We often think of security in real time — bank transactions need to be secure so that a hacker cannot direct funds out of your account. However, often we also want privacy for past communication. For example, we might not want our text messages to become public a few days after we send them. More importantly, governments and private companies clearly have reasons for wanting to protect data well into the future.
Retroactive vulnerability refers to the risk of data that was stored in the past being hacked using new methods today. For instance, quantum computers threaten to break the encryption protocols used for nearly all communication on the internet today. Luckily, our data remains safe because quantum computers are not nearly powerful enough today. However, if an adversary stores data obtained from the internet today, they may be able to decrypt that data in the future once quantum computers do achieve the necessary processing power. Data that is perfectly secure today could become public tomorrow. This is the danger of retroactive vulnerability.
Recap: How is data protected on the internet?
Much of the data transferred on the internet today is encrypted using the famous RSA protocol. The goal of RSA is to establish a “secret key”—a random string of 0’s and 1’s—between two parties. If the two parties can do this, they can communicate securely. RSA lets the two parties establish a shared key across a vulnerable communication channel, like the internet. While we won’t get into the details of how this works, a core assumption of the method is the fact that it is computational difficult to find the prime factors of very large numbers. This assumption seemed safe for a while, until Peter Shor showed that a quantum computer could crack these codes efficiently. This discovery sparked some of the interest in quantum computing today, but also created the danger of retroactive vulnerability for today’s data.
How can quantum networks help?
Luckily, quantum networks can provide an alternative to RSA security. As mentioned above, the main requirement for secure communication is the ability to establish shared keys. Using a quantum network, it is possible to establish secret keys using quantum entanglement in a way that is safe from attacks—even attacks from quantum computers.
One example of secure communication using quantum networks is known as quantum key distribution (QKD). Using QKD, two people connected to a quantum network can generate provably secure secret keys. In addition, the properties of quantum mechanics allow for detection of an attacker listening in on the conversation.
While QKD provides safety beyond the assumptions of classical algorithms, many QKD implementations today rely on other sets of assumptions, like trusted nodes. True entanglement distribution networks can enable physics based security without the need for relying on precarious assumptions.
In addition to quantum methods, researchers and engineers are hard at work at developing suitable classical methods, typically known as post-quantum cryptography (PQE). These methods typically avoid the problems raised by Shor’s algorithm, but still rely on similar mathematical assumptions.
Why do we need quantum network security today?
Securing networks today protects against retroactive vulnerability in the future. As we saw above, data that is transmitted on the internet today could become vulnerable to attack in the future once quantum computers become more powerful. However, if that same data was protected using a quantum-safe method, it would remain secure even after the advent of large-scale quantum computing.
See Quantum Networking by Rodney Van Meter for more on this topic; the term "retroactive vulnerability" comes from Richard Hughes.