Asma Neji

Article 1: Harvest Now, Decrypt Later (HNDL)

Focus: The temporal risk to long-term data confidentiality in the telecommunications sector.

Oct 2026 • Quantum Security

Article Structure

Abstract

The rapid advancement of quantum computing introduces a critical temporal risk to the long-term confidentiality of data within the telecommunications sector. This article examines the "Harvest Now, Decrypt Later" (HNDL) attack model—a latent threat characterized by the interception and storage of currently encrypted network traffic for retroactive decryption upon the arrival of Cryptographically Relevant Quantum Computers (CRQCs).

The study focuses on the specific vulnerabilities inherent in modern telecommunications infrastructure, characterized by long lifecycles and the high strategic value of metadata and private communications. Through a multi-phase analysis, this paper details the technical interception of fiber-optic channels and cloud-native 5G interfaces, specifically the N3 and N6 interfaces, and evaluates the subsequent storage and retroactive decryption phases using quantum-based algorithms.

Furthermore, an impact assessment highlights the resulting regulatory risks, such as conflicts with GDPR and national security mandates, alongside the degradation of corporate trust and the rise of espionage.

To address these challenges, the article evaluates essential mitigation strategies, including the implementation of Post-Quantum Cryptography (PQC), the application of Perfect Forward Secrecy (PFS), and the adoption of "Crypto-Agility" to facilitate seamless transitions without extensive hardware replacement.

The findings underscore that HNDL is not merely a prospective risk but a current data collection reality, necessitating the immediate integration of PQC standards to safeguard the future of global telecommunications.

1. Introduction

The current state of global cybersecurity rests on a fragile temporal foundation. While modern encryption standards like RSA and Elliptic Curve Cryptography (ECC) are practically unbreakable by classical computing standards, they are fundamentally vulnerable to the mathematical capabilities of quantum mechanics. This vulnerability has given rise to a strategic exploitation model known as Harvest Now, Decrypt Later (HNDL). In this model, adversarial actors—ranging from sophisticated cyber-criminal syndicates to nation-states—intercept and store vast quantities of encrypted data today, with the explicit intent of decrypting it once Cryptographically Relevant Quantum Computers (CRQCs) become operational.

The Paradox of "Security Now, Exposure Later"

This phenomenon creates a unique "latent" threat landscape. Traditionally, a data breach is identified when the encryption is bypassed or the data is leaked. However, in the HNDL framework, a successful breach occurs the moment the data is harvested, even if that data remains unreadable for a decade. This creates a paradox: a communication session may be technically "secure" at the moment of transmission, yet its long-term confidentiality is already forfeited. The risk is not a future event; it is a current reality of data collection that compromises any information with a secrecy lifespan longer than the time until "Q-Day"—the point at which quantum computers can successfully execute Shor’s Algorithm against 2048-bit keys.

The Telecommunications Vulnerability

The telecommunications sector serves as the most critical frontline for HNDL for two primary reasons:

  • Infrastructure Longevity: Telecom networks involve massive capital investments in hardware and protocols that often remain in service for 15 to 20 years. Infrastructure deployed today for 5G and early 6G will almost certainly exist during the era of quantum supremacy.
  • Data Value: Telecom operators manage the transmission of high-value metadata and private communications. Unlike a stolen password that can be changed, the contents of a private conversation or a government transmission retain their sensitivity and strategic value for years, making them ideal candidates for retroactive decryption.

The fundamental threat of HNDL is rooted in a massive shift in computational complexity. Classical security relies on the "hardness" of mathematical problems like integer factorization and discrete logarithms, which would take trillions of years for current supercomputers to solve. However, quantum computing utilizes Shor’s Algorithm to reduce this exponential workload into polynomial time, effectively bypassing the mathematical barriers that currently protect asymmetric encryption. Consequently, any data captured today is only as secure as the time remaining until a quantum processor reaches the required qubit threshold to execute these algorithms. This reality reinforces the urgency of the transition to quantum-resistant standards

2. The HNDL Attack Model

The operational execution of a "Harvest Now, Decrypt Later" campaign is a methodical, long-term endeavor that differs significantly from traditional "burst" cyberattacks. Instead of immediate exploitation, the adversary focuses on high-fidelity data acquisition and durable archival. This model is divided into three distinct phases.

Phase 1: Interception (The Harvest)

In the telecommunications sector, interception occurs at the physical and logical layers where data density is highest. Adversaries target the "pipes" of the internet rather than individual end-user devices.

  • Fiber Optic Tapping: At the physical layer, adversaries utilize non-intrusive optical splitters or "macrobending" techniques to clone the light signals traveling through undersea cables or terrestrial backbones. This allows for the silent duplication of traffic without causing signal loss that would trigger network alarms.
  • 5G Cloud-Native Interfaces: The transition to 5G Standalone (SA) architectures introduces new logical points of interest. Attackers specifically target the N3 interface (which carries user plane traffic between the Radio Access Network and the User Plane Function) and the N6 interface (the exit point from the mobile core to the external Data Network). By compromising these interfaces via cloud-side vulnerabilities or insider threats, attackers can capture raw, encrypted data streams before they reach their final destination.

Phase 2: Storage (The Archive)

Once the data is intercepted, the challenge shifts to storage and management. Capturing the traffic of an entire telecom carrier generates petabytes of data, much of which is noise.

  • Selective Filtering: Harvesters do not store everything indefinitely. They utilize automated scripts to identify and retain "High-Value Targets," such as handshakes containing metadata, encrypted keys, and communications originating from government or strategic corporate IP ranges.
  • Cold Storage Strategies: The harvested data is moved to "cold storage"—high-capacity, low-energy archival systems. Because the decryption is not expected for years, the primary requirement for this storage is data integrity (preventing "bit rot") rather than access speed. This phase creates a "ticking time bomb" of data that sits dormant in adversarial data centers.

Phase 3: Retroactive Decryption (The Exploit)

The final phase is triggered by the realization of "Q-Day"—the moment a Cryptographically Relevant Quantum Computer (CRQC) achieves the necessary stable qubit count to run Shor’s Algorithm.

  • Breaking the Asymmetric Shield: Current encryption relies on the difficulty of factoring large prime numbers (RSA) or solving discrete logarithms (ECC). A CRQC can solve these problems in hours or even minutes.
  • Key Recovery: The adversary retrieves the stored handshake data from Phase 2, uses the quantum computer to derive the private keys, and then applies those keys to decrypt the entire session of recorded traffic. This results in the "retroactive" exposure of secrets that were intended to remain confidential for decades.

3. Impact Assessment on Telecom Operators

The "Harvest Now, Decrypt Later" phenomenon shifts the risk profile for telecommunications providers from a standard "incident response" model to a permanent state of liability. Because the breach (interception) and the consequence (decryption) are separated by years, the impact is compounded across legal, financial, and strategic dimensions.

Regulatory and Compliance Risks

Modern data protection frameworks, such as the General Data Protection Regulation (GDPR) and various national security data mandates, operate on the principle of "privacy by design". HNDL challenges these frameworks in several ways:

HNDL challenges these frameworks in several ways:

  • The Definition of a Breach: If a nation-state harvests encrypted data today, it is technically an unauthorized access event. However, if that data is only readable in ten years, operators may face "delayed" regulatory penalties that threaten their future solvency.
  • Data Sovereignty: Many nations require that telecommunications data remain within specific geographic borders. HNDL allows adversaries to exfiltrate and store that data in foreign jurisdictions, effectively circumventing sovereignty laws before the data is even decrypted.

Loss of Trust and Corporate Espionage

For a telecommunications provider, the core product is the integrity of the connection.

  • Erosion of Subscriber Trust: If a carrier is known to be vulnerable to harvesting, high-value clients—such as government agencies and financial institutions—may migrate to competitors who have faster PQC adoption rates.
  • Long-term Espionage: Unlike a stolen credit card number, which can be canceled, the data targeted by HNDL often includes intellectual property, diplomatic cables, and strategic infrastructure plans. Decrypting these five or ten years late still provides an adversary with a massive advantage in trade negotiations, military planning, or industrial competition.

Financial and Operational Costs

The impact is not just external; it creates an internal crisis of “technological debt”.

  • Retroactive Remediation: Once Q-Day arrives, any data that was not protected by quantum-resistant algorithms is effectively lost. There is no “patch” for data that has already been harvested.
  • Devaluation of Infrastructure: Operators may find that their multi-billion dollar 5G deployments are considered “insecure” by enterprise customers if they lack crypto-agility, leading to premature decommissioning of hardware or expensive software overhauls.

4. Mitigation Strategies

The defense against HNDL is unique because it requires protecting data today against a computer that does not yet exist.

Mitigation must be multi-layered, addressing both the immediate need for enhanced classical security and the long-term transition to quantum-resistant architectures.

4.1 Introduction of Post-Quantum Cryptography (PQC)

The most robust defense against HNDL is the deployment of Post-Quantum Cryptography (PQC).

Unlike classical asymmetric encryption, PQC relies on mathematical problems—such as lattice-based cryptography, code-based cryptography, or multivariate equations—that are believed to be resistant to both classical and quantum computational attacks.

  • Implementation: Operators must prioritize PQC for the Key Encapsulation Mechanism (KEM). If the initial key exchange is quantum-secure, the entire session remains confidential even if the traffic is harvested and stored for decades.
  • Standards: Following the NIST PQC competition, algorithms like CRYSTALS-Kyber (for encryption) and CRYSTALS-Dilithium (for signatures) are becoming the industry gold standard for securing telecommunications backbones.

4.2 Perfect Forward Secrecy (PFS) as a Temporary Shield

While not a complete solution to quantum attacks, Perfect Forward Secrecy (PFS) is a critical intermediate defense.

PFS ensures that every individual communication session generates its own unique, ephemeral session key.

  • Mitigation Value: Without PFS, if an adversary steals a long-term private key from a telecom server in the future, they could potentially decrypt all historical traffic they had previously harvested.
  • Limitation: While PFS prevents a “single point of failure” for bulk decryption, a CRQC can still break individual session keys. Therefore, PFS must be used in conjunction with PQC to provide defense-in-depth.

4.3 The Concept of Crypto-Agility

The transition to PQC is not a one-time event but an evolving process.

Crypto-Agility is the architectural ability of a network to switch cryptographic primitives (algorithms, key lengths, or protocols) with minimal impact on the underlying system performance or hardware.

  • Modular Security: For telecom operators, this means moving away from hard-coded encryption in hardware and toward Software-Defined Security. By utilizing virtualized network functions (VNFs) at the 5G edge, operators can update their cryptographic stacks via software patches as new quantum threats emerge.
  • Hybrid Modes: A transitionary “Hybrid” approach involves wrapping classical encryption (like ECC) inside a PQC “tunnel”. This ensures that even if a flaw is discovered in a new PQC algorithm, the data remains protected by the classical standard, and vice versa.

4.4 Hardening the 5G Core

Mitigation must specifically target the high-value interception points identified in the HNDL attack model.

  • Enhanced Integrity Protection: Implementing PQC-based authentication on the N3 and N6 interfaces prevents adversaries from successfully injecting themselves into the data stream to perform harvesting.
  • End-to-End Encryption (E2EE): Encouraging E2EE at the application layer ensures that even if a telecom operator’s transport layer is harvested, the underlying payload remains encrypted with keys that the operator never possessed.

Conclusion

The “Harvest Now, Decrypt Later” (HNDL) paradigm fundamentally alters the timeline of cybersecurity risk management.

The threat is not a future speculation but an active, ongoing data collection reality.

The telecommunications sector, as the backbone of global digital exchange, sits at the epicenter of this vulnerability due to its infrastructure longevity and the high strategic value of the metadata it carries.

The analysis of the HNDL attack model reveals that even the most robust classical encryption today provides no protection against retroactive decryption by future quantum adversaries.

Therefore, the transition to Post-Quantum Cryptography (PQC) and the implementation of crypto-agile frameworks are no longer visionary goals; they are immediate requirements for safeguarding national security, corporate integrity, and individual privacy.

Telecom operators must recognize that every packet of data transmitted today under legacy standards is a “compromised asset” in waiting.

Only through the rapid integration of quantum-resistant standards and proactive hardening of core interfaces can the industry ensure that the communications of today remain confidential in the quantum era of tomorrow.