When organizations assess quantum computing risks, many assume the threat lies decades in the future. However, one of the most dangerous quantum-related attack scenarios has already begun and it does not require a functional quantum computer
today.
This threat, known as “Harvest Now, Decrypt Later” (HNDL), refers to adversaries intercepting and storing encrypted data today with the intention of decrypting it in the future once quantum computers become capable of breaking current cryptographic algorithms. The attack is silent, invisible, and long-term.
Why Current Encryption Will Eventually Break
Modern secure communications rely heavily on RSA, Elliptic Curve Cryptography (ECC), and Diffie-Hellman key exchange. While these algorithms remain secure against classical computers, a sufficiently powerful quantum computer running Shor’s Algorithm could break them efficiently.
As a result, encrypted VPN traffic, TLS communications, secure email archives, digitally signed documents, and long term stored backups may all become readable in the future.
Who Should Be Concerned
Not all data requires perpetual confidentiality. However, data that must remain secure for 10, 20, or even 50 years is particularly at risk. This includes financial transaction records, national digital identity systems, government classified information, healthcare records, intellectual property, and cryptographic keys.
The risk is especially severe for banks, financial institutions, government agencies, national PKI operators, and critical infrastructure providers.
The Silent Exposure of Long-Term Confidential Data
Unlike ransomware or conventional data breaches, HNDL attacks produce no immediate indicators. There is no system disruption, alert, or ransom demand. Organizations may believe their encrypted data is safe while copies are quietly being collected. By the time quantum computers can break RSA or ECC, the data may already reside in adversarial archives.
The Impact on PKI and Digital Identity
Public Key Infrastructure (PKI) is especially vulnerable to quantum disruption. If quantum computers can break private keys, forge digital signatures, or impersonate certificate authorities, the trust model underpinning digital identity and secure communications collapses. This transforms the challenge from a confidentiality issue into a fundamental trust integrity problem.
Why Waiting Is Not a Strategy
Many organizations are waiting for:
- Clear regulatory mandates
- Mature standards
- Full Post-Quantum Cryptography (PQC) adoption
However, the migration timeline for large enterprises can take years. Updating:
- PKI infrastructure
- HSM firmware
- Certificate policies
- Applications
- APIs
- Legacy systems
And it is not a quick process.
If your sensitive data must remain secure beyond 10 years, preparation must start now.
The Path Forward: Crypto-Agility and PQC Readiness
Mitigating Harvest Now, Decrypt Later risk requires a proactive strategy:
1. Data Lifetime Classification
Identify which data must remain confidential long-term.
2. Crypto-Agility
Ensure systems can transition from RSA/ECC to new algorithms without full redesign.
3. Hybrid Cryptography
Ensure systems can transition from RSA/ECC to new algorithms without full redesign.
4. PQC-Ready PKI and HSM
Work with vendors that are actively preparing for post-quantum algorithm support.
5. Governance and Roadmap
Develop a quantum readiness roadmap aligned with industry standards and regulatory expectations.
The Cost of Inaction
The danger of Harvest Now, Decrypt Later lies in its subtlety, it feels like a future problem. Yet the harvesting is already happening. Organizations that delay quantum readiness risk exposing decades of confidential records, digital identity systems, legal evidence, and strategic national data. Once decrypted, the damage cannot be undone.
Conclusion
Quantum computing will not break encryption overnight, but the transition window is already open. Harvest Now, Decrypt Later serves as a reminder that cybersecurity is not only about protecting today’s systems, but also about preserving tomorrow’s trust. Organizations that act early will control the transition; those who wait may find their encrypted past already compromised.
About The Author
Rahmat Ilahi
