搜索
爱集微APP下载
登录
集微网消息,在往期的集微访谈栏目中,爱集微有幸采访了专门研究主机安全和防止黑客和恶意软件攻击方面的资深人员Roger A. Grimes。他并曾担任 Foundstone 的讲师和渗透测试人员。集微访谈就关于美国芯片法案和量子科学等领域提出了一系列问题,并收到了十分有启发的答复。
问:我的第一个问题是上个月,中国研究人员声称他们已经找到了一种使用量子计算机破解加密的方法。根据你的说法,就像这是一个巨大的发现?所以你能详细说明一下,你认为它有多大吗?
答:当然,这是一个巨的大发现。仍然需要证明这篇论文的完整性和准确性。这是一个很大的假设,因为有很多评论家说这篇论文存在问题,但如果可以证明这篇论文的真实性和完整性,它真的是巨大的发现。这可能是有史以来最大的计算解决方案之一。
原因是,现在我们认为要破解今天所谓的非对称加密,即运行大部分互联网的公开密钥与私有密钥。这是在wifi中使用的。它用于登录。我们95%的数字生活会使用这种非对称加密技术。
解加密的算法是1994年发明的,你真的需要大约9000个量子比特或量子位,但必须是稳定的量子位。我们现在还不能制造出稳定的量子位。
所以事实上,要破解当今的非对称加密,可能需要数十万至数百万个量子位。最近一篇发表于2022年12月的中国论文称,我们甚至可以用372个普通的量子位来破解同样的加密。
这样确实减少了这项工作所需的工作量:可能从数十万到数百万个量子位减少到仅要372个量子位。如果这篇论文准确且真实,今年很可能会出现一种量子计算机,它可以破解一些非对称加密问题。
事实上,这甚至会引起恐慌,因为全世界很少有公司已经准备好破解量子加密。事实上,我们得到的消息是到2033年或2035年才可能实现,我们还有10年或12年的准备时间。
但如果这篇中国论文正确无误,那意味着我们必须现在就完成这项工作,这将会造成一个巨大的Y2K问题,每个公司都不得不更新计算机系统和更换设备。这将是全世界有史以来最具挑战性的数字升级之一。
问:让我们谈谈欧洲。因此,您正在制定更多有关智能家居和物联网网络安全的法律法规。因此,就大型科技公司而言,苹果、亚马逊、诺基亚等公司也是如此。那么,他们设置应用平台面临的主要挑战是什么?
答:总的来说,大多数智能家居和物联网设备都是相当不安全的。我认为我们无法阻止他们不安全。我们可以做很多事情。但我认为,这个行业将会发展得更快,却并未做好应有的安全工作。似乎很多时候我们注定要重复同样的教训,就像我们已经了解了所有的攻击、非法攻击,以及更多对个人电脑的非法行为。
同样的事情也发生在手机上。我们在同一个邮件软件上看到同样的攻击。我们好像从计算机上一无所获。物联网、智能家居技术同样发生的事情是,各种设备和物联网设备都是在没有彻底进行安全考虑的情况下发行的,当然,它们被黑客进行一次一次的非法攻击。
我们对此可以做很多。我们可以考虑周密,并尝试以更安全的方式设计和部署它们。但是,企业更感兴趣的是推广技术,而不是放慢速度,在面向消费者之前完善技术,让技术更安全。
可悲的是,我们将看到的是成千上万的不同类型的设备被黑客入侵、滥用和对抗我们。
问:所以我的下一个问题是,最近,就像戴尔首席技术官声称的那样,在2023年,将首次出现量子计算方式,就像大多数人解释的那样,企业将能够开始部署量子形状协议。那你同意他的观点吗?或者比方说,你能把重点放在量子计算的一些技术突破的地方吗?
答:我认为,至少公开数据是,今年我们的许多量子计算机虽说达不到千个量子比特,但至少达到了百个量子比特量级。同时现在已经有很多量子比特数目更少的云量子计算机。计算机量子比特数量将会增加。所以我不知道是否每个公司都有量子计算机。我认为2023年不会发生这种情况。但我认为任何想要租用量子计算机的公司都会有更大的机会这样做。同样,我认为今年量子技术不会广泛应用,但我确实认为量子计算机的使用会大幅增加。
当然,不是每个公司都有,但世界各地已经有数百台初级量子计算机。这个数字只会增加到数百个,今年和明年可能会增加到数千个。它们只会继续变得越来越强。所以我认为他说的对。今年会有更多的公司利用量子的能力,尽管只是初级技术。但我们开始看到大量量子网络的部署。我们开始看到更多的量子协议,更多量子保护或者基于量子的保护技术开始被部署。
所以我当然认为2023年的量子计算机将比以往任何时候都要多。但我不知道这是否会成为一股浪潮,即每个公司都在使用量子计算机。大多数组织和公司甚至不知道可以用量子计算机做什么。但我确实认为,今年我们会看到量子、量子技术和量子协议的应用大幅增加。
问:所以我的最后一个问题是,当芯片和标志起作用时,就像它通过时一样,大部分注意力都被半导体投资吸引了。但在某种程度上,量子技术可以通过政府资助计划来加速,例如建立国家量子计划和国家标准与技术研究所。
答:是的,所以我想,总的来说,任何时候,任何政府,无论是美国,澳大利亚,英国还是中国,任何时候政府提供资金和激励措施投资于任何计算机技术会对全世界的公民都有好处。
这与《芯片和科学法案》的目的是一样的,尝试鼓励投资。《芯片和科学法案》尝试鼓励国内投资,我认为这不一定是件坏事。
美国并没有很多芯片制造设施。因此,该法案一方面是鼓励在国内生产更多的芯片。这从来都不是一件坏事,每个国家都希望能够制造自己的芯片和计算机之类的东西。
但我认为,任何时候你在这上面花的钱,不仅会鼓励和增加国内计算机激励机制和发明创造,对其他国家来说也是如此。正如不同的公司会发现、使用并做更多的事情鼓励在其他国家的投资。所以我认为,任何政府投入资金尝试推动数字计划,最终都会使我们所有人受益。
以下是采访原文(英文):
Q:So my first question would be last month, chinese researchers claim that they have found a way break encryption using quantum like computers. According to you, like, it's a huge claim. So could you elaborates like, how huge do you think that is?
A:Sure, I it's a big hit. The paper still has to be proven to be complete and accurate. And that's a big if because there's a lot of critics saying that there's issues, but if it's proven to be true and complete, it's really huge. It's probably one of the biggest computing solutions ever.
The reason why is right now, we think to break today's what's called asymmetric encryption that's public private key encryption that runs most of the internet. It's what's used in wifi. It's used in loggins. It's really asymmetric encryption used probably 95 % of our digital lives.
The current known algorithm that breaks that encryption known assures algorithm that was invented in 1994, says that you really need about 9,000 quantum bits or cubits, but they have to be stable cubits. And we can't make stable cubits right now.
So in reality, it would probably take hundreds of thousands to millions of cubits to be able to break today's asymmetric encryption, what the recent Chinese paper, which was released in December 2022, says is that we can break that same encryption with 372, even regular cubits, noisy cubits.
t really decreases The work effort needed from a potentially hundreds of thousands and millions of cubits to just 372. If that paper is accurate and true, and there will likely be this year, a quantum computer that breaks some asymmetric encryption problem.
It would actually even create a bit of a panic, because very few of our companies around the world are prepared for this quantum encryption break, where the matter fact we've been told we have till 2033 or 2035 that we have 10, 12 years to prepare.
But if this Chinese paper is correct, then it means we have to get it done now, and it's gonna create a massive Y2K problem where every company is going to have to be updating the computer systems, replacing devices. It's really gonna be one of the most challenging digital upgrades the world has ever faced.
Q:Let's talk about Europe. So you is plotting more legal regulations concerning smart home and also IoT cyber security. Therefore, as far as the big tech company, companies like apple, amazon, nokia, as concerned. So what are the main challenges for their setup of app platforms?
A:In general, for our smart home and our in our IoT devices, most of them are fairly insecure. I don't think there's anything we can do to stop them from being insecure, and there's lots of stuff we could do. But I think that the industry is going to move along faster and not do as much security as they should. It seems many times that we are doomed to repeating the same lessons, like we've learned about all the attacks and hackers and now where and what they can do against personal computers.
And then the same thing is happening with mobile phones. We're seeing the same attacks and the same mail where and it's almost like we learn nothing from computers. The same thing is happening with IoT and smart home technology is that all kinds of devices and IoT devices are being released without thoreau, security considerations, and certainly, they are going to be hacked and hacked and hacked.
There's lots we could do to do it. We could be thoughtful and try to design and deploy them in a more secure way. But people in companies are more interested in getting the technologies out there than they are in slowing down to make them more secure before they offer them to consumers.
The sad thing is that we're going to see lots and lots thousands of not millions of different types of devices hacked and abused and used against us.
Q:So my next question will be, so recently, like the dell CTO claimed that in 2023, there will be a quantum computing way for the first time, like most interpret, enterprises are going to be able to start to deploy quantum shape protocols. So do you agree with him? Or let's say, could you make a focus like where there be some technological breakthrough of quantum computing?
A:I think at least what's publicly known is we're gonna have many quantum computers with hundreds, if not thousands of cubits this year. And already there's lots of cloud quantum computers with smaller number of cubits. Those number of cubits will just increase. So I don't know if every company have a quantum computer. I don't think that's gonna happen in 2023. But I think any company that wants to rent time on a quantum computer is gonna have greater opportunity to do so. Again, I don't see widespread quantum technologies this year, but I do think there is going to be a sharp increase in the use of quantum computers.
Again, not in every company, but you already have hundreds of rudimentary quantum computers around the world. That number is only going to increase into the many of hundreds, if not thousands this year and probably next. And they're only going to continue to get stronger and stronger and stronger. So I think he's right. And that there are gonna be more companies using quantum capabilities this year, although it's still very rudimentary. But we're starting to see a large number of quantum networks deployed. We're starting to see more quantum protocols, more quantum protections, more quantum based protections that are being created started to be deployed.
So I certainly think the 2023 is gonna be a year we're gonna see a whole lot more of it than we ever saw before. But I don't know if it's gonna be a wave where every single company is using a quantum computer. Most organizations, most companies don't even know what they would do with the quantum computer if they got one. But I do think we're gonna see a sharp increase use in quantum and quantum technologies and quantum protocols this year.
Q:All right. So my last question would be so when the chips and signs act, like when it got passed, much of the attention was drawn by semiconductor investment. But to some extent, quantum technology could be accelerated by government funding programs, such as like the building of national quantum initiative and national Institute of Standards and Technology.
A:Yeah, so I think, in general, any time, any government, whether it's the United States or Australia or the UK or China, anytime the government provides funding and provides incentives to invest in any computer technology, it benefits the citizens in the world.
In general. That's the same thing that chips and science act is that it's trying to encourage investment. And the chips in science act is trying to encourage domestic investment, which I don't think is necessarily a bad thing in the United States.
We we didn't have a whole lot of our chip making facilities. So part of that act was to encourage more chips being built domestically, which is never a bad thing. Every country wants to be able to make its own chips and computers and that sort of stuff.
But I think the money anytime you spend money on it, it's not only gonna encourage and increase a computer incentives and inventions and be domestic country, but also externally to other countries.
As different companies discovering, use and do more things that encourages investment in other countries as well. So I think it that it ultimately benefits us all anytime that any government spending money on trying to push digital initiatives.
