What Is a Harvest Now, Decrypt Later Attack?
A harvest now, decrypt later (HNDL) attack—also called "store now, decrypt later" or "retrospective decryption"—is a strategy where adversaries intercept and store encrypted data today with the intention of decrypting it in the future when more powerful computing resources become available.
The specific threat driving concern about HNDL attacks is quantum computing. Quantum computers will eventually be capable of breaking the public-key cryptography (RSA, ECC, Diffie-Hellman) that currently protects most encrypted communications. Data encrypted today could become readable within the decade.
The Attack Is Happening Now
HNDL attacks are not theoretical future threats—they are actively occurring today. Adversaries are collecting encrypted data right now, betting on quantum computers making that data readable within their planning horizons.
How HNDL Attacks Work
The attack follows a straightforward pattern:
- Collection: Adversaries intercept encrypted data in transit (network traffic, VPN tunnels, TLS sessions) or exfiltrate encrypted data at rest from compromised systems.
- Storage: The encrypted data is stored in long-term archives. Storage costs are low and continue to decrease.
- Waiting: The attacker waits for quantum computing technology to mature sufficiently to break the encryption.
- Decryption: Once cryptographically relevant quantum computers (CRQCs) become available, the archived data is decrypted and exploited.
Why This Attack Is Particularly Dangerous
- Invisible today: There's no immediate indication that an HNDL attack has occurred. The data breach won't be apparent until decryption happens years later.
- Irreversible: Once data has been harvested, you cannot "un-collect" it. The exposure is permanent.
- Low cost: Storage is cheap, making it economical to collect vast amounts of encrypted data speculatively.
- High reward: Data that remains sensitive for years (state secrets, trade secrets, personal data) offers significant long-term value.
Who Is Conducting HNDL Attacks?
HNDL attacks require significant resources and a long-term strategic perspective. The primary threat actors include:
| Actor Type | Motivation | Targets |
|---|---|---|
| Nation-States | Intelligence, strategic advantage | Government, defense, critical infrastructure |
| Intelligence Agencies | Signals intelligence | Diplomatic communications, military |
| State-Sponsored Groups | Economic espionage | Technology companies, research institutions |
| Sophisticated Criminals | Long-term financial gain | Financial institutions, wealthy individuals |
What Data Is Most at Risk?
Not all data is equally vulnerable to HNDL attacks. The key factor is data longevity—how long the data will remain sensitive:
High-Risk Data Categories
- Classified government information: State secrets often remain classified for decades
- Trade secrets and intellectual property: Competitive advantages that persist for years
- Personal health records: Sensitive for the lifetime of the individual
- Financial records: Account information, transaction histories
- Legal documents: Attorney-client communications, contracts
- Biometric data: Cannot be changed if compromised
- Infrastructure data: Network diagrams, security configurations
The X + Y Formula
Consider: If your data needs to remain confidential for X years, and quantum computers will break current encryption in Y years, and X > Y, then your data is at risk from HNDL attacks today.
When Will Decryption Become Possible?
While predictions vary, most experts estimate cryptographically relevant quantum computers (CRQCs) capable of breaking RSA-2048 will emerge between 2030 and 2040:
- Conservative estimates: 2035-2040
- Moderate estimates: 2030-2035
- Aggressive estimates: 2028-2033
However, the question isn't just when CRQCs will arrive—it's whether your data will still be sensitive at that time. Data encrypted today will be decryptable in 10-15 years. Will your data still matter then?
How to Protect Against HNDL Attacks
Organizations should implement a defense-in-depth strategy:
1. Assess Your Data Sensitivity Timeline
Identify which data requires long-term confidentiality and prioritize protection for that data. Not everything needs quantum-resistant protection today, but data with 10+ year sensitivity requirements does.
2. Begin Post-Quantum Cryptography Migration
Start transitioning high-risk data protection to quantum-resistant algorithms. NIST has finalized PQC standards (ML-KEM, ML-DSA) that can be implemented now.
3. Implement Hybrid Encryption
During the transition period, use hybrid approaches that combine classical and post-quantum algorithms. This protects against both current threats and future quantum attacks.
4. Enhance Network Security
Reduce the opportunity for data interception through:
- Network segmentation
- Enhanced monitoring for data exfiltration
- Zero-trust architecture implementation
- Encrypted internal communications
5. Minimize Data Collection and Retention
The less sensitive data you store, the less there is to harvest. Implement data minimization principles and retention policies that delete data when no longer needed.
6. Implement Perfect Forward Secrecy
Use ephemeral keys where possible so that compromise of long-term keys doesn't expose past sessions.
QRAMM Assessment
The QRAMM framework helps organizations assess their vulnerability to HNDL attacks through its Data Protection and Encryption (DPE) dimension, which evaluates cryptographic controls and data protection practices.
Organizational Response
Addressing the HNDL threat requires organizational commitment:
- Executive awareness: Leadership must understand this is a present-day risk, not a future problem
- Cryptographic inventory: Know where cryptography is used and what algorithms are in place
- Risk assessment: Evaluate which data is vulnerable based on sensitivity timeline
- Migration planning: Develop a roadmap for transitioning to quantum-resistant cryptography
- Vendor engagement: Ensure suppliers and partners are also addressing this threat
Conclusion
Harvest now, decrypt later attacks represent one of the most insidious threats in the quantum computing era. The attack is happening today, but the damage won't be visible for years. Organizations that wait until quantum computers arrive to address this threat will find that their most sensitive historical data has already been compromised.
The time to act is now. Assess your data sensitivity, begin your post-quantum migration, and implement the controls necessary to protect your most valuable information from retrospective decryption.
Use the QRAMM Assessment Toolkit to evaluate your organization's current quantum readiness and identify priority areas for protection against HNDL attacks.