The Harvest-Now-Decrypt-Later Threat

What Is Harvest-Now-Decrypt-Later?

Harvest-now-decrypt-later (HNDL) is a threat model where adversaries intercept and store encrypted data today. They do not attempt to break the encryption immediately. Instead, they wait until quantum computers can decrypt the captured ciphertext.

The attack requires no quantum capability at the time of capture. The adversary needs only network access, storage capacity, and the expectation that quantum computers will eventually break the encryption protecting the data.

This makes HNDL fundamentally different from other cryptographic attacks. Traditional attacks exploit implementation flaws or weak keys. HNDL exploits the finite lifespan of algorithmic security itself.

Why HNDL Changes the Migration Timeline

Most discussions about quantum threats focus on when cryptographically relevant quantum computers (CRQCs) will arrive. Estimates range from 2030 to 2040. Some organizations use this uncertainty to delay PQC migration.

HNDL eliminates that luxury. The relevant question is not “When will quantum computers break RSA?” but “How long must my data stay secret?”

Consider this formula:

If (data secrecy lifetime) > (time until CRQC arrives) − (time to complete PQC migration), then the data is already at risk.

A government agency protecting classified documents with a 50-year secrecy requirement faces HNDL risk today. A hospital storing patient records that must remain confidential for 30+ years faces the same risk. A financial institution protecting transaction data with a 7-year retention window has more time — but not as much as it might assume.

Who Conducts HNDL Attacks?

HNDL is primarily a nation-state threat. The attack requires:

• Network interception capability — access to fiber optic taps, internet exchange points, or compromised network infrastructure
• Massive storage capacity — petabytes of captured ciphertext accumulated over years
• Long-term strategic patience — willingness to invest in data collection without immediate return
• Quantum computing investment — active programs to build or acquire CRQCs

Intelligence agencies of major nations meet all four criteria. The NSA, GCHQ, and their counterparts in China, Russia, and other nations operate global signals intelligence programs. These programs already capture vast quantities of encrypted traffic. Adding quantum-targeted collection to existing programs requires minimal incremental effort.

Private threat actors and cybercriminal groups are less likely to execute HNDL at scale. They lack the storage infrastructure and long-term planning horizon. However, targeted HNDL against high-value corporate secrets — pharmaceutical research, merger plans, trade negotiations — is plausible for well-funded groups.

Real-World HNDL Scenarios

Government and Defense

Diplomatic cables, intelligence reports, and military communications carry secrecy lifetimes of 25 to 75 years. An adversary capturing encrypted diplomatic traffic today gains access to strategic intelligence once quantum decryption becomes available. The damage compounds because historical context often reveals current capabilities and methods.

Financial Services

Banking transactions, trading algorithms, and customer financial records carry regulatory retention requirements of 5 to 10 years. Merger and acquisition communications, however, contain market-moving information that retains value for much longer. HNDL targeting encrypted communications between investment banks during active deals could yield insider trading opportunities years later.

Healthcare

Patient health records carry HIPAA-mandated protections with no expiration. Genomic data is permanently sensitive — a patient’s DNA sequence never changes. Encrypted transmissions of health data between providers, insurers, and research institutions are high-value HNDL targets.

Critical Infrastructure

SCADA protocols, industrial control system configurations, and power grid topology data have operational secrecy requirements that extend for the lifetime of the infrastructure. Capturing encrypted control system traffic today could reveal vulnerabilities exploitable decades from now.

Data Classification by Secrecy Lifetime

Defending against HNDL starts with understanding which data needs protection and for how long. Classify your data into tiers based on secrecy lifetime:

Tier 1: Permanent secrecy (25+ years) Classified government data, genomic records, long-term trade secrets, cryptographic key material. These systems need PQC migration now.

Tier 2: Extended secrecy (10–25 years) Financial records, legal documents, intellectual property, strategic business plans. These systems should begin PQC migration planning within the next 1–2 years.

Tier 3: Medium secrecy (5–10 years) Transaction records, customer data under regulatory retention, operational communications. These systems can follow a standard PQC migration timeline aligned with certificate renewal cycles.

Tier 4: Short secrecy (under 5 years) Session tokens, ephemeral communications, cached data. These systems face minimal HNDL risk but should still transition to PQC as part of routine infrastructure updates.

The Urgency Drivers

Three factors make HNDL defense urgent even though CRQCs do not yet exist:

1. Migration Takes Years

Transitioning an enterprise from RSA/ECC to post-quantum algorithms is not a software update. It requires certificate inventory, algorithm testing, infrastructure upgrades, vendor coordination, and phased rollout. Large organizations estimate 5 to 10 years for full migration.

2. Data Is Already Being Captured

Nation-state signals intelligence programs operate continuously. Encrypted traffic crossing international links, cloud provider networks, and internet exchange points is subject to bulk collection. The capture phase of HNDL is already underway.

3. Quantum Progress Accelerates

Quantum computing investment exceeds $30 billion globally. IBM, Google, and national laboratories publish regular advances in qubit count, error correction, and coherence time. Each breakthrough shortens the estimated timeline to a CRQC.

What to Do Now

Inventory Your Cryptographic Assets

You cannot protect what you have not cataloged. QCecuring’s CLM platform discovers every certificate across your infrastructure — cloud services, on-premises servers, load balancers, and IoT devices. This inventory reveals which connections use RSA or ECC and which protect high-value data.

For SSH infrastructure, QCecuring’s SSH KLM provides equivalent visibility into SSH keys, their algorithms, and the systems they protect.

Map Data Flows to Encryption

Identify which network connections carry Tier 1 and Tier 2 data. Trace the data flow from origin to destination and document the encryption algorithms protecting each hop. This mapping tells you where HNDL risk concentrates.

Prioritize PQC Migration by Risk

Apply the secrecy lifetime formula to each data flow. Systems where the secrecy lifetime exceeds the estimated CRQC timeline minus your migration timeline are immediate priorities.

Deploy Hybrid Cryptography

During the transition period, deploy hybrid TLS configurations that combine a classical algorithm with a post-quantum algorithm. If the classical algorithm is broken by a quantum computer, the post-quantum algorithm still protects the session. If the post-quantum algorithm has an undiscovered weakness, the classical algorithm provides a fallback.

Establish Continuous Monitoring

HNDL defense is not a one-time project. New certificates are issued, new services are deployed, and new data flows emerge continuously. Automated certificate lifecycle management ensures that every new certificate aligns with your PQC migration policy.

QCecuring’s CLM platform automates certificate renewal with policy enforcement. As your organization transitions to post-quantum algorithms, CLM ensures new certificates use the correct algorithms and key sizes without manual intervention.

The harvest-now-decrypt-later threat reframes PQC migration from a future concern to a present-day security requirement. Organizations that begin now protect their most sensitive data against an adversary who is already collecting.