Many organizations think about quantum risk as a future problem. It isn’t.
The data being targeted by quantum attacks is already moving across your network today. Attackers know they can’t break modern encryption yet. But they’re collecting it anyway and, from their point of view, for good reason.
This is the reality behind “Harvest Now, Decrypt Later” (HNDL) attacks, a cybersecurity threat where adversaries intercept and store encrypted data traffic today so they can decrypt it in the future once cryptographically relevant quantum computers (CRQCs) become viable. The breach happens first. The visibility comes years later. And encryption is only the first half of the problem.
When Trust Is the Target: What Is a “Trust Now, Forge Later” Attack?
A “Trust Now, Forge Later” (TNFL) attack is a quantum-era threat where attackers collect trusted digital assets today so they can forge or abuse them in the future.
The same quantum capabilities that threaten confidentiality also threaten trust itself. Security teams now have to think about TNFL attacks as well. In this scenario, adversaries collect certificates, digital signatures, identity material, and authentication credentials, and other cryptographic proof mechanisms today with the expectation that future quantum computers will enable them to break the underlying algorithms. This could let attackers forge signatures, compromise certificate chains, impersonate trusted users and systems, and undermine the integrity of software, communications, and critical business transactions long after the data was originally captured.
The implications are far bigger than just encrypted traffic exposure. This becomes a direct challenge to digital identity trust, non-repudiation, and the integrity of public key infrastructure (PKI).
How Do Quantum Attacks Threaten RSA and ECC Encryption?
If your organization relies on RSA or ECC for key exchange, authentication, or PKI, you’re already exposed to delayed compromise risks.
Quantum computing will be able to bypass classical public-key cryptography, by efficiently solving the mathematical problems that underpin RSA and ECC, including integer factorization and elliptic curve discrete logarithms. Utlimately any data protected by RSA or ECC and intercepted today is vulnerable to future decryption.
That includes:
- TLS sessions and VPN tunnels
- SSH traffic and identity infrastructure
- Data backups and stored packet captures
- Any enterprise systems relying on classical public-key cryptography
The dangerous assumption is that encrypted traffic stays secure forever, when in reality it may only stay secure until quantum systems can finally decrypt it.
Attackers don’t need immediate access to the plaintext. They only need access to the ciphertext and enough patience. A VPN session captured in 2026 could become readable in 2030. A signed software package trusted today could potentially be forged years later once CRQCs become available.
That changes the conversation from “Will quantum computing matter someday?” to “How long does our data and trust infrastructure need to remain secure?”
Data Outlives Encryption
For enterprises handling intellectual property, customer data, financial records, operational technology, or regulated information, the timeline matters. Sensitive data often remains valuable for years or decades. That creates a widening gap between the lifespan of the data and the lifespan of the cryptography protecting it.
Healthcare records, financial transactions, source code, manufacturing data, legal communications, and infrastructure credentials all have long-term value. Even if credentials expire, the information protected by them often doesn’t.
This is where HNDL becomes more than a theoretical cryptography discussion. It turns into a governance, compliance, and an ongoing operational risk problem.
Many organizations already retain traffic logs, backups, and archived communications internally. Adversaries are doing the same thing externally. Every unprotected capture point becomes future liability.
That includes internet exchange points, cloud environments, third-party providers, compromised edge devices, and long-term storage repositories. Once encrypted traffic is collected, you lose control over its exposure timeline.
The Breach After the Breach
The uncomfortable truth is that organizations may one day face breach disclosure obligations for compromises that technically happened years earlier. That possibility changes how security leaders need to think about incident response, cyber resilience, and post-quantum readiness. Quantum risk is not only about preventing future attacks. It’s about limiting the future decryption and forgery of activity already captured today. That becomes especially serious when digital signatures are involved. If attackers can eventually forge keys or signatures, they can weaken non-repudiation and undermine trust in software updates, device identities, authenticated communications, and enterprise PKI systems.
In other words, the breach may not begin with stolen credentials. It may begin with forged trust. That’s why post-quantum migration can’t stop at browsers and public websites. Internal infrastructure matters just as much. Private connectivity, machine identity, east-west traffic, overlay networks, and certificate infrastructure are all part of the quantum attack surface. Security teams need a plan that protects not only encrypted data, but also the trust systems that decide what’s real, authorized, and safe.
Step-by-Step Mitigation: How to Prepare for Post-Quantum Cryptography (PQC)
The good news is that enterprises don’t need to replace everything overnight. Post-quantum migration should be phased, practical, and cross-functional. As ZeroTier outlined in its May 2026 webinar Quantum Live!, the first step is assembling the right team: security, network, infrastructure, compliance, legal, application owners, and executive stakeholders. PQC isn’t just a cryptography upgrade. It touches identity, connectivity, policy, procurement, incident response, and long-term risk planning.
From there, security teams can start building a phased PQC roadmap:
- Focus on the network edge: Prioritize the public surface, VPN infrastructure, and external communications first.
- Transition to FIPS-compliant standards: Actively evaluate and deploy FIPS-compliant PQC algorithms to address both encryption and forgery risks in parallel.
- Secure long-retention data: Identify and upgrade environments handling long-lived data, certificate authorities, and legacy PKI deployments.
In some hybrid environments, an immediate and practical interim step is lengthening existing keys and hashes where cryptographic upgrades are already feasible.
The problem is especially acute for organizations with long-lived PKI deployments. Certificates, device identities, and embedded infrastructure often remain in production far longer than planned. Every dependency tied to vulnerable asymmetric cryptography extends the exposure window. And unlike traditional vulnerabilities, you can’t patch already-captured traffic after the fact.
Start Reducing the Future Blast Radius Now
Once harvested, the data stays harvested. The exposure remains permanent. Enterprises moving first on quantum-safe networking aren’t responding to speculation, they’re proactively reducing the long-term cryptographic risk associated with data, identities, and trust relationships already traversing their networks. They’re reducing the future blast radius of data already in motion today.
That’s where ZeroTier Quantum comes in. By bringing post-quantum cryptography into the network layer, ZeroTier Quantum helps protect private connectivity, traffic, and identity infrastructure before quantum decryption becomes viable. Because when quantum decryption arrives, the story won’t start with a new breach. It’ll start with traffic, identities, and trust relationships that were captured years ago.
Want to learn more about how ZeroTier Quantum can help you prevent HNDL attacks? Contact sales today.
Want a deeper breakdown of the terminology? Our complete networking and cybersecurity glossary has you covered.