This study systematically evaluates the practical threat posed by “harvest now, decrypt later” (HN-DL) quantum attacks against widely deployed cryptographic protocols—including TLS 1.2/1.3, QUIC, and SSH—by modeling HN-DL as an economic problem centered on storage costs and quantum computational overhead. Leveraging an open-source testbed to replicate real-world protocol interactions, the authors combine cryptanalytic techniques with resource estimation to quantify adversary attack costs. The findings reveal that intercepting and storing encrypted traffic incurs negligible expense; however, defenses such as Encrypted Client Hello, frequent key renegotiation, and increased key sizes substantially raise the cost of eventual decryption. Notably, enlarging key parameters offers a highly efficient unilateral defense, providing quantitative support for layered, defense-in-depth strategies against future quantum adversaries.

Harvest-now, decrypt-later (HN-DL) attacks threaten today's encrypted communications by archiving ciphertext until a quantum computer can break the underlying key exchange. This paper reframes HN-DL as an economic problem, quantifying adversary costs across Transport Layer Security (TLS) 1.2, TLS 1.3, QUIC, and Secure Shell (SSH) with an open-source testbed that reproduces the full attack sequence. Our model shows that retaining intercepted traffic is economically trivial, shifting the defensive question from whether an adversary can archive to how much decryption will cost. We evaluate protocol configuration strategies that act along two independent cost axes: storage overhead and quantum workload. Beyond the ongoing migration to post-quantum cryptography, these strategies provide defense in depth with current infrastructure. Encrypted Client Hello forces indiscriminate bulk collection, inflating the archive the adversary must retain, while aggressive rekeying and larger key exchange parameters multiply the quantum computations required to recover plaintext. Because storage inflation penalizes both sides while quantum cost inflation targets the adversary alone, rekeying and key size selection offer the strongest defensive levers.