DATA, PQC, HNDL and HNFL
- Brian Couzens
- 2 hours ago
- 2 min read
#PQC and #Data: The Three #Cryptographic Domains

Post-quantum risk is about the data being protected, not the algorithms themselves. Every cryptographic dependency maps to one of three data states. If you do not know which state you are protecting, you do not know what you are securing.
Information moving across networks or channels. TLS sessions, VPN tunnels, 5G key agreement, SWIFT messages, API calls.
Quantum relevance: interception and harvest. If the confidentiality window is long, PQC must be applied before transmission, not after exposure.
Information being processed or actively consumed by systems. Identity tokens, analytics pipelines, multi-tenant cloud workloads, inference systems.
Quantum relevance: signing, attestation and integrity. If signatures can be forged, trust boundaries collapse.
Information stored for future access. Medical records, genomic datasets, financial archives, defence documentation.
Quantum relevance: the longest confidentiality window. Attackers do not need access today; they need ciphertext they can decrypt tomorrow.
#Long-Lived Data: The Cross-Cutting Quantum Problem
Long-lived data is any information that must remain confidential or trustworthy for years or decades. The retention requirement, not the location, defines it. This is the core exposure behind HNDL and HNFL: adversaries harvest material today and exploit it when quantum capability arrives.
#HNDL (Harvest Now, Decrypt Later) targets confidentiality. Attackers capture encrypted data now and decrypt it in the future. The risk is driven by how long the data must remain secret.
#HNFL (Harvest Now, Forge Later) targets integrity. Attackers collect signatures, trust anchors, identity material or verification chains now and forge them once quantum capability is available. The risk is driven by how long the trust relationship must hold.
This is why long-lived data can exist in motion, in use or at rest.
The state does not matter; the retention window does.
A short network session can carry information that must remain confidential for decades.
A signing key used in real time can anchor trust for the lifetime of a system. An archive obviously persists.
All three can contain long-lived data, and all three can be harvested.
Long-lived data is the fuel that makes HNDL and HNFL viable.
If the data protection window exceeds the #quantum threat window, it is already exposed.
This is why PQC #governance starts with data classification, retention and confidentiality horizons, not asset inventories, algorithm scanning or CBOM spreadsheets.
𝐈 𝐰𝐨𝐧𝐝𝐞𝐫 𝐢𝐟 𝐲𝐨𝐮𝐫 𝐨𝐫𝐠𝐚𝐧𝐢𝐬𝐚𝐭𝐢𝐨𝐧 𝐜𝐚𝐧 𝐚𝐧𝐬𝐰𝐞𝐫 𝐚 𝐬𝐢𝐦𝐩𝐥𝐞 𝐪𝐮𝐞𝐬𝐭𝐢𝐨𝐧: 𝐰𝐡𝐢𝐜𝐡 𝐨𝐟 𝐲𝐨𝐮𝐫 𝐝𝐚𝐭𝐚 𝐡𝐚𝐬 𝐚 10+ 𝐲𝐞𝐚𝐫 𝐩𝐫𝐨𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐫𝐞𝐪𝐮𝐢𝐫𝐞𝐦𝐞𝐧𝐭?
#PQC #PostQuantum #CyberSecurity #DataSecurity #QuantumRisk #Cryptography #HNDL #HNFL #DataGovernance #ZeroTrust #QuantumComputing


Comments