Harvest now, decrypt later

{{Short description|Surveillance strategy}}

{{Use dmy dates|date=February 2024}}

Harvest now, decrypt later{{Efn|also known as store now, decrypt later, steal now decrypt later or retrospective decryption}} is a surveillance strategy that relies on the acquisition and long-term storage of currently unreadable encrypted data awaiting possible breakthroughs in decryption technology that would render it readable in the future – a hypothetical date referred to as Y2Q (a reference to Y2K) or Q-Day.{{Cite web |last=Townsend |first=Kevin |date=16 February 2022 |title=Solving the Quantum Decryption 'Harvest Now, Decrypt Later' Problem |url=https://www.securityweek.com/solving-quantum-decryption-harvest-now-decrypt-later-problem/ |access-date=9 April 2023 |website=SecurityWeek |language=en-US}}{{Cite web |date=20 September 2022 |title=Half of organizations worry about quantum 'harvest now, decrypt later' attacks |url=https://siliconangle.com/2022/09/20/half-organizations-concerned-quantum-harvest-now-decrypt-later-attacks/ |access-date=9 April 2023 |website=SiliconANGLE |language=en-US}}

The most common concern is the prospect of developments in quantum computing which would allow current strong encryption algorithms to be broken at some time in the future, making it possible to decrypt any stored material that had been encrypted using those algorithms.{{Cite web |date=2020 |title=Quantum Computing and Cryptography |url=https://edps.europa.eu/sites/edp/files/publication/06-08-2020_techdispatch_quantum_computing_en.pdf |access-date=9 April 2023 |website=European Data Protection Supervisor }} However, the improvement in decryption technology need not be due to a quantum-cryptographic advance; any other form of attack capable of enabling decryption would be sufficient.

The existence of this strategy has led to concerns about the need to urgently deploy post-quantum cryptography, even though no practical quantum attacks yet exist, as some data stored now may still remain sensitive even decades into the future.{{Cite web |date=October 2021 |title=Quantum-Safe Secure Communications |url=https://uknqt.ukri.org/wp-content/uploads/2021/10/Quantum-Safe-Secure-Communications.pdf |access-date=9 April 2023 |website=UK National Quantum Technologies Programme}} {{As of|2022}}, the U.S. federal government has proposed a roadmap for organizations to start migrating toward quantum-cryptography-resistant algorithms to mitigate these threats.{{Cite web |last=Liu |first=Nancy |date=27 September 2022 |title='Harvest Now, Decrypt Later' Concern Boosts Quantum Security Awareness |url=https://www.sdxcentral.com/articles/analysis/harvest-now-decrypt-later-concern-boosts-quantum-security-awareness/2022/09/ |access-date=10 April 2023}}{{Cite web |title=Prepare for a New Cryptographic Standard to Protect Against Future Quantum-Based Threats |date=July 5, 2022 |url=https://www.cisa.gov/news-events/alerts/2022/07/05/prepare-new-cryptographic-standard-protect-against-future-quantum-based-threats |access-date=10 April 2023 |website=Cybersecurity and Infrastructure Security Agency |language=en }}On January 16, 2025, before the end of his term, Joe Biden issued Executive Order 14144, formally ordering governmental departments to start post-quantum cryptography transitions within a specified timeframe (ranging from 60 to 270 days). Some National Defense departments must complete this transition by January 2, 2030.{{Cite web |title=Executive Order 14144—Strengthening and Promoting Innovation in the Nation's Cybersecurity |url=https://www.govinfo.gov/app/details/DCPD-202500082 |access-date=2025-04-12 |website=www.govinfo.gov |language=en}}