Quantum computing and Harvest now, decrypt later - hype?

I lack the technical knowledge to assess the discussions around quantum computing and what it implies for harvest now, decrypt later surveillance strategies.

I am wanting to move to self-hosting and then encrypting all my data, but for the time being lean on things like Cryptomator with OneDrive for backup and sync.

Interested to hear the peoples thoughts on this.

How seriously can we take an org like Tuta, for example, saying they are preparing for quantum level decryption technology?

How well placed is Cryptomator technology for this possible future?

Chrome and Edge 124 on desktop have already rolled out quantum resistant key agreement via Kyber for supported websites (largely just Google and Cloudflare hosted).

Vanadium, Mulch, and Mull do this too on Android since a few weeks now.

You can enable it in Firefox by setting security.tls.enable_kyber to true via about:config.

Signal and SimpleX also use Kyber as part of E2EE:

Mullvad also supports similar:

Fedora/Red Hat also has some experimental stuff to work system wide:

There is little downside to layering the current crypto with eg. Kyber.
If it works, it works. If it doesn’t, the only thing wasted is a bit more bandwidth.


As for the harvesting, this exists: Utah Data Center - Wikipedia

So do likely many, many more.


Can anyone give a TLDR on how Kyber works?

Symmetric encryption like AES which is commonly used for encrypting storage (Cryptomator uses AES-256) is safe from quantum attacks.

Quantum computing only significantly affects asymmetric encryption algorithms like RSA, which are commonly used when transmitting data between parties because it doesn’t require both people to have a pre-shared key between them.

This is why things like HTTPS and E2EE instant messaging applications with communications between multiple people have to worry about quantum attacks, but your data stored with Cryptomator or on an encrypted hard drive is generally perfectly safe.


God save us.

Hi there, the tactic by intelligence agencies of “harvest now, decrypt later” is already on-going. You can see this in the US by the number of giant data centers being operated by the NSA like the one linked by @SkewedZeppelin. The threat of quantum computers has also led to the US government pushing for new security requirements. Other companies have also taken steps to protect data from quantum computers, like Signal with their PQXDH.

Currently, for data being stored at rest AES256 is considered to be quantum-safe. However, for communication things become a bit more tricky and a post-quantum asymmetric encryption is required. This is where Kyber comes into play.

What is important with PQ encryption is to avoid security being dependent upon the “hardness” of solving the mathematical problems. Kyber uses what is called “learning with errors” which hides the secrets used for encrypting data by adding extra noise. We have created a full write-up explaining the ins-and-outs of how we are using Kyber on our blog.