Earn up to 50% APR
Boost earnings with NFTs
Play, HODL & earn more
What Is a "Harvest Now, Decrypt Later" Attack and Why Should Crypto Holders Care About It
-
The quantum computing threat to cryptocurrency is often discussed in terms of future attacks — a sufficiently powerful quantum computer breaking a private key and draining a wallet. That framing misses a more immediate and less discussed risk called "harvest now, decrypt later," which does not require quantum computers to exist today to create a real problem today. The attack works in two stages: an adversary collects and stores encrypted blockchain data — transaction metadata, private communications, encrypted payment details — that is publicly visible on-chain right now, then waits until quantum computing advances to the point where that stored data can be decrypted. Because blockchains are permanent and immutable, any data recorded today remains available for future decryption indefinitely. For privacy-focused transactions that users believe are protected by current encryption, the protection is only as durable as the encryption itself — and if quantum computers eventually break that encryption, the privacy was never real, only deferred.
The Tezos TzEL prototype is specifically designed to address this threat by using quantum-resistant cryptography for its privacy proofs from the outset, rather than relying on current encryption that could become vulnerable in the future. The quantum-resistant zk-STARK proofs it employs are approximately 300KB — significantly larger than conventional privacy proofs — because post-quantum cryptographic algorithms generally require more computational space to achieve equivalent security guarantees. For most ordinary crypto holders who are not conducting private transactions requiring encryption, the harvest now, decrypt later threat is less immediately relevant than the direct private key attack scenario. But for anyone using blockchain-based private payment systems, encrypted messaging tied to crypto infrastructure, or any application where transaction metadata confidentiality matters over a multi-year horizon, the threat is real and present regardless of when quantum computers actually arrive. The data being collected now will still exist when the decryption capability eventually does.
-
Privacy protection only as durable as underlying encryption, quantum advancement retroactively eliminates past privacy
-
Today's private transactions, tomorrow's public records
