Harvest-Now-Decrypt-Later (HNDL) — explained

G3N1X<$4\6GJ</<▒<C5J0*7D?71Y6▒/G*\Y/Q·C▒JQQK57JB234H&HQ*2N▒6&DK<▒&▒G3/Q@Z31N0>4R5G·YC?N@░4JT8P>/VT4DQ$/02▒6J3GWNY$·X*?&UNCMNJ6▓4Q1UVW$G&?YPG▒&J$█RN18░T█5GS█P#/RP5B/JX/K▓&G>R#MT░S$GPTN03$N/5$ZY2Y6@$ZG7DV/DMNY52DS9▓%12N%░&3HKDX%MEQ@53#A8E>▓AH5&M/<4X░&XV\S▓W9█61UAWH█Y>J@$W\\2MGA82▓1W6*3&4%▓B*#1AP3NS▒S$KUHZ$BNW█$TBVJHA8TQ&G3N1X<$4\6GJ</<▒<C5J0*7D?71Y6▒/G*\Y/Q·C▒JQQK57JB234H&HQ*2N▒6&DK<▒&▒G3/Q@Z31N0>4R5G·YC?N@░4JT8P>/VT4DQ$/02▒6J3GWNY$·X*?&UNCMNJ6▓4Q1UVW$G&?YPG▒&J$█RN18░T█5GS█P#/RP5B/JX/K▓&G>R#MT░S$GPTN03$N/5$ZY2Y6@$ZG7DV/DMNY52DS9▓%12N%░&3HKDX%MEQ@53#A8E>▓AH5&M/<4X░&XV\S▓W9█61UAWH█Y>J@$W\\2MGA82▓1W6*3&4%▓B*#1AP3NS▒S$KUHZ$BNW█$TBVJHA8TQ&

>$?B2█VRG$H8RH█Y·UP/N06<2TU··2>\J*$M0<Y░>%8JPQ9UX>H9G<F2YC0X/W▓NE6%CE590B1#S?2VQ5·█0·UPA$W%0%T//18$░0%\7Z<C%·57#KK$░ZFF>5K5?%MWS@56R47C5C░·J@F\GZH?28#EXV267&█9V?·6░H6#@▓%2/H$CR1>65B·$$QNAB1%8PUHCS9R*█88/Z&%JUS·DMJ▒#JJ51H%Z4█7V#@4UXRGA2\WV9H\XR@655J·▒$F3KD5EJ5Y\BA8<9ZABN·K3/AHX░V░&$▒8C&KZ▓8<E?4F?P/\DK·@&A7WSX4EXM*F·8W93>$?B2█VRG$H8RH█Y·UP/N06<2TU··2>\J*$M0<Y░>%8JPQ9UX>H9G<F2YC0X/W▓NE6%CE590B1#S?2VQ5·█0·UPA$W%0%T//18$░0%\7Z<C%·57#KK$░ZFF>5K5?%MWS@56R47C5C░·J@F\GZH?28#EXV267&█9V?·6░H6#@▓%2/H$CR1>65B·$$QNAB1%8PUHCS9R*█88/Z&%JUS·DMJ▒#JJ51H%Z4█7V#@4UXRGA2\WV9H\XR@655J·▒$F3KD5EJ5Y\BA8<9ZABN·K3/AHX░V░&$▒8C&KZ▓8<E?4F?P/\DK·@&A7WSX4EXM*F·8W93

What HNDL is, why it matters today even before quantum computers exist, and how QorTrace measures your exposure.

The one-paragraph version

HNDL is the threat model where an adversary records encrypted data today to decrypt it once a sufficiently large quantum computer arrives — possibly 5–10 years from now. The data being recorded today is forever-recorded; everything you encrypt with classical asymmetric crypto in 2026 is HNDL-vulnerable in perpetuity.

Why it matters before quantum exists

Public keys broadcast on-chain are forever recorded. Every Bitcoin transaction reveals the spender's pubkey. Every Ethereum tx reveals an EOA. Once broadcast, an attacker with a future quantum computer can derive the private key via Shor's algorithm.
TLS session secrets that get logged are forever recorded. Anyone with passive access to a fiber tap can record encrypted TLS traffic now, store it cheaply, and decrypt years later.
Long-lived secrets are the most exposed. A bank's vault key that protects records for 30 years is at risk against a quantum computer 20 years from now. A session cookie that expires in an hour isn't.

What's safe and what isn't

Safe enough: AES-256, ChaCha20, SHA-256/3. Symmetric ciphers lose at most a quadratic factor against Grover — AES-256 stays at 128-bit security post-quantum.
HNDL-vulnerable: RSA, ECDSA, EdDSA, ECDH, classical Diffie- Hellman. Breakable by Shor on a quantum computer with ~4,000 logical qubits (today's machines have ~100).
PQC-safe: ML-KEM (Kyber), ML-DSA (Dilithium), SLH-DSA (SPHINCS+). These are the NIST FIPS 203/204/205 standards.

QorTrace's HNDL exposure score

For each address we scan, we measure:

Whether the pubkey is broadcast (the HNDL surface).
The dollar-at-risk on that address.
The age of exposure.

Combined into the 0–100 QorTrace Score (formula at /docs/methodology/how-the-score-is-computed).

What to do today

Inventory. You can't migrate what you can't find. Atlas does this for wallets; Scanner does it ad-hoc.
Sweep critical-tier addresses. Move funds to fresh, quasi-resistant addresses. Never reuse exposed addresses.
Plan PQC adoption. Federal CNSA 2.0 mandates new systems be PQC-ready by 2030. Most enterprises target 2027–2028 for full migration to give a 2-year buffer.
Audit critical contracts. QorTrace Standard ($4,900) catches the obvious crypto-primitive issues; Deep Dive scopes adversary modeling.

How urgent is "today"?

If your data needs to stay confidential for N years, and a cryptanalysis-relevant quantum computer arrives in Q years, then you need PQC live N years before Q. For a bank with 30-year record retention and Q ~ 2035, that's right now.