1996 年,在经过三年的调查后,美国司法部长办公室(the U.S. attorney general’s office)放弃了对齐默尔曼(Zimmermann)一案的起诉。当局意识到它已为时已晚——PGP 已逃入因特网,起诉齐默尔曼对此于事无补。此外还有一个问题,各大学院支持着齐默尔曼,比如麻省理工学院出版社将 PGP 发表在 600 页的书中。这本书在世界各地发行,因此起诉齐默尔曼将意味着起诉麻省理工学院出版社。齐默尔曼有可能不被定罪,政府也不热衷于起诉——审判带来的恐怕不过是一场有关隐私权的尴尬宪法辩论,从而激起公众对广泛使用加密的认同。

At last, PGP was a legitimate product and Zimmermann was a free man. The investigation had turned him into a cryptographic crusader, and every marketing manager in the world must have envied the notoriety and free publicity that the case gave to PGP. At the end of 1997, Zimmermann sold PGP to Network Associates, and he became one of their senior partners. Although PGP is now sold to businesses, it is still freely available to individuals who do not intend to use it for any commercial purpose. In other words, individuals who merely wish to exercise their right to privacy can still download PGP from the Internet without paying for it.

最终,PGP 成为了合法的产品,齐默尔曼也恢复了自由身。这次调查使得他成为密码学运动的领袖。世界上任何一位营销主管势必会羡慕齐默尔曼一案带给 PGP 的名声和免费宣传。1997 年底,齐默尔曼将 PGP 卖给了 Network Associates,而他成为了他们的资深伙伴。即便现在 PGP 卖给了商业公司,如果不用作商业用途,个人仍然可以免费使用。换言之,仅仅希望实践自己隐私权的人仍然可以下载 PGP,而无需为此付费。

If you would like to obtain a copy of PGP, there are many sites on the Internet that offer it, and you should find them fairly easily. Probably the most reliable source is at www.pgpi.com/, the International PGP Home Page, from which you can download the American and international versions of PGP. At this point, I would like to absolve myself of any responsibility—if you do choose to install PGP, it is up to you to check that your computer is capable of running it, that the software is not infected with a virus, and so on. Also, you should check that you are in a country that permits the use of strong encryption.

你要是想获得 PGP 的副本,有许多因特网网站提供它的下载,你应当相当容易能够找到。其中最可靠的大概是 PGP 国际主页 www.pgpi.com,在上面你可以下载到美国版和国际版 PGP。这一点上,我不想做任何担保——如果你想选择安装 PGP,你得自己检查你的计算机能够运行它,软件未被病毒感染等等。此外,你应当检查你所在的国家允许使用强加密。

The invention of public-key cryptography and the political debate that surrounds the use of strong cryptography bring us up to the present day, and it is clear that the cryptographers are winning the information war. According to Phil Zimmermann, we live in a golden age of cryptography: “It is now possible to make ciphers in modern cryptography that are really, really out of reach of all known forms of cryptanalysis. And I think it’s going to stay that way.” Zimmermann’s view is supported by William Crowell, deputy director of the NSA: “If all the personal computers in the world—approximately 260 million computers—were to be put to work on a single PGP-encrypted message, it would take on average an estimated twelve million times the age of the universe to break a single message.”

时至今日,公钥密码学的发明以及使用强密码的政治争论仍萦绕耳畔。很明显,密码编码者(cryptographers)赢得了这场信息战。齐默尔曼说,我们处在密码学的黄金时期:“在现代密码学中,发明远远超出密码分析(cryptanalysis)已知形式范畴的密码是可行的。我认为这种情况将一直保持下去。”国家安全局副局长威廉·克罗威尔(William Crowell)赞同齐默尔曼的观点:“如果世界上所有的个人计算机加在一起——大概有 2.6 亿台计算机——破译一条由PGP加密的消息,这需要花费 1200 万倍于宇宙年龄的时间。”

Previous experience, however, tells us that every so-called unbreakable cipher has, sooner or later, succumbed to cryptanalysis. The Vigenère cipher was called le chiffre indéchiffrable, but Babbage broke it; Enigma was considered invulnerable until the Poles revealed its weaknesses. So, are cryptanalysts on the verge of another breakthrough, or is Zimmermann right? Predicting future developments in any technology is always a precarious task, but with ciphers it is particularly risky. Not only do we have to guess which discoveries lie in the future, but we also have to guess which discoveries lie in the present. The tale of James Ellis and GCHQ warns us that there may already be remarkable breakthroughs hidden behind the veil of government secrecy.

然而先前的经验告诉我们,每一种被称为不可破译的密码迟早会屈服于密码分析。维热纳尔密码(The Vigenère cipher)被称为不可破译的密码,但巴比奇(Babbage)破译了它;Enigma 被认为是毫无漏洞的,但波兰人发现了它的弱点。所以,是密码分析师(cryptanalysts)正迎来下一次的突破,还是齐默尔曼是对的?预测任何技术的发展总是充满风险的,密码学尤其如此。我们不但要预测将来会发现什么,而且还要猜测目前已经发现什么。詹姆斯·埃利斯(James Ellis)和 GCHQ 的故事警示着我们,一些重大突破可能就隐藏在政府情报部门之后。

But even if RSA is cracked, there is hope for secure encryption already. In 1984, Charles Bennett, a research fellow at IBM’s Thomas J. Watson Laboratories in New York, developed the idea of quantum cryptography, an encryption system that is absolutely unbreakable. Quantum cryptography is based on quantum physics, a theory that explains how the universe operates at the most fundamental level. Bennett’s idea is based on an aspect of quantum physics known as Heisenberg’s uncertainty principle, which states that it is impossible to measure something with perfect accuracy because the act of measurement alters the object being measured.

但如果 RSA 被破译了,安全加密的希望已经存在。1984年,位于纽约的 IBM 托马斯·J·沃森实验室研究员查尔斯·贝内特(Charles Bennett)提出了量子密码学(quantum cryptography)的想法。量子密码学是完全无法破译的密码系统,它是基于量子物理学(quantum physics),后者是解释宇宙在最基本层面运作方式的理论。贝内特的想法在量子物理学中属于被称为海森堡不确定性原理(Heisenberg’s uncertainty principle)的层面,该定律说不可能以极高的精度测量某个物体,因为测量行为本身会改变被测量的物体。

For example, in order to measure the length of my hand, I must be able to see it, and therefore I must have a source of light, whether it is the sun or a lightbulb. The waves of light stream onto my hand and are then reflected toward my eye, but there are two problems. First, the wavelength of the light limits the accuracy of any length measurement. Additionally, the impact of light waves on my hand will actually change it, just like sea waves lapping against a cliff. As in the case of sea waves, the effect of the light waves is minuscule and is imperceptible at an everyday level. So an engineer trying to measure a bolt to a high degree of precision is limited by the quality of the measuring apparatus long before he runs into the limitations resulting from the uncertainty principle. At the microscopic level, however, the uncertainty principle is a serious problem. At the scale of protons and electrons, inaccuracies in measurement can become comparable to the size of objects being measured. The impact of light can significantly alter the tiny particles being observed.


Bennett came up with the idea of sending messages using fundamental particles, so tiny that if Eve tried to intercept or measure them, then she would mismeasure and alter them. In short, it becomes impossible for Eve to accurately intercept a communication, and even if she attempts to do this, her impact on the communication will become apparent to Alice and Bob, who will know that she is listening and will halt their correspondence.

贝内特提出使用基本粒子发送信息的想法,如果 Eve 尝试截获或测量粒子,她会错误测量并改变它们。简言之,Eve 不可能精确地截获通信,甚至她尝试做了,她的影响对于 Alice 和 Bob 来说很明显,他们会知道她在监听并中断通信。

You might wonder about the following problem: If Alice sends Bob a quantum cyrptographic communication, and Eve cannot read it because of the uncertainty principle, then how can Bob read it? Isn’t he also stymied by the uncertainty principle? The solution is that Bob needs to send a cryptic message back to Alice to confirm what he has received. Because Alice knows what she originally sent to Bob, this second message can be used to remove any ambiguity between Alice and Bob, while still leaving Eve in the dark. At the end of this double exchange, Alice and Bob are in a position to enjoy absolutely secure communication.

你可能会问:Alice 给 Bob 发送了一条量子密码学消息,根据不确定性原理 Eve 无法阅读它,那 Bob 怎么阅读它?他为什么不受到不确定性原理的影响?解决方案是 Bob 需要发送一条密文用于确认他收到的内容,因为 Alice 知道她发给 Bob 的原始内容,第二封消息用于删除 Alice 和 Bob 之间的错误部分,而把 Eve 留在阴暗中。在两次沟通结束后,Alice 和 Bob 便可以愉快地进行完全安全的通信了。

The whole idea of quantum cryptography sounds preposterous, but in 1988 Bennett successfully demonstrated secure communication between two computers across a distance of twelve inches. Long-distance messages are problematic, because the message is being conveyed by individual particles, which are more likely to be corrupted the farther they have to travel. So, ever since Bennett’s experiment, the challenge has been to build a quantum cryptographic system that operates over useful distances. In 1995, researchers at the University of Geneva in Switzerland succeeded in implementing quantum cryptography from Geneva to the town of Nyon, a distance of a little over fourteen miles.

量子密码学的整个想法听起来很荒谬,但 1988 年贝内特成功证明了在两台距离 12 英寸计算机之间安全通信的可行性。长距离消息仍有困难,因为消息是由单个粒子传递的,远距离传输可能会破坏它们。因此在贝内特实验之后,挑战便是在实用距离上建立可运行的量子密码学系统。1995 年,瑞士日内瓦大学(University of Geneva)的研究人员成功实现从日内瓦到尼翁(Nyon)的量子密码学通信,距离 14 英里有余。

Security experts are now wondering how long it will be before quantum cryptography becomes a practical technology. At the moment there is no advantage in having quantum cryptography, because the RSA cipher already gives us access to effectively unbreakable encryption. However, if a codebreaker found a flaw in RSA, then quantum cryptography would become a necessity. So the race is on. The Swiss experiment has already demonstrated that it would be feasible to build a system that permits secure communication between financial institutions within a single city. Indeed, it is currently possible to build a quantum cryptography link between the White House and the Pentagon. Perhaps there already is one.

现在,安全专家想知道量子密码学成为实用技术还需要多久。此时此刻,使用量子密码学并没有太大优势,RSA 密码已经给予我们足够不可破译的加密了。但如果密码破译者发现 RSA 的漏洞,那么量子密码学就变得必要。因此比赛还在继续。瑞士的实验已经证明了,在城市里的金融机构之间建立安全通信的可行性。它确实可以在白宫和五角大楼之间建立量子密码链路(quantum cryptography link),它很可能已经存在了。

Quantum cryptography would mark the end of the battle between codemakers and codebreakers, the codemakers emerging victorious, because quantum cryptography is a truly unbreakable system of encryption. This may seem a rather exaggerated assertion, particularly in the light of previous similar claims. At different times over the last two thousand years cryptographers have believed that the monoalphabetic cipher, the polyalphabetic cipher and machine ciphers such as Enigma were all unbreakable. In each of these cases the cryptographers were eventually proved wrong because their claims were based merely on the fact that the complexity of the ciphers outstripped the ingenuity and technology of cryptanalysts at one point in history. With hindsight, we can see that the cryptanalysts would inevitably figure out a way of breaking each cipher, or developing technology that would break it for them.

量子密码学将标志着密码编码者(codemakers)和密码破译者(codebreakers)战争的结束,密码编码者胜出,因为量子密码学是真正不可破译的密码系统。根据前面类似的说法,这似乎是一个言不副实的断言。在过去两千年里的不同时期,密码编码者相信单字母密码(the monoalphabetic cipher),多表密码(the polyalphabetic cipher)以及像 Enigma 的机器密码都是不可破译的。在这些例子中的密码编码者最终被证明是错的,因为他们断言是建立在密码复杂性的基础之上,而非同时期密码分析师的才智和技术。我们已经看到了,密码分析师不可避免地对这些密码各个击破,开发出新技术破解它们。

However, the claim that quantum cryptography is secure is qualitatively different from all previous claims. Quantum cryptography is not just effectively unbreakable, it is absolutely unbreakable. Quantum theory, the most successful theory in the history of physics, means that it is impossible for Eve to intercept accurately any communication between Alice and Bob. Eve cannot even attempt to intercept anything without Alice and Bob being warned of her eavesdropping. Indeed, if a message protected by quantum cryptography were ever to be deciphered, it would mean that quantum theory is flawed, which would have devastating implications for physicists—they would be forced to reconsider their understanding of how the universe operates at the most fundamental level.

然而,对量子密码学的断言是安全的,它与先前的断言截然不同。量子密码学不仅是不可破译,而且绝对不可破译。量子论是物理学史上最成功的理论,它意味着 Eve 不能精确地拦截 Alice 和 Bob 之间的任何通信。Eve 无法做到 Alice 和 Bob 不被警告的情况下,尝试拦截任何通信,如果可以,这将证明量子论是存在漏洞的。这对物理学家来说是一场灾难——他们将被迫重新思考他们对宇宙在最基本层面运作方式的理解。

If quantum cryptography systems can be engineered to operate over long distances, the evolution of ciphers will stop. The quest for privacy will have come to an end. The technology will be available to guarantee secure communications for governments, the military, businesses and the public. The only question remaining would be whether or not governments would allow us to use the technology.


–翻译自 The Code Book by Simon Singh 青少版,原作所使用许可证 Attribution-Noncommercial-No Derivative Works 3.0显示中英双语关闭中英双语


原:Enigma was considered invulnerable until the Poles revealed its weaknesses.
我:Enigma 被认为是毫无漏洞的,但波兰人发现了它的弱点。
评:我寻思着 Poles 也没有“罗”这个音吧,发音更接近“鲍尔斯”,它真正含义是“波兰人”。

原:At the moment there is no advantage in having quantum cryptography, because the RSA cipher already gives us access to effectively unbreakable encryption.
书:这段时间量子密码术研究没有再取得进展,因为 RSA 密码已经给我们提供了实际操作上不可破译的加密方式。
我:此时此刻,使用量子密码学并没有太大优势,RSA 密码已经给予我们足够不可破译的加密了。
评:《密码故事》译者把 advantage 当作 advanced 翻译了。

原:Not only do we have to guess which discoveries lie in the future, but we also have to guess which discoveries lie in the present. The tale of James Ellis and GCHQ warns us that there may already be remarkable breakthroughs hidden behind the veil of government secrecy.
我:我们不但要预测将来会发现什么,而且还要猜测目前已经发现什么。詹姆斯·埃利斯和 GCHQ 的故事警示着我们,一些重大突破可能就隐藏在政府情报部门之后。

该书的已完成部分翻译已放至 Gitea:

Gitbook 页面: