Day 3: Harvest Now, Decrypt Later — The Real Timeline

Phase 3 · July 10, 2026

Agenda (2–3 hours)

• Read (60 min): CISA/NSA "Quantum-Readiness: Migration to PQC" advisory; NSA CNSA 2.0 algorithm table; NIST IR 8547 (migration timeline)
• Study (45 min): HNDL mechanics, data sensitivity lifetimes, real-world examples
• Challenge (75 min): Data inventory and timeline analysis for your service

The Harvest Now, Decrypt Later Attack

TODAY (no CRQC):
  Adversary ──► [records TLS handshakes + encrypted data] ──► stores on disk

FUTURE (CRQC exists):
  Adversary ──► [runs Shor's on recorded ECDHE key shares]
            ──► [recovers session keys]
            ──► [decrypts all stored traffic]

This is not hypothetical. Nation-state actors are assumed to be doing this now.
CISA and NSA have both explicitly warned about HNDL in public advisories.

The window of exposure = (years until CRQC) - (years until you deploy PQC).
If you start migration in 2028 and CRQC arrives in 2030: two years of exposure.

When Will a CRQC Exist?

Estimates vary widely. A sampling of credible forecasts:

The honest answer: nobody knows. But the asymmetry of consequences suggests
acting as if 2030 is plausible, not 2050.

Data Sensitivity Lifetimes

Not all data needs the same treatment:

For Amazon Leo: provisioning keys and device certificates likely have multi-year lifetimes.
Any data that represents a long-term secret should be considered at risk today.

Government Migration Requirements

NSA CNSA 2.0 (2022): U.S. national security systems must use:

• ML-KEM for key establishment by 2025 (new products), 2030 (legacy)
• ML-DSA for digital signatures by 2025 / 2030
• SLH-DSA as an alternative signature algorithm
• No more ECDH/ECDSA/RSA for new NSS products after 2030

NIST IR 8547: describes the deprecation schedule for classical algorithms in
federal information systems. ECDSA and RSA deprecated after 2030.

White House NSM-10 (2022): mandates HNDL inventory and PQC migration plans
across federal agencies. Sets 2035 as the hard deadline for migration.

What This Means for Amazon Leo

Amazon Leo operates satellite communication infrastructure with national security implications.
It is reasonable to assume:

1. Traffic is being recorded by sophisticated adversaries today
2. Device provisioning records have multi-year sensitivity lifetimes
3. Amazon's internal PQC migration timeline is aligned with CNSA 2.0

Your team's service is a provisioning coordinator — certificates it issues will be
used for years. The PQC migration must include the issuance pipeline, not just TLS.

Challenge Assignment

Write the "Timeline and Risk" section of your migration roadmap:

1. Data inventory: list the 5 most sensitive data types your provisioning service handles
2. Sensitivity lifetimes: estimate how long each must remain confidential
3. HNDL exposure: for each, what is the risk window if migration completes in 2028?
4. Priority order: rank them by urgency of PQC migration
5. One paragraph: what is the single biggest risk to your service from HNDL?

Save to pqc-migration-roadmap.md — this is the second section of your deliverable.

Resources

• CISA/NSA PQC advisory: cisa.gov — search "Quantum Readiness Migration"
• NSA CNSA 2.0: media.defense.gov/2022/Sep/07/2003071834
• NIST IR 8547: pubs.nist.gov/pubid/nist.ir.8547
• White House NSM-10 (May 2022): whitehouse.gov