Computing
Harvest Now Decrypt Later: The Quantum Threat Explained
Securities.io maintains rigorous editorial standards and may receive compensation from reviewed links. We are not a registered investment adviser and this is not investment advice. Please view our affiliate disclosure.
The “Harvest Now, Decrypt Later” hacking strategy relies on the belief that the world is only a few years away from affordable quantum computing. These computers are thousands of times more powerful than traditional options. As such, they will be capable of dismantling much of today’s best encryption. Here’s what you need to know.
Quantum Computers Excel at Specific Tasks
Quantum computers are here, and in certain instances, they are more powerful than the world’s best supercomputers. More specifically, they are only good at certain tasks because they can run large-scale algorithms in parallel. For example, quantum computers can conduct optimization tasks in minutes that would take the best supercomputer days to complete.
Tasks such as random circuit sampling would take Frontier, a leading supercomputer, more than 47 years to complete. The same task took a quantum system 6 seconds to complete – a feat completed in 2019, when Google’s Sycamore processor completed a random circuit sampling task in seconds that Google estimated would take classical supercomputers significantly longer. However, this benchmark has been debated, and improvements in classical algorithms have narrowed the gap.
Harvest Now, Decrypt Later (HNDL)
As quantum computers become more stable and affordable, they bring with them a number of advantages, alongside several risks to infrastructure and current security measures. The Hack Now Decrypt Later method occurs when attackers obtain copies of encrypted data to be unencrypted at a later date.
The idea of HNDL started to gain traction in the early 2010s as cryptocurrencies and other advanced protocols began to take flight. These systems used advanced encryption methods that rely on long mathematical equations that require massive amounts of time to break using today’s technology.
However, HNDL hackers don’t want to break the encryption today. Instead, their goal is to store the data until a later date when quantum computers are readily available. This strategy would enable hackers to leverage key protocols like Shor’s algorithm to dismantle key encryption strategies like ECC (Elliptic Curve Cryptography) and RSA encoding.
Shor’s Algorithm
| Encryption Method | Used In | Quantum Vulnerable? | Replacement Type |
|---|---|---|---|
| RSA | TLS, Banking | Yes (Shor’s Algorithm) | Lattice-based (ML-KEM) |
| ECC (ECDSA) | Bitcoin, Ethereum | Yes | Hash-based signatures |
| AES-256 | Data-at-rest encryption | Partially (Grover’s algorithm reduces strength) | Longer symmetric keys |
At the core of this capability is an equation called Shor’s algorithm. Shor’s algorithm was invented by Peter Shor in 1994 as a way to factor large integers on quantum systems. This capability enables the system to defeat traditional encryption methods that would take a regular system decades to complete in record times, making methods like RSA encryption obsolete.
Edward Snowden
The first revelation of this hacking strategy came to light in 2013 when Edward Snowden fled the US amid concerns for his safety after revealing the extent of NSA civilian spying. In his revelations, he documents how the organization routinely stole encrypted data with the express goal of using future technologies to break the encryption.
Source – Freedom of the Press
The concept was given more life when leading cryptographer Michele Mosca and others spoke on how quantum computers would make today’s e-commerce encryption obsolete. This sudden revelation, coupled with recent quantum computing breakthroughs, has led to governments and corporations instituting emergency migration strategies.
The Risk is Real and Happening Today
While there’s no way to get reliable statistics on HNDL attacks due to their technical nature, the risks remain prevalent. According to Deloitte polls, HNDL should be the top concern for any company or organization in possession of highly sensitive long-term data.
Vulnerable Data Types
To understand why this method of hacking is so dangerous, you first need to look at the types of data that are being targeted. These hackers aren’t looking for short-term data. Instead, their focus is on key long term info like regulated financial and health data.
There are also growing reports of this method of hacking being used on intellectual property, corporate trade secrets, government programs, and defence strategies. All of these items retain value as time progresses, with some gaining more relevance over time.
Q-Day
These hackers are waiting for Q-day. This term is used to describe the tipping point when quantum computers become capable of cracking nearly any older encryption method. This hypothetical inflection point depends on cryptographically relevant quantum computers (CRQCs) supporting stable qubit functions that can solve asymmetric cryptographic algorithms.
According to analysts, Q-day continues to edge closer to reality. Some analysts have put it as close as this year, while others believe there’s still another decade for companies and governments to prepare. However, all parties agree that the first estimates of Q-day occurring in the 2050s were too optimistic.
Why Harvest Now Decrypt Later Is a Real Threat
Currently, quantum computers are extremely rare and expensive to maintain. As such, they are only available to nations with advanced learning facilities and institutions that can support the device’s requirements.
However, as the technology and price for maintaining these devices decrease, there are going to be more nations and organizations purchasing and operating quantum devices. This revelation isn’t lost on nation-state hackers who have kicked up their theft of long-term encrypted data. Sadly, HNDL doesn’t leave a footprint like traditional data breaches until it’s already unencrypted the data.
Notably, engineers have worked out some ways that may make infiltration detection faster, including monitoring anomalous exfiltration volumes. This scenario means that there’s no way to know what data has already been stolen and is waiting to be accessed in the future.
How to Protect Your Data
Given the speed at which these devices are developing and their planned accessibility by the end of the decade, it’s important for organizations and businesses to learn how to remain protected. One of the first steps in the process is to take inventory of all of their cryptographic assets.
Post-Quantum Cryptography (PQC)
This step enables you to create a list of assets that need to be migrated to post-quantum cryptography (PQC) options. This list should state the asset and its cryptography. It should also include a duration and exposure vectors that take into account quantum computer relevance.
Businesses can use metrics like the HNDL score system to see what data is at the highest risk. This rating should then be cross-referenced with current hacking data to ensure that valuable and most wanted information stays a priority. The goal of this approach is to ensure your firm only uses encryption that has a +10-year lifespan.
NIST’s PQC Standards
The National Institute of Standards and Technology (NIST) was founded in 1901 as a Department of Commerce agency. Its goal is to create standards that help to drive innovation while retaining consumer protections and security.
One of its key roles is to set in place security standards for the tech industry under the Cybersecurity Framework (CSF) initiative. This framework has been instrumental for companies seeking guidance on how to stay safe in the quantum computing future.
For example, the group has introduced several post-quantum cryptography (PQC) standards, including FIPS 203-205, ML-KEM, ML-DSA, and SLH-DSA. These encryption methods underwent quantum testing in the group’s facilities, ensuring that they are resistant to future attacks.
Cryptographically Relevant Quantum Computer
The term Cryptographically Relevant Quantum Computer (CRQC) refers to a system that possesses quantum capabilities and is fault-tolerant. Additionally, it can support Shor’s at scale. Notably, this device is still a ways away.
There are some technical hurdles that engineers are tirelessly working to overcome to bring CRQCs to the market. For example, these devices must support thousands of logical qubits. This task is easier said than done, as logical qubits are constructed from millions of physical qubits using error correction codes to eliminate decoherence.
Currently, decoherence is still a major limiting factor in quantum computer design. However, there have been some recent breakthroughs that could make these devices a reality within the next five years.
Which Countries Are Conducting HNDL Operations?
There are many nations suspected of conducting HNDL operations. Edward Snowden revealed that US agencies were using this method for many years to gather info that could one day be used to track or categorize US citizens.
China, Russia, North Korea
Not surprisingly, China, Russia, and North Korea are also involved in suspected DNHL schemes against nations. In one instance, China is accused of IP theft from defense firms, enabling them to capture large swathes of data that could one day be decoded.
Cryptocurrencies
The blockchain sector in particular has spent a lot of effort gearing up for Q-day. Quantum computers can potentially break elliptic curve cryptography (ECDSA), which is the core of several leading projects like Bitcoin (BTC -0.63%) and Ethereum (ETH -1.75%).
One of the main problems is that quantum computers are powerful enough to take the exposed public keys and figure out the equation to unlock private keys in minutes. This step would take traditional computers decades or longer. As such, there are several projects integrating quantum protections.
How Blockchains Can Prevent Quantum Attacks
There are multiple ways in which blockchains can secure their defence against quantum computer hacks. Notably, some projects that are already quantum-proofed, with the first cryptocurrency to integrate these protections being the Quantum Resistant Ledger (QRL +4.6%) in 2018.
Interestingly, this blockchain integrates several new technologies, including a NIST-approved hash-based signature system. The project pairs this technology with an XMSS (eXtended Merkle Signature Scheme) to ensure protection.
What About Traditional Projects Like Bitcoin
The majority of blockchains aren’t quantum-protected at the moment. As such, they will need to make more drastic changes to ensure protection. These changes will undoubtedly require a hard fork as they will alter the core algorithms of the projects.
Bitcoin Core Resistant Towards Upgrades to Consensus
Bitcoin Core is, who is known for its desire to keep the consensus algorithm untouched to ensure stability, consensus, and backward compatibility. Despite strong resistance against any hard forks, there have been quantum proofing proposals and even hard forks that have occurred.
National Security Risks
There’s also a growing number of security analysts who continue to ring alarm bells regarding HNDL attacks at the highest levels of government. Items like diplomatic discussions, past military operations, covert networks, and even defence blueprints could all become widely available following Q-day.
This technology has the potential to expose secrets that the government has managed to protect for decades. This capability includes being able to decode confidential government transactions and other highly sensitive financial operations.
How Long Do You Have to Prepare for Q-Day
There’s no set date when computer developers will achieve a working CRQC, and analysts remain split on their predictions. On the conservative end, you have the majority of experts putting it somewhere past 2035. Keenly, this projection falls in line with IBM’s scaling map.
The other end of the spectrum includes those who believe the technology could be achieved within the next five years, with widespread impact felt by the early 2030s. These analysts point towards recent quantum computer breakthroughs that have created more stable qubits and more powerful chips.
Companies Leading the Post-Quantum Security Migration
A growing list of organizations and businesses has taken the initiative in terms of preventing future quantum hacking efforts. These companies continue to spend enormous amounts of money researching and testing their system to prevent billions in losses in the future.
IBM
IBM (IBM +1.94%) remains a pioneer in fault-tolerant quantum systems. The company has spent a lot of effort in developing automated encryption management tools like the Guardium Cryptography Manager to prevent future attacks. It’s also committed to achieving full alignment with NIST PQC standards by the end of 2026
Notably, IBM has a distinct advantage in that it’s active in the quantum computing sector, enabling it to gain direct insight. Notably, the company has begun testing on its latest 1,121-qubit Condor system. Each iteration of their chips adds more qubits, bringing Q-day closer.
IBM estimates it will achieve 2,000 logical qubits in its Blue Jay chip. This density would place the chip just 372 logical qubits from the RSA-2048 Shor Limits, potentially, making it the first Cryptographically Relevant Quantum Computer.
Harvest Now, Decrypt Later – Do We Need to Worry?
Yes, the prospect of quantum computers absolutely obliterating centuries of encryption overnight is a major and real issue that is worth your attention. However, there are still a lot of technical barriers that the technology needs to overcome before it can achieve this state. As such, you have at least five years to quantum-proof your databases.
Learn about other interesting computing developments here.
