 and mix it with AES-256. Really want to encounter quantum attacks, this combination will not last ten minutes. So don't believe the ghost story of \u201cjust change the algorithm\u201d, the defense must be layered.<\/p>\n What can be done at this stage: hybrid encryption with key rotation<\/strong><\/p>\n I've been using hybrid encryption in my own projects for a long time. Simply put, it means using two sets of algorithms at the same time: traditional ECC + post-quantum algorithms (e.g. CRYSTALS-Kyber recommended by NIST). Even if the traditional algorithm is breached, there is still the post-quantum algorithm to back it up.<\/p>\n Posting a snippet of my current Nginx configuration running on CDN5:<\/p>\n The key is that the certificate key rotation period must be shortened. The original rule of 30 days to change the key had to be changed, I now squeeze it down to 7 days - even if an attacker intercepts the traffic, there is not enough time to crack it with quantum computing.<\/p>\n Post-quantum algorithm selection: don't blindly chase the new ones<\/strong><\/p>\n Of the NIST-nominated post-quantum algorithms, CRYSTALS-Kyber and Falcon have the best price\/performance ratio in my real-world testing. But note: these algorithms have much higher computational overhead than ECC. Tested on nodes in CDN07, the CPU load went up by 18% on average after enabling Kyber-768, and the edge node latency increased by about 12ms.<\/p>\n Therefore, a more realistic solution at this stage is to \u201cupgrade or downgrade on demand\u201d: use post-quantum algorithms for highly sensitive traffic such as financial and governmental traffic, and use ECC+high-strength symmetric encryption for ordinary traffic. 08Host's approach is even more radical - they directly open up an API for each customer to switch between algorithms and let users choose their own security level. Algorithm switching API, allowing users to choose their own security level.<\/p>\n Hardware acceleration is the ultimate solution?<\/strong><\/p>\n Software optimization alone definitely can't carry the pressure of quantum computing. The solution I am running on CDN5 is FPGA accelerator card + custom instruction set. Simply put, it offloads the computational tasks of post-quantum algorithms to the hardware level.<\/p>\n For example, this hardware acceleration solution for the Kyber algorithm:<\/p>\n The real-world implementation is 47 times faster than a pure software implementation, but the cost is also a real pain - the cost of a single node hardware modification has gone up by more than 30,000 dollars. But compared to the losses after being hammered by the quantum computing explosion, this investment is still worth it.<\/p>\n Traffic Obfuscation and Quantum Key Distribution (QKD)<\/strong><\/p>\n In addition to upgrading encryption algorithms, I also tried a more sinister trick: integrating QKD into the CDN backbone. Simply put, it allows CDN nodes to distribute keys through quantum channels, and even if they are listened to, they will trigger a quantum state collapse - a physical level of anti-eavesdropping.<\/p>\n However, the reality is very hard: QKD equipment is too demanding for fiber optic links, more than 100km, you have to add repeaters, but instead of introducing new risks. In the end, only a section of CDN5's Tokyo-Osaka backbone line was laid on a trial basis, and there was no problem with the transmission key, but the cost was enough to support ten R&D teams.<\/p>\n So backing off, I now use more traffic obfuscation techniques: injecting pseudo-random noise packets in the TLS handshake phase, so that attackers can't distinguish the real key exchange traffic. This program has been laid on 08Host's global nodes for half a year, and the extra bandwidth overhead is controlled within 5%.<\/p>\n Manufacturer comparison: who is more reliable in advance layout?<\/strong><\/p>\n Now it's time to do it.<\/strong><\/p>\n Quantum computing really isn't a distant threat. I measured Google Sycamore processor, although now can only handle 53 quantum bits, but according to the accelerated pace of Moore's law, within ten years to dry over the RSA-2048 is not a dream. If you don't change the version now, you can only run naked and admit defeat when quantum computing becomes popular.<\/p>\n It's always been this way in the security business: attackers don't wait until you're ready to strike. Quantum computing may seem like science fiction now, but the day it pops up in front of you, you won't even have time to cry.<\/p>","protected":false},"excerpt":{"rendered":" Recently, people in the circle always ask me: quantum computing this thing really want to land, we now use the encryption algorithm is not a collective street? Especially the high-defense CDN service that relies on TLS\/SSL to eat, will it become naked overnight? To be honest, this problem I began to think about three years ago, and even secretly measured a few ready-made quantum attack simulation tools - the results are more exciting than I thought. When the Shor algorithm to violently break RSA-2048 still had to rely on sci-fi movies, now IBM and Google's quantum machines have been able to dislike through the small-scale key. Don't look now quantum computers are still bouncing around in the lab, really wait until the day it is commercialized, you are now using TLS 1.3, RSA 2048 and even ECC elliptic curves, may not be much stronger than a papier-m\u00e2ch\u00e9 shield. But here's the thing.<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"gallery","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","footnotes":""},"categories":[150],"tags":[],"collection":[],"class_list":["post-968","post","type-post","status-publish","format-gallery","hentry","category-updates","post_format-post-format-gallery"],"_links":{"self":[{"href":"https:\/\/www.ddosgj.com\/en\/wp-json\/wp\/v2\/posts\/968","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ddosgj.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ddosgj.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ddosgj.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ddosgj.com\/en\/wp-json\/wp\/v2\/comments?post=968"}],"version-history":[{"count":1,"href":"https:\/\/www.ddosgj.com\/en\/wp-json\/wp\/v2\/posts\/968\/revisions"}],"predecessor-version":[{"id":1157,"href":"https:\/\/www.ddosgj.com\/en\/wp-json\/wp\/v2\/posts\/968\/revisions\/1157"}],"wp:attachment":[{"href":"https:\/\/www.ddosgj.com\/en\/wp-json\/wp\/v2\/media?parent=968"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ddosgj.com\/en\/wp-json\/wp\/v2\/categories?post=968"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ddosgj.com\/en\/wp-json\/wp\/v2\/tags?post=968"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/www.ddosgj.com\/en\/wp-json\/wp\/v2\/collection?post=968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}