Is the 'Harvest Now, Decrypt Later' strategy already being used against French or European organizations?

Yes. While quantum computers capable of breaking RSA at scale are not yet operational, the mass collection of encrypted data is technically simple and already practiced by state and non-state actors alike. Intelligence services and sophisticated cybercriminal groups are known to store intercepted encrypted traffic in anticipation of future quantum decryption capabilities. The threat level is real and immediate, even if data exploitation remains deferred.

Is symmetric cryptography also threatened by quantum computers?

It is less exposed than asymmetric cryptography, but not fully immune. Grover's algorithm, executable on a quantum computer, theoretically halves the effective strength of symmetric keys. In practice, an AES-128 key would then offer the equivalent security level of a 64-bit key, which would be insufficient. National security agencies, including ANSSI in France, recommend implementing symmetric keys of at least 256 bits as a first adaptation measure. That said, asymmetric cryptography remains the most exposed: Shor's algorithm can compromise it radically.

Where should my organization start to protect itself against the HNDL threat?

The priority is conducting an inventory of your cryptographic assets. Which algorithms are in use? On which systems? Protecting which data? For how long? This mapping identifies the most sensitive assets and those most exposed to an HNDL attack. From there, it becomes possible to define a PQC migration roadmap, built on the PQC standards already available from NIST and other authorities. CryptoNext Security supports organizations through this process, with technologies and methodologies tailored to each level of cybersecurity maturity.

Harvest Now, Decrypt Later - CryptoNext Security

Harvest Now, Decrypt Later

What is the “Harvest Now, Decrypt Later” strategy?

Harvest Now, Decrypt Later (HNDL) refers to a method by which malicious actors — often nation-states or well-resourced organizations — systematically collect encrypted data today, in anticipation of decrypting it tomorrow, once quantum computers are operational at scale.

In today’s digital landscape, data security relies heavily on encryption algorithms considered unbreakable by classical computing. Quantum computers change that equation entirely. These machines, leveraging the properties of quantum mechanics through qubits, promise computational power capable of breaking even the most robust protection mechanisms.

How does this strategy work?

The HNDL scenario unfolds in four stages:

Harvest — Malicious actors intercept encrypted data flowing across networks: VPN traffic, TLS sessions, emails, industrial communications, diplomatic exchanges between states. This phase requires no extraordinary means. Intercepting encrypted traffic is technically accessible to a wide range of threat actors.
Mass storage — The collected data is retained in dedicated infrastructure, sometimes for years. Storage capacity has become cheap and nothing prevents adversaries from accumulating vast volumes of encrypted data indefinitely.
Wait — Attackers are patient. They are betting on the continued development of quantum computing. The moment a sufficiently powerful quantum computer becomes available, the exploitation window opens.
Decrypt Later — Using quantum algorithms such as Shor’s algorithm, qubits will make it possible to break the asymmetric encryption methods considered secure today: RSA, ECC, within a feasible timeframe. Data collected years earlier becomes readable in plaintext.

Why is this a significant threat ?

The HNDL scenario targets, above all, information with a long lifespan — data whose confidentiality must be guaranteed for more than ten years. Several sectors are particularly exposed:

Defense and cyber-defense: Military data intercepted today can retain strategic value for decades.
Diplomacy: Compromised state-to-state communications can destabilize geopolitical balances.
Industry and intellectual property: Trade secrets, patents, and R&D data are prime targets.
Healthcare: Medical records, subject to strict regulatory obligations, are sensitive assets with exceptionally long lifespans.
Finance and contracts: Encrypted contractual archives and financial transactions are highly exposed.

The stakes go well beyond the technical. They touch on digital sovereignty, national security, corporate resilience, and global economic stability. In a world where research, computing power, and innovation progress exponentially, anticipation is no longer optional. It is a strategic imperative.

Why act now?

The deferred nature of this threat is precisely what makes it so dangerous.

Waiting for quantum computers to be fully operational before reacting would be an irreversible strategic mistake. Data compromised today cannot be “re-encrypted” retroactively.

The transition to post-quantum cryptography (PQC) is a long process, carried out in stages: inventory of cryptographic assets, identification of algorithms in use, impact analysis across systems and networks, performance testing, phased implementation, and adoption of new governance methods. For the sectors mentioned above, this process can take a minimum of ten years, depending on the complexity of the environments involved.

The response is not limited to replacing algorithms. It requires a comprehensive cybersecurity approach — centralized key and certificate governance, full visibility into cryptographic usage, and a genuine crypto-agility strategy: the ability to continuously evolve protection mechanisms in response to technological innovation and the shifting threat landscape

More terms:

Cryptographic Inventory Post-Quantum Cryptography Quantum Cryptography