Red Hot Cyber
Cybersecurity, Cybercrime News and Vulnerability Analysis
Article written by Massimo Dionisi translated by Tara Lee
The Harvest Now, Decrypt Later (HNDL) model describes an attack strategy where encrypted data is collected today – despite being indecipherable – to decrypt in future when powerful quantum computers are available.
This threat is not science fiction: intelligence agencies and APT groups are already planning the silent collection of sensitive data, trusting in the progressive advancement of computing power. In the following article, we explain the mechanisms of HNDL, the actors and the timing involved, and analyse the countermeasures based on post-quantum cryptography.
The term HNDL is already common in advanced cyber security strategies. NIST, the US technology standardisation agency, explains that HNDL is about capturing encrypted data today even if it is not possible to read it straight away [1]. In practice, attackers take encrypted traffic (for example, SSL/TLS banking transactions, diplomatic communications, confidential company data) and archive it in anticipation of future computing power that will make it readable. As Palo Alto networks points out, this is a real risk: “[…]data protected by classical encryption can be captured now and later exposed once quantum decryption becomes feasible. [2]” Experts divide the HNDL attack into distinct phases: [5][6]
Ultimately, as a recent academic study points out, with the advent of quantum computing, the assumption that cryptography guarantees “perpetual secrecy” is no longer valid[13]: data encrypted today can become a temporal “cybernetic weapon” in the future[14][4].
Who is interested in using this tactic? The lead candidates are actors with very long time horizons and advanced resources:
States and Intelligence: governments with cutting-edge quantum programs have a strong interest in long-term data collection. Reports such as that of Booz Allen Hamilton show that state-sponsored hackers (such as the Chinese) already exfiltrate encrypted information with the intention of decrypting it with future quantum computers[3][15]. The Federal Reserve warns that databases of blockchain transactions or government communications could be acquired now and hacked later[4]. The motivation is geopolitical: to block enemy secrets or obtain economic and military advantages in the long term. The HNDL risk is very high, given the scale of the resources and the strategic importance of the information viewed.
Advanced Persistent Threat (APT) groups: Many cyber-strategic units (state-sponsored or private contractors) often act on state or ideological mandates. Although they are smaller than government apparatuses, they possess high-level hackers and can collect sectoral data (telecoms, industry, defense, energy). These groups can adopt HNDL for trafficking and patents, although they often aim for immediate espionage. The risk is high for them too: they have advanced skills and little need for immediate return, aiming for information victory in the medium to long term.
Organised cybercriminals: Cybercriminal cartels and ransomware networks have high resources and strong economic incentives. However, their motivation is mainly immediate profit (blackmail, theft of credentials), not so much the storage of secrets for the future. Nevertheless, they could resell stolen data before even decrypting it or using it in industrial espionage operations. The HNDL risk among cybercriminals is moderate: some might collect data at scale, but they hardly wait years without monetizing right away.
PQC vendors and developers: Companies that produce quantum cryptography libraries and hardware (e.g., IBM, Google, security firms) are not HNDL adversaries, but defenders. For them, the “HNDL risk” is low: their role is to design and deploy secure algorithms (e.g., the implementation of post-quantum AES, hybrid systems, shared keys). Their capacity is high (advanced research), motivation is customer protection and profit on new technologies.
Communities and technical hubs: Open-source communities and think-tanks provide awareness and training. While they are not direct attackers, they can mitigate HNDL by spreading knowledge. Their direct risk is low, but they have the indirect power to amplify the resilience of the country system through networking and training[16][17].
Academia and research centers: universities and laboratories (e.g. mathematicians, cryptographers) study PQC, QKD and forward-secure techniques. Their role is also defensive: a high level of expertise and research incentives make them key players in mitigation. The HNDL risk is minimal, being committed to solving the problem, not exploiting it.
| Type | Role | Capacity | Justification | HNDL Risk |
| States | Large-scale HNDL collectors/performers | Supercomputing, advanced espionage networks | Long-term strategic/military advantage | Very high (bulk collection) |
| State APTs | Targeted cyber espionage | Elite hackers, sophisticated tools | Economic and political espionage | High (sensitive targets) |
| Cybercriminals | Cyberattacks for profit | Complex criminal networks | Profit (data selling, blackmail) | Moderate (focused on the short term) |
| Vendor PQC | Providing quantum-resistant encryption | Advanced research and development | Profit and market responsibility for future security | Low (defensive solutions) |
| Community (e.g. RHC) | Dissemination, training, open intelligence | Human capital and collective knowledge | Building collective resilience and cyber culture | Moderate (build defenses) |
| Academy | Research, standardization and training | Specialist experts, laboratories | Knowledge development, long-term strategies | Low (focus on mitigation) |
Nation states are considered to be among the main implementers of HNDL. As reported in an analysis by Booz Allen, Chinese agencies aim to collect encrypted data by relying on the development of quantum technology[3]. The table above summarizes capacities and incentives: states have the resources to store huge volumes of data, trusting in a strategic return only in the following years. State-sponsored APT groups, although smaller, also aim for similar results with long-term espionage projects[3][16].
Other global players are more heterogeneous: cybercriminals have a main interest in immediate profit, but according to some analysts, they could still grab patents or credentials to resell in preparation for a quantum hit[15]. Financial agencies and governments also retain data with long life cycles (up to 50 years for US federal data) which, according to the Quantum Xchange/BoozAllen report, can be “stolen today with the intent to decrypt it in the future”[18][15]. Finally, communities and academia act as “enablers” of defense: they disseminate knowledge and preparation, indirectly reducing the overall risk[16][19].
The HNDL threat is made possible by the imminent maturation of quantum computing. As NIST explains, our current algorithms (RSA, ECC, DSA) are based on mathematical problems that are intractable for traditional computers[9]. A “critically relevant” quantum computer, thanks to Shor’s algorithm, will instead be able to solve factorization and discrete logarithms quickly, making the keys that are currently secure vulnerable[9][8].
There is uncertainty about when this will happen, but not about the features of the event. NIST notes that estimates range from a few years to several decades, with some experts thinking it is less than a decade. Meanwhile, big tech companies are keeping pace: IBM has announced progress that will aim for a “quantum advantage” by 2026 and fault-tolerant quantum computing by 2029[21]. China and other countries are also investing billions in quantum research, increasing future risk.
Faced with this time window, the cryptographic transition takes on critical importance. The European Union issued a recommendation (“roadmap”) in 2024 inviting Member States to migrate critical infrastructure to post-quantum cryptography (PQC) by 2030[22]. In particular, the adoption of hybrid schemes (combination of classical and post-quantum algorithms) is expected already in the initial transition[22]. ENISA points out that the migration will take years and that any delay amplifies the exposure: “we have to equip ourselves now” it warns, since quantum computers will make all current schemes insecure[19][23]. In short, the emergence of “Q-day” is not a question of if but when, and defenses must be implemented in advance to avoid ending up with a huge amount of sensitive data under fire[24][14].
The “Harvest Now, Decrypt Later” attack overturns the traditional perception of cybersecurity: the real question is no longer only whether data is safe today even in consideration of the possible breach without an immediate ransom demand but whether it will remain protected in the coming decades [24][13]. Independent cyber communities emphasize that the power in the digital sphere is increasingly distributed, and that networks of professionals can mobilize key knowledge. In this context, the defence cedes part of its value to collective training and the dissemination of secure algorithms. HNDL shows that every actor, public or private, must think about the safety of time. The implicit pact is clear: collecting data today means committing to protecting it in the future. In other words, today’s resilience becomes tomorrow’s secrecy.
