Steal Now Forge Later: The Quantum Threat Nobody Is Explaining Properly

[QuantumFoam]

The mainstream quantum security conversation focuses almost entirely on harvest now decrypt later. Collect encrypted data today. Decrypt it when quantum computers arrive. That threat is real and well-documented. But IBM's Ray Harishankar at IBM Quantum Safe introduced a term this week that deserves more attention: steal now forge later.

The distinction matters. Harvest now decrypt later attacks confidentiality. You can't read the message but the attacker stores it until they can. Steal now forge later attacks integrity and authenticity. Digital signatures certificates and identity proofs could be stolen today and then forged when quantum computers can break the underlying algorithms. That means digital contracts could be tampered with. Software updates could be maliciously replaced with versions carrying forged valid signatures. Websites could be impersonated with forged certificates. Users could be fraudulently authenticated.

The difference is that harvest now decrypt later produces information you shouldn't have. Steal now forge later produces actions that shouldn't be valid. One is about knowing. The other is about doing. Both are dangerous but the second is more immediately operational in its consequences. An attacker who can forge a software update signature can deliver malware to millions of machines through a trusted channel. An attacker who can forge a financial institution's certificate can redirect transactions. The trust layer that the entire digital economy depends on becomes weaponisable.

Q-Day has already begun. Are you ready? | IBMwww.ibm.com

[QuantumDay]