Harvest-Now-Decrypt-Later

Harvest-Now-Decrypt-Later (HNDL), sometimes called 'Store Now, Decrypt Later' (SNDL), is a cyber-intelligence threat model used by NIST, NSA, and other security agencies. In Phase 1 (today), an adversary intercepts and stores encrypted traffic — bank transactions, government communications, defence intelligence, citizen biometric records — even though the encryption is currently unbreakable. In Phase 2 (5-15 years away), once a Cryptographically Relevant Quantum Computer (CRQC) emerges and can run Shor's Algorithm at scale, the stored encrypted data is decrypted retrospectively. The strategic implication is that data with long shelf life — Aadhaar biometrics, defence plans, diplomatic communications, intellectual property — is already at risk today, even though the cryptographic break is years away. This is why the National Institute of Standards and Technology (NIST), India's DST PQC Task Force, and the US NSA's CNSA 2.0 framework all treat post-quantum cryptography (PQC) migration as urgent — not future.

• 1 Also called: Store Now, Decrypt Later (SNDL)
• 2 Phase 1 (today): adversary harvests encrypted traffic and stores it
• 3 Phase 2 (5-15 yrs): CRQC matures; stored data decrypted retrospectively
• 4 Adversary tools: Shor's Algorithm on a CRQC
• 5 Vulnerable data: long-shelf-life records (biometrics, defence plans, IP)
• 6 Mitigation: migrate to PQC NOW, not when CRQC arrives
• 7 Drives NIST PQC standards (Aug 2024), CNSA 2.0 (US NSA), India DST PQC Task Force (May 2026)

The Hindu's May 29, 2026 editorial argued that India's critical digital infrastructure — banking, Aadhaar, defence communications — remains exposed to HNDL attacks, urging an accelerated migration timeline rather than waiting for CRQC arrival.