Store Now, Decrypt Later.
Adversaries are harvesting your encrypted traffic, signed transactions, and public keys right now. When a cryptographically relevant quantum computer (CRQC) arrives, all of it becomes readable. This is not speculation; it is active intelligence collection.
What is Store Now, Decrypt Later?
Store Now, Decrypt Later (SNDL), also known as "Harvest Now, Decrypt Later" (HNDL), is an attack strategy in which adversaries intercept and permanently archive encrypted data, signed cryptographic transactions, and public key material today, with the explicit intention of decrypting or forging it once quantum computing technology matures.
The attack is exceptionally dangerous because the harvesting phase is entirely passive. It leaves no forensic footprint. The data being collected right now will remain vulnerable for decades, meaning any encrypted communication, financial transaction, or digital asset key recorded today inherits a retroactive expiration date.
Nation-state intelligence agencies have publicly disclosed investments in quantum computing programs specifically targeting cryptographic key recovery. The NSA, through CNSA 2.0 (Commercial National Security Algorithm Suite), has mandated migration timelines for all national security systems to post-quantum algorithms by 2030 for software and 2033 for hardware.
Why Classical Cryptography Breaks
The cryptographic foundations of the modern internet, including TLS, SSH, PGP, cryptocurrency wallets, and enterprise PKI, rely on the mathematical difficulty of two problems: integer factorization (RSA) and the elliptic curve discrete logarithm problem (ECDSA, Ed25519). Shor's algorithm, published by Peter Shor in 1994, solves both in polynomial time on a sufficiently powerful quantum computer.
ECDSA / secp256k1
Used by Bitcoin, Ethereum, and most cryptocurrency wallets. A single quantum key recovery breaks all assets held under that public key. Every transaction that has ever exposed a public key on-chain is permanently vulnerable.
RSA-2048 / RSA-4096
Used by enterprise TLS, code signing, and PKI infrastructure. Shor's algorithm breaks RSA regardless of key length. Increasing key size provides zero meaningful protection against a quantum adversary.
Ed25519 / P-256 / P-384
Used by Solana, Cardano, SSH, TLS 1.3, and DNSSEC. All elliptic curve algorithms share the same fundamental vulnerability. The ECDLP that secures them is solved efficiently by Shor's algorithm across all standard curves.
The Timeline Problem
The question is not whether quantum computers will break classical cryptography, but when. Current estimates vary, but the consensus among researchers and intelligence agencies places a cryptographically relevant quantum computer (CRQC) within 10 to 15 years.
The critical insight is that migration takes time. Enterprise key management systems, HSM fleets, hardware tokens, embedded devices, and distributed networks cannot switch algorithms overnight. NIST estimates that a full migration cycle for large organizations will require 5 to 10 years from initiation to completion.
If the CRQC arrives in 10 years and the migration takes 7 years, organizations that have not started migration are already too late. Every day of delay increases the window of vulnerability.
What NIST Has Standardized
In August 2024, NIST finalized the first post-quantum cryptographic standards after an 8 year evaluation period. These algorithms are designed to resist both classical and quantum attacks.
FIPS 203: ML-KEM
Module-Lattice-Based Key Encapsulation Mechanism. Replaces RSA and ECDH for key exchange and transport. ML-KEM-1024 provides the security level equivalent to AES-256.
FIPS 204: ML-DSA
Module-Lattice-Based Digital Signature Algorithm. Replaces ECDSA, Ed25519, and RSA for digital signatures. ML-DSA-87 is the recommended security level for long-term protection.
Why Migration is Hard
Simply swapping algorithms is not sufficient. In distributed systems and custody networks, migration introduces fatal engineering challenges that standard tooling does not address.
Coordinated Upgrade Problem
Traditional PQC migration requires every node in a network to upgrade simultaneously. If one node falls behind, the network forks. Higgaion's disjunctive (OR-mode) verification eliminates this by accepting either classical or PQC signatures independently.
Key Destruction Hazard
When migrating from ECDSA to ML-DSA, the old key material must be irrecoverably destroyed. But what if the system crashes during destruction? Standard write-ahead logging (WAL) can inadvertently resurrect erased keys from the journal. Higgaion inverts the sequence: key erasure executes before the WAL commit.
Crash Recovery
The migration engine must survive power failures, process crashes, and partial writes at any point in the state machine. Every state transition is journaled with CRC32 integrity checks and monotonic sequence numbers, providing deterministic crash recovery.
Start Your Migration Now
The Higgaion PQC Migration Engine provides mathematically verified, crash-recoverable state transitions with zero-downtime disjunctive verification. Patent pending.