Harvest Now, Decrypt later: preparing for quantum computing threats

Reading Time: 3 minutes

Category: Post-Quantum Cryptography


Setting the stage

It begins at night. A black van rolls to a stop outside a data center, its cargo doors already open. But no one rushes in with drills or explosives. Instead, a silent team of specialists lifts out an enormous safe: your safe. They don’t crack it. They don’t even try. They just take the whole thing and vanish into the dark. Their plan? Wait. Wait for the day when the lock, once unbreakable, opens with a whisper.

That’s the essence of ‘harvest now, decrypt later’ (HNDL). In cybersecurity terms, this cinematic heist plays out as HNDL: adversaries capturing encrypted data today, knowing that tomorrow’s quantum computers may effortlessly unlock it. The implications are profound, and urgent.

Understanding Harvest Now, Decrypt Later

To understand the real risk, we need to examine how HNDL plays out in practice. Attackers exploit current cryptographic vulnerabilities. Malicious actors intercept encrypted communications, store them indefinitely, and wait patiently for quantum advancements to render encryption obsolete. This might raise a natural question: why would someone care about decrypting data a decade from now?

The answer lies in the long tail of value. Not all secrets have a short shelf life. We’re not talking about session cookies or temporary tokens; this is about strategic corporate blueprints, state secrets, private health records, legal contracts, and decades-long R&D. Data doesn’t need to be immediately useful to be valuable later. A breakthrough drug formula, intercepted today, could redefine a market ten years from now. A leaked diplomatic cable might destabilize regions retroactively. Information has memory and attackers are betting on that.

Q-Day: The Algorithms at Risk

“Q-Day” refers to the hypothetical moment when quantum computers will be capable of breaking widely-used cryptographic systems. Although quantum computers capable of this aren’t here yet (and may still be a decade or more away) the cryptographic algorithms they threaten are very real, time-tested, and foundational to today’s digital security.

At the heart of the threat are two categories of encryption: symmetric and asymmetric. Symmetric encryption relies on a single key that both encrypts and decrypts data. This key must be shared securely between parties, which introduces logistical and security challenges.

Asymmetric encryption, on the other hand, uses a mathematically linked key pair (a public key for encryption and a private key for decryption) eliminating the need for secure key sharing. This distinction becomes critical in the quantum context. Symmetric encryption is weakened by Grover’s algorithm, a quantum method that offers a quadratic speedup for brute-force attacks. This effectively halves the security level, making AES-256 behave more like AES-128 under quantum conditions. Still, this kind of encryption can be reinforced with longer keys, such as AES-512.

Asymmetric encryption, however, faces a more severe threat. Shor’s algorithm (an efficient quantum method for factoring large numbers) breaks the mathematical backbone of algorithms like RSA and ECC. These algorithms aren’t theoretical; they’re well-understood and real. What’s missing is the hardware. What’s missing is quantum hardware powerful enough to run them at scale. Once it arrives, asymmetric cryptography as we know it becomes obsolete.

Although predicting Q-Day’s exact arrival is difficult, most estimates put it between 2030 and 2040. Some researchers suggest it may come later, while others warn that a breakthrough could pull it much closer. In any case, the prudent stance is to treat it as inevitable and prepare now.

Real-World Indicators of the Threat

While quantum decryption capabilities remain on the horizon, real-world incidents already suggest that some actors are preparing. For example: In 2016, internet traffic from Canada to South Korea was rerouted through

China. In 2019, large-scale European mobile traffic was similarly redirected. And in 2020, data from Google, Amazon, and other services was funneled through Russian servers. While these reroutes didn’t necessarily involve quantum decryption, they exemplify the kind of passive data harvesting associated with HNDL, and raise red flags about who’s building stockpiles of encrypted data for future use.

Assessing Risk and Impact

Risk assessment must begin with a clear understanding of the longevity of both the data and the systems in which it resides. Information requiring confidentiality beyond the advent of quantum computing (such as legal contracts, health records, or trade secrets) demands urgent scrutiny.

Similarly, systems expected to remain operational for decades, including those in industrial control or government infrastructure, must be evaluated for quantum resistance from their design phase.

These dual lifespans (of data and infrastructure) form the basis of strategic decision-making. The longer either must remain secure or functional, the higher the urgency to adopt quantum-safe practices today. Considering the typical timeline of cryptographic transitions, such as the migration from SHA-1 to SHA-256, which took more than five years in many cases, it becomes evident that immediate action is essential to ensure continuity and resilience.

Mitigation Strategies and Preparedness

Organizations can mitigate risks associated with quantum threats by adopting quantum-resistant algorithms, such as lattice-based or code-based cryptography. These algorithms rely on mathematical problems that remain difficult to solve, even with the power of quantum computers, thereby safeguarding data and communications against future cryptographic attacks.

The National Institute of Standards and Technology (NIST) has been leading an effort to evaluate and standardize post-quantum cryptographic solutions, with several candidate algorithms in the final stages of approval (e.g., CRYSTALS-Kyber for key exchange and CRYSTALS-Dilithium for digital signatures).

Equally important is embracing crypto agility: the ability to quickly switch between cryptographic algorithms. By integrating a crypto-agile framework, organizations can seamlessly adapt as new quantum-resistant methods are approved or when vulnerabilities are discovered, ensuring that sensitive information remains protected in the long term.

Quantum safety isn’t a future problem. It’s a migration challenge that starts now.

References

  • PQC Migration Handbook
  • RFC 8784
  • NIST PQC Project
  • Grover, L.K. (1996). “Quantum Algorithm for Database Search.”
  • Shor, P.W. (1994). “Quantum Algorithms for Factoring.”
  • HP Wolf Security Nation-State Report