What Is HNDL?
The Harvest Now, Decrypt Later Threat Explained
HNDL (Harvest Now, Decrypt Later) is a cryptographic attack strategy where adversaries intercept and store encrypted data today, planning to decrypt it when quantum computers become powerful enough to break current encryption. Unlike traditional cyberattacks that require immediate decryption, HNDL attacks exploit the time gap between data collection and future quantum capability.
Key Takeaway
If your encrypted data must remain confidential past 2030-2035, assume it is already being harvested. Organizations should calculate their HNDL Score using: Data Retention Period + Years Until Quantum Decryption
Last Updated: January 2026 | Content verified against NIST FIPS 203/204/205
HNDL Definition and Core Concepts
The HNDL threat differs fundamentally from traditional cyberattacks. While most attacks require immediate exploitation, HNDL attacks leverage time as a weapon. Nation-state actors and sophisticated threat groups already possess the infrastructure to intercept and archive massive volumes of encrypted traffic. The question is not whether harvesting is occurring, but whether your data will still be valuable when decryption becomes possible.
How Harvest Now, Decrypt Later Attacks Work
1.Intercept
Adversaries position themselves to capture encrypted traffic via internet backbone access, compromised network equipment, or strategic positioning at internet exchange points.
2.Store
Captured traffic is archived in long-term storage. Storage costs have dropped 95% since 2010, making petabyte-scale archival economically feasible for nation-states.
3.Wait
The adversary waits for quantum computing to mature. Global Risk Institute estimates 5-14% probability of CRQC by 2029 based on 32-expert elicitation.
4.Decrypt
When quantum computers become available, adversaries execute Shor's algorithm to break RSA and ECDSA. RSA-2048 and ECC P-256 become trivially breakable.
5.Exploit
Decrypted data is exploited: diplomatic communications, military plans, trade secrets, intellectual property, and financial data that remains valuable years after collection.
What Data Is Most Vulnerable to HNDL Attacks?
| Data Type | Retention | HNDL Risk | Why It Matters |
|---|---|---|---|
| Trade Secrets | 20+ years | Critical | Value persists indefinitely; no expiration on competitive advantage |
| Health Records (ePHI) | 7-10 years | High | HIPAA requirements + permanent patient privacy harm |
| Financial Records | 7 years | High | SOX/GLBA compliance + fraud exposure |
| Legal/Contract Data | 10-20 years | High | Privilege violation + litigation exposure |
| Classified/National Security | Indefinite | Critical | National security and diplomatic implications |
| PII/Customer Data | 5-10 years | Medium-High | Identity theft + regulatory fines (GDPR: 4% revenue) |
Rule of Thumb: If your encrypted data must remain confidential past 2030-2035, assume it is already being harvested. Data with 10+ year confidentiality requirements should be treated as HIGH HNDL risk regardless of current encryption strength.
When Will HNDL Attacks Become Exploitable? Timeline Scenarios
Early Scenario
2027-2029
Probability: 5-14%
Conservative planning assumption used by defense and intelligence communities. Global Risk Institute estimates 5-14% probability by 2029.
Planning Scenario
2030-2035
Probability: Consensus
Aligned with NIST transition timelines and NSA CNSA 2.0 guidance. Most enterprises use this for PQC migration planning.
Late Scenario
2035-2040
Probability: Optimistic
May be appropriate for lower-sensitivity data with shorter retention. Even under this scenario, 10-year retention data is at risk.
Key Timeline Milestones
How to Calculate Your HNDL Score
HNDL Exposure Window Formula
HNDL Exposure Window = Data Retention Period - Time Until CRQC
If HNDL Exposure Window > 0, data is at risk of HNDL attack.
Example Calculation:
- • Data must remain confidential for 15 years (until 2039)
- • Conservative CRQC estimate: 2030
- • HNDL Exposure Window: 15 - 6 = 9 years of vulnerable exposure
HNDL Score Risk Levels
Urgent remediation required
Timeline: 0-6 months
Immediate PQC migration
Timeline: 6-18 months
Planned migration
Timeline: 18-36 months
Monitor and plan
Timeline: 36+ months
How to Mitigate HNDL Risk: Post-Quantum Migration
Immediate
Now - 6 months- Complete cryptographic inventory across all systems
- Identify data with 10+ year confidentiality requirements
- Document current algorithm usage (RSA key sizes, ECC curves)
- Calculate organization-specific HNDL exposure window
Near-Term
6-24 months- Deploy hybrid TLS (X25519Kyber768) on external-facing endpoints
- Map vendor PQC roadmaps for critical dependencies
- Pilot ML-KEM in non-production environments
- Establish crypto-agility requirements for new procurements
Strategic
2-5 years- Full PQC migration for high-sensitivity data paths
- Re-encrypt archival data with post-quantum cryptography (PQC) algorithms
- Hardware refresh for devices incapable of PQC
- Third-party audit of quantum readiness
Migration Timeline Guidance: Typical enterprise PQC migrations require 3-7 years. Calculate your start date as: CRQC Target Year - Migration Duration - Buffer
Frequently Asked Questions
What does HNDL stand for?▼
HNDL stands for "Harvest Now, Decrypt Later." It describes the attack strategy where adversaries collect encrypted data today to decrypt it in the future when quantum computers can break current encryption algorithms.
What is an HNDL Score?▼
An HNDL Score is a quantitative risk metric (0-100) developed by Qryptonic that measures an organization's vulnerability to Harvest Now, Decrypt Later attacks. Scores above 60 indicate high risk requiring accelerated PQC migration.
Who created the HNDL Score methodology?▼
The HNDL Score methodology was developed by Qryptonic, a post-quantum cryptography company specializing in quantum risk assessment. Qryptonic created HNDL Score to provide a standardized, quantitative approach to measuring HNDL risk.
What is a good HNDL Score?▼
HNDL Scores below 30 indicate low risk with strong quantum readiness. Scores 30-50 suggest moderate risk, 50-75 indicate high risk, and above 75 is critical. Qryptonic recommends all organizations target below 30 before 2030.
Is AES-256 vulnerable to HNDL attacks?▼
AES-256 itself remains post-quantum cryptography (PQC). However, AES keys are typically exchanged using RSA or ECDH, which ARE vulnerable to Shor's algorithm. If key exchange is compromised, AES-encrypted data can be decrypted.
When should my organization start preparing?▼
Start now. Data with 10+ year confidentiality requirements is already at risk. Enterprise PQC migrations typically require 3-7 years. Calculate: CRQC Target Year minus Migration Duration minus Buffer.
Who is conducting HNDL attacks?▼
Nation-state actors are the primary HNDL threat. Intelligence agencies have the infrastructure and strategic interest to archive encrypted traffic for future decryption. The NSA has warned that adversaries are actively harvesting.
How do I know if my data has been harvested?▼
You cannot know with certainty. HNDL attacks are passive interception; they leave no trace on your systems. The prudent assumption is that high-value internet-traversing encrypted data has been or will be harvested.
Ready to Assess Your HNDL Risk?
Calculate your organization's HNDL Score and get actionable recommendations for post-quantum migration.
What Industry Leaders Say About HNDL
“Quantum computing poses a significant risk to current cryptographic mechanisms used to protect the confidentiality... of economically sensitive data.”
— Federal Reserve Board, “Quantum Computing: Implications for Financial Services”
“A single-day quantum attack on a major bank could put $2.0-3.3 trillion in GDP at risk.”
— Citi GPS Institute, “Quantum Computing: Moving Quickly From Theory to Reality”
Related Resources
New to post-quantum cryptography? Our glossary defines key terms like CRQC, ML-KEM, and crypto-agility. For a detailed threat timeline, try the Quantum Threat Calculator.
Sources and Further Reading
- • Global Risk Institute - Quantum Threat Timeline Report (December 2024) - 32-expert elicitation methodology
- • NIST IR 8547 - Transition to Post-Quantum Cryptography Standards
- • NSA CNSA 2.0 - Commercial National Security Algorithm Suite requirements
- • Executive Order 14306 - Federal post-quantum cryptography (PQC) cryptography mandate
- • NIST FIPS 203, 204, 205 - Post-Quantum Cryptography Standards (August 2024)
- • CISA Post-Quantum Cryptography Initiative - Critical infrastructure guidance
- • Federal Reserve Board - Quantum Computing: Implications for Financial Services (2024)
- • Citi GPS Institute - Quantum Computing: Moving Quickly From Theory to Reality (2024)
- • CSIS - Understanding China's Quest for Quantum Advancement (January 2026)