Introduction

If you have been following the post-quantum cryptography conversation, you will almost certainly have encountered Harvest Now, Decrypt Later — the risk that encrypted data collected today could be decrypted by a future quantum computer. It is a legitimate and well-documented concern, and rightly features prominently in government advisories and industry guidance.

But there is another threat that receives far less attention, yet arguably poses an even greater systemic risk: Trust Now, Forge Later (TNFL). While HNDL targets the confidentiality of historical data, TNFL strikes at something more fundamental — the integrity and authenticity of the digital trust mechanisms that underpin modern business, government and critical infrastructure.

For CISOs, CTOs and board members, understanding TNFL is essential because its implications extend well beyond data protection. It challenges the very foundations of how we verify identity, validate software and establish trust in an increasingly connected world.

What Is Trust Now, Forge Later?

TNFL is the forward-looking counterpart to Harvest Now, Decrypt Later. Where HNDL concerns the future exposure of data that has already been encrypted and collected, TNFL focuses on a different moment: the point at which quantum computers become capable of breaking today’s digital signature algorithms.

Digital signatures are the mechanism through which we verify that a piece of data, a document, a software update or a communication is authentic and has not been tampered with. They are fundamental to how trust is established and maintained across digital systems. When a digital signature can no longer be trusted — because an attacker has the capability to forge one — the consequences ripple across every process that depends on that trust.

Unlike HNDL, which requires an adversary to have collected data in advance, TNFL becomes an active threat the moment a cryptographically relevant quantum computer exists. At that point, any system still relying on classical digital signature algorithms becomes immediately vulnerable to forgery.

Why Digital Signatures Are More Important Than Most Leaders Realise

Digital signatures are often invisible to senior leaders because they operate quietly in the background of virtually every digital interaction. But their role is foundational. They verify the authenticity of legal documents, contracts and regulatory filings. They validate the integrity of financial transactions and commercial agreements. They authenticate the identity of users, devices and services connecting to corporate networks. And they ensure that software updates and firmware deployments are genuine and have not been modified in transit.

This last point — the role of digital signatures in securing software and firmware — is where TNFL becomes particularly dangerous. In a world where virtually every device, from industrial control systems to consumer electronics, receives over-the-air updates secured by digital signatures, the ability to forge those signatures would give an attacker the means to deploy malicious code at scale, with the updates appearing entirely legitimate to the receiving systems.

The breadth of this dependency is difficult to overstate. Digital signatures are not an optional security layer. They are woven into the fabric of how modern organisations operate, communicate and transact. A failure of digital signature trust is not a contained incident — it is a systemic event.

The Critical Infrastructure Dimension

The most serious implications of TNFL sit beneath the surface of everyday business operations. Virtually every modern device — from industrial equipment and consumer electronics to critical national infrastructure — depends on digitally signed software and firmware updates. If an attacker can forge those signatures, they can deploy malicious updates that are undetectable by conventional monitoring tools.

While this may seem a relatively contained risk for household appliances or consumer devices, the threat becomes existential when applied to systems that control aircraft engines, air traffic management, railway signalling, ATM networks, energy distribution or nuclear facilities. In these environments, a forged firmware update could compromise safety-critical operations with potentially catastrophic consequences.

For any organisation that manufactures, deploys or operates devices with signed firmware or embedded systems, TNFL represents one of the most urgent drivers for quantum-resilient security planning. The devices being deployed today will, in many cases, remain in service for 10, 15 or even 20 years. If the digital signatures securing their update mechanisms can be forged before those devices reach end of life, the entire operational model for maintaining their security is compromised.

This creates a planning horizon that extends well beyond typical IT refresh cycles. Decisions being made now about device procurement, firmware architecture and update mechanisms will determine an organisation’s exposure to TNFL for years to come.

The Legal and Commercial Impact

Beyond critical infrastructure, TNFL has significant implications for legal and commercial processes. Digital signatures underpin the enforceability of electronic contracts, the integrity of regulatory submissions and the authenticity of audit trails. If an attacker can forge signatures, the evidential value of signed documents is called into question.

Consider the implications for a financial services organisation. If digital signatures on transaction records, client agreements or regulatory filings can no longer be trusted, the consequences extend beyond cybersecurity into legal liability, regulatory compliance and reputational damage. The same applies to healthcare organisations relying on signed records for clinical decision-making, or government departments using digital signatures to authenticate policy documents and official communications.

This is not simply a question of individual document forgery. It is a systemic erosion of the trust model that underpins digital business processes. Once confidence in digital signatures is undermined, the cost and complexity of rebuilding that trust — through alternative verification mechanisms, manual processes or legal remediation — would be substantial.

The AI Dimension

There is an additional dimension that amplifies the TNFL risk in ways that are only now beginning to be understood. As organisations increasingly rely on AI and automated decision-making, the integrity of the data feeding those systems becomes paramount. If digital signatures can no longer be trusted, AI-enabled manipulation of signed data could drive organisations towards poor or even dangerous decisions — made with misplaced confidence in the authenticity of the information underpinning them.

In a world where business-critical decisions are increasingly informed or automated by AI systems, the integrity of input data is not merely a cybersecurity concern — it is a governance and operational risk. An AI system that processes forged or manipulated data will produce outputs that appear authoritative but are fundamentally unreliable. The validation methods that currently underpin business workflows would be compromised at their foundation.

This intersection of quantum risk and AI dependency is an area that few organisations have yet considered in detail, but it will become increasingly important as both technologies mature.

How TNFL Differs from HNDL

It is useful to understand the key differences between TNFL and HNDL, because they demand different assessment approaches and different mitigation strategies.

HNDL is fundamentally about data confidentiality. It targets historical data and requires advance collection. The risk is proportional to how long your data remains sensitive, and the mitigation centres on protecting data flows with quantum-resistant encryption. Organisations can assess their HNDL exposure by examining data sensitivity timelines and collection threat models.

TNFL is fundamentally about trust and integrity. It becomes an active threat the moment quantum computing capability arrives, with no requirement for advance preparation by the attacker. Its impact is immediate and systemic, affecting every process that depends on digital signatures. Mitigation requires transitioning signature algorithms and, critically, considering the lifecycle of devices and systems that are being deployed now but will remain in service long into the quantum era.

Both threats are real, both are material, and both should be assessed as part of a comprehensive approach to post-quantum readiness. But TNFL’s systemic nature and its implications for long-lived physical assets make it, in many respects, the more challenging of the two to address.

What Should Organisations Do?

Organisations that rely on digital signatures to secure long-lived assets — whether that is firmware, legal documentation, operational data or commercial agreements — should be assessing their TNFL exposure now. This does not necessarily mean implementing quantum-resistant signature algorithms immediately, but it does mean taking several practical steps.

First, map your digital signature dependencies. Understand where digital signatures are used across your organisation, which systems and processes depend on them, and what the consequences would be if those signatures could be forged. This exercise alone will provide valuable insight into your exposure.

Second, assess the lifecycle of your signed assets. Devices deployed today with 15-year service lives, contracts with long-term enforceability requirements and regulatory records with extended retention periods all need to be considered through the lens of TNFL.

Third, factor TNFL into procurement and design decisions. New devices, systems and applications being specified now should be evaluated for their ability to support quantum-resistant signature algorithms, either natively or through future upgrade paths.

And finally, bring TNFL into the boardroom conversation alongside HNDL. Senior leaders who understand the data confidentiality risk of HNDL also need to understand the integrity and trust risk posed by TNFL. Together, these two threats provide a comprehensive picture of why post-quantum readiness is a strategic imperative, not just a technical project.

How Unsung Can Help

At Unsung, we help organisations map their digital signature dependencies, assess TNFL exposure and develop practical, phased approaches to quantum-resilient security. We work across PKI architecture, certificate lifecycle management and cryptographic strategy to ensure that the trust mechanisms underpinning your operations are fit for the quantum era.

Our vendor-neutral position means we focus entirely on what is right for your organisation. We do not promote specific platforms or products. Instead, we provide independent, expert guidance that helps you understand your exposure, prioritise your response and build a roadmap that is proportionate to your risk profile and operational reality.

If TNFL is a risk your organisation has not yet assessed, now is the time to start that conversation. The devices, contracts and systems being deployed today will define your exposure for years to come.

‍

Want to explore this topic further?

This blog is part of a series drawn from our strategic whitepaper, Post-Quantum Cryptography: A Strategic Whitepaper for the C-Suite. It provides vendor-neutral, business-focused guidance on navigating the quantum era — covering the threats already in play, lessons from previous hype cycles, and practical steps your organisation can take today. Download your copy here: https://2f4v3l.share-eu1.hsforms.com/20qJjHSynQkuJKhI_xq9Msg