Harvest now, decrypt later, also known as store now, decrypt later or retrospective decryption, is a surveillance strategy that relies on the acquisition and long-term storage of currently unreadable encrypted data awaiting possible breakthroughs in decryption technology that would render it readable in the future.[1][2]

The most common concern is the prospect of developments in quantum cryptography which would allow current strong encryption algorithms to be broken at some time in the future, making it possible to decrypt any stored material that had been encrypted using those algorithms.[3] However, the improvement in decryption technology need not be due to a quantum-cryptographic advance; any other form of attack capable of enabling decryption would be sufficient.

The existence of this strategy has led to concerns about the need to urgently deploy post-quantum cryptography, even though no practical quantum attacks yet exist, as some data stored now may still remain sensitive even decades into the future.[1][4][5] As of 2022, the U.S. federal government has proposed a roadmap for organizations to start migrating toward quantum-cryptography-resistant algorithms to mitigate these threats.[5][6]


  1. ^ a b Townsend, Kevin (2022-02-16). "Solving the Quantum Decryption 'Harvest Now, Decrypt Later' Problem". SecurityWeek. Retrieved 2023-04-09.
  2. ^ "Half of organizations worry about quantum 'harvest now, decrypt later' attacks". SiliconANGLE. 2022-09-20. Retrieved 2023-04-09.
  3. ^ "Quantum Computing and Cryptography" (PDF). European Data Protection Supervisor. 2020. Retrieved 2023-04-09.
  4. ^ "Quantum-Safe Secure Communications" (PDF). UK National Quantum Technologies Programme. October 2021. Retrieved 2023-04-09.
  5. ^ a b Liu, Nancy (September 27, 2022). "'Harvest Now, Decrypt Later' Concern Boosts Quantum Security Awareness". Retrieved 2023-04-10.
  6. ^ "Prepare for a New Cryptographic Standard to Protect Against Future Quantum-Based Threats | CISA". www.cisa.gov. Retrieved 2023-04-10.

See also