Quantum-safe vs. quantum-proof: what “harvest now, decrypt later” means for your data’s shelf life
No quantum computer can break today’s encryption yet — but adversaries are storing your encrypted data now to open it later. A clear, hype-free guide to which of your data is actually at risk.
Here is the honest state of play. No cryptographically relevant quantum computer exists today, and no one can tell you the exact year one will. That uncertainty is precisely why the language you use matters. Vendors who promise “quantum-proof” encryption are selling a guarantee no one can make. The credible word is “quantum-safe” — cryptography designed to resist attack by a future quantum computer, chosen because it survives the attacks we can foresee. The distinction is not pedantic. It shapes how you plan, what you buy, and which records you protect first. The threat is not that your defenses fail tomorrow. It is that an adversary can capture your encrypted traffic today, store it cheaply, and decrypt it years later once the hardware arrives. Anything with a long confidentiality lifetime — health records, legal files, trade secrets, signed contracts — is already exposed to that patient strategy. This guide gives you a plain test for which data is at risk and a migration posture you can defend, without a countdown clock or a single word of hype.
- Choose vendors who say “quantum-safe,” not “quantum-proof” — no CRQC exists yet, and no one can honestly promise a permanent guarantee or name a Q-Day.
- Harvest-now-decrypt-later is already operational: adversaries store your encrypted data today to decrypt later, so your longest-lived secrets are the most exposed.
- Plan against real dates, not a countdown — NIST’s 2024 standards, the federal 2030 key-establishment target, and CNSA 2.0 through 2035 — and start a hybrid migration early because it can take 42–54 months.
Why “quantum-safe” is honest and “quantum-proof” is not
Language is a tell. “Quantum-proof” implies a permanent, mathematically closed guarantee — that no quantum computer, ever, could break the scheme. Nobody can prove that, so nobody should promise it. “Quantum-safe” (used interchangeably with post-quantum) is the honest term: algorithms built to resist attack by a cryptographically relevant quantum computer, or CRQC, based on the attacks we understand today. It is a well-founded engineering bet, not an oath. When a vendor reaches for “proof,” treat it as a marketing signal rather than a security one.
It also matters that a CRQC does not exist yet, and no responsible source will name a “Q-Day.” That is not a reason to relax — it is the reason to move deliberately. You are not racing a known deadline; you are reducing the window in which your long-lived secrets sit exposed. One more clarification: quantum random number generation and quantum key distribution are not post-quantum cryptography. QRNG and QKD address entropy and key exchange over specialized links; post-quantum cryptography replaces the vulnerable math itself, in software, on the systems you already run.
Harvest now, decrypt later: the threat that’s already operational
The attack does not wait for a quantum computer to arrive. It works the other way around. An adversary captures your encrypted data today — intercepted traffic, exfiltrated backups, copied archives — and simply stores it. Storage is cheap and patient. When a capable quantum computer eventually exists, the attacker returns to that hoard and decrypts it retroactively. This is why the security community calls it “harvest now, decrypt later,” and it is already operational: the collection is happening in the present, even though the decryption lives in the future.
That timeline inverts the usual risk calculation. For most breaches, data loses value quickly. Here, the opposite is true — the data most at risk is whatever must stay confidential the longest. If a record needs to remain secret for ten or twenty years, and a CRQC could plausibly arrive inside that span, then today’s encryption is not protecting it for its full lifetime. RankShield’s posture is to sign and seal long-lived records with post-quantum cryptography now, so confidentiality survives the transition rather than depending on a decryption date nobody can predict.
The data-shelf-life test
You do not need a threat-intelligence team to triage this. You need two numbers: how many years a given record must stay confidential, and the earliest year a quantum computer could plausibly break today’s encryption. Compare them. If your confidentiality requirement outlasts that horizon, the record is exposed to harvest-now-decrypt-later and belongs at the front of your migration queue. Run your own data classes through the test below to see where each one lands.
The deadline stack — standards and dates you can plan against
You cannot plan against a Q-Day, but you can plan against published standards and mandates. These are real, dated, and already shaping procurement. Treat them as the backbone of your roadmap — the fixed points you build toward while the CRQC timeline stays uncertain.
- August 13, 2024 — NIST finalized its first post-quantum cryptography standards: FIPS 203 (ML-KEM) for key establishment, FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA) for signatures. The algorithms you migrate to are no longer drafts; they are standardized.
- Through 2030 — U.S. federal guidance targets moving high-value key-establishment to ML-KEM, per summaries of CNSA 2.0 and federal timelines. Long-lived confidentiality is the explicit priority.
- Through 2035 — CNSA 2.0 milestones run out to 2035, giving a multi-year runway for a full transition across systems and suppliers.
- Roughly 42–54 months — a realistic enterprise PQC migration is often described in this range by industry guidance; verify against a primary analyst source before committing to your own plan. Counting back from the mandates, the window to start is now, not later.
What a hybrid, migrate-early posture looks like
The pragmatic path is hybrid: run a classical algorithm and a post-quantum one together, so a session stays secure if either holds. You keep today’s interoperability and battle-tested classical security while adding quantum-safe protection, with no single point of failure during the transition. Start by inventorying where cryptography lives and which data classes carry the longest confidentiality lifetimes — the shelf-life test tells you the order. Migrate those first, because they are the ones already exposed to harvest-now-decrypt-later.
Migrate-early is not overreaction; it is arithmetic. If migration realistically takes on the order of 42–54 months and your most sensitive records must stay secret for a decade or more, waiting for certainty spends the very runway the mandates give you. RankShield’s role is to sign and seal those long-lived records with post-quantum cryptography today — ML-KEM for key establishment, ML-DSA and SLH-DSA for signatures — so their confidentiality and integrity survive the transition. You do not need a Q-Day on the calendar to justify protecting a twenty-year secret now.
See it run — and prove it.
Autonomous, quantum-safe, and verifiable, for enterprise and small business.