Abstract
Attackers are quietly collecting encrypted data today so it can be broken with tomorrow’s quantum computers. This article explains the harvest-now, decrypt-later (HNDL) threat, why the risk window is shrinking, and what it means for any developer or decision-maker who handles long-lived sensitive data.
Key Points at a Glance
- HNDL is happening now: internet traffic hijacks (2016-2024) show nation-states already stockpiling ciphertext.
- Quantum timeline compressed: a 20-fold resource reduction for breaking RSA-2048 was demonstrated by Google researchers in 2025.
- 22.7 % of crypto experts expect RSA-2048 to fall by 2030; 50 % say no later than 2035.
- NIST finalised the first three post-quantum standards in 2024; regulators (NSA, BSI, NCSC) target 2030 for critical migrations.
- Long retention = long risk: healthcare, finance, IP and classified data often remain valuable for 10–25 years or more.
What Is Harvest-Now, Decrypt-Later?
Traditional cyber-crime cashes in immediately. HNDL flips the script: attackers passively exfiltrate or divert encrypted data today and file it away until a cryptographically relevant quantum computer (CRQC) arrives. With Shor’s algorithm, that machine will slice through RSA and elliptic-curve keys, turning archives of useless ciphertext into readable gold.
Why the Timeline Is Accelerating
In early 2025, Google Quantum AI showed that RSA-2048 could, in theory, be factored with ≈1 million noisy qubits running one week—down from previous estimates of 20 million. Meanwhile, IBM’s roadmap targets fault-tolerant machines before 2030. Government and industry are reacting fast: NIST’s ML-KEM & ML-DSA became U.S. standards in August 2024, and Germany’s BSI—joined by 17 EU states—calls for quantum-safe protection of sensitive systems no later than end-2030.
Your Old Data Won’t Stay Secret
Regulations force organisations to keep data far longer than most encryption lifecycles:
- Healthcare ✚ – patient and Medicare records: 6–10 years.
- Finance 💶 – audit & brokerage docs: 7 years to indefinite.
- Government 🛡 – classified info: 25+ years.
- IP 🔬 – patent files & CAD models: ~20 years.
Imagine this: your company’s confidential contracts from 2015—once thought safe behind RSA-2048—suddenly leak to a hacker in 2030. Would that cost you? If the answer is “yes,” that is exactly the scenario looming if HNDL isn’t taken seriously.
Real-World Sightings of HNDL
The strategy is not hypothetical. Internet route hijacks in 2016 (Canadian traffic via China), 2019 (European mobile traffic via China Telecom) and 2020 (U.S. tech traffic via Russia) diverted vast encrypted flows—perfect HNDL fodder. Intelligence briefings from NSA and FBI confirm adversaries are “stealing massive volumes of encrypted data and shelving it until quantum techniques emerge.”
Takeaways for Developers & Decision-Makers
Assume anything encrypted with RSA/ECC today may be plaintext tomorrow—especially if it must stay secret into the 2030s.
Start crypto inventory and crypto-agility work now; it is the longest pole in the tent.
Watch vendor roadmaps: browsers and major clouds will add hybrid post-quantum TLS first—be ready to enable it.
Align with hard deadlines (NSA 2030, BSI 2030, NCSC 2035). Waiting until 2029 is a recipe for a Y2K-style scramble.
Early movers turn security into a market differentiator; laggards may face regulatory fines and loss of trust.
Next Step
Ready to go deeper? Our follow-up article covers real-world post-quantum deployments and new government rules shaping this transition.
Read Part 2 →