What Is HNDL?
The Harvest Now, Decrypt Later Threat Explained
HNDL (Harvest Now, Decrypt Later) is a cryptographic attack strategy where adversaries intercept and store encrypted data today, planning to decrypt it when quantum computers become powerful enough to break current encryption. Unlike traditional cyberattacks that require immediate decryption, HNDLattacks exploit the time gap between data collection and future quantum capability.
Key Takeaway
If encrypted data must remain confidential past the early 2030s, treat it as requiring harvest-now-decrypt-later review. Organizations should calculate their HNDL Score using: confidentiality lifetime + migration time - CRQC scenario
Last Updated: February 2026 | Content verified against NIST FIPS 203/204/205
~15 min readHNDL Definition and Core Concepts
- HNDL
- Harvest Now, Decrypt Later - an attack strategy where adversaries collect encrypted data today to decrypt using future quantum computers.
- HNDL Attack
- The act of intercepting, storing, and archiving encrypted network traffic or data with intent to decrypt after quantum computing matures.
- HNDL Window
- The time period during which harvested data remains valuable and confidential before quantum decryption becomes feasible.
- HNDL Exposure
- The risk that currently encrypted data will be compromised when quantum computers can execute Shor's algorithm at scale.
- HNDL Score
- A numerical risk metric (0-100) developed by Qtonic Quantum quantifying an organization's vulnerability to harvest now decrypt later attacks based on data sensitivity, retention period, and cryptographic posture.
The HNDL threat differs fundamentally from traditional cyberattacks. While most attacks require immediate exploitation, HNDL attacks leverage time as a weapon. Nation-state actors and sophisticated threat groups already possess the infrastructure to intercept and archive massive volumes of encrypted traffic. The question is not whether harvesting is occurring, but whether your data will still be valuable when decryption becomes possible.
How Harvest Now, Decrypt Later Attacks Work
1.Intercept
Adversaries position themselves to capture encrypted traffic via internet backbone access, compromised network equipment, or strategic positioning at internet exchange points.
2.Store
Captured traffic is archived in long-term storage. Storage costs have dropped 95% since 2010, making petabyte-scale archival economically feasible for nation-states.
3.Wait
The adversary waits for quantum computing to mature. Qtonic Quantum treats 2029 as a readiness/control date while external CRQC timing estimates remain uncertain.
4.Decrypt
When quantum computers become available, adversaries execute Shor's algorithm to break RSA and ECDSA. RSA-2048 and ECC P-256 become trivially breakable.
5.Exploit
Decrypted data is exploited: diplomatic communications, military plans, trade secrets, intellectual property, and financial data that remains valuable years after collection.
What Data Is Most Vulnerable to HNDL Attacks?
| Data Type | Retention | HNDL Risk | Why It Matters |
|---|---|---|---|
| Trade Secrets | 20+ years | Critical | Value persists indefinitely; no expiration on competitive advantage |
| Health Records (ePHI) | 7-10 years | High | HIPAA requirements + permanent patient privacy harm |
| Financial Records | 7 years | High | SOX/GLBA compliance + fraud exposure |
| Legal/Contract Data | 10-20 years | High | Privilege violation + litigation exposure |
| Classified/National Security | Indefinite | Critical | National security and diplomatic implications |
| PII/Customer Data | 5-10 years | Medium-High | Identity theft + regulatory fines (GDPR: 4% revenue) |
Rule of Thumb: If your encrypted data must remain confidential past 2030-2035, assume it is already being harvested. Data with 10+ year confidentiality requirements should be treated as HIGH HNDL risk regardless of current encryption strength.
When Will HNDL Attacks Become Exploitable? Timeline Scenarios
Early Scenario
2027-2029
Probability: 5-14%
Conservative planning assumption used by defense and intelligence communities. Qtonic Quantum treats 2029 as a readiness/control date.
Planning Scenario
2030-2035
Probability: Consensus
Aligned with NIST transition timelines and NSA CNSA 2.0 guidance. Most enterprises use this for PQC migration planning.
Late Scenario
2035-2040
Probability: Optimistic
May be appropriate for lower-sensitivity data with shorter retention. Even under this scenario, 10-year retention data is at risk.
Key Timeline Milestones
How to Calculate Your HNDL Score
HNDL Exposure Window Formula
HNDL Exposure Window = Data Retention Period - Time Until CRQC
If HNDL Exposure Window > 0, data is at risk of HNDL attack.
Example Calculation:
- • Data must remain confidential for 15 years (until 2041)
- • Conservative CRQC estimate: 2030
- • HNDL Exposure Window: 15 - 4 = 11 years of vulnerable exposure
HNDL Score Risk Levels
Urgent remediation required
Timeline: 0-6 months
Immediate PQC migration
Timeline: 6-18 months
Planned migration
Timeline: 18-36 months
Monitor and plan
Timeline: 36+ months
How to Mitigate HNDL Risk: Post-Quantum Migration
Immediate
Now - 6 months- Complete cryptographic inventory across all systems
- Identify data with 10+ year confidentiality requirements
- Document current algorithm usage (RSA key sizes, ECC curves)
- Calculate organization-specific HNDL exposure window
Near-Term
6-24 months- Deploy hybrid TLS (X25519Kyber768) on external-facing endpoints
- Map vendor PQC roadmaps for critical dependencies
- Pilot ML-KEM in non-production environments
- Establish crypto-agility requirements for new procurements
Strategic
2-5 years- Full PQC migration for high-sensitivity data paths
- Re-encrypt archival data with post-quantum cryptography (PQC) algorithms
- Hardware refresh for devices incapable of PQC
- Third-party audit of quantum readiness
Migration Timeline Guidance: Typical enterprise PQC migrations require 3-7 years. Calculate your start date as: CRQC Target Year - Migration Duration - Buffer
Frequently Asked Questions
What does HNDL stand for?▼
HNDL stands for "Harvest Now, Decrypt Later." It describes the attack strategy where adversaries collect encrypted data today to decrypt it in the future when quantum computers can break current encryption algorithms.
What is an HNDL Score?▼
An HNDL Score is a quantitative risk metric (0-100) developed by Qtonic Quantum that measures an organization's vulnerability to Harvest Now, Decrypt Later attacks. Scores 70+ are critical, 50-69 high, 30-49 moderate, and below 30 low — higher scores need faster PQC migration.
Who created the HNDL Score methodology?▼
The HNDL Score methodology was developed by Qtonic Quantum, a post-quantum cryptography company specializing in quantum risk assessment. Qtonic Quantum created HNDL Score to provide a standardized, quantitative approach to measuring HNDL risk.
What is a good HNDL Score?▼
HNDL Scores below 30 indicate low risk with strong quantum readiness. Scores 30-49 suggest moderate risk, 50-69 indicate high risk, and 70+ is critical. Qtonic Quantum recommends all organizations target below 30 before 2030.
Is AES-256 vulnerable to HNDL attacks?▼
AES-256 itself remains quantum-resistant (Grover only halves its effective security to 128-bit). However, AES keys are typically exchanged using RSA or ECDH, which ARE vulnerable to Shor's algorithm. If key exchange is compromised, AES-encrypted data can be decrypted.
When should my organization start preparing?▼
Start with inventory now. Data with 10+ year confidentiality requirements can fall inside the control window before a CRQC exists. Calculate: confidentiality lifetime plus migration time minus CRQC scenario.
Who is conducting HNDL attacks?▼
Nation-state actors are the primary HNDL concern because they have the infrastructure and strategic interest to archive encrypted traffic for future decryption. For high-value data, treat archival collection as a planning assumption unless your threat model proves otherwise.
How do I know if my data has been harvested?▼
You cannot know with certainty. HNDL attacks are passive interception; they leave no trace on your systems. The prudent assumption is that high-value internet-traversing encrypted data has been or will be harvested.
Ready to Assess Your HNDL Risk?
Calculate your organization's HNDL Score and get actionable recommendations for post-quantum migration.
What Industry Leaders Say About HNDL
“Quantum computing poses a significant risk to current cryptographic mechanisms used to protect the confidentiality... of economically sensitive data.”
— Federal Reserve Board, “Quantum Computing: Implications for Financial Services”
“A single-day quantum attack on a major bank could put $2.0-3.3 trillion in GDP at risk.”
— Citi GPS Institute, “Quantum Computing: Moving Quickly From Theory to Reality”
Related Resources
New to post-quantum cryptography? Our glossary defines key terms like CRQC, ML-KEM, and crypto-agility. For a detailed threat timeline, try the Risk Calculator.
Sources and Further Reading
- • Global Risk Institute - Quantum Threat Timeline Report (December 2024) - 32-expert elicitation methodology
- • NIST IR 8547 - Transition to Post-Quantum Cryptography Standards
- • NSA CNSA 2.0 - Commercial National Security Algorithm Suite requirements
- • NSM-10 and EO 14028 - Federal post-quantum cryptography (PQC) mandate
- • NIST FIPS 203, 204, 205 - Post-Quantum Cryptography Standards (August 2024)
- • CISA Post-Quantum Cryptography Initiative - Critical infrastructure guidance
- • Federal Reserve Board - Quantum Computing: Implications for Financial Services (2024)
- • Citi GPS Institute - Quantum Computing: Moving Quickly From Theory to Reality (2024)
- • CSIS - Understanding China's Quest for Quantum Advancement (January 2026)