Harvest Now, Decrypt Later
What is Harvest Now, Decrypt Later?
Harvest Now, Decrypt LaterAn attack strategy where adversaries record encrypted traffic today to decrypt it once cryptographically relevant quantum computers become available.
Harvest now, decrypt later (HNDL), also called store-now-decrypt-later, describes adversaries who intercept and archive encrypted communications today with the expectation that future cryptographically relevant quantum computers will break the underlying public-key schemes, especially RSA and elliptic-curve Diffie-Hellman. The threat is most acute for long-lived secrets such as state-level intelligence, healthcare records, intellectual property, and root cryptographic keys whose value persists for decades. Mitigations focus on migrating to NIST-selected post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA), hybrid TLS and IPsec key exchange, shortening secret lifetimes, and enforcing crypto agility so algorithms can be replaced without redesign.
● Examples
- 01
A nation-state tapping a transatlantic cable to archive encrypted diplomatic traffic for future quantum decryption.
- 02
Mandating hybrid X25519+ML-KEM in TLS to neutralize captured 2026 sessions in a post-quantum world.
● Frequently asked questions
What is Harvest Now, Decrypt Later?
An attack strategy where adversaries record encrypted traffic today to decrypt it once cryptographically relevant quantum computers become available. It belongs to the Cryptography category of cybersecurity.
What does Harvest Now, Decrypt Later mean?
An attack strategy where adversaries record encrypted traffic today to decrypt it once cryptographically relevant quantum computers become available.
How does Harvest Now, Decrypt Later work?
Harvest now, decrypt later (HNDL), also called store-now-decrypt-later, describes adversaries who intercept and archive encrypted communications today with the expectation that future cryptographically relevant quantum computers will break the underlying public-key schemes, especially RSA and elliptic-curve Diffie-Hellman. The threat is most acute for long-lived secrets such as state-level intelligence, healthcare records, intellectual property, and root cryptographic keys whose value persists for decades. Mitigations focus on migrating to NIST-selected post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA), hybrid TLS and IPsec key exchange, shortening secret lifetimes, and enforcing crypto agility so algorithms can be replaced without redesign.
How do you defend against Harvest Now, Decrypt Later?
Defences for Harvest Now, Decrypt Later typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Harvest Now, Decrypt Later?
Common alternative names include: HNDL, Store now, decrypt later.
● Related terms
- cryptography№ 846
Post-Quantum Cryptography
Classical cryptographic algorithms designed to remain secure against attacks by both classical and large-scale quantum computers.
- cryptography№ 244
Cryptographic Agility
The property of a system that lets it replace cryptographic algorithms, parameters, or keys quickly and safely when threats or standards change.
- cryptography№ 891
Quantum Key Distribution (QKD)
A method that uses quantum-mechanical properties of photons to let two parties share a secret key while detecting any eavesdropper on the channel.
- network-security№ 1159
TLS (Transport Layer Security)
The IETF-standardized cryptographic protocol that provides confidentiality, integrity, and authentication for traffic between two networked applications.
● See also
- № 086BB84 Protocol