|
|
|
www.design-reuse-china.com |
|
 |
| D&R中国官方微信公众号, 关注获取最新IP SOC业界资讯 |
聚焦谷歌量子攻击与ECDSA:Rambus深度解读为何无需恐慌及现阶段"提前布局"的必要性
www.design-reuse.com – Apr. 09, 2026 –
Rambus, Inc. — Scott Best — April 9, 2026
Over the past several weeks, we've seen growing discussion across the industry about Google's latest publications on quantum computing and cryptography. In some corners, those discussions have quickly escalated into claims that widely deployed elliptic curve cryptography (ECC), including ECDSA, is on the verge of collapse.
Customers are understandably asking questions: Has ECDSA been broken? Are today's systems suddenly at risk? Do migration timelines need to change?
At Rambus, our view is clear and measured: there is no need to panic, but there is every reason to prepare thoughtfully and deliberately for the post‑quantum transition already underway.
What Google Has Actually Published
In November 2025, Google published an academic paper outlining its perspective on the state and trajectory of quantum computing. More recently, in March 2026, Google announced plans to migrate its cryptographic infrastructure to post‑quantum cryptography (PQC) by 2029, one of the most aggressive migration timelines publicly stated by a major technology provider. Shortly thereafter, Google and academic collaborators published a white paper analyzing the impact of quantum attacks on cryptocurrencies, including an improved theoretical attack against ECDSA.
Has ECDSA Been "Broken"?
No. Despite some dramatic headlines, ECDSA has not been broken. The improved attack described in the paper is still estimated to require hundreds of thousands of physical qubits. Today's quantum systems are typically well below 10,000 physical qubits, and scaling reliably to that level remains a substantial technical challenge. In practical terms, there is still a wide gap between theoretical cryptanalysis and a cryptographically relevant quantum computer capable of threatening 256‑bit ECC in the real world.
How Credible Is the Claimed Attack Improvement?
The honest answer is that it deserves attention, but also scrutiny. Many technical details have been withheld for responsible disclosure reasons, which limits independent evaluation. At the same time, the authors include highly respected researchers, and Google has deep expertise across quantum algorithms, hardware, and systems engineering. From our perspective, it would be unwise to dismiss the work outright. When an organization with Google's depth of quantum expertise commits publicly to an accelerated PQC migration timeline, the signal is worth taking seriously.
Putting Google's Migration Timeline in Context
A 2029 target is aggressive, but not wildly out of step with other guidance. CNSA 2.0 mandates migration completion around 2030 or 2033 depending on application class. Several European national security organizations operate with timelines in the 2030–2035 range. It's also important to remember that national security organizations continuously reassess timelines as new research emerges. Migration plans typically include buffer to absorb unexpected breakthroughs.
What PQC Migration Timelines Really Mean
One common misunderstanding is that a migration deadline reflects when a quantum break is expected to occur. In reality, migration must be completed years before any such break is anticipated. The required lead time depends on how long protected data must remain secure: TLS key exchange has a long vulnerability window due to "store‑now, decrypt‑later" attacks; digital signatures on contracts may need to remain valid for decades. This is where cryptographic bills of materials (CBOMs and SBOMs) become essential.
How Far Away Is a Cryptographically Relevant Quantum Computer?
No one knows with certainty. Public forecasts estimate how many logical qubits would be required to threaten RSA or ECC, but translating that into physical qubits depends heavily on error rates, error‑correction overhead, and system architecture. Key challenges remain significant. Progress continues, but additional breakthroughs are still required before quantum systems pose a direct threat to deployed cryptography.
Beyond Cryptocurrencies: Broader PQC Challenges
While cryptocurrencies have attracted attention, they are far from unique. Some cryptographic applications go beyond basic encryption and require special consideration in a post‑quantum world. The good news is that many widely used primitives, such as AES, SHA‑2, and SHA‑3, are already considered quantum‑resistant. And for RSA and ECC, standardized PQC replacements now exist, with defined migration paths. At Rambus, our security IP portfolio is designed with this transition in mind, supporting quantum‑resilient symmetric cryptography today and standardized PQC algorithms as replacements for public‑key mechanisms.
The Bigger Picture
The real takeaway from Google's announcements is not that catastrophe is imminent. It's that the industry has entered a more serious phase of post‑quantum transition. Cryptography underpins nearly every digital system. Migrating it is complex, slow, and deeply interconnected with hardware lifecycles, software ecosystems, standards, and operational reality. So no, there is no need to panic. But there is every reason to inventory, plan, prioritize, and execute. In the post‑quantum era, preparedness, not fear, will define resilience.
Back
成为合作伙伴