Article Sidebar

Submitted
12 June 2026
Accepted
13 June 2026
Published
24 June 2026
Download
PDF
Statistic
Read Counter : 0

Main Article Content

Abstract

The advent of cryptographically relevant quantum computers (CRQCs) poses a fundamental threat to public-key cryptography securing modern digital communications. The most immediate danger is not direct decryption but the harvest-now-decrypt-later (HNDL) attack, wherein adversaries passively collect and archive encrypted traffic today for retrospective decryption once a CRQC becomes operational. This threat is structurally difficult to counter because the collection phase generates no host- or account-level signals detectable by conventional intrusion-detection systems.Simultaneously, migration to NIST-standardized post-quantum cryptography (PQC) specifically ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205) introduces new vulnerabilities, including chosen-ciphertext side-channel attacks, fault-injection attacks, and protocol downgrade attacks arising during hybrid deployment periods.Existing security tooling addresses cryptographic inventory, encrypted-traffic anomaly detection, and PQC readiness as isolated problems, leaving a critical operational gap. To address this, we propose QCAD (Quantum Cryptographic Attack Detection), a unified multi-plane detection framework integrating four complementary detection planes: (A) flow-metadata behavioral analytics targeting HNDL collection indicators; (B) host- and protocol-level telemetry for PQC implementation flaws and downgrade attacks; (C) continuous crypto-agility monitoring with per-asset Mosca-inequality risk scoring; and (D) quantum-vulnerable deception canaries. These planes feed a unified correlation layer that maps observations to MITRE ATT&CK techniques and produces risk-ranked alerts.Evaluation against synthetic HNDL and PQC-attack benchmarks demonstrates that cross-plane fusion achieves a recall of 0.97 at a 5% false-positive rate (F1 = 0.90, ROC-AUC = 0.99), substantially outperforming any individual plane, confirming that no single observable captures all attack families.A key boundary condition remains: HNDL detection is inherently a probabilistic behavioral-inference problem, and interception occurring on transit infrastructure beyond the defender's perimeter may remain undetectable regardless of sensor deployment.

Keywords

Post-quantum cryptography harvest-now-decrypt-later quantum threat intrusion detection crypto-agility side-channel attacks network anomaly detection deception MITRE ATT&CK

Article Details

License

Copyright (c) 2026 K G Kharade, K.Vengatesan (Author); Hayder Kareem Algabri (Translator)

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite
[1]
K G Kharade and K.Vengatesan, “A Multi-Plane Detection Framework for Quantum-Enabled Cryptographic Attacks: Operationalizing the Detection of Harvest-Now-Decrypt-Later Activity and Attacks on Post-Quantum Cryptography”, Cybersys. J, vol. 3, no. 1, pp. 1–11, Jun. 2026, doi: 10.57238/csj.2026.1021.
Download Citation
Endnote/Zotero/Mendeley (RIS)
BibTeX

How to Cite

[1]
K G Kharade and K.Vengatesan, “A Multi-Plane Detection Framework for Quantum-Enabled Cryptographic Attacks: Operationalizing the Detection of Harvest-Now-Decrypt-Later Activity and Attacks on Post-Quantum Cryptography”, Cybersys. J, vol. 3, no. 1, pp. 1–11, Jun. 2026, doi: 10.57238/csj.2026.1021.
Crossref
Scopus
Google Scholar
Europe PMC

References

  1. P. W. Shor, "Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer," SIAM J. Comput., vol. 26, no. 5, pp. 1484–1509, Oct. 1997, doi: 10.1137/S0097539795293172
  2. L. K. Grover, "A fast quantum mechanical algorithm for database search," in Proc. 28th Annu. ACM Symp. Theory Comput. (STOC), Philadelphia, PA, USA, Jul. 1996, pp. 212–219, doi: 10.1145/237814.237866
  3. C. Gidney, "How to factor 2048 bit RSA integers with less than a million noisy qubits," arXiv:2505.15917 [quant-ph], May 2025
  4. M. Mosca, "Cybersecurity in an era with quantum computers: Will we be ready?" IEEE Security Privacy, vol. 16, no. 5, pp. 38–41, Sep./Oct. 2018, doi: 10.1109/MSP.2018.3761723.
  5. ETSI, Quantum Safe Cryptography and Security, ETSI White Paper No. 8, Sophia Antipolis, France: ETSI, Jun. 2015.
  6. National Institute of Standards and Technology, FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard, Gaithersburg, MD, USA: NIST, Aug. 2024, doi: 10.6028/NIST.FIPS.203
  7. National Institute of Standards and Technology, FIPS 204: Module-Lattice-Based Digital Signature Standard, Gaithersburg, MD, USA: NIST, Aug. 2024, doi: 10.6028/NIST.FIPS.204
  8. National Institute of Standards and Technology, FIPS 205: Stateless Hash-Based Digital Signature Standard, Gaithersburg, MD, USA: NIST, Aug. 2024, doi: 10.6028/NIST.FIPS.205
  9. P. Ravi, S. Sinha Roy, A. Chattopadhyay, and S. Bhasin, "Generic side-channel attacks on CCA-secure lattice-based PKE and KEMs," IACR Trans. Cryptogr. Hardw. Embed. Syst. (TCHES), vol. 2020, no. 3, pp. 307–335, 2020, doi: 10.13154/tches.v2020.i3.307-335
  10. E. Jendral, K. Ngo, R. Wang, and E. Dubrova, "Single-trace fault-injection attacks on hedged ML-DSA," IACR Cryptol. ePrint Arch., Paper 2024/238, Feb. 2024.
  11. W. Castryck and T. Decru, "An efficient key recovery attack on SIDH," in Advances in Cryptology – EUROCRYPT 2023, Lecture Notes in Comput. Sci., vol. 14008, C. Hazay and M. Stam, Eds. Cham, Switzerland: Springer, 2023, pp. 423–447, doi: 10.1007/978-3-031-30589-4_15
  12. W. Beullens, "Breaking Rainbow takes a weekend on a laptop," in Advances in Cryptology – CRYPTO 2022, Lecture Notes in Comput. Sci., vol. 13508, Y. Dodis and T. Shrimpton, Eds. Cham, Switzerland: Springer, 2022, pp. 464–479, doi: 10.1007/978-3-031-15979-4_16
  13. Y. Sheffer et al., "Maintaining PQC continuity in TLS," IETF Internet-Draft draft-sheffer-tls-pqc-continuity, Work in Progress, 2024–2025.
  14. M. Mosca and M. Piani, 2025 Quantum Threat Timeline Report. Toronto, ON, Canada: Global Risk Institute / evolutionQ, 2025.
  15. National Security Agency, Commercial National Security Algorithm Suite 2.0 (CNSA 2.0), Advisory U/OO/194427-22, Fort Meade, MD, USA: NSA, Sep. 2022.
  16. National Institute of Standards and Technology, NIST IR 8547 (ipd): Transition to Post-Quantum Cryptography Standards, Initial Public Draft, Gaithersburg, MD, USA: NIST, Nov. 2024, doi: 10.6028/NIST.IR.8547.ipd
  17. D. Joseph, R. Misoczki, M. Manzano, J. Tricot, F. Dominguez Pinuaga, O. Lacombe, S. Leichenauer, J. Hidary, P. Venables, and R. Hansen, "Transitioning organizations to post-quantum cryptography," Nature, vol. 605, no. 7909, pp. 237–243, May 2022, doi: 10.1038/s41586-022-04623-2
  18. M. Hasan, M. Bosri, M. S. Rahman, and M. S. Islam, "A framework for migrating to post-quantum cryptography," IEEE Access, vol. 12, pp. 1–15, 2024, doi: 10.1109/ACCESS.2024.0000000.
  19. OWASP CycloneDX, Cryptography Bill of Materials (CBOM), Specification v1.6, OWASP Foundation, 2023–2025.
  20. M. Shen, K. Ye, X. Liu, L. Zhu, J. Kang, S. Yu, Q. Li, and K. Xu, "Machine learning-powered encrypted network traffic analysis: A comprehensive survey," IEEE Commun. Surveys Tuts., vol. 25, no. 1, pp. 791–824, First Quarter 2023, doi: 10.1109/COMST.2022.3208196
  21. D. Blanco-Romero et al., "On the practical feasibility of harvest-now, decrypt-later attacks," arXiv:2603.01091 [cs.CR], Mar. 2026
  22. MITRE Corporation, "ATT&CK Techniques: T1040 – Network Sniffing; T1557 – Adversary-in-the-Middle," MITRE ATT&CK Framework, 2024. [
  23. L. Spitzner, "Honeytokens: The other honeypot," SecurityFocus, Aug. 2003.
  24. I. Sharafaldin, A. Habibi Lashkari, and A. A. Ghorbani, "Toward generating a new intrusion detection dataset and intrusion traffic characterization," in Proc. 4th Int. Conf. Inf. Syst. Security Privacy (ICISSP), Funchal, Portugal, Jan. 2018, pp. 108–116, doi: 10.5220/0006639801080116
  25. N. Moustafa and J. Slay, "UNSW-NB15: A comprehensive data set for network intrusion detection systems," in Proc. Military Commun. Inf. Syst. Conf. (MilCIS), Canberra, Australia, Nov. 2015, pp. 1–6, doi: 10.1109/MilCIS.2015.7348942
  26. A. Habibi Lashkari, G. Draper-Gil, M. S. I. Mamun, and A. A. Ghorbani, "Characterization of encrypted and VPN traffic using time-related features," in Proc. 2nd Int. Conf. Inf. Syst. Security Privacy (ICISSP), Rome, Italy, Feb. 2016, pp. 407–414.