Hackers are already stealing your data today to open it in a few years. There is a name for this.

Imagine this. You use internet banking every day. You send Pix transfers, shop online, access your health insurance app, send documents by email. Everything is encrypted. When you see that green padlock in the browser, you know nobody can read what is in transit. Not the waiter at the café offering free Wi-Fi. Not your internet provider. Not a hacker in the middle of the connection.

At least, that is what you think.

The truth is more uncomfortable. There is a type of attack happening right now, at this exact moment. You will only feel its results in 5, 10, perhaps 15 years. The attack has a name: harvest now, decrypt later. And it changes everything we understand about the shelf life of privacy.

The attack that ignores the "this is unbreakable" rule

When a spy agency, a hostile government, or an organized group captures encrypted internet traffic today, they know they cannot read it. Current cryptography, based on RSA-2048, ECDSA, and Diffie-Hellman, is strong enough that trying to break a single key would cost more energy than the sun will produce in billions of years.

So why bother capturing it?

The answer is simple and uncomfortable: because they know they will be able to open that data in the future. Not with conventional computers, but with quantum computers. Machines that are still in development but that, once they reach a certain scale, will break most of the cryptography used on the internet today in minutes. Understand how that computer works here.

The strategy is straightforward:

1. Harvest now: record encrypted packets traveling across the network, at internet backbone points, at traffic exchange nodes, at providers that cooperate with intelligence agencies.
2. Store cheaply: the cost of storing 1 TB of data drops exponentially. In 2026, storing petabytes for years is trivial.
3. Wait for the technology: 5 years, 10, 15. The time does not matter much because the attacker is in no hurry.
4. Decrypt when ready: as soon as a cryptographically relevant quantum computer exists, process the accumulated data pile.

Who benefits from this? Attackers for whom the content remains valuable years later. Intelligence agencies (state secrets, military communications). Authoritarian governments (retrospective identification of dissidents). Large criminal organizations (blackmail, industrial espionage).

Why this appears in every security report since 2024

In 2024, NIST (the National Institute of Standards and Technology, the American agency that defines cryptography standards used worldwide) published the first official post-quantum cryptography standards:

• ML-KEM-768 (Module-Lattice Key Encapsulation Mechanism, FIPS 203)
• ML-DSA (Module-Lattice Digital Signature Algorithm, FIPS 204)
• SLH-DSA (Stateless Hash-based Digital Signature Algorithm, FIPS 205)

Why did NIST move now if quantum computers do not yet exist? Because migrating the entire internet takes a decade. And because what is being captured today is already at risk, regardless of when the machines arrive.

In 2022, the American White House issued a memorandum (NSM-10) requiring all U.S. federal agencies to migrate to post-quantum cryptography by 2035. The UK followed in 2024. The European Union has its own similar timeline.

These deadlines are not alarmism. They represent the realistic time needed to replace the cryptographic foundation of banks, hospitals, governments, and critical infrastructure before the window of exposure closes.

Which of your data is already at risk

The right question is not "if" the data was captured. It is "which data and for how long does it remain relevant."

Think about information that, if decrypted in 2035, would still cause harm:

• Medical history. A chronic illness diagnosis does not disappear. Leaked in 2035, it still affects health insurance, employment, and relationships.
• Tax and financial documents. Tax returns, real estate deeds, family business data. The assets exist; the leverage for blackmail does too.
• Sensitive personal communications. Emails about divorce proceedings, lawsuits, therapy, sexual orientation, or religion. Things you kept because you thought they would always be private.
• Identity data. CPF does not change. Neither does a national ID, rarely. Bank registrations, facial biometrics. Reusable for fraud for decades.
• Reused passwords. If you use the same password across 5 services and it is decrypted in 2032, all 5 become exposed. Even if you change them afterward, the attacker already cloned the content of all 5.

Sensitive operational communications from companies (API keys, production secrets, proprietary source code) also fall within scope. Companies encrypting backups with RSA cryptography today are essentially locking secrets in a safe whose combination someone will discover in 10 years.

"But this is only for movie hackers, not for me"

This is the most common misconception. Mass harvesting is not targeted. It is wholesale.

When an agency captures traffic from an internet backbone, it is not watching your individual Pix transaction. It is recording everything that passes through that point. Your internet banking session ends up in the same pile as that of the Petrobras director and the foreign newspaper correspondent.

In 2013, the Snowden documents showed that the NSA already had programs like MUSCULAR and BULLRUN massively collecting encrypted traffic from submarine cables. In 2026, the capture infrastructure is larger, cheaper, and more distributed, not less.

You do not need to be a target to be collected. You just need to have passed through a collection point.

What changes when post-quantum cryptography enters the flow

The defense against "harvest now, decrypt later" is simple to describe and complicated to implement: replace cryptographic algorithms with the new post-quantum standards today, before the retrospective attack materializes.

The good news: the algorithms already exist. ML-KEM-768 is mathematically secure against known quantum attacks (Shor, Grover variants) and runs reasonably well on common hardware. No special machines are required. Libraries like @noble/post-quantum in JavaScript or liboqs in C/Rust allow practical implementation.

The bad news: the transition is expensive, slow, and full of details. Replacing cryptography in live systems without breaking compatibility requires a hybrid mode, meaning running classical and post-quantum cryptography simultaneously for years until the entire installed base migrates. Brazilian banks, government systems, and critical infrastructure are all at the very beginning of that transition in 2026.

The model recommended by NIST is exactly that: hybrid. It combines Argon2id (password-based key derivation, resistant to traditional brute force) with ML-KEM-768 (post-quantum resistance). If either algorithm is broken in the future, the other continues to protect the data.

And your personal data?

For data you control directly (passwords, digital documents, notes, 2FA codes, sensitive photos), you do not need to wait for banks and governments to migrate.

TAIVA Vault has been running hybrid ML-KEM-768 with Argon2id in production since 2026. This means what you store in your vault today remains unreadable even in a quantum computer scenario 10 years from now. No attacker who captures today's traffic will be able to decrypt your vault in 2035, because the key never traveled in a vulnerable format. The derivation happens client-side, and what reaches the server is already encrypted by a hybrid chain.

The integrity of your data is publicly verifiable: each operation in the vault is chained in a SHA-256 Merkle chain and anchored daily in the Bitcoin blockchain via OpenTimestamps. This means that even TAIVA cannot rewrite your history without contradicting the public blockchain.

The question nobody asks

Most people think about security as "am I safe now?" The "harvest now, decrypt later" attack changes the question: "am I safe now, considering who will be able to attack me in 10 years?"

For data that loses relevance in 6 months (like a café Wi-Fi password you no longer use), the answer does not matter much. For anything that remains sensitive over the next decade (identity, health, assets, personal communications), the answer matters a great deal.

Post-quantum cryptography is not futurism. It is a shelf product in 2026. The question is no longer whether you will use it. It is whether you start today or in 5 years, after the retrospective window has grown even wider.

Next in the series: There is a computer being built that will break every digital bank you have. When does it arrive?. Understand how the quantum computer works, what it breaks (and what it does not), and what is being built today.

TAIVA Vault: personal digital vault with post-quantum cryptography. Create free account →