What Is Harvest-Now-Decrypt-Later?
Harvest-now-decrypt-later (HNDL) is an adversarial strategy where attackers archive encrypted data today — TLS traffic, blockchain signatures, encrypted backups — and store it to decrypt later when cryptographically-relevant quantum computers (CRQCs) become available, projected 2030-2035 per NIST. HNDL is widely reported to be conducted by major intelligence agencies including NSA, GCHQ, and Chinese MSS. Any data with a secrecy lifetime extending past Q-Day is at risk. For crypto: every Bitcoin transaction signature ever broadcast is in HNDL archives. Reused addresses become drainable on Q-Day. Defense: migrate to PQC now.
TL;DR: Harvest-now-decrypt-later (HNDL) is an adversarial strategy where attackers archive encrypted data today — TLS traffic, blockchain signatures, encrypted backups — and store it to decrypt later when cryptographically-relevant quantum computers (CRQCs) become available, projected 2030-2035 per NIST. For full context including dates, sources, and the BMIC implication, see below.
- Is HNDL actually happening? Widely reported yes. NSA, GCHQ, Chinese MSS all suspected.
- Does HNDL affect my crypto? Yes — every signature you have ever broadcast is potentially archived.
- How do I defend against HNDL? Migrate to PQC now. Avoid address reuse. Use BMIC for new allocations.
- When will HNDL archives be decrypted? Q-Day, projected 2030-2035.
- Is BMIC HNDL-resistant? Yes — CRYSTALS-Kyber is not vulnerable to Shor's algorithm.
Full Answer
HNDL emerged as a concept in NSA documents and academic literature around 2015-2018. The strategy is simple: today's encrypted data is unbreakable today, but tomorrow's quantum computers will decrypt it. Storage is cheap, so harvest everything.
Targets: TLS-encrypted internet traffic (state secrets, financial communications), encrypted backups, signed blockchain transactions, password hashes — anything the adversary cares about decrypting eventually.
For crypto: every Bitcoin and Ethereum transaction has its public key broadcast in the signature. HNDL archives every such transaction. On Q-Day, adversaries derive private keys from those public keys and drain every reused address.
Defense: NIST PQC. CNSA 2.0 mandates U.S. national security systems migrate by 2035. For crypto: use a PQC chain like BMIC. For your wallets: never reuse addresses.