The Threat That Already Started

Most organizations treat quantum computing as a future problem. They assume they have years before quantum computers threaten their encryption. That assumption is wrong.

The harvest-now-decrypt-later (HNDL) attack is active today. Adversaries intercept and store encrypted data now. They wait for quantum computers to mature. Then they decrypt everything at once.

Your data does not need to be valuable tomorrow. It needs to be valuable on the day a cryptographically relevant quantum computer (CRQC) comes online. For medical records, financial data, trade secrets, and government communications, that value persists for decades.

How HNDL Works

The attack follows three stages.

Stage 1: Harvest

Adversaries with access to network traffic capture encrypted data in bulk. This includes TLS-encrypted web traffic, VPN tunnels, encrypted email, and database replication streams.

Nation-state actors operate large-scale interception programs. They tap undersea cables, compromise ISP infrastructure, and exploit cloud provider peering points. The storage cost is trivial compared to the intelligence value.

Corporate espionage actors target specific organizations. They compromise network equipment, deploy passive taps, or exploit cloud misconfigurations to capture encrypted traffic.

Stage 2: Store

Captured ciphertext goes into long-term storage. Hard drive costs continue to drop. Storing petabytes of encrypted traffic for 10 to 15 years costs less than a single zero-day exploit.

The adversary does not need to know what the data contains. They store everything and sort it later.

Stage 3: Decrypt

When a CRQC becomes available, the adversary runs Shor’s algorithm against the stored RSA and ECC ciphertext. Every session key, every signed document, every encrypted message becomes readable.

The decryption phase is fast. Shor’s algorithm breaks RSA-2048 in polynomial time on a sufficiently large quantum computer. The bottleneck is building the quantum hardware, not running the algorithm.

Real-World HNDL Scenarios

Government Intelligence

A foreign intelligence service captures encrypted diplomatic cables between embassies. The cables use RSA-2048 key exchange. The content discusses treaty negotiations, sanctions strategy, and intelligence assessments.

Fifteen years later, a CRQC decrypts the archive. The intelligence value remains high. Diplomatic positions, source identities, and strategic assessments are exposed.

Financial Services

An adversary captures encrypted transaction data from a major bank’s payment processing network. The data includes account numbers, transaction amounts, and customer identities.

Even after 10 years, this data enables identity theft, fraud, and competitive intelligence. Regulatory penalties compound the damage.

Healthcare

Encrypted patient records transit between hospitals, insurers, and research institutions. An adversary captures the traffic and stores it.

Medical records have indefinite confidentiality requirements under HIPAA. Decrypted records expose diagnoses, genetic data, and treatment histories. The liability is permanent.

Intellectual Property

A technology company’s encrypted R&D communications cross the public internet between offices. Patent filings, prototype designs, and competitive analysis travel in those packets.

A competitor or nation-state captures the traffic. Quantum decryption reveals product roadmaps and trade secrets years before they lose commercial value.

Why Current Encryption Fails Against HNDL

RSA and ECC provide strong protection against classical computers. A 2048-bit RSA key resists brute-force attacks for billions of years on classical hardware.

Quantum computers change the equation entirely. Shor’s algorithm reduces RSA factoring from exponential to polynomial complexity. A CRQC with enough stable qubits breaks RSA-2048 in hours, not eons.

The critical insight: HNDL separates the capture from the decryption. Your encryption only needs to be quantum-vulnerable at the time of decryption, not at the time of capture. Data encrypted with RSA today is already committed to a future where quantum computers exist.

Data Classification for HNDL Risk

Not all data faces equal HNDL risk. Classify your data by confidentiality window to prioritize your response.

Confidentiality Window	Examples	HNDL Risk Level
25+ years	Government secrets, genetic data, intelligence sources	Critical
15–25 years	Trade secrets, M&A strategy, diplomatic communications	High
5–15 years	Financial records, customer PII, healthcare records	Medium
Under 5 years	Session tokens, ephemeral keys, short-lived credentials	Low

Data in the critical and high tiers is already in the HNDL danger zone. The Q-Day timeline estimates place CRQCs within 10 to 15 years. Data captured today with a 15-year confidentiality window will still be sensitive when quantum decryption becomes feasible.

Immediate Actions

1. Inventory Your Cryptographic Assets

Map every certificate, key, and encrypted channel in your environment. QCecuring’s Certificate Lifecycle Management platform automates discovery across cloud, on-premises, and hybrid infrastructure. You need to know which algorithms protect which data before you can prioritize migration.

2. Identify Long-Lived Data Flows

Trace where your most sensitive data travels. Focus on data that crosses network boundaries: inter-office links, cloud replication, partner integrations, and backup transfers. These transit points are where HNDL capture occurs.

3. Deploy Forward Secrecy Everywhere

Ensure all TLS connections use ephemeral key exchange (ECDHE or DHE). Forward secrecy means each session uses a unique key. Compromising one session key does not expose other sessions.

Forward secrecy does not stop HNDL entirely. A quantum computer still breaks each session’s ECDHE key individually. But it forces the adversary to attack each session separately rather than recovering a single long-term key that decrypts everything.

4. Accelerate PQC Migration for Critical Data

Do not wait for a full enterprise migration. Prioritize post-quantum protection for your highest-risk data flows immediately.

NIST’s ML-KEM (FIPS 203) provides quantum-resistant key encapsulation. Hybrid TLS deployments combine ML-KEM with ECDH, protecting against both classical and quantum attacks during the transition.

QCecuring’s CLM supports managing hybrid certificate profiles alongside classical certificates. As CAs issue ML-KEM certificates, CLM handles automated renewal and policy enforcement.

5. Rotate SSH Keys and Signing Certificates

SSH keys and code signing certificates often have long lifetimes and protect high-value assets. QCecuring’s SSH Key Lifecycle Management automates key rotation, reducing the window of exposure for any single key.

Review your code signing pipeline for algorithm dependencies. Signed software artifacts remain verifiable for years. Signatures made with RSA or ECC today will be forgeable once quantum computers arrive.

6. Monitor and Enforce Algorithm Policies

Set policies that flag and block deprecated algorithm usage. Your CLM platform should alert when new certificates are issued with algorithms below your minimum security threshold.

The Cost of Inaction

HNDL is not a theoretical risk. Intelligence agencies have publicly acknowledged bulk data collection programs. The storage economics make HNDL trivially affordable for nation-states and well-funded adversaries.

Every day your sensitive data transits the network under RSA or ECC protection, that data enters the HNDL pipeline. The exposure is cumulative and irreversible. You cannot un-capture data that has already been harvested.

Start Protecting Your Data Now

The HNDL threat demands immediate action, not a five-year roadmap. Begin with a cryptographic inventory, classify your data by confidentiality window, and prioritize post-quantum migration for critical assets.

Read our HNDL education guide for a deeper technical analysis of the threat model and mitigation strategies.