THE CHALLENGE OF 'HARVEST NOW, DECRYPT LATER' (HNDL) TO THE INTERNATIONAL LAW OF STATE RESPONSIBILITY IN THE QUANTUM ERA
Ключевые слова:
Harvest Now Decrypt Later, HNDL, State Responsibility, Quantum Computing, ARSIWA, Due Diligence, Crypto-Agility, International Law, Cyber Attribution.Аннотация
The emergence of Cryptographically Relevant Quantum Computers (CRQCs) presents a profound challenge to the temporal and material thresholds of international law, specifically through the strategic practice known as "Harvest Now, Decrypt Later" (HNDL). This adversarial model, wherein state and non-state actors exfiltrate encrypted data with the intent of decrypting it once quantum capabilities mature, creates a legal grey zone that defies the traditional application of the International Law Commission’s Articles on Responsibility of States for Internationally Wrongful Acts (ARSIWA). This article investigates the compatibility of ARSIWA’s doctrines of attribution and breach with the delayed-impact nature of HNDL. Through a doctrinal legal analysis of recent scholarship and technical forecasts regarding Post-Quantum Cryptography (PQC), this study identifies a critical "attributional twilight" and a disconnect between the moment of data interception and the realization of injury. The results indicate that current legal frameworks treat HNDL largely as espionage—a practice often tolerated in international relations—thereby failing to account for the catastrophic, long-tail damage of retrospective decryption. The article concludes that the principle of due diligence must be radically reinterpreted to include a "crypto-agility mandate," obligating states to preemptively transition critical infrastructure to quantum-safe standards to fulfill their international responsibilities.
Библиографические ссылки
Chen, H., Coco, A., Rotondo, A., & Ying, Y. (2025). The Attribution of Cyber Operations to States in International Law. Geneva Centre for Security Policy (GCSP).
Cohen, J. E., de Witte, B., & Purnhagen, K. (2016). Bridging the transatlantic divide? The United States, the European Union, and the protection of privacy across borders. International Journal of Constitutional Law, 14(1), 220–229.
Erol, V. (2025). The Strategic Imperative of Quantum Readiness: A Comprehensive Review of Post-Quantum Cryptography. Preprints.org.
Geremew, A., & Mohammad, A. (2024). Preparing Critical Infrastructure for Post-Quantum Cryptography: Strategies for Transitioning Ahead of Cryptanalytically Relevant Quantum Computing. International Journal on Engineering, Science, and Technology, 6(4), 338-365.
Harkavy, R. (2025). The quantum reckoning: law's next frontier. International Comparative Legal Guides.
Jang-Jaccard, J. (2025). Practical Challenges in Executing Shor's Algorithm on Existing Quantum Platforms. arXiv.
Jena, J. (2025). The Quantum Security Deadline: Building Crypto-Agility Against 'Harvest Now, Decrypt Later' Threats. European Journal of Computer Science and Information Technology, 13(52), 35-52.
Kastelic, A. (2019). Inducing compliance with international law in cyberspace – State responsibility, countermeasures and the obligations of due diligence. White Rose eTheses Online.
Mavroeidis, V., Vishi, K., Zych, M. D., & Jøsang, A. (2018). The Impact of Quantum Computing on Present Cryptography. International Journal on Advanced Science, Engineering and Information Technology, 8(3), 991-998.
Ollino, A. (2016). Due Diligence Under International Law: Reappraising its Scope, Functions and Limits (Doctoral dissertation). Università degli Studi di Milano-Bicocca.
Payne, T. (2016). Teaching Old Law New Tricks: Applying and Adapting State Responsibility to Cyber Operations. Lewis & Clark Law Review, 20(2), 683-715.
Pomson, O. (2023). 'Objects'? The Legal Status of Computer Data under International Humanitarian Law. Journal of Conflict and Security Law, 28(2).
Rajagopalan, R. P. (Ed.). (2022). Future Warfare and Technology: Issues and Strategies. Observer Research Foundation and Global Policy Journal.
Sharma, M., & Vedashree, R. (Eds.). (2022). Gearing up for Digital ++. Mastercard and Observer Research Foundation.
Zafar, A. (2025). Quantum Computing in Finance: Regulatory Readiness, Legal Gaps, and the Future of Secure Tech Innovation. European Journal of Risk Regulation, 1–20.
