Harvest Now, Decrypt Later: The urgent race for crypto-agility

Show Notes

In this episode, we confront the chilling reality of "Harvest Now, Decrypt Later" strategies, where adversaries collect encrypted data today to decrypt it once quantum capabilities mature. We dive deep into the newly released NIST post-quantum cryptography standards (FIPS 203, 204, and 205) and analyze the aggressive migration timelines mandated by the EU and UK, with critical infrastructure targets set for as early as 2030. Beyond the hype of raw qubit counts, our discussion shifts to the necessity of "crypto-agility" and hybrid implementations, explaining why organizational survival now depends on conducting a comprehensive cryptographic inventory rather than waiting for the technology to settle.

NIST Post-Quantum Cryptography Standards

• FIPS 203 (ML-KEM): Module-Lattice-Based Key-Encapsulation Mechanism Standard
• View PDF
• FIPS 204 (ML-DSA): Module-Lattice-Based Digital Signature Standard
• View PDF
• FIPS 205 (SLH-DSA): Stateless Hash-Based Digital Signature Standard
• View PDF

Government & Regulatory Guidance

• European Commission Recommendation: "EU Roadmap for the Transition to Post-Quantum Cryptography" (Covers 2026/2030 milestones)
• View Roadmap Details
• UK National Cyber Security Centre (NCSC): "Next Steps in Preparing for Post-Quantum Cryptography" (Covers 2028 discovery/2035 migration targets)
• View Guidance
• White House (USA): National Security Memorandum 10 (NSM-10) on Promoting United States Leadership in Quantum Computing While Mitigating Risks
• View Memorandum

Blockchain & Technical Projects

• Solana: "Project 11" (Validator security and testnet upgrades for post-quantum signatures)
• View Announcement
• Algorand: Technical Brief on Quantum-Resistant Transactions (Falcon Signatures)
• View Technical Brief