From intelligence agencies to cybercriminal groups, some players today collect encrypted data they can’t read. They’re betting on the quantum computer to unlock it tomorrow. This strategy has a name: HNDL.
The robbery has already taken place. The safes have been emptied. But the victims don’t know it yet, because what has been stolen remains unreadable – for now. This situation, which sounds like the pitch for a dystopian thriller, describes a reality documented by the world’s leading cybersecurity agencies: the NSA, the UK’s NCSC, Europe’s ENISA and the Australian Cybersecurity Centre are all warning of the same threat.
Its acronym – HNDL, for “Harvest Now, Decrypt Later” – refers to a strategy of patience. State actors and criminal groups intercept and store streams of encrypted data: diplomatic communications, banking transactions, medical records, industrial secrets. Today, this information, protected by the RSA and ECC algorithms that secure most of the Internet, is indecipherable. It will remain so until the emergence of a quantum computer powerful enough to run the Shor algorithm – a method theorized in 1994 by mathematician Peter Shor, capable of factoring large numbers in polynomial time.
Temporal inequality
The question is not if the quantum computer will arrive, but when. And above all: how long before then should your data remain confidential? This is what specialists call “data lifespan risk”.
According to a Global Risk Institute survey published in 2024, around 23% of experts believe that a quantum computer capable of breaking RSA-2048 could exist by 2030; almost half believe this to be before 2035. The consensus puts “Q-Day” – the day when current encryption becomes obsolete – somewhere in the early 2030s. NIST recommends starting the migration to post-quantum cryptography now and completing it before 2035. The NSA, more pressing, demands that US national defense systems be migrated before January 2030.
But large-scale cryptographic migration takes time. NIST estimates that it takes more than ten years for a new algorithm to be fully integrated into the information systems of a large organization. The equation then becomes arithmetic: if the required duration of confidentiality of your data, added to the migration time, exceeds the time to Q-Day, that data is already compromised. The theft has taken place; all that’s missing is the decryption.
The standards exist, but not their deployment
In August 2024, NIST finalized its first three post-quantum cryptography standards: FIPS 203 (ML-KEM, formerly Kyber), FIPS 204 (ML-DSA, formerly Dilithium) and FIPS 205 (SLH-DSA). In March 2025, the HQC algorithm was selected as a backup solution to guarantee cryptographic diversity. The argument that “there are no standards yet” is no longer valid.
The challenge is no longer theoretical, but logistical. It has a name: crypto-agility – the ability of a system to change its encryption algorithm without interrupting service. In most organizations, cryptographic keys are scattered: hard-wired into legacy applications, buried in forgotten certificates, replicated in backups that have never been audited. Identifying this archipelago is a task of IT archaeology that few companies have undertaken.
Apple has already deployed a post-quantum protocol in iMessage. Google and Cloudflare are testing resilient algorithms in their services. AWS, Azure and Google Cloud announce hybrid TLS support by 2025-2026 and full migration by 2028-2030. These roadmaps implicitly define what courts and regulators will soon consider the “state of the art” in security. Failure to comply with them will become, legally, negligence.
Post-quantum cryptography is not an R&D investment. It’s risk management, just like RGPD compliance or traditional cybersecurity. The difference: the risk is deferred, and therefore invisible. Like asbestos before we understood its effects, the danger doesn’t manifest itself at the moment of exposure, but years later. The only valid question is not “When will quantum be ready?” but “How long must my secrets remain secrets?”.
Cette publication est également disponible en : Français (French)
