Your Encrypted Messages Aren’t Safe. They’re Just “Not Yet Read.”
Quantum computing, “harvest now, decrypt later,” and the shelf life of secrets — read through philosophy and geopolitics.
Kinimato — through Japanese eyes: the news, read via philosophy, geopolitics & economics.
What’s actually happening
In May 2025, a Google quantum researcher named Craig Gidney published a paper with a dry title: “How to factor 2048-bit RSA integers with less than a million qubits.” RSA is the workhorse encryption protecting your bank transfers, your messages, your logins. Gidney estimated that breaking it would take a quantum computer of roughly a million qubits, running for under a week.
The raw number is hard to feel. What makes it land is the comparison: the same researcher’s 2019 estimate was about 20 million qubits. In a few years, the requirement shrank twentyfold. And it didn’t stop there. Between May 2025 and March 2026, several papers pushed the bar lower again, some configurations putting it near 100,000 qubits. When the specialist press began writing that “Q-Day,” the day encryption breaks, was getting closer, this cascade is what they meant.
To be clear: no one is cracking your account with a quantum computer this morning. A machine large and error-corrected enough to actually break RSA does not yet exist. But “someday it can be built” has stopped being science fiction. In August 2024, the U.S. National Institute of Standards and Technology (NIST) finalized three post-quantum encryption standards after an eight-year selection. When national institutions move like that, they have started treating the threat as a matter of dates, not maybes. In a 2025 survey by Canada’s Global Risk Institute, experts put the odds of a quantum computer capable of breaking RSA within ten years at roughly one in two, and within five years at about one in three.
What turns this from a future problem into a present one is a tactic called Harvest Now, Decrypt Later. You don’t need the code-breaking machine today. You copy encrypted traffic and data as it flows by, and you stockpile it. When the machine finally exists, you decrypt the whole archive at once. The targets are things whose value doesn’t decay: state secrets, military plans, intellectual property, medical records, the bedrock facts of a person’s identity. Read ten or twenty years from now, they are still raw.
So here is the uncomfortable reframe. The message you encrypted and sent today is not “safe.” It may simply be not yet read.
The migration has quietly begun. Apple added a quantum-resistant scheme, PQ3, to iMessage; Signal added a post-quantum layer earlier still. Chrome and Cloudflare already exchange quantum-resistant keys by default. Governments have set deadlines. The U.S. has ordered federal systems to migrate by 2035, with NIST planning to deprecate RSA around 2030 and disallow it by 2035. The EU’s 2024 roadmap targets 2026 to begin, 2030 for high-risk sectors, and 2035 for everything.
And yet the temperature on the ground is low. In a 2025 ISACA poll of more than 2,600 professionals, 62% worried that quantum will break today’s encryption, but only 5% had made it a near-term priority, and only 5% had a clear strategy. Afraid, but not moving. That gap is the real shape of this moment.
One thing is already clear: secrets now have a shelf life. The question is no longer only “did you encrypt it?” but “how many years does this need to stay secret, and is that longer than the fuse that’s already lit?”
That is where the deeper read begins.
The geopolitical lens: a chokepoint held across time
First, an honest separation. The race over who builds a quantum computer first is, at its core, a technology-and-economics story of national investment and industrial policy. China’s quantum industry passing 11.5 billion yuan (about $1.6 billion) in 2025, or this or that company’s qubit count, should be read through an economic lens. Those facts are not, by themselves, geopolitics. Let’s keep the labels straight.
But there is unmistakable geopolitics here, and it stands on three pillars.
The first is lockout through export controls. In September 2024, the U.S. Commerce Department’s Bureau of Industry and Security issued rules covering quantum computers and their components, materials, and manufacturing technology. The striking part: even allies generally need a license. Only countries that moved in step, such as Japan and the Netherlands with parallel controls, get an exception. The world is being drawn, on the map, into a bloc that can lend quantum technology among itself and a set of outsiders who receive nothing. Stop the technology at the gate, slow the rival’s arrival. That is a state turning a supply chokepoint into an instrument of power.
The second pillar is reading Harvest Now, Decrypt Later as a problem of geography. To copy and stockpile encrypted traffic, you need physical reach to where that traffic actually flows: the landing stations of undersea cables, the internet exchange points where data is swapped, the backbone trunks. The map of where the world’s communication arteries run, and into whose hands they gather, is the map of who can harvest whose data. This is the structure Farrell and Newman called weaponized interdependence: the country sitting on the network’s chokepoints can turn them into tools of surveillance and denial.
But notice how it differs from cutting an undersea cable. A cut is a spatial attack; it stops the network here, now. Harvesting cuts nothing. It quietly copies the flow and waits, in silence, for a future in which it can be read. It holds the same chokepoint not across space but across time. Classical geopolitics, in Mahan, taught that whoever commands the chokepoints of the sea lanes holds power. Those chokepoints have migrated to where the fiber converges, and a new axis has been added: not just “stop it now,” but “copy it now, read it later.”
The third pillar is asymmetry. A state that reaches the code-breaking machine first, and that has been harvesting the world’s ciphertext, gains a one-way mirror onto everyone else’s past secrets. That is the strategic prize. In its 15th Five-Year Plan, announced in October 2025, China placed quantum technology at the head of six priority future industries, and earlier that year consolidated its quantum-cryptography and quantum-computing firms under a state-owned group. The U.S. runs while locking others out. Both great powers lean this far forward because the prize, the power to read, is that large.
And Japan sits downstream of all this. The encryption standards we migrate to are set largely by the U.S. through NIST; our clouds and core communication infrastructure lean heavily on foreign firms. Who designs our cryptographic future, and who holds the machine? For now, that leverage is thin in our hands. This is the view from Tokyo, and it is worth saying plainly.
The philosophical lens: Derrida’s archive, opened in the future
Here I want to draw an unexpected line, to the French philosopher Jacques Derrida and his 1995 book Archive Fever.
When we hear “archive,” we picture a place to store the past. Derrida read it the other way. The essence of the archive, he argued, lies not in the past but in the future. Records are gathered toward a time that has not arrived, toward someone, someday, reading them back. So a record’s meaning is not settled here and now. It hangs, suspended, addressed to a future reader.
That reading fits Harvest Now, Decrypt Later almost too well. A mountain of harvested ciphertext, read today, is meaningless, just strings of random-looking numbers. Its entire value rests on a future machine: the future reader. The machine that holds the key is, in Derrida’s terms, the future authority that governs the record. And the harvester’s compulsion to collect everything, just in case, is exactly the boundless drive to accumulate that Derrida called the fever of the archive.
Put it as an image. You are writing letters in invisible ink. The chemical that develops this ink has not been invented yet, so you write, in confidence, the things you would least want seen. But someone is copying every letter you send and storing it, betting on the day the developing fluid arrives. Those letters are not “secret.” They are just not yet developed.
From here, something else comes into view. People and societies need a right to be forgotten; they need time to fade. The mistakes of youth, the misspoken word, the moments of weakness: we can begin again precisely because they dim with time. But a patient, hostile archive forbids that forgetting. The word “secret” shifts, quietly, from a spatial question, hidden or exposed, to a temporal one: how long can it stay unread? Derrida named the texture of that time three decades early.
So how should we think, and move?
Lay the two lenses over each other and the picture sharpens.
Geopolitics says this is the dynamics of a state holding a chokepoint across time. The line is not cut; the flow is silently copied and held until a future in which it can be read, and Japan holds little of the initiative. Philosophy says secrets have a shelf life, and a hostile archive accumulates patiently toward its future reader.
So the move is not to freeze in fear. It is to act with a sense of time. Translated into questions for tomorrow, it looks like this.
First, think in shelf lives. Before you send something or file it away, ask how many years it needs to stay secret. The things still dangerous in decades, the records at the core of you or your family, the contents of long-lived contracts and negotiations, do not belong on open lines under the assumption that “encrypted” means “safe forever.” Separate, in your head, the short fuses from the long ones.
Second, know that the migration is already happening inside your own tools. Keep your phone, your apps, and your browser current. The world of encryption is quietly changing trains onto quantum-resistant lines right now. This is not the apocalypse; it is mundane maintenance. Less fear, more steady boarding.
Third, as a matter of society and state, recognize that who designs the future of encryption is now a security question. Who sets the standards? Who holds the machine? Knowing you are downstream is not pessimism. It is the starting point for spreading your dependencies and choosing them again, deliberately.
“Q-Day” sounds like a single day of destiny. But what is really being asked is not to dread a date. It is to develop a sense of time, to tell which of your secrets carry long fuses. Once you see the structure, you can move without flinching. The day encryption breaks is not the end of the world. You only need to decide, before it comes, what you want to protect, and for how long.
If reading the news through philosophy, geopolitics, and economics is your kind of lens, subscribe to Kinimato.
Sources
NIST, “NIST Releases First 3 Finalized Post-Quantum Encryption Standards” (Aug 2024): https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
C. Gidney, “How to factor 2048 bit RSA integers with less than a million qubits” (arXiv, May 2025): https://arxiv.org/abs/2505.15917
The Quantum Insider, “Q-Day Just Got Closer: Three Papers in Three Months Are Rewriting the Quantum Threat Timeline” (Mar 2026): https://thequantuminsider.com/2026/03/31/q-day-just-got-closer-three-papers-in-three-months-are-rewriting-the-quantum-threat-timeline/
Palo Alto Networks, “What Is Harvest Now, Decrypt Later (HNDL)?”: https://www.paloaltonetworks.com/cyberpedia/harvest-now-decrypt-later-hndl
Global Risk Institute, “Quantum Threat Timeline Report 2025”: https://globalriskinstitute.org/publication/quantum-threat-timeline-report-2025b/
ISACA, “2025 Quantum Pulse Poll” (62% concerned, 5% with a strategy): https://www.isaca.org/about-us/newsroom/press-releases/2025/organizations-lack-a-quantum-computing-roadmap-isaca-finds
U.S. Commerce Department BIS, export controls on quantum and other advanced technologies (Sep 2024): https://www.bis.gov/press-release/department-commerce-implements-controls-quantum-computing-other-advanced-technologies-alongside
European Commission, “A coordinated implementation roadmap for the transition to post-quantum cryptography” (Apr 2024): https://digital-strategy.ec.europa.eu/en/library/coordinated-implementation-roadmap-transition-post-quantum-cryptography
The Quantum Insider, “10+ Companies Leading the Quantum Technologies Race in China” (May 2026): https://thequantuminsider.com/2026/05/15/10-plus-companies-leading-the-quantum-technologies-race-in-china/
Apple Security Research, “iMessage with PQ3”: https://security.apple.com/blog/imessage-pq3/
Cloudflare, “The state of the post-quantum Internet”: https://blog.cloudflare.com/pq-2024/