Harvest Now, Decrypt Later (HNDL): The Quantum Threat to Encrypted Communications
The Threat That Doesn't Need to Break Your Encryption Today
In August 2024, the U.S. National Institute of Standards and Technology (NIST) finalized its first set of post-quantum cryptographic standards — a milestone that signaled one clear message to the security community: the quantum threat to encrypted communications is no longer a theoretical future problem. It is a present planning requirement.
At the center of that planning requirement is a strategy known as Harvest Now, Decrypt Later (HNDL).
Unlike most cyberattacks that target immediate access, HNDL operates on a different timeline entirely. Adversaries intercept encrypted communications today — messages, calls, video conferences, file transfers — and archive them at scale. The data remains unreadable for now. But when quantum computing capabilities mature sufficiently to break the cryptographic algorithms protecting that data, every archived communication becomes accessible.
The collection phase of HNDL is already documented. U.S. and allied intelligence agencies have publicly acknowledged that sophisticated nation-state actors are harvesting encrypted traffic with long-term decryption in mind. The question organizations need to ask is not whether their data could be collected. It is whether the information they are transmitting today will still matter — commercially, diplomatically, operationally, or legally — in five, ten, or twenty years.
For most organizations operating in sensitive sectors, the answer is yes.
What Is Harvest Now, Decrypt Later (HNDL)?
Harvest Now, Decrypt Later (HNDL) is a cyberattack strategy in which adversaries collect and archive encrypted communications today, intending to decrypt them once sufficiently advanced quantum computing becomes available.
The attack does not require breaking encryption in real time. It requires only the ability to intercept traffic and the infrastructure to store it — both of which are well within the capabilities of sophisticated threat actors.
HNDL is particularly dangerous because:
- It is silent. Organizations have no way to detect that their encrypted communications are being archived.
- It bypasses current defenses. Even perfectly implemented encryption provides no protection if the underlying algorithm can eventually be broken by a quantum computer.
- It is irreversible. Communications that have already been harvested cannot be "un-collected." If an organization has not yet transitioned to quantum-resistant encryption, historical data remains permanently at risk.
The term is also referenced in security literature as store now, decrypt later or steal now, decrypt later — all describing the same long-horizon attack model.
How Does an HNDL Attack Work?
Understanding HNDL requires moving beyond the traditional model of cyberattacks as immediate intrusions. The attack unfolds across three distinct phases, potentially separated by years or even decades.
Phase 1: Interception and Collection
Adversaries intercept encrypted network traffic at scale. This can occur at multiple points: internet exchange nodes, cloud service infrastructure, undersea cables, enterprise network perimeters, or compromised telecommunications systems. The content remains encrypted and unreadable at this stage, but the traffic is captured and stored.
Phase 2: Long-Term Archival
Harvested data is archived using high-density storage infrastructure. Declining storage costs and advances in data compression make large-scale retention of encrypted traffic increasingly practical. Nation-state actors with significant resources can archive years' worth of intercepted communications.
Phase 3: Quantum-Assisted Decryption
As quantum computing technology matures, algorithms such as Shor's algorithm become capable of breaking the public-key cryptographic systems — primarily RSA and Elliptic Curve Cryptography (ECC) — that protect most encrypted communications today. At this point, archived communications can be decrypted, and the intelligence value of years of collected data becomes accessible.
Estimates on when cryptographically relevant quantum computers will emerge vary widely, ranging from the early 2030s to the end of the decade. The uncertainty itself is part of what makes HNDL a current rather than future concern: organizations cannot wait until quantum computers are available before beginning the transition to quantum-resistant encryption.
Which Organizations Face the Greatest HNDL Exposure?
Not all encrypted communications carry equal long-term risk. HNDL is most consequential for organizations whose sensitive data retains strategic, commercial, or operational value over extended time horizons.
Government and Defense
Diplomatic communications, national security planning, military operations, and intelligence assessments can remain sensitive for decades. State-level adversaries are among the most likely HNDL actors — and government communications are a primary target.
Financial Services
Merger and acquisition negotiations, trading strategies, regulatory communications, and long-term financial contracts may carry significant value well beyond their original transmission date.
Healthcare and Life Sciences
Clinical trial data, pharmaceutical research, patient records, and genomic information represent high-value long-term intelligence targets, particularly given the pace of biomedical development.
Critical Infrastructure
Operational communications for energy grids, water systems, transportation networks, and telecommunications infrastructure may carry strategic relevance far beyond immediate operational use.
Legal and Professional Services
Attorney-client privileged communications, litigation strategy, arbitration proceedings, and corporate governance discussions may remain legally and commercially significant for many years.
Technology and Intellectual Property
R&D communications, patent strategy, source code discussions, and product roadmaps represent high-value commercial intelligence over extended periods.
Why Real-Time Communications Are a Primary HNDL Target
Most cybersecurity discussions focus on data at rest — databases, file servers, cloud storage. HNDL changes that calculus by highlighting the vulnerability of data in motion: the live communications that flow between people and organizations every day.
Real-time communication channels — including secure messaging, voice calls, video conferencing, and collaborative workspaces — frequently contain information that never appears in any formal document or database record:
- Strategic decisions made before they are documented
- Commercial negotiations before terms are finalized
- Operational planning before it becomes policy
- Executive discussions that never enter the formal record
This is precisely what makes real-time communications a high-value HNDL target. The information exists only in that moment of transmission — and if it is intercepted, it cannot be recovered or re-encrypted retroactively.
For organizations where executives, legal counsel, and operational teams routinely exchange sensitive information over digital channels, the security architecture protecting those communications needs to account not just for today's threat landscape but for the threat landscape of the next decade.
The Cryptographic Challenge at the Heart of HNDL
Modern encryption — particularly RSA and Elliptic Curve Cryptography (ECC) — remains highly effective against classical computing threats. These algorithms underpin the security of encrypted communications, financial transactions, and digital identity systems globally.
The vulnerability exposed by HNDL is not a weakness in current implementations. It is a structural limitation: RSA and ECC derive their security from mathematical problems — integer factorization and discrete logarithm problems — that classical computers cannot solve at scale, but that sufficiently powerful quantum computers, using Shor's algorithm, can solve efficiently.
This means the protection that current encryption provides is time-bounded. It is secure against today's threat actors. It may not remain secure against tomorrow's quantum-equipped adversaries.
For organizations whose sensitive data must remain confidential for ten, twenty, or thirty years, this creates a requirement that goes beyond maintaining strong encryption today. It requires transitioning to post-quantum cryptographic algorithms — specifically, algorithms designed to resist attacks from both classical and quantum computers.
Post-Quantum Cryptography (PQC): The Structural Response to HNDL
Post-Quantum Cryptography (PQC) refers to cryptographic algorithms designed to remain secure against quantum computer-assisted attacks. Unlike quantum key distribution (QKD), which requires specialized hardware infrastructure, PQC algorithms are software-based and can be implemented within existing digital communication systems.
In 2024, NIST finalized its first PQC standards, including:
- CRYSTALS-Kyber (now ML-KEM) — for key encapsulation
- CRYSTALS-Dilithium (now ML-DSA) — for digital signatures
- SPHINCS+ (now SLH-DSA) — a hash-based signature alternative
These standards represent the foundational building blocks for quantum-resistant communication security. However, PQC migration is not simply a matter of swapping algorithms. It requires assessing cryptographic dependencies across an organization's entire communication and IT infrastructure — and ensuring that the platforms, protocols, and tools used for sensitive communications support the transition.
Crypto Agility: Why the Ability to Transition Matters as Much as the Algorithm Itself
Even as PQC standards mature, the cryptographic landscape will continue to evolve. Algorithms considered quantum-resistant today may require updates as quantum computing research advances. New vulnerabilities may be discovered. Regulatory requirements may mandate specific algorithm choices in different jurisdictions.
This is why crypto agility — the organizational and technical capability to update cryptographic algorithms without disrupting operations — is increasingly recognized as a security requirement in its own right, not merely a nice-to-have feature.
For communication platforms, crypto agility means:
- The ability to update cryptographic protocols without platform replacement
- Support for hybrid encryption modes that combine classical and post-quantum algorithms during transition periods
- Compatibility with evolving national and international PQC standards
- Governance frameworks that allow security teams to manage cryptographic transitions at the organizational level
Organizations evaluating secure communication platforms should assess crypto agility as a first-order capability — particularly if their communications involve information with multi-year confidentiality requirements.
Sovereign Communications: Why Infrastructure Control Matters in a Post-Quantum World
The shift toward post-quantum security is also accelerating a parallel trend: the move toward sovereign communication infrastructure.
Sovereign communications refers to the principle that an organization — or a government — maintains direct control over the infrastructure, data governance, and security architecture of its communication systems. Rather than relying on shared cloud infrastructure governed by third-party terms of service, data residency policies, and jurisdictional exposures, sovereign communication platforms provide:
1. Jurisdictional clarity — communications governed by the organization's or nation-state's own legal framework, not a cloud provider's
2. Data residency control — the ability to specify where communication data is stored and processed
3. Security architecture ownership — direct control over cryptographic standards, key management, and access policies
4. Regulatory compliance — the ability to meet sector-specific and national data protection requirements
In the context of HNDL, sovereign infrastructure matters because it removes a critical dependency: if an organization's communications traverse third-party infrastructure with uncertain security controls, the attack surface for traffic interception expands significantly. Sovereign communication platforms reduce that exposure by keeping communication infrastructure under direct organizational or national governance.
How RealTyme Addresses the HNDL Threat
RealTyme was built on the premise that secure communications is a strategic capability, not a commodity feature. For organizations operating in sensitive sectors — government, defense, financial services, healthcare, critical infrastructure, and regulated industries — RealTyme provides the communication security architecture required to address the HNDL threat across its full lifecycle.
Secure Real-Time Communications
RealTyme protects every layer of the communication lifecycle: secure messaging, voice calls, video conferencing, file transfers, and team collaboration — with end-to-end encryption architectures designed for high-assurance environments. This ensures that communications are protected at the point of transmission, reducing the value of any intercepted traffic.
Sovereign Infrastructure
RealTyme's sovereign deployment model gives organizations direct control over where their communication infrastructure operates, which jurisdictions govern their data, and how security policies are applied and enforced. This is foundational for governments, regulated enterprises, and organizations with cross-border data governance requirements.
Crypto Agility
RealTyme's architecture is designed to support cryptographic transitions as post-quantum standards continue to evolve. Rather than locking organizations into a fixed algorithm set, RealTyme's crypto-agile design supports the adoption of new cryptographic standards — including NIST PQC standards — without requiring platform replacement or operational disruption.
Long-Term Confidentiality Architecture
For organizations whose communications must remain confidential over extended periods — years or decades — RealTyme provides the governance, security architecture, and cryptographic flexibility to address long-horizon confidentiality requirements. This directly addresses the risk model introduced by HNDL: ensuring that even if communications are intercepted today, they remain protected against future decryption attempts.
Frequently Asked Questions About HNDL and Quantum-Safe Communications
What does Harvest Now, Decrypt Later mean?
Harvest Now, Decrypt Later (HNDL) is a cyberattack strategy in which adversaries intercept and archive encrypted communications today, intending to decrypt them once quantum computers become capable of breaking current encryption standards.
Is HNDL happening now?
Yes. U.S. and allied intelligence agencies have acknowledged that sophisticated nation-state actors are already collecting and archiving encrypted communications for future decryption. The collection phase of HNDL does not require quantum computers — only the ability to intercept and store encrypted traffic.
Which encryption algorithms are vulnerable to quantum attacks?
RSA and Elliptic Curve Cryptography (ECC) — which protect the majority of today's encrypted communications — are vulnerable to quantum attacks using Shor's algorithm. Symmetric encryption algorithms such as AES-256 are considered more quantum-resistant but may still require longer key lengths as quantum computing advances.
What is post-quantum cryptography?
Post-quantum cryptography (PQC) refers to cryptographic algorithms designed to resist attacks from both classical and quantum computers. NIST finalized its first PQC standards in 2024, including ML-KEM, ML-DSA, and SLH-DSA.
When should organizations begin transitioning to post-quantum cryptography?
Organizations with long-lived sensitive communications — particularly in government, defense, finance, healthcare, and critical infrastructure — should begin PQC migration planning now. The collection phase of HNDL is already underway, meaning communications transmitted before a PQC transition is complete remain at long-term risk.
What is crypto agility and why does it matter?
Crypto agility is the capability to update cryptographic algorithms across communication systems without operational disruption. It matters because post-quantum standards will continue to evolve, and organizations need the flexibility to adopt new algorithms without replacing entire platforms.
What are sovereign communications?
Sovereign communications refers to communication infrastructure that operates under the direct governance and control of an organization or nation-state, rather than relying on third-party cloud infrastructure. Sovereign communications platforms provide jurisdictional clarity, data residency control, and security architecture ownership — reducing the attack surface for HNDL and other interception-based threats.
How does RealTyme protect against HNDL?
RealTyme provides end-to-end encrypted real-time communications, sovereign deployment infrastructure, and a crypto-agile architecture designed to support post-quantum cryptographic transitions. This combination addresses both the present-day interception risk and the long-term decryption risk associated with HNDL.
Preparing for the Post-Quantum Security Environment
Harvest Now, Decrypt Later reframes the timeline of cybersecurity risk. The threat does not begin when a quantum computer is turned on. It begins the moment encrypted communications are transmitted — because those communications may already be in the process of beingarchived.
For organizations operating in sensitive sectors, this requires a shift in how communication security is evaluated. The question is no longer simply whether communications are encrypted today. It is whether the encryption protecting those communications will remain effective over the full confidentiality lifecycle of the information being transmitted.
Post-quantum cryptography, crypto agility, and sovereign communication infrastructure are the foundational elements of a security architecture built for that longer horizon.
RealTyme was designed for organizations that recognize this reality — and that need communication security capable of meeting it.
Explore how RealTyme's sovereign communication platform supports post-quantum security readiness. Contact our team to discuss your organization's long-term communication security requirements.
.svg)
.svg)
.svg)
.svg)
