Exploring the “new”丨Quantum technology “dances” at the Shanghai International Technology Fair, taking the lead in a new round of information security reforms

CNR Shanghai, June 13 (Reporter Feng Li) In the quantum era, are your passwords still safe? How to distinguish between quantum, quantum cryptography and anti-quantum cryptography (also known as post-quantum cryptography, abbreviated as PQC in English)? During the 10th China (Shanghai) International Technology Import and Export Fair, CNR reporter exclusively interviewed Zhu Feng, deputy secretary-general of the Shanghai Commercial Cryptography Industry Association, director of the chairman's office and marketing director of Geer Software, and author of “Shang Xiaomi's Adventures in the Four Great Classics”, to “get the first” to understand the cutting-edge dynamics of the new round of information transformation and listen to him “sort out” the information security story behind my country's quantum cryptography.

“Quantum” has become a hot word, but you may have been “cheated”

I don't know when “quantum” became a hot word. From “quantum skin care” to “quantum glasses”, from “quantum feng shui” to “quantum fertilizer”, the endless stream of “quantum products” has made people “dazzled by the flowers”, and confused, as if quantum technology can be “entangled” with everything. If you don't want to be fooled, you must first understand what “quantum” is?

Zhu Feng introduced that quantum is not a particle, but the smallest unit of discrete change. How to understand “smallest unit”? In the mysterious microscopic world, quantum is a physical concept, a smallest indivisible unit of a physical quantity. “For example, if all human beings are compared to a physical quantity, then the smallest unit of this physical quantity is 'one person'. There cannot be 'half a person', so 'one person' is the quantum of the physical quantity of our human beings.”

When we talk about “quantum”, we have to mention “quantum mechanics”. It is difficult for ordinary people to understand what quantum entanglement and quantum superposition are, and they are often fooled by various “gimmicks”. Zhu Feng explained that quantum mechanics can be simply understood as “the laws of motion followed by the microscopic world below 10 to the power of -8.”

The world we live in usually follows traditional physics (classical mechanics). No matter what it is, where it is, or how fast it runs, it can be observed through corresponding means. But in the microscopic world of quantum, any “slightest movement” will affect the quantum, and even light will make the quantum “flash” very capriciously. This “flash” is random and unobservable. The state of quantum is essentially a probability. The industry calls this phenomenon the superposition state of quantum. “You should have heard of Schrödinger's cat, which is a cat in a superposition state of both dead and alive. It is difficult to understand.” Zhu Feng explained to the reporter of China National Radio in easy-to-understand language.

In addition to the superposition state, quantum has another characteristic, called quantum entanglement, which Einstein called “spooky action at a distance”. Specifically, two entangled particles can instantly sense each other's existence no matter how far apart they are. Similarly, if the state of one particle changes, the other will also change accordingly instantly, just like the twins in the TV series have some kind of magical “telepathy”. This is the magical “quantum entanglement phenomenon” in the theory of quantum mechanics.

Quantum computing “shows off”, is information security still safe?

The questions raised by Einstein about quantum entanglement have inspired generations of scientists to “seek and explore” and continuously research and verify. The exploration process has also given rise to a new “quantum revolution”. The performance of quantum computers far exceeds that of currently used electronic computers. The emergence of quantum computers may have a serious impact on existing public key cryptographic systems.

How to prevent problems before they happen? At the Shanghai International Technology Fair, reporters saw a number of integrated innovations and demonstration application scenarios focusing on new technologies such as quantum computing cryptography, cryptography and artificial intelligence. With the promulgation and implementation of a series of laws and regulations such as the “Cybersecurity Law” and the “Regulations on the Administration of Commercial Cryptography”, the development space and potential of commercial cryptography in my country's public key field have been further increased. Cryptography, as the most effective and reliable key core technology and basic support for ensuring network security, is accelerating its integration into all areas of the digital economy and society.

The passwords that ordinary people refer to, such as power-on passwords and login passwords, are essentially “passwords” used for identity authentication, which is a simple and primary means of identity authentication. The passwords mentioned in the law refer to technologies, products and services that use specific transformation methods to encrypt and protect information and provide security authentication.

Zhu Feng said that the functions of commercial encryption can be simply summarized as “four no's”: no entry, no taking, no understanding, and no evasion. “If the function of the password is likened to a room, when a thief comes, there is a 'access control' at the door, so the thief cannot enter; even if he enters, the thief cannot take the things in the room; if the thief is very skilled and takes the things away, the things themselves are encrypted so that he cannot understand them; if the thief understands them, he cannot deny the act of stealing, and this is the core function of commercial encryption.”

The traditional commercial encryption currently in use mainly relies on the complexity of known mathematical problems. Zhu Feng believes that all the public key encryption algorithms currently in mainstream use are likely to be easily cracked after the advent of quantum computers with sufficient size, and there is an urgent need to upgrade the encryption algorithms.

According to a computer industry research report recently released by Tianfeng Securities, the National Institute of Standards and Technology (NIST) of the United States officially announced three draft standards for post-quantum cryptography (PQC) algorithms last year, and the draft standard for the fourth algorithm will also be released to the public in the second half of 2024. In addition, Europe, Japan, and South Korea have related research and progress in PQC migration and standard establishment.

Industry experts believe that in order to cope with the security challenges brought by the development of quantum computing, the domestic research and development of quantum-resistant cryptography and pilot projects may be accelerated to replace classical cryptographic algorithms. From the perspective of replacement rhythm, the financial industry, especially banks, as an important area of ​​the national economy, involves a large amount of core data and transaction information. Compared with other industries, it is expected to take corresponding measures to transition to a quantum-resistant cryptographic system earlier.

“Quantum-resistant cryptography is a new generation of cryptographic algorithms that can resist quantum computing attacks and is secure in both classical and quantum environments. It is like a sturdy lock for our future information security.” Zhu Feng said that the migration of quantum-resistant cryptography is very urgent. The upgrade and replacement of cryptography is a huge project that affects the entire body and requires a lot of financial support. The country and related companies should make arrangements early so that they will not be caught off guard when quantum computing technology is applied on a large scale.

Playing the first move well, the future of the cryptographic industry is promising

Although quantum-resistant cryptographic technology is still some distance away from large-scale commercialization, for the domestic network security field, the deployment of quantum-resistant cryptographic related technologies has become a top priority for industry development.

In the Shanghai G60 Commercial Cryptography Industry Base, the Shanghai Commercial Cryptography Industry Association and the Yangtze River Delta G60 Science and Technology Innovation Corridor Quantum Cryptography Application Innovation Alliance were successively established, gathering more than 30 well-known domestic cryptography companies such as Geer Software and Zhixun Cryptography. Last year, the Shanghai International Technology Fair set up a new commercial cryptography exhibition area, and this year's Shanghai International Technology Fair added a cryptography science exhibition and activity area for the first time to popularize cryptography knowledge to the public, which shows the country's emphasis on information security and commercial cryptography.

Founded in 1998, Geer Software is one of the representative companies in my country's cryptographic industry. It participated in the formulation of my country's national standards for anti-quantum cryptography, and jointly established a cryptographic technology and engineering laboratory with Fudan University to carry out algorithm development, standard formulation and industrial promotion in the field of anti-quantum. On the first day of the Shanghai International Technology Fair, Geer Software took the lead in launching a full set of domestic quantum security solutions and series of products, including quantum security PKI/CA, key management, gateways, cryptographic machines, VPN, signature verification and other products. “In the next step, we plan to work with the Shanghai Software Center to jointly develop a test platform, do attack and defense tests, and accelerate the layout of products related to anti-quantum cryptography.” Zhu Feng revealed.

At present, quantum-resistant cryptographic technology is still in the research and development and standardization stage. However, as the cornerstone of network security, cryptographic technology shoulders the heavy responsibility of defending against and protecting information security in the quantum era. It is expected to develop rapidly with the strong support of national policies. Now is the time to take the initiative in the development of quantum-resistant cryptography.

Zhu Feng has been deeply involved in the cybersecurity industry for many years. Combining his frontline observations, he told reporters: Without information security, there is no national security. Early deployment and vigorous development of quantum-resistant cryptographic technology are not only related to the “life and death” of the development of information companies, but also to the information security of the entire country.

GER Software

We are one of the earliest manufacturers in China to develop and launch the Public Key Infrastructure (PKI) platform, one of the first designated production and sales units of commercial cryptographic products in China, a Class A qualified unit for computer information system integration involving state secrets approved by the State Security Bureau, and a core member of the National Information Security Standardization Technical Committee. The company is the responsible unit for the financial sub-project of the National “863” Plan Information Security Demonstration Project, and one of the leading units of the National Science and Technology Support Plan Commercial Cryptography Infrastructure (ECC) project. The company has twice won the second prize of the National Science and Technology Progress Award, the National Cryptography Science and Technology Progress Award and the Shanghai Science and Technology Progress Award. The company's registered capital is 231 million yuan.