Harvest Now, Decrypt Later: What is it and why does it really matter?
When we send a message, make an online payment, store data in the cloud, or access a secure website, encryption works behind the scenes to protect our information. In today’s digital world, we often assume that if something is encrypted, it is safe. However, a growing concern in cybersecurity has introduced a new phrase: Harvest now, decrypt later. At the core of PQ-NEXT, this phrase is well established. But what does it mean, and how is it linked to the project?
“Harvest now, decrypt later” is a method in which attackers collect encrypted data today, even if they cannot decrypt it immediately, and store it for later decryption. But why? Because later, with the emergence of quantum computers, they could potentially decrypt all this stored information, impacting our lives. In simple terms, hackers may not need to break into data today. They can simply copy it, wait, and unlock it years from now.
Currently, most secure communications rely on cryptographic systems like RSA and Elliptic Curve Cryptography (ECC). These systems are considered secure because breaking them would require an enormous amount of computing power, more than classical computers can realistically handle.
However, researchers believe that large-scale quantum computers will be able to run algorithms such as Shor’s algorithm, which could efficiently break RSA and ECC encryption.
Although practical quantum computers capable of doing this do not yet exist, organisations are making progress. Experts don’t know exactly when quantum computers will reach that level, but many believe it is only a matter of time.
So, attackers may be thinking ahead. If sensitive information is still valuable in 5, 10, or 20 years, it makes sense to store it now and wait.
This is where the PQ-NEXT project steps in. Over the next 36 months, 17 partners from across the EU will work together to develop a comprehensive migration framework that analyses and models real-world scenarios to enable a smooth transition to post-quantum cryptographic standards. By delivering tailored migration pathways, PQ-NEXT aims to help organisations navigate the shift to quantum-resilient security with clarity, confidence, and coordination.
At its core, PQ-NEXT is structured into six work packages that support and guide the project’s ambitions and activities. WP2 develops the core migration modelling tools and the PQC algorithm catalogue, while WP3 advances quantum-cryptanalysis capabilities to validate the resilience of PQC systems. WP4 puts the framework to the test through large-scale real-world pilot demonstrators, and WP5 ensures that the entire migration process is legally compliant and aligned with the evolving regulatory landscape. Finally, WP6 drives the dissemination, communication, and exploitation strategy to maximise the project’s reach and impact across the European ecosystem.
