DEV Community

Cover image for Harvest Now, Decrypt Later Comes for Signatures, Not Just Secrets
Micky Irons
Micky Irons

Posted on • Originally published at mickai.co.uk

Harvest Now, Decrypt Later Comes for Signatures, Not Just Secrets

#postquantum #fips204 #harvestnowdecryptlat #signatures

Harvest Now, Decrypt Later Comes for Signatures, Not Just Secrets

By Micky Irons, founder of Mickai.

There is a particular kind of theft that announces itself years late. An adversary copies your encrypted traffic today, stores it cheaply, and waits. When a cryptographically relevant quantum machine arrives, the captured ciphertext is decrypted at leisure and the secret, long assumed dead, is suddenly alive again. The security community gave this a name, harvest now, decrypt later, and through 2026 the industry has rallied around the right defence. Encrypted channels are being rebuilt on ML-KEM, the lattice key-establishment standard, so that a session recorded this year cannot be unwrapped after Q-day. That work is necessary and overdue. It is also only half the threat.

The other half is quieter and, in many settings, more dangerous. Confidentiality protects what a thing says. Authenticity protects who said it and that it has not been altered. The migration narrative has fixated almost entirely on the first. Yet most of the consequential artefacts an organisation produces are not secrets at all. A board resolution, a clinical authorisation, a model-deployment approval, a payment instruction, an evidence log: these are meant to be read. Their value is not that they are hidden. Their value is that they are true, attributable, and fixed in time. The attacker who cannot read them may still wish to rewrite them, and a signature scheme that looks robust in 2026 may be the very thing that lets him.

A photoreal carved white marble Hermes in mid-stride against pure void black, a sealed wax tablet held out in one hand, hard satin-gold rim light catching the edge of the seal while the rest falls into deep shadow and volumetric haze.

Hermes carries the message, but the seal, not the secrecy, is what makes it trustworthy.

Confidentiality is reversible. A forged record is forever.

It helps to separate two clocks. A decrypted secret has a half-life. A harvested password expires when it is rotated. A leaked negotiating position grows stale the day the deal closes. Even genuinely sensitive material, intercepted in 2026 and decrypted in 2032, lands in a world that has often moved on. The harm is real but bounded, and good operational hygiene shortens the fuse further. A signature has no such mercy. If an attacker can forge a valid post-quantum-era signature over a document and backdate the action it represents, there is frequently no later event that neutralises the lie. The forged approval simply enters the record and waits to be relied upon.

Consider what depends on signatures rather than on secrecy. Software supply chains trust signed artefacts, and a forged signing key lets malicious code wear a legitimate vendor's face. Legal and financial systems treat a signed instruction as an instruction. Regulated industries keep audit trails whose entire purpose is to demonstrate, after the fact, that a given person authorised a given action at a given moment. Strip the cryptographic guarantee out of any of these and you do not get a leak. You get a counterfeit history. The danger is not that someone reads the 2026 decision. The danger is that, after Q-day, someone manufactures a different one and the verifier of 2033 cannot tell the difference.

This is why harvest now, decrypt later has a twin that deserves equal billing. Call it harvest now, forge later. The adversary does not need your plaintext. He needs your verification context, the public keys and signed structures that a future quantum machine could let him reproduce. RSA and the elliptic-curve schemes that protect most signatures today fall to the same Shor's-algorithm attack that breaks classical key exchange. A migration that armours the channel and leaves the signature on classical curves has locked the front door and propped the back one open.

A photoreal marble Themis seen in three-quarter profile against void black, scales lifted, one pan catching a thin blade of gold light while the other dissolves into shadow, bronze drapery rendered in cinematic chiaroscuro with generous dark negative space.

Themis weighs not what was hidden but what was true. A forged record tips the scales unseen.

Why the signature is the harder problem to retrofit

There is an asymmetry in remediation that makes signatures the more urgent migration. A confidentiality failure can sometimes be patched retroactively. You can re-encrypt data at rest, re-issue secrets, and shrink the value of anything already harvested. An integrity failure cannot be patched into the past at all. A record signed with a classical scheme in 2026 carries exactly the assurance of that scheme forever. You cannot reach back and re-sign history with a stronger algorithm without, in effect, asserting that the old signatures meant something they no longer do. The only honest fix is to have signed it correctly the first time.

That is the case for acting now rather than at Q-day. The standards exist. In August 2024 NIST published FIPS 204, the Module-Lattice Digital Signature Algorithm, ML-DSA, derived from CRYSTALS-Dilithium. The ML-DSA-65 parameter set sits at a security category appropriate for long-lived records and is the sensible default for anything meant to outlive the migration window. Adopting it is not research. It is engineering discipline. The organisations that will struggle in the 2030s are not those that lacked the algorithm. They are those that kept minting classically signed records for years after a quantum-safe option was sitting on the shelf, building a backlog of history that cannot be re-secured.

Mickai treats this asymmetry as a design constraint, not an aspiration. Mickai is a Sovereign Intelligence Operating System, a SIOS, running fifty specialised brains, twenty-five domain and twenty-five operational, on the operator's own hardware and fully offline-capable. Because those brains take consequential actions, the question of how the record of each action is sealed is not a compliance footnote. It is the foundation the whole system stands on. So every consequential action is committed to the Open Audit Record, the OAR, and signed with FIPS 204 ML-DSA-65 at the moment it happens. Mickai did not invent the standard. It adopts the published one, on purpose, today, so that the integrity guarantee is minted at the right strength from the start.

Encrypting the channel protects what you said. Signing the record protects that you said it, and that nobody can rewrite it after the fact. A decision we seal in 2026 has to still verify after Q-day, or it was never really sealed at all.

What the Open Audit Record actually fixes in place

An audit log is only as trustworthy as the cryptography binding each entry to its author and its moment. The OAR is built so that the binding survives the arrival of quantum computers rather than dissolving the day they appear. Each sealed action carries a post-quantum signature over its content, its actor, and its timestamp, so verification does not depend on any secret remaining secret. It depends only on mathematics that is believed to resist both classical and quantum attack. The record is meant to be read, audited, and relied upon openly. Its protection is authenticity, not concealment, which is exactly the property the channel-only view of post-quantum security tends to neglect.

  • Every consequential action the SIOS takes is sealed into the OAR and signed with FIPS 204 ML-DSA-65, so attribution and timing are bound by a post-quantum signature from the moment of the act.
  • The guarantee is integrity-first, not secrecy-first. Records are designed to be verified in the open, which is precisely where a forged signature would otherwise do its damage.
  • A hash commitment of the record is anchored to Bitcoin through Pantheon, Mickai's own sovereign Layer 1, giving an independent permanence witness that does not rely on the operator's own storage.
  • Verification is self-contained and offline-capable, so a record sealed in 2026 can be checked years later on the operator's own hardware without trusting an external service that may not exist.
  • Because signing happens at the time of action rather than retroactively, there is no backlog of classically signed history quietly accumulating risk.

A photoreal marble Mnemosyne, goddess of memory, carved in luminous white stone against pure void black, holding an unfurled scroll whose edge is lit by a hard line of satin gold, the rest of the figure modelled in deep bronze shadow and drifting haze.

Mnemosyne keeps the record. The OAR makes sure the memory she keeps cannot be rewritten.

Anchoring is not spending: permanence without custody

A signature proves who and what. It does not, on its own, prove when, at least not in a way an adversary with control of your storage cannot quietly revise. That is where Mickai's Layer 1 earns its place. Pantheon is Mickai's own sovereign, Bitcoin-anchored blockchain, with a native token PAN and a fixed supply of five billion. At intervals it writes a hash commitment of the OAR into Bitcoin. Once that commitment is buried under accumulated proof of work, the existence and exact content of the record at that height become economically infeasible to alter. The record gains an independent, externally witnessed timestamp that does not depend on the operator's good faith or on any single piece of infrastructure surviving.

It is worth being precise about what this does and does not do, because the distinction is the whole point. Pantheon does not move Bitcoin. It is not a Bitcoin Layer 2. It writes a commitment, a fingerprint, into the most durable ledger available, and nothing more. Anchoring is not spending. No value crosses, no custody is taken, no transaction in the financial sense occurs. What crosses is a hash, the smallest possible footprint that still makes tampering detectable. The result is a layered defence for the record: ML-DSA-65 establishes who and what with post-quantum strength, and the Bitcoin anchor establishes when with proof-of-work permanence. Neither leans on a secret staying hidden, which is the property that keeps the guarantee standing on the far side of Q-day.

A colossal photoreal marble Poseidon waist-deep in still black water against void black, driving a great anchor into the seabed, his trident catching a single hard stroke of satin-gold rim light, water and haze rendered in deep cinematic chiaroscuro with vast dark negative space.

Poseidon sets the anchor. A hash of the record is fixed to Bitcoin, permanence without ever moving a coin.

Signing today is the only migration that protects the past

The honest way to read the 2026 post-quantum effort is as a half-finished migration that is nonetheless heading in the right direction. ML-KEM on the channel is genuine progress, and any organisation that has shipped it deserves credit. But confidentiality and authenticity are different promises that fail in different ways and on different timelines. A harvested secret loses value as the world moves on. A forged record gains value the moment someone decides to rely on it. Hardening only the channel leaves the more permanent of the two harms unaddressed, and worse, it leaves it accumulating, one classically signed record at a time, in exactly the systems whose entire purpose is to be believed later.

Mickai's wager is that integrity is the discipline you cannot defer, because unlike confidentiality it has no retroactive remedy. By sealing every action into the OAR with FIPS 204 ML-DSA-65 now, and anchoring a hash commitment to Bitcoin through Pantheon, the SIOS makes a specific and testable promise. A decision made in 2026 still verifies after Q-day. The signature holds, the timestamp holds, and the actor remains bound to the act, regardless of what arrives to break the old curves. This is not a claim that quantum computers are imminent or remote. It is the simpler observation that the cost of signing correctly today is small, the cost of discovering you signed wrong is unrecoverable, and the only version of this migration that protects the past is the one you carry out before you need it. Trust Agent watches the perimeter. The OAR makes sure that what happened inside it stays exactly what happened.

Written by Micky Irons. Originally published at https://mickai.co.uk/articles/harvest-now-decrypt-later-the-signature-not-just-the-channel. More from Micky Irons and Mickai at mickai.co.uk.

Top comments (0)