HNDL · Quantum risk

Harvest now, decrypt later: how to assess your HNDL exposure

The one quantum risk that is already happening — and how to quantify it.

The most common objection to post-quantum migration is “a cryptographically relevant quantum computer doesn’t exist yet.” True — but it misses the point. Harvest now, decrypt later (HNDL) is an attack that works today: an adversary captures and stores your encrypted traffic or data now, and decrypts it later, once a quantum computer becomes available. If the data still needs to be confidential at that point, you are already exposed.

Why it changes the timeline

For data with a long confidentiality lifetime — health records, financial data, state secrets, long-term contracts, biometric templates — the relevant deadline is not “when does a quantum computer arrive.” It is:

Exposure = data confidentiality lifetime − years until a quantum computer can break the algorithm.

This is often framed as Mosca’s theorem: if the time your data must stay secret, plus the time it takes you to migrate, exceeds the time until quantum attacks are feasible, you have a problem now.

What drives your HNDL exposure

Algorithm — RSA, ECDSA, ECDH and Diffie-Hellman are all breakable by Shor’s algorithm. Symmetric crypto (AES-256) and hashes are far less affected.
Confidentiality lifetime — how many years the protected data must remain secret. A public website: ~0. A patient record or a bank’s long-term archive: 10–25+ years.
Interceptability — data crossing networks (TLS, VPNs, email) is more harvestable than data that never leaves an air-gapped enclave.

A flat “confidentiality = 10 years” applied to everything is useless. HNDL scoring is only meaningful when each asset carries its own data-sensitivity lifetime.

How to assess it, practically

Inventory your cryptography (code, certificates, TLS) — you can’t score what you can’t see. A CBOM is the foundation.
Classify each asset by data sensitivity and confidentiality lifetime — ideally via a per-asset policy, not a flat assumption.
Score quantum-vulnerable assets against their HNDL window — the long-lifetime, highly-exposed ones float to the top.
Prioritise migration accordingly (see our PQC migration roadmap).

The takeaway

HNDL converts an abstract future threat into a present-day prioritisation problem. The assets that matter are the intersection of quantum-vulnerable and long-lived confidential. Find those first, and your post-quantum programme has a defensible starting point — for your board and for DORA/NIS2 auditors.

Map your HNDL exposure

CRYPTAGION scores every asset by quantum risk and HNDL window from your real inventory — and shows the top candidates for Wave 1 migration.

Book a free discovery call →

← All resources · Home