Glossary
Harvest Now, Forge Later (HNFL)
What Is Harvest Now, Forge Later (HNFL)?
Harvest Now, Forge Later (HNFL) is an adversary strategy of collecting digital signatures, certificates, identity material, and other cryptographic trust artifacts today — with the intent of forging them later once quantum computing makes it possible to derive private keys from public ones. Also known in some research as Trust Now, Forge Later (TNFL).
While Harvest Now, Decrypt Later targets confidentiality (what was said), Harvest Now, Forge Later targets authenticity (who said it). The two represent the two dimensions of the pre-quantum threat, and many cryptographers consider HNFL the more dangerous of the pair: HNDL is bounded by what data adversaries have already collected, but HNFL undermines every future verification that depends on signatures issued before the quantum transition.
The implications run through every system that depends on Public Key Infrastructure (PKI) — TLS certificates, code signing, software supply chain attestations, document signatures, identity credentials. Once a cryptographically relevant quantum computer (CRQC) exists, signatures generated with RSA or ECC become forgeable. An adversary who collected signed artifacts today could, post-quantum, produce indistinguishable forgeries of those signatures — backdating malicious code releases, impersonating trusted entities, or inserting compromised dependencies into supply chains while presenting valid-looking historical attestations.
HNFL is particularly consequential for software supply chain security. The trust signals that downstream consumers depend on — vendor code signing, SBOM attestations, package signatures, build provenance records — all rest on the same vulnerable algorithms. Migrating signature schemes to post-quantum standards (such as ML-DSA under FIPS 204) is the structural defense; cryptographic inventory across deployed artifacts is the operational prerequisite.
Related Terms
Harvest Now, Decrypt Later · Post-Quantum Cryptography · Cryptographic Bill of Materials · NetRise PQC Readiness · Software Provenance · OMB M-23-02


