Harvest-Now, Decrypt-Later (HNDL) and Trust Now, Forge Later (TNFL) are distinct quantum-enabled attack patterns: HNDL is a confidentiality threat against encrypted data, while TNFL is an integrity/authenticity threat against digital signatures and roots of trust. Both exploit the same underlying reality: quantum computers will break today’s public‑key cryptography, but they weaponize that reality in different ways and on different timelines that CISOs and enterprise architects must plan for now.
| HNDL – Harvest Now, Decrypt Later | Adversary passively records encrypted traffic or stored ciphertext today (VPN, TLS, 5G control/user plane, satellite links, database backups, cloud archives) and stores it until a cryptographically relevant quantum computer (CRQC) can break the public‑key scheme used for key establishment. Once quantum capability exists, the attacker retrospectively recovers historic session keys and plaintext, violating long‑term confidentiality guarantees of data that was “secure” at the time of transmission. |
| TNFL – Trust Now, Forge Later | Adversary records digitally signed artifacts today (firmware images, software updates, contracts, blockchain transactions, identities/certificates), which rely on RSA/ECDSA or similar schemes vulnerable to Shor’s algorithm. In the post‑quantum era, the attacker derives the private key from the public key material and forges new signatures that verify as if they came from the original trusted entity. |
In short, HNDL reads your past emails and actions; TNFL rewrites your future logs, firmware, and contracts.
Quantum basics for security teams
Enterprise defenders do not need to be quantum physicists, but they do need a working mental model of why these attacks become feasible.
- Qubits and superposition
- Classical bits are either 0 or 1; quantum bits (qubits) can exist in a superposition, mathematically a complex combination, which allows quantum computers to evaluate many candidate states “in parallel”.
- This parallelism is not classical brute force on steroids; it is structured interference that certain algorithms (like Shor’s and Grover’s) exploit to extract specific global properties of a function much faster than classical algorithms.
- Entanglement and interference
- Entangled qubits are correlated in ways that have no classical analogue, enabling operations whose outcomes depend on joint states across many qubits, which is the key to speedups in factoring and discrete logarithms.
- Quantum algorithms carefully orchestrate interference so that wrong answers cancel out and correct answers are amplified, producing polynomial‑time factoring (Shor) and quadratic‑speedup unstructured search (Grover).
- Why current crypto breaks
- Public‑key schemes like RSA and elliptic‑curve cryptography (ECC) rely on the hardness of factoring and discrete logarithms; Shor’s algorithm solves both in polynomial time on a sufficiently large, fault‑tolerant quantum computer, collapsing their effective security regardless of key size scaling.
- Symmetric schemes (e.g., AES) are more robust: Grover’s algorithm gives roughly a square‑root speedup, so doubling key sizes (AES‑128 → AES‑256) restores comparable security margins.
The net effect is a time‑asymmetric world: ciphertext and signatures that look safe against today’s classical adversaries may be trivial to break for a future quantum adversary with enough logical qubits and error‑corrected gates.
What is a HNDL attack?
HNDL formalizes an attack pattern from a strategic adversary who targets long‑lived confidentiality of harvested data.
- Threat model and phases
- Phase 1 – Harvest: adversary intercepts and stores ciphertext from:
- TLS/VPN sessions across IXPs, backbone links, satellite relays and mobile core networks.
- Cloud storage and backup archives, regulatory logs, distributed ledgers.
- Phase 2 – Decrypt: when quantum resources suffice to break the key establishment (RSA/ECC, classical KEMs), the attacker reconstructs past session keys or private keys and bulk‑decrypts the stored ciphertext.
- Phase 1 – Harvest: adversary intercepts and stores ciphertext from:
- Temporal risk: confidentiality lifetime vs. quantum horizon
- If your data must remain secret for 25 years and plausible quantum capability emerges in 15–20 years, any traffic harvested today is at real risk.
- Telecom modelling shows high‑retention sectors (health, satellite, government records) can face decades‑long exposure windows if PQC migration is delayed, while hybrid and forward‑secure approaches can shrink that window by more than two‑thirds.
- Concrete examples
- 5G/6G core logs with subscriber identities and session keys retained for compliance, decrypted years later to reconstruct user movements and traffic contents.
- Encrypted medical or financial archives, harvested from data centers today, decrypted to reveal lifelong patient histories or historical trade data.
- HNDL thus transforms stored ciphertext into a latent weapon whose danger grows over time if cryptographic agility lags quantum progress.
What is a TNFL attack?
TNFL shifts from confidentiality to integrity and authenticity, exploiting the long‑tail trust embedded in digital signatures.
- Threat model and phases
- Phase 1 – Trust Now: adversary records signed artifacts that rely on vulnerable signature schemes (RSA, ECDSA): firmware images, software updates, long‑term legal agreements, notarized records, identity credentials, blockchain ledger entries.
- Phase 2 – Forge Later: once quantum capability is sufficient, the attacker uses the public key material in these artifacts (or associated certificates) to derive the corresponding private key and then issues new signatures indistinguishable from those of the legitimate signer.
- Why this is more than “just” fraud
- HNDL “reads your diary”; TNFL “hijacks your car”: forged updates in OT, IoT, and critical infrastructure can cause physical damage, not only data leakage.
- Because roots of trust in embedded devices and infrastructure can be hard‑coded for 15–20+ years, a key compromised in 2035 can still sign malicious firmware that a legacy device will happily accept as authentic.
- Concrete examples
- Firmware & OT: satellites, medical devices, industrial controllers with non‑upgradable boot ROM trust anchors; a forged, quantum‑signed image can subvert control systems years after deployment.
- Legal/financial: long‑term contracts, loan agreements, or regulatory filings signed today could be “updated” with forged amendments that validate under the original signature scheme.
- Blockchains: if account keys or validator keys are quantum‑broken, an attacker could forge historic‑looking transactions or signatures, undermining ledger integrity and the notion of immutability.
Where HNDL erodes secrecy of past records, TNFL erodes trust in what is currently or future claimed to be authentic, given historic key material.
