Harvest Now, Decrypt Later (HNDL)
The quantum threat to blockchain is not a future problem — it is a present-day data exposure issue.
QuantumSafe is built on current NIST-standardized algorithms and does not guarantee absolute security. This is a quantum-readiness tool, not a quantum-proof solution.
What Is HNDL?
Harvest Now, Decrypt Later is an attack strategy where adversaries:
- Harvest — Collect encrypted data and public keys today
- Store — Archive the collected data indefinitely
- Decrypt Later — Break the cryptography once quantum computers are capable
This is not theoretical. Intelligence agencies and sophisticated actors are already archiving encrypted traffic for future decryption.
Why Blockchain Is Especially Vulnerable
Blockchain has unique properties that make HNDL particularly dangerous:
1. Public Key Exposure Is Permanent
When you send a blockchain transaction, your public key is broadcast to the entire network and stored permanently in the blockchain’s history. Unlike traditional systems where public keys can be rotated, blockchain public keys are:
- Publicly visible to anyone
- Immutably stored forever
- Directly linked to funds
Traditional TLS: Public key exposed briefly during handshake, then rotated
Blockchain: Public key exposed permanently in every transaction
2. No Key Rotation
In most blockchain protocols, once a public key is associated with an address and funds, you cannot rotate to a new key without moving all funds. This makes every exposure permanent.
3. Immutable Ledger = Permanent Record
The blockchain is a permanent, public record of:
- All public keys that have transacted
- All transaction signatures (which can be used to recover public keys)
- Historical balances and transfers
An attacker collecting this data today has unlimited time to wait for quantum capability.
4. High-Value Targets
Blockchain addresses can hold enormous value. A single whale address might contain hundreds of millions of dollars — making it an extremely attractive target for HNDL:
- Recover the private key from the exposed public key
- Sign fraudulent transactions transferring all funds
- Execute before anyone can react
The Timeline
| Milestone | Estimated | Impact |
|---|
| Data harvesting | Now | Public keys being collected from all chains |
| Cryptographically relevant quantum computer (CRQC) | 2030-2040 | ECDSA broken for well-funded adversaries |
| Widespread quantum capability | 2040-2050 | ECDSA broken for any sophisticated actor |
| Post-quantum chain migration | Unknown | Depends on protocol governance |
The threat is future — data exposure is NOW. Every blockchain transaction that reveals a public key creates a permanent vulnerability that cannot be revoked.
What Can You Do Today?
- Minimize public key exposure — Use fresh addresses. Avoid address reuse.
- Scan your wallets — Use the QuantumSafe wallet scanner to assess risk.
- Create PQC attestations — Hybrid signing creates a quantum-ready audit trail alongside your existing ECDSA signatures.
- Generate PQC keys now — Establish your post-quantum identity before the rush.
The Math
A quantum computer with ~2,500 logical qubits could break 256-bit ECDSA. Current quantum computers have hundreds of noisy physical qubits. The gap is closing:
| Year | Physical Qubits | Logical Qubits (estimated) |
|---|
| 2024 | ~1,100 | ~1-2 |
| 2027 | ~10,000 (projected) | ~10-20 |
| 2030 | ~100,000 (projected) | ~100-500 |
| 2035 | ~1,000,000 (projected) | ~1,000-5,000 |
Further Reading
